chore(coprocessor): chart updates for multi coprocessor (#2222)

* chore(coprocessor): first pass at updating helm charts for multi-copro

* chore(coprocessor): update env inheritance scheme

* chore(coprocessor): repo and project for images

* chore(coprocessor): add info around nodeSelector, affinity, tolerations

* chore(coprocessor): add info around empty vars from values.yaml

* chore(coprocessor): update approach to arg handling

* chore(coprocessor): reintroduce previous arg comments

* chore(coprocessor): address private key management for txSender

* chore(coprocessor): align args, envs with live values

* chore(coprocessor): address lint errors

* chore(coprocessor): address PB feedback

* chore(coprocessor): address PB feedback

* chore(coprocessor): address lint errors

Author: deasydoesit

charts/coprocessor/Chart.yaml

@@ -1,6 +1,6 @@
 name: coprocessor
 description: A helm chart to distribute and deploy Zama fhevm Co-Processor services
-version: 0.8.6
+version: 0.9.0
 apiVersion: v2
 keywords:
   - fhevm

charts/coprocessor/templates/_helpers.tpl

@@ -35,5 +35,5 @@
 
 {{- define "snsWorkerName" -}}
 {{- $snsWorkerNameDefault := printf "%s-%s" .Release.Name "sns-worker" }}
-{{- default $snsWorkerNameDefault .Values.zkProofWorker.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- default $snsWorkerNameDefault .Values.snsWorker.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

charts/coprocessor/templates/coprocessor-db-migration.yaml

@@ -22,13 +22,17 @@ spec:
       imagePullSecrets:
         - name: registry-credentials
       restartPolicy: Never
-      {{- if and .Values.dbMigration.affinity .Values.dbMigration.affinity.enabled }}
+      {{- with .Values.dbMigration.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.dbMigration.affinity }}
       affinity:
-{{ toYaml (omit .Values.dbMigration.affinity "enabled") | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if and .Values.dbMigration.tolerations .Values.dbMigration.tolerations.enabled }}
+      {{- with .Values.dbMigration.tolerations }}
       tolerations:
-{{ toYaml .Values.dbMigration.tolerations.items | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if .Values.dbMigration.serviceAccountName }}
       serviceAccountName: {{ .Values.dbMigration.serviceAccountName }}
@@ -38,7 +42,14 @@ spec:
         image: {{ .Values.dbMigration.image.name }}:{{ .Values.dbMigration.image.tag }}
         command: ["/initialize_db.sh"]
         env:
-{{ toYaml .Values.dbMigration.env | nindent 12 }}
+          - name: DATABASE_URL
+            value: {{ .Values.commonConfig.databaseUrl | quote }}
+        {{- with .Values.commonConfig.env }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.dbMigration.env }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
         resources:
           requests:
             cpu: {{ .Values.dbMigration.resources.requests.cpu | default "100m" }}

