Update from astriaorg/astria@bf6d386

astriaorg · Apr 23, 2024 · 8d8e1dd · 8d8e1dd
1 parent 0b6ea54
commit 8d8e1dd
Show file tree

Hide file tree

Showing 20 changed files with 232 additions and 148 deletions.
diff --git a/charts/evm-rollup/Chart.yaml b/charts/evm-rollup/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 0.12.3
+version: 0.13.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/evm-rollup/files/genesis/geth-genesis.json b/charts/evm-rollup/files/genesis/geth-genesis.json
@@ -11,6 +11,18 @@
         "istanbulBlock": 0,
         "berlinBlock": 0,
         "londonBlock": 0,
+        {{- if .Values.config.rollup.genesis.shanghaiTime}}
+        "shanghaiTime": {{ toString .Values.config.rollup.genesis.shanghaiTime | replace "\"" "" }},
+        {{- end }}
+        {{- if .Values.config.rollup.genesis.cancunTime }}
+        "cancunTime": {{ toString .Values.config.rollup.genesis.cancunTime | replace "\"" "" }},
+        {{- end }}
+        {{- if .Values.config.rollup.genesis.cancunTime }}
+        "pragueTime": {{ toString .Values.config.rollup.genesis.pragueTime | replace "\"" "" }},
+        {{- end }}
+        {{- if .Values.config.rollup.genesis.cancunTime }}
+        "verkleTime": {{ toString .Values.config.rollup.genesis.verkleTime | replace "\"" "" }},
+        {{- end }}
         "terminalTotalDifficulty": 0,
         "terminalTotalDifficultyPassed": true,
         "ethash": {},
@@ -28,8 +40,8 @@
         {{- else }}
         {{- end }}
     },
-    "difficulty": "10000000",
-    "gasLimit": "8000000",
+    "difficulty": "0",
+    "gasLimit": "{{ .Values.config.rollup.genesis.gasLimit }}",
     "alloc": {
     {{- range $index, $value := .Values.config.rollup.genesis.alloc }}
         {{- if $index }},{{- end }}

diff --git a/charts/evm-rollup/files/scripts/init-geth.sh b/charts/evm-rollup/files/scripts/init-geth.sh
@@ -2,10 +2,18 @@
 
 set -o errexit -o nounset
 
-if [ -z "$(ls -A $data_dir/)" ]; then
+if [ ! -d "$data_dir/" ]; then
   echo "Initializing geth db..."
 
+  cp /scripts/geth-genesis.json $home_dir/genesis.json
+
   exec geth --datadir "$data_dir/" --db.engine {{ .Values.config.rollup.dbEngine }} \
     {{ if not .Values.config.rollup.archiveNode }}--state.scheme=path {{- end }} \
-    init /scripts/geth-genesis.json
+    init $home_dir/genesis.json
+elif ! cmp -s "/scripts/geth-genesis.json" "$home_dir/genesis.json"; then
+  echo "Geth DB already initialized, but genesis file upgraded..."
+
+  cp /scripts/geth-genesis.json $home_dir/genesis.json
+
+  exec geth --datadir "$data_dir/" init $home_dir/genesis.json
 fi
diff --git a/charts/evm-rollup/values.yaml b/charts/evm-rollup/values.yaml
@@ -55,6 +55,14 @@ config:
     maxSubmitInterval: 2000
     # Configuration specific to EVM rollup genesis
     genesis:
+      # Configuration of Eth forks, setting to 0 will enable form height,
+      # left as is these forks will not activate.
+      shanghaiTime: ""
+      cancunTime: ""
+      pragueTime: ""
+      verkleTime: ""
+      # Configure the gas Limit
+      gasLimit: "8000000"
       # Set to a hex set of bytes if your rollup has manually configured extra data
       extraDataOverride: ""
       # If set to true the genesis block will contain extra data
@@ -63,11 +71,20 @@ config:
       # the astria canonical bridge. Recommend removing alloc values if so.
       bridgeAddress: ""
       bridgeAllowedAssetDenom: nria
+      # Can configure the genesis allocs for the chain
       alloc:
         - address: "0xaC21B97d35Bf75A7dAb16f35b111a50e78A72F30"
           value:
             # The balance must be a string due to size
             balance: "1000000000000000000000000000"
+        # Deploying the deterministic deploy proxy contract in genesis
+        # Forge and other tools use this for their CREATE2 usage, but
+        # can only be included through the genesis block after EIP-155
+        # https://github.com/Arachnid/deterministic-deployment-proxy
+        - address: "0x4e59b44847b379578588920cA78FbF26c0B4956C"
+          value:
+            balance: "0"
+            data: "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe03601600081602082378035828234f58015156039578182fd5b8082525050506014600cf3"
     metrics:
       # set to enable prometheus metrics
       enabled: false
@@ -269,25 +286,22 @@ ingress:
 resources:
   conductor:
     requests:
-      cpu: 0.01
-      memory: 1Mi
-    limits:
       cpu: 0.1
       memory: 20Mi
+    limits:
+      cpu: 1
+      memory: 200Mi
   composer:
     requests:
-      cpu: 0.01
-      memory: 1Mi
-    limits:
       cpu: 0.1
       memory: 20Mi
+    limits:
+      cpu: 1
+      memory: 200Mi
   geth:
     requests:
-      cpu: 0.25
-      memory: 256Mi
-    limits:
-      cpu: 2
-      memory: 1Gi
+      cpu: 4
+      memory: 16Gi
 
 storage:
   enabled: false

diff --git a/charts/hermes/Chart.yaml b/charts/hermes/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/hermes/templates/secretproviderclass.yaml b/charts/hermes/templates/secretproviderclass.yaml
@@ -1,21 +1,14 @@
 {{- if .Values.secretProvider.enabled }}
   {{- range $chainId, $chain := .Values.chains }}
+  {{- $_ := set $ "key" $chain.key }}
 ---
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
   name: {{ include "hermes.fullname" $ }}-{{ $chainId }}-secrets-store
 spec:
-  provider: {{ .Values.secretProvider.provider }}
-  secretObjects:
-  - secretName: {{ include "hermes.fullname" $ }}-{{ $chainId }}-key
-    type: Opaque
-    data:
-    - objectName: {{ $chain.key.name }}.json
-      key: {{ $chain.key.secret.key }}
+  provider: {{ $.Values.secretProvider.provider }}
   parameters:
-    secrets: |
-      - resourceName: {{ $chain.key.secret.resourceName }}
-        fileName: "{{ $chain.key.secret.filename }}"
+    {{- tpl $.Values.secretProvider.parametersTemplate $ | nindent 4 }}
   {{- end }}
 {{- end }}
diff --git a/charts/hermes/values.yaml b/charts/hermes/values.yaml
@@ -68,15 +68,13 @@ chains:
   #       address_type: Astria
   #     secret:
   #       resourceName: projects/$PROJECT_ID/secrets/astria-ibc-relay-key/versions/latest
-  #       filename: astria-wallet.json
-  #       key: token
   #   eventSource:
   #     mode: pull
   #     interval: 1s
   #   gasPrice: 1
   #   gasDenom: nria
   #   trustThreshold: 2/3
-
+  #
   # celestia-local-0:
   #   type: CosmosSdk
   #   compatMode: '0.34'
@@ -118,18 +116,34 @@ chains:
   #       account: celestia1y7ndhu6fs06c7qkwgr9anf0uc27st27uwdj6vq
   #     secret:
   #       resourceName: projects/$PROJECT_ID/secrets/celestia-ibc-relay-key/versions/latest
-  #       filename: celestia.json
-  #       key: token
   #   gasPrice: 0.12
   #   denom: 'utia'
   #   gasMultiplier: 1.1
   #   clockDrift: 20s
   #   maxBlockTime: 10s
   #   trustThreshold: 2/3
 
+# When deploying in a production environment should use a secret provider
+# This is configured for use with GCP, need to set own resource names
+# and keys
 secretProvider:
-  enabled: false
+  enabled: true
   provider: gcp
+  # May need to update this template to match the secret provider
+  # it will be passed an object of the form:
+  # { key: {
+  #     name: <filename>,
+  #     secret: { resourceName: <resourceName> }
+  #   }
+  # }
+  #
+  # Can update set the source of each chain key at chain.<chain>.key.secret to
+  # match the secret provider's requirements. The default works for GCP.
+  # The secret file must be mapped to the <key.name>.json.
+  parametersTemplate: |-
+    secrets: |
+      - resourceName: {{ .key.secret.resourceName }}
+        fileName: "{{ .key.name }}.json"
 
 ports:
   rest: 3000

diff --git a/charts/sequencer-faucet/Chart.yaml b/charts/sequencer-faucet/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.1
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/sequencer-faucet/templates/configmap.yaml b/charts/sequencer-faucet/templates/configmap.yaml
@@ -9,6 +9,6 @@ data:
   SEQUENCER_FAUCET_SEQUENCER_RPC_URL: "{{ .Values.config.sequencerRpcUrl}}"
   SEQUENCER_FAUCET_AMOUNT: "{{ .Values.config.amount }}"
   {{- if not .Values.secretProvider.enabled }}
-  SEQUENCER_FAUCET_PRIVATE_KEY: "{{ .Values.config.fundingPrivateKey }}"
+  SEQUENCER_FAUCET_PRIVATE_KEY: "{{ .Values.config.fundingPrivateKey.content }}"
   {{- end }}
 ---
diff --git a/charts/sequencer-faucet/templates/deployment.yaml b/charts/sequencer-faucet/templates/deployment.yaml
@@ -35,7 +35,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: sequencer-private-key-faucet
-                  key: {{ .Values.secretProvider.secrets.sequencerPrivateKey.key }}
+                  key: {{ .Values.config.fundingPrivateKey.secret.key }}
           {{- end }}
           volumeMounts:
           {{- if .Values.secretProvider.enabled }}

diff --git a/charts/sequencer-faucet/templates/secretproviderclass.yaml b/charts/sequencer-faucet/templates/secretproviderclass.yaml
@@ -1,21 +1,18 @@
 {{- if .Values.secretProvider.enabled }}
-  {{- range $key, $value := .Values.secretProvider.secrets }}
 ---
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
-  name: {{ kebabcase $key }}-faucet
+  name: sequencer-private-key-faucet
 spec:
   provider: gcp
   secretObjects:
-  - secretName: {{ kebabcase $key }}-faucet
+  - secretName: sequencer-private-key-faucet
     type: Opaque
     data:
-    - objectName: {{ $value.filename }}
-      key: {{ $value.key }}
+    - objectName: {{ .Values.config.fundingPrivateKey.secret.filename }}
+      key: {{ .Values.config.fundingPrivateKey.secret.key }}
   parameters:
-    secrets: |
-      - resourceName: {{ $value.resourceName }}
-        fileName: "{{ $value.filename }}"
-  {{- end }}
+    {{- $_ := set $ "key" .Values.config.fundingPrivateKey.secret }}
+    {{- tpl $.Values.secretProvider.parametersTemplate $ | nindent 4 }}
 {{- end }}
diff --git a/charts/sequencer-faucet/values.yaml b/charts/sequencer-faucet/values.yaml
@@ -10,7 +10,12 @@ config:
   # it corresponds with the following account:
   #     address: 00d75b270542084a54fcf0d0f6eab0402982d156
   #     pubKey: db617d4ec61726efc4d993488931b37f7774bf04ad916b8f974d33c9241ee762
-  fundingPrivateKey: 934ab488f9e1900f6a08f50605ce1409ca9d95ebdc400dafc2e8a4306419fd52
+  fundingPrivateKey:
+    devContent: 934ab488f9e1900f6a08f50605ce1409ca9d95ebdc400dafc2e8a4306419fd52
+    secret:
+      filename: sequencerPrivateKey.txt
+      resourceName: "projects/$PROJECT_ID/secrets/sequencerPrivateKey/versions/latest"
+      key: token
   # The amount of token to give per request
   amount: 1800
 
@@ -21,14 +26,25 @@ images:
 # This is configured for use with GCP, need to set own resource names
 # and keys
 secretProvider:
-  enabled: false
+  enabled: true
   provider: gcp
-  secrets:
-    # Used in place of config.fundingPrivateKey value when provider enabled
-    sequencerPrivateKey:
-      filename: sequencerPrivateKey.txt
-      resourceName: "projects/$PROJECT_ID/secrets/sequencerPrivateKey/versions/latest"
-      key: token
+  # May need to update this template to match the secret provider
+  # it will be passed an object containing:
+  # {
+  #   key: {
+  #     resourceName: <resourceName>,
+  #     filename: <filename>,
+  #     key: <key>
+  #   }
+  # }
+  #
+  # Can update set the source of each chain key at chain.<chain>.key.secret to
+  # match the secret provider's requirements. The default works for GCP.
+  # The secret file must be mapped to the <key.filename>
+  parametersTemplate: |-
+    secrets: |
+      - resourceName: {{ .key.resourceName }}
+        fileName: "{{ .key.filename }}"
 
 ports:
   faucet: 8080

diff --git a/charts/sequencer/Chart.yaml b/charts/sequencer/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.11.7
+version: 0.12.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to