diff --git a/charts/auctioneer/Chart.yaml b/charts/auctioneer/Chart.yaml new file mode 100644 index 0000000000..6517cecf06 --- /dev/null +++ b/charts/auctioneer/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: auctioneer +description: Astria auctioneer helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" diff --git a/charts/auctioneer/templates/_helpers.tpl b/charts/auctioneer/templates/_helpers.tpl new file mode 100644 index 0000000000..d6ee3ef67a --- /dev/null +++ b/charts/auctioneer/templates/_helpers.tpl @@ -0,0 +1,31 @@ +{{/* +Namepsace to deploy elements into. +*/}} +{{- define "auctioneer.namespace" -}} +{{- default .Release.Namespace .Values.global.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} + +{{/* +application name to deploy elements into. +*/}} +{{- define "auctioneer.appName" -}} +auctioneer +{{- end }} + +{{/* +Common labels +*/}} +{{- define "auctioneer.labels" -}} +{{ include "rollup.selectorLabels" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "auctioneer.selectorLabels" -}} +app: {{ include "rollup.appName" . }} +{{- end }} + +{{- define "auctioneer.image" -}} +{{ .Values.images.auctioneer.repo }}:{{ if .Values.global.dev }}{{ .Values.images.auctioneer.devTag }}{{ else }}{{ .Values.images.auctioneer.tag }}{{ end }} +{{- end }} diff --git a/charts/auctioneer/templates/configmap.yaml b/charts/auctioneer/templates/configmap.yaml new file mode 100644 index 0000000000..9c59fd7346 --- /dev/null +++ b/charts/auctioneer/templates/configmap.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: auctioneer-env + namespace: {{ include "auctioneer.namespace" . }} +data: + ASTRIA_AUCTIONEER_SEQUENCER_ABCI_ENDPOINT: "{{ tpl .Values.config.sequencerAbciEndpoint . }}" + ASTRIA_AUCTIONEER_SEQUENCER_GRPC_ENDPOINT: "{{ tpl .Values.config.sequencerGrpcEndpoint . }}" + ASTRIA_AUCTIONEER_PRIVATE_KEY_FILE: "/var/secrets/{{ .Values.config.privateKey.secret.filename }}" + ASTRIA_AUCTIONEER_SEQUENCER_CHAIN_ID: "{{ tpl .Values.config.sequencerChainId . }}" + ASTRIA_AUCTIONEER_SEQUENCER_ADDRESS_PREFIX: "{{ .Values.config.sequencerAddressPrefix}}" + ASTRIA_AUCTIONEER_FEE_ASSET: "{{ .Values.config.sequencerNativeAssetBaseDenomination }}" + ASTRIA_AUCTIONEER_LOG: "astria_auctioneer={{ .Values.config.logLevel }}" + ASTRIA_AUCTIONEER_FORCE_STDOUT: "{{ .Values.global.useTTY }}" + ASTRIA_AUCTIONEER_PRETTY_PRINT: "{{ .Values.global.useTTY }}" + NO_COLOR: "{{ .Values.global.useTTY }}" + ASTRIA_AUCTIONEER_NO_OTEL: "{{ not .Values.otel.enabled }}" + ASTRIA_AUCTIONEER_NO_METRICS: "{{ not .Values.metrics.enabled }}" + ASTRIA_AUCTIONEER_METRICS_HTTP_LISTENER_ADDR: "0.0.0.0:{{ .Values.ports.metrics }}" + OTEL_EXPORTER_OTLP_ENDPOINT: "{{ tpl .Values.otel.endpoint . }}" + OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: "{{ tpl .Values.otel.tracesEndpoint . }}" + OTEL_EXPORTER_OTLP_TRACES_TIMEOUT: "{{ tpl .Values.otel.tracesTimeout . }}" + OTEL_EXPORTER_OTLP_TRACES_COMPRESSION: "{{ tpl .Values.otel.tracesCompression . }}" + OTEL_EXPORTER_OTLP_HEADERS: "{{ tpl .Values.otel.otlpHeaders . }}" + OTEL_EXPORTER_OTLP_TRACE_HEADERS: "{{ tpl .Values.otel.traceHeaders . }}" + OTEL_SERVICE_NAME: "{{ tpl .Values.otel.serviceName . }}" + {{- if not .Values.global.dev }} + {{- else }} + {{- end }} +--- +{{- if not .Values.secretProvider.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "auctioneer.namespace" . }} + name: auctioneer-private-key +data: + {{ .Values.config.privateKey.secret.filename }}: | + {{ .Values.config.privateKey.devContent }} +--- +{{- end }} diff --git a/charts/auctioneer/templates/deployment.yaml b/charts/auctioneer/templates/deployment.yaml new file mode 100644 index 0000000000..ba48bb1ad5 --- /dev/null +++ b/charts/auctioneer/templates/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: auctioneer + namespace: {{ include "auctioneer.namespace" . }} + labels: + app: auctioneer +spec: + replicas: {{ .Values.global.replicaCount }} + selector: + matchLabels: + app: auctioneer + template: + metadata: + labels: + app: auctioneer + spec: + containers: + - name: auctioneer + image: {{ include "auctioneer.image" . }} + imagePullPolicy: {{ .Values.images.auctioneer.pullPolicy }} + command: ["/usr/local/bin/astria-auctioneer"] + stdin: {{ .Values.global.useTTY }} + tty: {{ .Values.global.useTTY }} + envFrom: + - configMapRef: + name: auctioneer-env + volumeMounts: + - mountPath: "/var/secrets" + name: auctioneer-private-key + ports: + {{- if .Values.metrics.enabled }} + - containerPort: {{ .Values.ports.metrics }} + name: auctioneer-metrics + {{- end }} + - containerPort: {{ .Values.ports.grpc }} + name: grpc + resources: + {{- toYaml .Values.resources | trim | nindent 12 }} + volumes: + - name: auctioneer-private-key + {{- if .Values.secretProvider.enabled }} + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: auctioneer-private-key + {{- else }} + configMap: + name: auctioneer-private-key + {{- end }} diff --git a/charts/auctioneer/templates/secretproviderclass.yaml b/charts/auctioneer/templates/secretproviderclass.yaml new file mode 100644 index 0000000000..7789d6b3f1 --- /dev/null +++ b/charts/auctioneer/templates/secretproviderclass.yaml @@ -0,0 +1,13 @@ +--- +{{- if .Values.secretProvider.enabled }} +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: auctioneer-private-key +spec: + provider: {{ .Values.secretProvider.provider }} + parameters: + {{- $_ := set $ "key" .Values.config.privateKey.secret }} + {{- tpl $.Values.secretProvider.parametersTemplate $ | nindent 4 }} +--- +{{- end }} diff --git a/charts/auctioneer/templates/service.yaml b/charts/auctioneer/templates/service.yaml new file mode 100644 index 0000000000..21aa8609c6 --- /dev/null +++ b/charts/auctioneer/templates/service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: auctioneer-service + namespace: {{ include "auctioneer.namespace" . }} +spec: + selector: + app: auctioneer + ports: + - name: grpc + port: {{ .Values.ports.grpc }} + targetPort: grpc +--- +{{- if .Values.metrics.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: composer-metrics + namespace: {{ include "composer.namespace" . }} + labels: + app: composer +spec: + selector: + app: composer + ports: + - name: composer-metrics + port: {{ .Values.ports.metrics }} + targetPort: composer-metrics +{{- end }} diff --git a/charts/auctioneer/templates/servicemonitor.yaml b/charts/auctioneer/templates/servicemonitor.yaml new file mode 100644 index 0000000000..f0802fbd07 --- /dev/null +++ b/charts/auctioneer/templates/servicemonitor.yaml @@ -0,0 +1,27 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: auctioneer-metrics + labels: + {{- with .Values.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: auctioneer-metrics + namespaceSelector: + matchNames: + - {{ include "auctioneer.namespace" . }} + selector: + matchLabels: + app: auctioneer + endpoints: + - port: auctioneer-metrics + path: / + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/auctioneer/values.yaml b/charts/auctioneer/values.yaml new file mode 100644 index 0000000000..afdbc8f85e --- /dev/null +++ b/charts/auctioneer/values.yaml @@ -0,0 +1,94 @@ +global: + namespaceOverride: "" + replicaCount: 1 + # Whether to use tty readable logging for astria services, when false use json. + useTTY: false + dev: true + +images: + auctioneer: + repo: ghcr.io/astriaorg/astria-auctioneer + pullPolicy: IfNotPresent + tag: 1.0.0-rc.1 + devTag: local + +config: + logLevel: "debug" + sequencerAddressPrefix: astria + sequencerNativeAssetBaseDenomination: "nria" + sequencerAbciEndpoint: "" + sequencerGrpcEndpoint: "" + sequencerChainId: "" + privateKey: + devContent: "" + secret: + filename: "key.hex" + resourceName: "projects/$PROJECT_ID/secrets/sequencerPrivateKey/versions/latest" + +otel: + enabled: false + serviceName: "auctioneer" + endpoint: "" + tracesEndpoint: "" + tracesCompression: "gzip" + tracesTimeout: "10" + otlpHeaders: "" + traceHeaders: "" + +metrics: + enabled: false + +serviceMonitor: + # set to enable port svc and service monitor + enabled: false + port: 6060 + additionalLabels: + release: kube-prometheus-stack + +alerting: + enabled: false + interval: "" + additionalLabels: + release: kube-prometheus-stack + annotations: {} + # scrapeTimeout: 10s + # path: /metrics + prometheusRule: + enabled: true + additionalLabels: + release: kube-prometheus-stack + namespace: monitoring + rules: + - alert: Auctioneer_Node_Down + expr: up{container="auctioneer"} == 0 # Insert your query Expression + for: 1m # Rough number but should be enough to init warn + labels: + severity: warning + annotations: + summary: Auctioneer is Down (instance {{ $labels.instance }}) + description: "auctioneer node '{{ $labels.namespace }}' has disappeared from Prometheus target discovery.