ci: compress genesis file during deployment

During ramp-up to Testnet 52 (#2415), we opportunistically updated the
Discord allocations, and encountered #1783 again. While we need a
durable solution to that problem, we also want a quick fix, so we turn
to tried-and-true file compression: we gzip the generated json file,
base64 encode it to sideload it into the cluster, then decompress it as
part of the initContainer bootstrapping logic during node creation.
This is a "good enough" solution to buy time for the near future,
ensuring that we can continue to update Discord allocations when we
want. The compression ratio is approximately 3x, which gives us some
headroom.

deployments/charts/penumbra/.helmignore

@@ -30,6 +30,7 @@ pdcli/vals.json
 
 pdcli/.penumbra/testnet_data/node0/tendermint/data/
 pdcli/.penumbra/testnet_data/node0/tendermint/config/config.toml
+pdcli/.penumbra/testnet_data/node0/tendermint/config/genesis.json
 pdcli/.penumbra/testnet_data/node0/pd/
 
 pdcli/.penumbra/testnet_data/node1/tendermint/data/

deployments/charts/penumbra/templates/fn-deployments.yaml

@@ -58,8 +58,8 @@ spec:
           configMap:
             name: {{ include "penumbra.fullname" $ }}-genesis-config
             items:
-              - key: "genesis.json"
-                path: "genesis.json"
+              - key: "genesis.json.gz"
+                path: "genesis.json.gz"
       initContainers:
         - name: pvc-ownership
           image: busybox
@@ -118,7 +118,7 @@ spec:
               mkdir $MERGE_DIR
               config-merge -f toml $CONFIG_DIR/config.toml $OVERLAY_DIR/config.toml > $MERGE_DIR/config.toml
               mv $MERGE_DIR/* $CONFIG_DIR/
-              cp /genesis/genesis.json $CONFIG_DIR/
+              gzip -d -c /genesis/genesis.json.gz > $CONFIG_DIR/genesis.json
           securityContext:
             runAsUser: 1025
             runAsGroup: 1025

deployments/charts/penumbra/templates/genesis-config.yaml

@@ -5,5 +5,5 @@ metadata:
   labels:
     {{- include "penumbra.labels" . | nindent 4 }}
 binaryData:
-{{ $path := "pdcli/.penumbra/testnet_data/node0/tendermint/config/genesis.json" }}
-{{- "genesis.json" | indent 2 }}{{ print ": "}}{{ $.Files.Get $path | b64enc -}}
+{{ $path := "pdcli/genesis.json.gz" }}
+{{- "genesis.json.gz" | indent 2 }}{{ print ": "}}{{ $.Files.Get $path | b64enc -}}

deployments/charts/penumbra/templates/val-deployments.yaml

@@ -54,8 +54,8 @@ spec:
           configMap:
             name: {{ include "penumbra.fullname" $ }}-genesis-config
             items:
-              - key: "genesis.json"
-                path: "genesis.json"
+              - key: "genesis.json.gz"
+                path: "genesis.json.gz"
         - name: val-secrets
           secret:
             secretName: {{ include "penumbra.fullname" $ }}-val-secrets-{{$i}}
@@ -124,7 +124,7 @@ spec:
               mkdir $MERGE_DIR
               config-merge -f toml $CONFIG_DIR/config.toml $OVERLAY_DIR/config.toml > $MERGE_DIR/config.toml
               mv $MERGE_DIR/* $CONFIG_DIR/
-              cp /genesis/genesis.json $CONFIG_DIR/
+              gzip -d -c /genesis/genesis.json.gz > $CONFIG_DIR/genesis.json
               cp /val/priv_validator_key.json $CONFIG_DIR/
               cp /val/node_key.json $CONFIG_DIR/
               cp /val/validator_custody.json $CONFIG_DIR/

deployments/ci.sh

@@ -90,6 +90,11 @@ function create_genesis() {
         $preserve_chain_opt \
         --validators-input-file "${CONTAINERHOME}/vals.json" > /dev/null
 
+    # Compress the genesis file, otherwise the Helm manifest will exceed the 1MB
+    # secret limit. See GH1783.
+    gzip -c "${WORKDIR}/.penumbra/testnet_data/node0/tendermint/config/genesis.json" \
+        > "${WORKDIR}/genesis.json.gz"
+
     # Clear out persistent peers. Will peer after services are bootstrapped.
     # The Helm chart requires that these local flat files exist, but we cannot
     # populate them with external IPs just yet. Make sure they're present,