Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(sequencer, charts)!: use uds for abci #1877

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

joroshiba
Copy link
Member

@joroshiba joroshiba commented Dec 13, 2024

Summary

Add support to the sequencer to support running the ABCI connection over UDS instead of TCP only, updates to chart to use the UDS connection by default.

Background

Local testing found up to a 25x speed up using UDS instead of TCP loopback for ABCI communication. We can continue to offer the option of using TCP connections, and support the faster connection within our charts by default.

Changes

  • mild refactor of sequencer startup to move abci server start to it's own function, mirroring grpc server setup
  • replace old listen_addr config with new abci_listener_url config which is used to inform sequencer how to listen

Testing

Synced a full node with mainnet, and tested with ABCI replay.

Changelogs

Changelogs updated.

Breaking Changelist

  • Removed ASTRIA_SEQUENCER_LISTEN_ADDR config variable, replaced with ASTRIA_SEQUENCER_ABCI_LISTENER_URL

Related Issues

Link any issues that are related, prefer full GitHub links.

closes

@github-actions github-actions bot added sequencer pertaining to the astria-sequencer crate cd labels Dec 13, 2024
@joroshiba joroshiba force-pushed the joroshiba/uds-for-abci branch 3 times, most recently from 16d9bb4 to e154694 Compare December 16, 2024 22:31
@joroshiba joroshiba force-pushed the joroshiba/uds-for-abci branch from 3b54ffc to 9a1a550 Compare December 16, 2024 22:36
@joroshiba joroshiba changed the title feat(sequencer): use uds for abci feat(sequencer, charts)!: use uds for abci Dec 16, 2024
Comment on lines 19 to 23
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
supplementalGroups: [4000]
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WafflesVonMaple feel a bit out of my depth on these settings. I'm also certain there is more configuration going on here than necessary, but these setting work.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

runAsUser: # hardcode user to non-root if not set in dockerfile
runAsGroup: # hardcode group to non root if not set in Dockerfile
runAsNonRoot: # hardcode to non-root. Redundant if dockerfile is set to USER 1000

General safety dictates runAsUser/Group are not explicit replacement for runAsNonRoot as the ID must exist in the container for it to run.

runAsNonRoot also limits access to host resources that might mistakenly get exposed to the container

fsGroup/GroupChangePolicy defines group which kube will change perm of all files in volumes mounted. Caution to be exercised as changing group ownership of an entire volume can cause startup delay or other issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cd sequencer pertaining to the astria-sequencer crate
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants