Skip to content

Commit

Permalink
Improve operator chart (#427)
Browse files Browse the repository at this point in the history 
* Improve operator chart

* Fix typo
  • Loading branch information
@antares-sw
antares-sw authored Aug 8, 2023
1 parent edd0199 commit 2676e35
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 172 deletions.
4 changes: 2 additions & 2 deletions charts/v3-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v2
name: v3-operator
version: 3.1.1
version: 3.1.2
appVersion: master
kubeVersion: "^1.14.0-0"
kubeVersion: "^1.20.0-0"
description: Operator hosted service for Stakewise V3 protocol.
type: application
keywords:
Expand Down
58 changes: 35 additions & 23 deletions charts/v3-operator/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,54 +1,66 @@
# Operator Helm Chart

Kubernetes Helm chart for deploying v3-operator.
This Helm chart allows you to deploy the StakeWise v3-operator into a Kubernetes cluster. The v3-operator plays a vital role in the StakeWise ecosystem, and this Helm chart aims to simplify its deployment.

## Introduction

Can be used to deploy StakeWise operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
The StakeWise v3-operator can be deployed on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. This document provides step-by-step instructions for installation, configuration, and management of the Helm chart.

## Prerequisites

- Kubernetes 1.19+
Before you start, make sure your environment meets the following prerequisites:

- Kubernetes 1.20 or higher
- Helm 3
- Operator data created as Kubernetes secrets

## Installing the Chart
## Create Kubernetes secrets with operator data

To install the chart with the release name `my-release`:
Kubernetes secrets are used to store sensitive information related to the v3-operator. Use the following commands to create the necessary secrets:

```bash
$ helm repo add stakewise https://charts.stakewise.io
$ kubectl create secret generic keystores --from-file=keystores/
$ helm install my-release --set settings.network="goerli" stakewise/v3-operator
kubectl create secret generic v3-operator-deposit-data --from-file=/home/username/.stakewise/0xeefffd4c23d2e8c845870e273861e7d60df49663/deposit_data.json
kubectl create secret generic v3-operator-keystores-data --from-file=/home/username/.stakewise/0xeefffd4c23d2e8c845870e273861e7d60df49663/keystores
kubectl create secret generic v3-operator-wallet-data --from-file=/home/username/.stakewise/0xeefffd4c23d2e8c845870e273861e7d60df49663/wallet
```

The command deploys v3-operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists various ways to override default configuration during deployment.

> **Tip**: List all releases using `helm list`
> Replace `0xeefffd4c23d2e8c845870e273861e7d60df49663` with the actual vault contract address
## Uninstalling the Chart
## Installing the Chart

To uninstall/delete the `my-release` deployment:
To install the chart with the release name `v3-operator`, execute the following commands:

```bash
$ helm delete my-release
helm repo add stakewise https://charts.stakewise.io
helm install v3-operator stakewise/v3-operator \
--set settings.network="goerli" \
--set settings.vault="0xeefffd4c23d2e8c845870e273861e7d60df49663" \
--set settings.executionEndpoints="https://node.example.com/execution" \
--set settings.consensusEndpoints="https://node.example.com/consensus" \
--set settings.depositDataSecretName: "v3-operator-deposit-data" \
--set settings.keystoresSecretName: " v3-operator-keystores-data" \
--set settings.walletSecretName: "v3-operator-wallet-data"
```

The command removes all the Kubernetes components associated with the chart and deletes the release.
This command deploys the v3-operator with default configuration. Refer to the configuration section to learn more about customizing your deployment.

