zama-ai
diff --git a/‎mainnet/helm-values/gateway-node.yaml‎
Lines changed: 104 additions & 0 deletions b/‎mainnet/helm-values/gateway-node.yaml‎
Lines changed: 104 additions & 0 deletions
diff --git a/‎mainnet/helm-values/kms-connector.yaml‎
Lines changed: 129 additions & 0 deletions b/‎mainnet/helm-values/kms-connector.yaml‎
Lines changed: 129 additions & 0 deletions
diff --git a/‎helm-values/kms-core.yaml‎ ‎mainnet/helm-values/kms-core.yaml‎helm-values/kms-core.yaml renamed to mainnet/helm-values/kms-core.yaml
Lines changed: 5 additions & 6 deletions b/‎helm-values/kms-core.yaml‎ ‎mainnet/helm-values/kms-core.yaml‎helm-values/kms-core.yaml renamed to mainnet/helm-values/kms-core.yaml
Lines changed: 5 additions & 6 deletions
diff --git a/‎helmfile.yaml‎ ‎mainnet/helmfile.yaml‎helmfile.yaml renamed to mainnet/helmfile.yaml
Lines changed: 2 additions & 2 deletions b/‎helmfile.yaml‎ ‎mainnet/helmfile.yaml‎helmfile.yaml renamed to mainnet/helmfile.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎helm-values/gateway-node.yaml‎ ‎testnet/helm-values/gateway-node.yaml‎helm-values/gateway-node.yaml renamed to testnet/helm-values/gateway-node.yaml b/‎helm-values/gateway-node.yaml‎ ‎testnet/helm-values/gateway-node.yaml‎helm-values/gateway-node.yaml renamed to testnet/helm-values/gateway-node.yaml
diff --git a/‎helm-values/kms-connector.yaml‎ ‎testnet/helm-values/kms-connector.yaml‎helm-values/kms-connector.yaml renamed to testnet/helm-values/kms-connector.yaml
Lines changed: 25 additions & 16 deletions b/‎helm-values/kms-connector.yaml‎ ‎testnet/helm-values/kms-connector.yaml‎helm-values/kms-connector.yaml renamed to testnet/helm-values/kms-connector.yaml
Lines changed: 25 additions & 16 deletions
@@ -0,0 +1,104 @@
+image:
+  repository: offchainlabs/nitro-node
+  tag: v3.7.6-c0fe95e
+
+# https://docs.arbitrum.io/run-arbitrum-node/run-full-node
+customArgs:
+  - "http.addr=0.0.0.0"
+  - "http.corsdomain=*"
+  - "http.vhosts=*"
+  - "http.rpcprefix=/"
+  - "ws.addr=0.0.0.0"
+  - "ws.origins=*"
+  - "ws.rpcprefix=/"
+  - "http.api=net,web3,eth,debug,txpool"
+
+persistence:
+  enabled: true
+  size: 250Gi
+  storageClassName: gp3
+
+extraEnv:
+  # Required to verify the rollup data availability on parent chain
+  # A paid arbitrum RPC provider such as Quicknode or Alchemy is suggested
+  # Should be stored in a secret
+  - name: NITRO_PARENT-CHAIN_CONNECTION_URL
+    valueFrom:
+      secretKeyRef:
+        name: arbitrum
+        key: arbitrum-rpc-url
+  #  # Required to forward transactions to the sequencer (get it from zama)
+  - name: NITRO_EXECUTION_FORWARDING-TARGET
+    valueFrom:
+      secretKeyRef:
+        name: conduit
+        key: conduit-rpc-http-url
+
+# https://docs.arbitrum.io/run-arbitrum-node/run-full-node#minimum-hardware-configuration
+resources:
+  requests:
+    cpu: 2
+    memory: 8Gi
+  limits:
+    cpu: 4
+    memory: 16Gi
+
+# It's recommended to run the full-node on a dedicated node
+# by specifying a nodeSelector and tolerations
+#nodeSelector:
+#  karpenter.sh/nodepool: custom-node-pool
+
+#tolerations:
+#  - key: karpenter.sh/nodepool
+#    effect: NoSchedule
+#    operator: Equal
+#    value: custom-node-pool
+
+configmap:
+  enabled: true
+  data:
+    http:
+      rpcprefix: ""
+    parent-chain:
+      id: 42161
+      connection:
+      # Overridden by env var for authenticated RPC, see extraEnv section
+      # Public RPCs: https://chainlist.org/?chain=42161&search=arbitrum
+      # However, they will usually return 429 Too Many Requests
+      #url: "https://arb1.arbitrum.io/rpc"
+    chain:
+      id: 261131
+      name: conduit-orbit-deployer
+      # Note: {"parent-chain-is-arbitrum": true} added to JSON
+      info-json: '[{"parent-chain-is-arbitrum": true, "chain-id":261131,"parent-chain-id":42161,"chain-name":"conduit-orbit-deployer","chain-config":{"chainId":261131,"homesteadBlock":0,"daoForkBlock":null,"daoForkSupport":true,"eip150Block":0,"eip150Hash":"0x0000000000000000000000000000000000000000000000000000000000000000","eip155Block":0,"eip158Block":0,"byzantiumBlock":0,"constantinopleBlock":0,"petersburgBlock":0,"istanbulBlock":0,"muirGlacierBlock":0,"berlinBlock":0,"londonBlock":0,"clique":{"period":0,"epoch":0},"arbitrum":{"EnableArbOS":true,"AllowDebugPrecompiles":false,"DataAvailabilityCommittee":true,"InitialArbOSVersion":40,"InitialChainOwner":"0xe27Bf67F0D2169B757267Ae5a1A27f91FD6660b8","GenesisBlockNum":0}},"rollup":{"bridge":"0xB95b70f48C9F45293d1EE6670d0C5D8D4F045e46","inbox":"0x893a8A0d0FC49cEA7d27dac7E5Ab760639A041C7","sequencer-inbox":"0xAe7B43ec6f8d0EccebB7879Ddc42dab57b75654D","rollup":"0xdC10dD8E1Ff27563c1721f0B0aBc55d3e8e100d4","validator-utils":"0x08Ca9925b88c54100568c8d41eFAF8Fecc695d3a","validator-wallet-creator":"0x27a722f5Ba1E7119a48A990eE5C262413249eB2B","deployed-at":391581390}}]'
+    execution:
+      # Overridden by env var for authenticated RPC
+      #forwarding-target: "https://rpc-zama-gateway-mainnet.t.conduit.xyz"
+      parent-chain-reader:
+        poll-timeout: 10s
+        poll-interval: 15s
+      forwarder:
+        update-interval: 100ms
+    node:
+      data-availability:
+        enable: true
+        sequencer-inbox-address: "0xAe7B43ec6f8d0EccebB7879Ddc42dab57b75654D"
+        rest-aggregator:
+          enable: true
+          urls:
+            - "https://das-zama-gateway-mainnet.t.conduit.xyz"
+      # Required to pull unfinalized blocks from the sequencer
+      feed:
+        input:
+          url: "wss://relay-zama-gateway-mainnet.t.conduit.xyz"
+      staker:
+        log-query-batch-size: 5000
+    metrics: true
+
+readinessProbe:
+  enabled: true
+  tcpSocket:
+    port: http-rpc
+
+startupProbe:
+  enabled: false
@@ -0,0 +1,129 @@
+commonConfig:
+  databaseUrl: "postgresql://$(DATABASE_ENDPOINT)/kmsconnector"
+  # Cannot be used for tx-sender until full node supports eth_sendRawTransactionSync
+  # gatewayUrl: "http://gateway-node:8547"
+  gatewayUrl: "$(CONDUIT_RPC_HTTP_URL)"
+  chainId: "261131"
+  gatewayContractAddresses:
+    decryption: "TODO_MAINNET"
+    gatewayConfig: "TODO_MAINNET"
+    kmsGeneration: "TODO_MAINNET"
+  env:
+    - name: CONDUIT_RPC_HTTP_URL
+      valueFrom:
+        secretKeyRef:
+          name: conduit
+          key: conduit-rpc-http-url
+    - name: DATABASE_ENDPOINT
+      valueFrom:
+        secretKeyRef:
+          name: connector-database
+          key: endpoint
+    - name: PGUSER
+      valueFrom:
+        secretKeyRef:
+          name: connector-database
+          key: username
+    - name: PGPASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: connector-database
+          key: password
+
+kmsConnectorDbMigration:
+  enabled: true
+  image:
+    name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/db-migration
+    tag: v0.9.11
+  env: []
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: "node.kubernetes.io/enclave-enabled"
+                operator: In
+                values:
+                  - "true"
+  tolerations:
+    - key: "node.kubernetes.io/enclave-enabled"
+      effect: NoSchedule
+      operator: Equal
+      value: "true"
+
+kmsConnectorGwListener:
+  enabled: true
+  nameOverride: kms-connector-gw-listener
+  image:
+    name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/gw-listener
+    tag: v0.9.11
+  # Set 2 replicas for more resiliency and proper rolling upgrades
+  replicas: 2
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: "node.kubernetes.io/enclave-enabled"
+                operator: In
+                values:
+                  - "true"
+  tolerations:
+    - key: "node.kubernetes.io/enclave-enabled"
+      effect: NoSchedule
+      operator: Equal
+      value: "true"
+
+kmsConnectorKmsWorker:
+  enabled: true
+  nameOverride: kms-connector-kms-worker
+  image:
+    name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/kms-worker
+    tag: v0.9.11
+  replicas: 1
+  config:
+    kmsCoreEndpoints: "http://kms-core:50100"
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: "node.kubernetes.io/enclave-enabled"
+                operator: In
+                values:
+                  - "true"
+  tolerations:
+    - key: "node.kubernetes.io/enclave-enabled"
+      effect: NoSchedule
+      operator: Equal
+      value: "true"
+
+kmsConnectorTxSender:
+  enabled: true
+  nameOverride: kms-connector-tx-sender
+  image:
+    name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/tx-sender
+    tag: v0.9.11
+  replicas: 1
+  serviceAccountName: mpc-party-connector
+  wallet:
+    # Use the kms-connector tx-sender KMS key as ethereum wallet
+    awsKms:
+      enabled: true
+      configmap:
+        name: mpc-party
+        key: KMS_CONNECTOR__TX_SENDER_AWS_KMS_KEY_ID
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: "node.kubernetes.io/enclave-enabled"
+                operator: In
+                values:
+                  - "true"
+  tolerations:
+    - key: "node.kubernetes.io/enclave-enabled"
+      effect: NoSchedule
+      operator: Equal
+      value: "true"
@@ -1,3 +1,6 @@
+kmsPeers:
+  id: 1
+
 kmsGenCertAndKeys:
   nameOverride: kms-gen-cert-and-keys
   enabled: true
@@ -7,7 +10,7 @@ kmsCore:
   nameOverride: kms-core
   image:
     name: hub.zama.org/zama-protocol/zama-ai/kms/core-service-enclave
-    tag: v0.12.1
+    tag: v0.12.4
   serviceAccountName: mpc-party
   envFrom:
     configmap:
@@ -58,10 +61,6 @@ kmsCore:
         port: 50001
   nitroEnclave:
     enabled: true
-    # Enclave CPU count, must be a multiple of 2 since whole cores (not hyperthreads) are sliced off and dedicated to the enclave
-    cpuCount: 72
-    # Enclave Memory in GiB
-    memoryGiB: 120
   aws:
     region: eu-west-1