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + +# When deploying in a production environment should use a secret provider +# This is configured for use with GCP, need to set own resource names +# and keys +secretProvider: + enabled: false + provider: gcp + parametersTemplate: |- + secrets: | + - resourceName: {{ .key.resourceName }} + fileName: "{{ .key.filename }}" + +resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1Gi + +# Default service ports +ports: + grpc: 50052 + healthApi: 2450 + metrics: 6060 diff --git a/charts/deploy.just b/charts/deploy.just index dbaf90f284..f0e28e3ef1 100644 --- a/charts/deploy.just +++ b/charts/deploy.just @@ -97,7 +97,7 @@ deploy-astrotrek: -n astria-dev-cluster \ delete-astrotrek: - @just delete chart astrotrek + @just delete chart astrotrek deploy-hermes-local: helm install hermes-local-chart ./charts/hermes \ @@ -136,6 +136,18 @@ delete-dev-rollup rollupName=defaultRollupName: wait-for-dev-rollup rollupName=defaultRollupName: kubectl rollout status --watch statefulset/{{rollupName}}-geth -n astria-dev-cluster --timeout=600s +deploy-auctioneer: + helm dependency update charts/auctioneer > /dev/null + helm install auctioneer-chart ./charts/auctioneer \ + --namespace astria-dev-cluster +# -f dev/values/auctioneer/values.yaml + +delete-auctioneer: + @just delete chart auctioneer astria-dev-cluster + +wait-for-auctioneer: + kubectl wait -n astria-dev-cluster deployment auctioneer --for=condition=Available=True --timeout=600s + deploy-bridge-withdrawer: helm install evm-bridge-withdrawer-chart ./charts/evm-bridge-withdrawer \ --namespace astria-dev-cluster \ diff --git a/dev/values/auctioneer/values.yaml b/dev/values/auctioneer/values.yaml new file mode 100644 index 0000000000..52d18245ea --- /dev/null +++ b/dev/values/auctioneer/values.yaml @@ -0,0 +1,94 @@ +global: + namespaceOverride: "" + replicaCount: 1 + # Whether to use tty readable logging for astria services, when false use json. + useTTY: false + dev: false + +images: + auctioneer: + repo: ghcr.io/astriaorg/auctioneer + pullPolicy: IfNotPresent + tag: 1.0.0-rc.1 + devTag: latest + +config: + logLevel: "debug" + sequencerAddressPrefix: astria + sequencerNativeAssetBaseDenomination: "nria" + sequencerAbciEndpoing: "" + sequencerGrpcEndpoint: "" + sequencerChainId: "" + privateKey: + devContent: "" + secret: + filename: "key.hex" + resourceName: "projects/$PROJECT_ID/secrets/sequencerPrivateKey/versions/latest" + +otel: + enabled: false + serviceName: "auctioneer" + endpoint: "" + tracesEndpoint: "" + tracesCompression: "gzip" + tracesTimeout: "10" + otlpHeaders: "" + traceHeaders: "" + +metrics: + enabled: false + +serviceMonitor: + # set to enable port svc and service monitor + enabled: false + port: 6060 + additionalLabels: + release: kube-prometheus-stack + +alerting: + enabled: false + interval: "" + additionalLabels: + release: kube-prometheus-stack + annotations: {} + # scrapeTimeout: 10s + # path: /metrics + prometheusRule: + enabled: true + additionalLabels: + release: kube-prometheus-stack + namespace: monitoring + rules: + - alert: Auctioneer_Node_Down + expr: up{container="auctioneer"} == 0 # Insert your query Expression + for: 1m # Rough number but should be enough to init warn + labels: + severity: warning + annotations: + summary: Auctioneer is Down (instance {{ $labels.instance }}) + description: "auctioneer node '{{ $labels.namespace }}' has disappeared from Prometheus target discovery.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + +# When deploying in a production environment should use a secret provider +# This is configured for use with GCP, need to set own resource names +# and keys +secretProvider: + enabled: false + provider: gcp + parametersTemplate: |- + secrets: | + - resourceName: {{ .key.resourceName }} + fileName: "{{ .key.filename }}" + +resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1Gi + +# Default service ports +ports: + grpc: 50052 + healthApi: 2450 + metrics: 6060