charts/coprocessor/templates/coprocessor-gw-listener-deployment.yaml

@@ -31,13 +31,17 @@ spec:
       imagePullSecrets:
         - name: registry-credentials
       restartPolicy: Always
-      {{- if and .Values.gwListener.affinity .Values.gwListener.affinity.enabled }}
+      {{- with .Values.gwListener.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.gwListener.affinity }}
       affinity:
-{{ toYaml (omit .Values.gwListener.affinity "enabled") | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if and .Values.gwListener.tolerations .Values.gwListener.tolerations.enabled }}
+      {{- with .Values.gwListener.tolerations }}
       tolerations:
-{{ toYaml .Values.gwListener.tolerations.items | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if .Values.gwListener.serviceAccountName }}
       serviceAccountName: {{ .Values.gwListener.serviceAccountName }}
@@ -47,9 +51,55 @@ spec:
           image: {{ .Values.gwListener.image.name }}:{{ .Values.gwListener.image.tag }}
           command: ["gw_listener"]
           args:
-{{ toYaml .Values.gwListener.args | nindent 12 }}
+            - --database-url=$(DATABASE_URL)
+            - --gw-url=$(GATEWAY_URL)
+            - --input-verification-address=$(INPUT_VERIFICATION_ADDRESS)
+            - --kms-generation-address=$(KMS_GENERATION_ADDRESS)
+            - --ciphertext-commits-address=$(CIPHERTEXT_COMMITS_ADDRESS)
+            - --gateway-config-address=$(GATEWAY_CONFIG_ADDRESS)
+            - --health-check-port={{ .Values.gwListener.ports.healthcheck }}
+            - --metrics-addr=0.0.0.0:{{ .Values.gwListener.ports.metrics }}
+            - --log-level={{ .Values.gwListener.args.logLevel }}
+            - --service-name={{ .Values.gwListener.args.serviceName }}
+            - --database-pool-size={{ .Values.gwListener.args.databasePoolSize }}
+            - --verify-proof-req-database-channel={{ .Values.gwListener.args.verifyProofReqDatabaseChannel }}
+            - --error-sleep-initial-secs={{ .Values.gwListener.args.errorSleepInitialSecs }}
+            - --error-sleep-max-secs={{ .Values.gwListener.args.errorSleepMaxSecs }}
+            - --provider-max-retries={{ .Values.gwListener.args.providerMaxRetries }}
+            - --provider-retry-interval={{ .Values.gwListener.args.providerRetryInterval }}
+            - --get-logs-poll-interval={{ .Values.gwListener.args.getLogsPollInterval }}
+            - --get-logs-block-batch-size={{ .Values.gwListener.args.getLogsBlockBatchSize }}
+            - --log-last-processed-every-number-of-updates={{ .Values.gwListener.args.logLastProcessedEveryNumberOfUpdates }}
+            {{- with .Values.gwListener.extraArgs }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           env:
-{{ toYaml .Values.gwListener.env | nindent 12 }}
+            - name: DATABASE_URL
+              value: {{ .Values.commonConfig.databaseUrl | quote }}
+            - name: GATEWAY_URL
+              value: {{ .Values.commonConfig.gatewayUrl | quote }}
+            - name: INPUT_VERIFICATION_ADDRESS
+              value: {{ required "commonConfig.gatewayContractAddresses.inputVerification is required" .Values.commonConfig.gatewayContractAddresses.inputVerification | quote }}
+            - name: KMS_GENERATION_ADDRESS
+              value: {{ required "commonConfig.gatewayContractAddresses.kmsGeneration is required" .Values.commonConfig.gatewayContractAddresses.kmsGeneration | quote }}
+            - name: CIPHERTEXT_COMMITS_ADDRESS
+              value: {{ required "commonConfig.gatewayContractAddresses.ciphertextCommits is required" .Values.commonConfig.gatewayContractAddresses.ciphertextCommits | quote }}
+            - name: GATEWAY_CONFIG_ADDRESS
+              value: {{ required "commonConfig.gatewayContractAddresses.gatewayConfig is required" .Values.commonConfig.gatewayContractAddresses.gatewayConfig | quote }}
+          {{- if default .Values.commonConfig.tracing.enabled .Values.gwListener.tracing.enabled }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.commonConfig.tracing.endpoint | quote }}
+            - name: OTEL_SERVICE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          {{- end }}
+          {{- with .Values.commonConfig.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.gwListener.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           ports:
             {{- range $portName, $portValue := .Values.gwListener.ports }}
             - name: {{ $portName }}
@@ -65,10 +115,10 @@ spec:
               memory: {{ .Values.gwListener.resources.limits.memory | default "512Mi" }}
           {{- if and .Values.gwListener.probes .Values.gwListener.probes.liveness.enabled }}
           livenessProbe:
-{{ toYaml (omit .Values.gwListener.probes.liveness "enabled") | nindent 12 }}
+            {{- toYaml (omit .Values.gwListener.probes.liveness "enabled") | nindent 12 }}
           {{- end }}
           {{- if and .Values.gwListener.probes .Values.gwListener.probes.readiness.enabled }}
           readinessProbe:
-{{ toYaml (omit .Values.gwListener.probes.readiness "enabled") | nindent 12 }}
+            {{- toYaml (omit .Values.gwListener.probes.readiness "enabled") | nindent 12 }}
           {{- end }}
 {{- end -}}

charts/coprocessor/templates/coprocessor-host-listener-catchup-only-deployment.yaml

@@ -31,13 +31,17 @@ spec:
       imagePullSecrets:
         - name: registry-credentials
       restartPolicy: Always
-      {{- if and .Values.hostListenerCatchupOnly.affinity .Values.hostListenerCatchupOnly.affinity.enabled }}
+      {{- with .Values.hostListenerCatchupOnly.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hostListenerCatchupOnly.affinity }}
       affinity:
-{{ toYaml (omit .Values.hostListenerCatchupOnly.affinity "enabled") | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if and .Values.hostListenerCatchupOnly.tolerations .Values.hostListenerCatchupOnly.tolerations.enabled }}
+      {{- with .Values.hostListenerCatchupOnly.tolerations }}
       tolerations:
-{{ toYaml .Values.hostListenerCatchupOnly.tolerations.items | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if .Values.hostListenerCatchupOnly.serviceAccountName }}
       serviceAccountName: {{ .Values.hostListenerCatchupOnly.serviceAccountName }}
@@ -47,14 +51,50 @@ spec:
           image: {{ .Values.hostListenerCatchupOnly.image.name }}:{{ .Values.hostListenerCatchupOnly.image.tag }}
           command: ["host_listener"]
           args:
-            {{- range $arg := .Values.hostListenerCatchupOnly.args }}
-            {{- if not (hasPrefix "--dependent-ops-max-per-chain=" $arg) }}
-            - {{ $arg | quote }}
+            - --database-url=$(DATABASE_URL)
+            - --url=$(ETHEREUM_RPC_URL)
+            - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
+            - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
+            - --health-port={{ .Values.hostListenerCatchupOnly.ports.healthcheck }}
+            - --dependent-ops-max-per-chain={{ int .Values.commonConfig.dependentOpsMaxPerChain }}
+            - --log-level={{ .Values.hostListenerCatchupOnly.args.logLevel }}
+            - --initial-block-time={{ .Values.hostListenerCatchupOnly.args.initialBlockTime }}
+            - --dependence-cache-size={{ .Values.hostListenerCatchupOnly.args.dependenceCacheSize }}
+            - --reorg-maximum-duration-in-blocks={{ .Values.hostListenerCatchupOnly.args.reorgMaximumDurationInBlocks }}
+            - --service-name={{ .Values.hostListenerCatchupOnly.args.serviceName }}
+            - --catchup-finalization-in-blocks={{ .Values.hostListenerCatchupOnly.args.catchupFinalizationInBlocks }}
+            {{- if .Values.hostListenerCatchupOnly.args.onlyCatchupLoop }}
+            - --only-catchup-loop
             {{- end }}
+            - --end-at-block={{ .Values.hostListenerCatchupOnly.args.endAtBlock }}
+            - --catchup-loop-sleep-secs={{ .Values.hostListenerCatchupOnly.args.catchupLoopSleepSecs }}
+            - --coprocessor-api-key=$(TENANT_API_KEY)
+            {{- with .Values.hostListenerCatchupOnly.extraArgs }}
+            {{- toYaml . | nindent 12 }}
             {{- end }}
-            - --dependent-ops-max-per-chain={{ int .Values.dependentOps.maxPerChain }}
           env:
-{{ toYaml .Values.hostListenerCatchupOnly.env | nindent 12 }}
+            - name: DATABASE_URL
+              value: {{ .Values.commonConfig.databaseUrl | quote }}
+            - name: ETHEREUM_RPC_URL
+              value: {{ .Values.commonConfig.hostChainWsUrl | quote }}
+            - name: ACL_CONTRACT_ADDRESS
+              value: {{ required "commonConfig.aclContractAddress is required" .Values.commonConfig.aclContractAddress | quote }}
+            - name: FHEVM_EXECUTOR_CONTRACT_ADDRESS
+              value: {{ required "commonConfig.fhevmExecutorContractAddress is required" .Values.commonConfig.fhevmExecutorContractAddress | quote }}
+          {{- if default .Values.commonConfig.tracing.enabled .Values.hostListenerCatchupOnly.tracing.enabled }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.commonConfig.tracing.endpoint | quote }}
+            - name: OTEL_SERVICE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          {{- end }}
+          {{- with .Values.commonConfig.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.hostListenerCatchupOnly.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           ports:
             {{- range $portName, $portValue := .Values.hostListenerCatchupOnly.ports }}
             - name: {{ $portName }}
@@ -70,10 +110,10 @@ spec:
               memory: {{ .Values.hostListenerCatchupOnly.resources.limits.memory | default "512Mi" }}
           {{- if and .Values.hostListenerCatchupOnly.probes .Values.hostListenerCatchupOnly.probes.liveness.enabled }}
           livenessProbe:
-{{ toYaml (omit .Values.hostListenerCatchupOnly.probes.liveness "enabled") | nindent 12 }}
+            {{- toYaml (omit .Values.hostListenerCatchupOnly.probes.liveness "enabled") | nindent 12 }}
           {{- end }}
           {{- if and .Values.hostListenerCatchupOnly.probes .Values.hostListenerCatchupOnly.probes.readiness.enabled }}
           readinessProbe:
-{{ toYaml (omit .Values.hostListenerCatchupOnly.probes.readiness "enabled") | nindent 12 }}
+            {{- toYaml (omit .Values.hostListenerCatchupOnly.probes.readiness "enabled") | nindent 12 }}
           {{- end }}
 {{- end -}}