   affinity:
@@ -102,7 +101,7 @@ kmsCoreClient:
   nameOverride: kms-client
   image:
     name: hub.zama.org/zama-protocol/zama-ai/kms/core-client
-    tag: v0.12.1
+    tag: v0.12.4
   envFrom:
     configmap:
       name: mpc-party
 
@@ -19,7 +19,7 @@ releases:
   - name: kms-core
     namespace: kms-decentralized
     chart: zama-kms/kms-core
-    version: 1.4.4
+    version: 1.4.10
     values:
       - helm-values/kms-core.yaml
   - name: gateway-node
@@ -31,6 +31,6 @@ releases:
   - name: kms-connector
     namespace: kms-decentralized
     chart: zama-fhevm/kms-connector
-    version: 1.1.0
+    version: 1.2.0
     values:
       - helm-values/kms-connector.yaml
@@ -1,6 +1,8 @@
 commonConfig:
   databaseUrl: "postgresql://$(DATABASE_ENDPOINT)/kmsconnector"
-  gatewayUrl: "http://gateway-node:8547"
+  gatewayUrl: "$(CONDUIT_RPC_HTTP_URL)"
+  # Cannot be used for tx-sender until full node supports eth_sendRawTransactionSync
+  #gatewayUrl: "http://gateway-node:8547"
   chainId: "10901"
   gatewayContractAddresses:
     decryption: "0x5D8BD78e2ea6bbE41f26dFe9fdaEAa349e077478"
@@ -22,16 +24,17 @@ commonConfig:
         secretKeyRef:
           name: connector-database
           key: password
-    - name: KMS_CONNECTOR_DECRYPTION_POLLING_MS
-      value: "500"
-    - name: KMS_CONNECTOR_GAS_MULTIPLIER_PERCENT
-      value: "300"
+    - name: CONDUIT_RPC_HTTP_URL
+      valueFrom:
+        secretKeyRef:
+          name: conduit
+          key: conduit-rpc-http-url
 
 kmsConnectorDbMigration:
   enabled: true
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/db-migration
-    tag: v0.9.3
+    tag: v0.9.11
   env: []
   affinity:
     nodeAffinity:
@@ -53,8 +56,11 @@ kmsConnectorGwListener:
   nameOverride: kms-connector-gw-listener
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/gw-listener
-    tag: v0.9.3
-  replicas: 1
+    tag: v0.9.11
+  replicas: 2
+  config:
+    # Use full node
+    gatewayUrl: "http://gateway-node:8547"
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -75,7 +81,7 @@ kmsConnectorKmsWorker:
   nameOverride: kms-connector-kms-worker
   image:
     name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/kms-worker
-    tag: v0.9.3
+    tag: v0.9.11
   replicas: 1
   config:
     kmsCoreEndpoints: "http://kms-core:50100"
@@ -98,13 +104,19 @@ kmsConnectorTxSender:
   enabled: true
   nameOverride: kms-connector-tx-sender
   image:
-    name: hub.zama.org/zama-protocol/zama-ai/fhevm/kms-connector/tx-sender
+    name: hub.zama.ai/zama-protocol/zama-ai/fhevm/kms-connector/tx-sender
     tag: v0.9.3
   replicas: 1
   wallet:
-    secret:
-      name: connector-wallet-keys
-      key: kms_txsender.private_key
+    awsKms:
+      enabled: true
+      configmap:
+        name: mpc-party
+        key: KMS_CONNECTOR__TX_SENDER_AWS_KMS_KEY_ID
+    # The secret can be removed after migrating to AWS KMS
+    #secret:
+    #  name: connector-wallet-keys
+    #  key: kms_txsender_1.private_key
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -119,6 +131,3 @@ kmsConnectorTxSender:
       effect: NoSchedule
       operator: Equal
       value: "true"
-
-#tracing:
-#  endpoint: "http://observability-alloy.observability.svc.cluster.local:4317"