forked from ethpandaops/ethereum-helm-charts
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README.md.gotmpl
131 lines (103 loc) · 4.15 KB
/
README.md.gotmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
# Examples
## Beacon node on the Goerli testnet connected to Goerli via Infura
```yaml
mode: "beacon"
extraArgs:
- --network=goerli
- --ee-endpoint=<EXECUTION-ENDPOINT>
```
## Exposing the P2P service via NodePort
This will make your node accessible via the Internet using a service of type [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport).
When using `p2pNodePort.enabled` the exposed IP address on your ENR record will be the "External IP" of the node where the pod is running.
**Limitations:** You can only run a single replica per chart deployment when using `p2pNodePort.enabled=true`.If you need N nodes, simply deploy the chart N times.
```yaml
replicas: 1
p2pNodePort:
enabled: true
port: 31000
```
This would create 5 beacon nodes, exposed via Node Port services with the following configuration:
- Node 0: `30000`
- Node 1: `30001`
- Node 2: `30002`
- Node 3: `32000`
- Node 4: `30004`
## Validator node targeting a beacon node service
This example runs a validator on the goerli network that targets a pre-existing `teku-beacon`
service by injecting the all-accounts.keystore.json` file via a secret ENV var. You could use a similar
approach to fetch your secrets from some external secret management system (Hashicorp Vault, Azure key vault, etc.):
```yaml
replicas: 1
mode: validator
initContainers:
- name: init-keystore
image: bash:latest
imagePullPolicy: IfNotPresent
securityContext:
runAsNonRoot: false
runAsUser: 0
command:
- bash
- -c
- >
apk add jq;
export INDEX=$(echo $(hostname)| rev | cut -d'-' -f 1 | rev);
mkdir -p /data/validator/keys;
mkdir -p /data/validator/secrets;
KEY_COUNT="NODE_${INDEX}_KEY_COUNT";
for ((i = 0 ; i < "${!KEY_COUNT}" ; i++ ));
do
key="NODE_${INDEX}_KEY_${i}";
PUBKEY=$(echo ${!key} | jq '.pubkey' -j);
echo ${!key} > "/data/validator/keys/0x${PUBKEY}.json";
secret="NODE_${INDEX}_SECRET_${i}";
echo ${!secret} > "/data/validator/secrets/0x${PUBKEY}.txt";
echo "Added 0x${PUBKEY}";
done
volumeMounts:
- name: storage
mountPath: "/data"
readOnly:
env:
- name: NODE_0_KEY_COUNT
value: "1"
- name: NODE_0_SECRET_0
valueFrom:
secretKeyRef:
# Name of the secret that will be generated for you. This is normally `${RELEASE-name}-env`
# You might need to change this
name: teku-env
key: NODE_0_SECRET_0
- name: NODE_0_KEY_0
valueFrom:
secretKeyRef:
# See comment on the previous secretKeyRef
name: teku-env
key: NODE_0_KEY_0
extraArgs:
- --validator-keys=/data/validator/keys:/data/validator/secrets
- --beacon-node-api-endpoint=http://teku-beacon:5051
- --network=auto
livenessProbe:
tcpSocket: null
httpGet:
path: /metrics
port: 8008
readinessProbe:
tcpSocket: null
httpGet:
path: /metrics
port: 8008
secretEnv:
# Note: Never publish any of your production secrets online. These are just used for testing purposes.
NODE_0_SECRET_0: Mrc085nWbjTc1mhAPt_Ukj4m_vui2iUQWr6TwNRq_4k=
NODE_0_KEY_0: {"crypto":{"checksum":{"function":"sha256","message":"7bbdd8cda652d792dceae7477b911106296620c44a6c1d0356c6ff52daca2b5b","params":{}},"cipher":{"function":"aes-128-ctr","message":"689f5c97fad87665e2fe8acbc0aad91bdc85de7756ebdc496f1373bae01c02c8","params":{"iv":"7b8e1ed4480dee19cbb1528394ad2095"}},"kdf":{"function":"pbkdf2","message":"","params":{"c":262144,"dklen":32,"prf":"hmac-sha256","salt":"bb560dfbb56016e0630e4415b74d86ede9090c0545854ed7c0ad921047a39cef"}}},"path":"","pubkey":"8e48cbd28d25847a6b122a62179b6ac11ee7877a4c489799918308e6252b7f6601f969179ac7465e256c01815b71b6d1","uuid":"f13ece4f-d57e-4789-accc-ad50f0fef882","version":4}
```