## Configuration

See `values.yaml` for configuration notes. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
Alternatively, use a YAML file with specific values:

```bash
$ helm install my-release stakewise/v3-operator --set settings.network="XXXXXXXX" --set settings.executionEndpoint="XXXXXXXX" --set settings.consensusEndpoint="XXXXXXXX" --set settings.keystoresPassword="XXXXXXXX" --set settings.depositData="XXXXXXXX" --set settings.operatorPrivateKey="XXXXXXXX"
$ helm install v3-operator stakewise/v3-operator -f values.yaml
```

The above command specifies the web3 endpoint.
> **Tip**: You can override the default [values.yaml](values.yaml)
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
To uninstall/delete the `v3-operator` deployment, use:

```bash
$ helm install my-release stakewise/v3-operator -f values.yaml
$ helm delete v3-operator
```

> **Tip**: You can override the default [values.yaml](values.yaml)
This command removes all Kubernetes components associated with the chart and deletes the release.

19 changes: 1 addition & 18 deletions charts/v3-operator/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,13 @@ metadata:
{{- include "common.labels.standard" . | nindent 4 }}
data:
DATA_DIR: "/data"
DEPOSIT_DATA_FILE: "/data/{{ .Values.settings.vault }}/deposit/deposit_data.json"
DATABASE_DIR: "/data"
VERBOSE: {{ .Values.settings.verbose | quote }}
NETWORK: {{ .Values.settings.network | quote }}
VAULT: {{ .Values.settings.vault | quote }}
HARVEST_VAULT: {{ .Values.settings.harvestVault | quote }}
EXECUTION_ENDPOINTS: {{ .Values.settings.executionEndpoints | quote }}
CONSENSUS_ENDPOINTS: {{ .Values.settings.consensusEndpoints | quote }}
KEYSTORES_PASSWORD_FILE: {{ .Values.settings.keystoresPasswordFile | quote }}
KEYSTORES_DIR: {{ .Values.settings.keystoresDir | quote }}
DEPOSIT_DATA_FILE: {{ .Values.settings.depositDataFile | quote }}
DEPOSIT_DATA: {{ .Values.settings.depositData | quote }}
METRICS_HOST: {{ .Values.serviceMonitor.host | quote }}
MAX_FEE_PER_GAS_GWEI: {{ .Values.settings.maxFeePerGasGwei | quote }}
HOT_WALLET_FILE: {{ .Values.settings.hotWalletFile | quote }}
HOT_WALLET_PASSWORD_FILE: {{ .Values.settings.hotWalletPasswordFile | quote }}

{{- if .Values.settings.depositData }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-deposit-data
labels:
{{- include "common.labels.standard" . | nindent 4 }}
data:
deposit_data.json: {{ .Values.settings.depositData | quote }}
{{- end }}
28 changes: 0 additions & 28 deletions charts/v3-operator/templates/secret.yaml
View file

This file was deleted.

62 changes: 17 additions & 45 deletions charts/v3-operator/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ spec:
labels:
{{- include "common.labels.matchLabels" . | nindent 8 }}
annotations:
checksum/v3-operator-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
checksum/v3-operator-configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
{{- if .Values.tolerations }}
Expand Down Expand Up @@ -46,7 +45,12 @@ spec:
imagePullPolicy: {{ .Values.initImage.pullPolicy }}
securityContext:
runAsUser: 0
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsUser }}", "/data"]
command:
- sh
- -c
- >
mkdir /data/{{ .Values.settings.vault }} || true;
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsUser }} /data
volumeMounts:
- name: data
mountPath: /data
Expand All @@ -71,60 +75,28 @@ spec:
containerPort: {{ .Values.service.ports.http }}
protocol: TCP
volumeMounts:
{{- if .Values.settings.depositData }}
- name: deposit-data
mountPath: /deposit
readOnly: true
{{- end }}
{{- if .Values.settings.keystoresPassword }}
- name: keystores-password
mountPath: /password
readOnly: true
{{- end }}
{{- if and .Values.settings.hotWallet .Values.settings.hotWalletPassword }}
- name: hot-wallet
mountPath: /wallet
readOnly: true
{{- end }}
{{- with .Values.additionalMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
mountPath: /data/{{ .Values.settings.vault }}/deposit
- name: keystores
mountPath: /data/{{ .Values.settings.vault }}/keystores
- name: wallet
mountPath: /data/{{ .Values.settings.vault }}/wallet
- name: data
mountPath: /data
{{- with .Values.resources }}
resources:
{{ toYaml . | nindent 12 | trim }}
{{- end }}
volumes:
{{- with .Values.additionalVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.settings.depositData }}
- name: deposit-data
configMap:
name: {{ include "common.names.fullname" . }}-deposit-data
items:
- key: deposit_data.json
path: deposit_data.json
{{- end }}
{{- if .Values.settings.keystoresPassword }}
- name: keystores-password
secret:
secretName: {{ include "common.names.fullname" . }}-keystores-password
items:
- key: password.txt
path: password.txt
{{- end }}
{{- if and .Values.settings.hotWallet .Values.settings.hotWalletPassword }}
- name: hot-wallet
secretName: {{ .Values.settings.depositDataSecretName }}
- name: keystores
secret:
secretName: {{ .Values.settings.keystoresSecretName }}
- name: wallet
secret:
secretName: {{ include "common.names.fullname" . }}-hot-wallet
items:
- key: wallet.json
path: wallet.json
- key: password.txt
path: password.txt
{{- end }}
secretName: {{ .Values.settings.walletSecretName }}
volumeClaimTemplates:
- metadata:
name: data
Expand Down
61 changes: 5 additions & 56 deletions charts/v3-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ serviceAccount:
image:
registry: "europe-west4-docker.pkg.dev"
repository: "stakewiselabs/public/v3-operator"
tag: "master"
tag: "v0.2.5"
pullPolicy: IfNotPresent
pullSecrets: [ ]

Expand All @@ -83,6 +83,7 @@ settings:
network: "goerli"

## Address of the Vault to register validators for
## NOTE: MUST BE ON LOWERCASE
vault: ""

## Whether to submit vault harvest transactions. Default is false.
Expand All @@ -96,61 +97,9 @@ settings:
# Comma separated list of endpoints for the consensus node
consensusEndpoints: ""

# Absolute path to the password file for decrypting keystores
keystoresPasswordFile: "/password/password.txt"
# Password for keystores
# Optional if used from secrets.
keystoresPassword: ""

# Absolute path to the directory with all the encrypted keystores
keystoresDir: "/keystores"

# Path to the deposit_data.json file
depositDataFile: "/deposit/deposit_data.json"

# Optional if used from configmap.
# Example:
# depositData: |
# [{"pubkey": "8f1bfd7272c47d70483e8bae70a8ebf316b8ae36f62e2b30e2a7c10bc9c8a307be86f6724cbd5f8ccca0efa48753e59a", "withdrawal_credentials":...
depositData: ""

# Path to the hot wallet keystore
hotWalletFile: "/wallet/wallet.json"

# Optional if used from configmap.
# Example:
# hotWallet: |
# {"address": "ce9...
hotWallet: ""

# Path to the hot wallet password file
hotWalletPasswordFile: "/wallet/password.txt"

# Password for the hot wallet
# Optional if used from secrets.
hotWalletPassword: ""

# Additonal volumes and mounts used to attach keystores from existing secret
# Example:
# additionalVolumes:
# - name: keystores
# secret:
# secretName: keystores
# - name: deposit-data
# configmap:
# name: deposit-data
# items:
# - key: deposit_data.json
# path: deposit_data.json
# additionalMounts:
# - name: keystores
# mountPath: /keystores
# - name: keystores-password
# mountPath: /keystores-password
# - name: deposit-data
# mountPath: /deposit-data
additionalVolumes: []
additionalMounts: []
depositDataSecretName: ""
keystoresSecretName: ""
walletSecretName: ""

## If false, data ownership will not be reset at startup
## This allows the geth node to be run with an arbitrary user
Expand Down

0 comments on commit 2676e35

Please sign in to comment.