charts/coprocessor/templates/coprocessor-host-listener-deployment.yaml

@@ -31,13 +31,17 @@ spec:
       imagePullSecrets:
         - name: registry-credentials
       restartPolicy: Always
-      {{- if and .Values.hostListener.affinity .Values.hostListener.affinity.enabled }}
+      {{- with .Values.hostListener.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.hostListener.affinity }}
       affinity:
-{{ toYaml (omit .Values.hostListener.affinity "enabled") | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if and .Values.hostListener.tolerations .Values.hostListener.tolerations.enabled }}
+      {{- with .Values.hostListener.tolerations }}
       tolerations:
-{{ toYaml .Values.hostListener.tolerations.items | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if .Values.hostListener.serviceAccountName }}
       serviceAccountName: {{ .Values.hostListener.serviceAccountName }}
@@ -47,14 +51,44 @@ spec:
           image: {{ .Values.hostListener.image.name }}:{{ .Values.hostListener.image.tag }}
           command: ["host_listener"]
           args:
-            {{- range $arg := .Values.hostListener.args }}
-            {{- if not (hasPrefix "--dependent-ops-max-per-chain=" $arg) }}
-            - {{ $arg | quote }}
+            - --database-url=$(DATABASE_URL)
+            - --url=$(ETHEREUM_RPC_URL)
+            - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
+            - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
+            - --health-port={{ .Values.hostListener.ports.healthcheck }}
+            - --dependent-ops-max-per-chain={{ int .Values.commonConfig.dependentOpsMaxPerChain }}
+            - --log-level={{ .Values.hostListener.args.logLevel }}
+            - --initial-block-time={{ .Values.hostListener.args.initialBlockTime }}
+            - --reorg-maximum-duration-in-blocks={{ .Values.hostListener.args.reorgMaximumDurationInBlocks }}
+            - --service-name={{ .Values.hostListener.args.serviceName }}
+            - --catchup-finalization-in-blocks={{ .Values.hostListener.args.catchupFinalizationInBlocks }}
+            - --coprocessor-api-key=$(TENANT_API_KEY)
+            {{- with .Values.hostListener.extraArgs }}
+            {{- toYaml . | nindent 12 }}
             {{- end }}
-            {{- end }}
-            - --dependent-ops-max-per-chain={{ int .Values.dependentOps.maxPerChain }}
           env:
-{{ toYaml .Values.hostListener.env | nindent 12 }}
+            - name: DATABASE_URL
+              value: {{ .Values.commonConfig.databaseUrl | quote }}
+            - name: ETHEREUM_RPC_URL
+              value: {{ .Values.commonConfig.hostChainWsUrl | quote }}
+            - name: ACL_CONTRACT_ADDRESS
+              value: {{ required "commonConfig.aclContractAddress is required" .Values.commonConfig.aclContractAddress | quote }}
+            - name: FHEVM_EXECUTOR_CONTRACT_ADDRESS
+              value: {{ required "commonConfig.fhevmExecutorContractAddress is required" .Values.commonConfig.fhevmExecutorContractAddress | quote }}
+          {{- if default .Values.commonConfig.tracing.enabled .Values.hostListener.tracing.enabled }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.commonConfig.tracing.endpoint | quote }}
+            - name: OTEL_SERVICE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          {{- end }}
+          {{- with .Values.commonConfig.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.hostListener.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           ports:
             {{- range $portName, $portValue := .Values.hostListener.ports }}
             - name: {{ $portName }}
@@ -70,10 +104,10 @@ spec:
               memory: {{ .Values.hostListener.resources.limits.memory | default "512Mi" }}
           {{- if and .Values.hostListener.probes .Values.hostListener.probes.liveness.enabled }}
           livenessProbe:
-{{ toYaml (omit .Values.hostListener.probes.liveness "enabled") | nindent 12 }}
+            {{- toYaml (omit .Values.hostListener.probes.liveness "enabled") | nindent 12 }}
           {{- end }}
           {{- if and .Values.hostListener.probes .Values.hostListener.probes.readiness.enabled }}
           readinessProbe:
-{{ toYaml (omit .Values.hostListener.probes.readiness "enabled") | nindent 12 }}
+            {{- toYaml (omit .Values.hostListener.probes.readiness "enabled") | nindent 12 }}
           {{- end }}
 {{- end -}}