You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

265 lines
7.0 KiB

  1. ---
  2. apiVersion: v1
  3. kind: Service
  4. metadata:
  5. annotations:
  6. service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
  7. name: YOUR_APP_NAME
  8. labels:
  9. app: YOUR_APP_NAME
  10. spec:
  11. ports:
  12. - port: 46656
  13. name: p2p
  14. - port: 46657
  15. name: rpc
  16. clusterIP: None
  17. selector:
  18. app: tm
  19. ---
  20. apiVersion: v1
  21. kind: ConfigMap
  22. metadata:
  23. name: tm-config
  24. data:
  25. seeds: "tm-0,tm-1,tm-2,tm-3"
  26. validators: "tm-0,tm-1,tm-2,tm-3"
  27. validator.power: "10"
  28. genesis.json: |-
  29. {
  30. "genesis_time": "2017-01-02T10:10:10.164Z",
  31. "chain_id": "chain-B5XXm5",
  32. "validators": [],
  33. "app_hash": ""
  34. }
  35. pub_key_nginx.conf: |-
  36. server {
  37. listen 80 default_server;
  38. listen [::]:80 default_server ipv6only=on;
  39. location /pub_key.json { root /usr/share/nginx/; }
  40. }
  41. ---
  42. apiVersion: policy/v1beta1
  43. kind: PodDisruptionBudget
  44. metadata:
  45. name: tm-budget
  46. spec:
  47. selector:
  48. matchLabels:
  49. app: tm
  50. minAvailable: 2
  51. ---
  52. apiVersion: apps/v1beta1
  53. kind: StatefulSet
  54. metadata:
  55. name: tm
  56. spec:
  57. serviceName: YOUR_APP_NAME
  58. replicas: 4
  59. template:
  60. metadata:
  61. labels:
  62. app: tm
  63. version: v1
  64. annotations:
  65. pod.beta.kubernetes.io/init-containers: '[{
  66. "name": "tm-gen-validator",
  67. "image": "tendermint/tendermint:0.9.0",
  68. "imagePullPolicy": "IfNotPresent",
  69. "command": ["bash", "-c", "
  70. set -ex\n
  71. if [ ! -f /tendermint/priv_validator.json ]; then\n
  72. tendermint gen_validator > /tendermint/priv_validator.json\n
  73. # pub_key.json will be served by pub-key container\n
  74. cat /tendermint/priv_validator.json | jq \".pub_key\" > /tendermint/pub_key.json\n
  75. fi\n
  76. "],
  77. "volumeMounts": [
  78. {"name": "tmdir", "mountPath": "/tendermint"}
  79. ]
  80. }]'
  81. spec:
  82. containers:
  83. - name: tm
  84. imagePullPolicy: IfNotPresent
  85. image: tendermint/tendermint:0.9.0
  86. resources:
  87. requests:
  88. cpu: 50m
  89. memory: 64Mi
  90. limits:
  91. cpu: 100m
  92. memory: 128Mi
  93. ports:
  94. - containerPort: 46656
  95. name: p2p
  96. - containerPort: 46657
  97. name: rpc
  98. env:
  99. - name: SEEDS
  100. valueFrom:
  101. configMapKeyRef:
  102. name: tm-config
  103. key: seeds
  104. - name: VALIDATOR_POWER
  105. valueFrom:
  106. configMapKeyRef:
  107. name: tm-config
  108. key: validator.power
  109. - name: VALIDATORS
  110. valueFrom:
  111. configMapKeyRef:
  112. name: tm-config
  113. key: validators
  114. - name: TMROOT
  115. value: /tendermint
  116. command:
  117. - bash
  118. - "-c"
  119. - |
  120. set -ex
  121. # copy template
  122. cp /etc/tendermint/genesis.json /tendermint/genesis.json
  123. # fill genesis file with validators
  124. IFS=',' read -ra VALS_ARR <<< "$VALIDATORS"
  125. fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#')
  126. for v in "${VALS_ARR[@]}"; do
  127. # wait until validator generates priv/pub key pair
  128. set +e
  129. curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
  130. ERR=$?
  131. while [ "$ERR" != 0 ]; do
  132. sleep 5
  133. curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
  134. ERR=$?
  135. done
  136. set -e
  137. # add validator to genesis file along with its pub_key
  138. curl -s "http://$v.$fqdn_suffix/pub_key.json" | jq ". as \$k | {pub_key: \$k, amount: $VALIDATOR_POWER, name: \"$v\"}" > pub_validator.json
  139. cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > /tendermint/genesis.json
  140. rm pub_validator.json
  141. done
  142. # construct seeds
  143. IFS=',' read -ra SEEDS_ARR <<< "$SEEDS"
  144. seeds=()
  145. for s in "${SEEDS_ARR[@]}"; do
  146. seeds+=("$s.$fqdn_suffix:46656")
  147. done
  148. seeds=$(IFS=','; echo "${seeds[*]}")
  149. tendermint node --seeds="$seeds" --moniker="`hostname`" --proxy_app="unix:///socks/app.sock"
  150. volumeMounts:
  151. - name: tmdir
  152. mountPath: /tendermint
  153. - mountPath: /etc/tendermint/genesis.json
  154. name: configdir
  155. subPath: genesis.json
  156. - name: socksdir
  157. mountPath: /socks
  158. - name: app
  159. imagePullPolicy: IfNotPresent
  160. image: YOUR_APP_IMAGE
  161. args: ["--addr=\"unix:///socks/app.sock\""]
  162. volumeMounts:
  163. - name: socksdir
  164. mountPath: /socks
  165. ######## OR ########
  166. #
  167. # - name: app
  168. # imagePullPolicy: IfNotPresent
  169. # image: golang:1.7.5
  170. # resources:
  171. # requests:
  172. # cpu: YOUR_APP_CPU_REQ
  173. # memory: YOUR_APP_MEM_REQ
  174. # limits:
  175. # cpu: YOUR_APP_CPU_LIMIT
  176. # memory: YOUR_APP_MEM_LIMIT
  177. # command:
  178. # - bash
  179. # - "-c"
  180. # - |
  181. # set -ex
  182. # go get -d YOUR_APP_PACKAGE
  183. # cd $GOPATH/YOUR_APP_PACKAGE
  184. # make install
  185. #
  186. # rm -f /socks/app.sock # remove old socket
  187. # YOUR_APP_EXEC --addr="unix:///socks/app.sock"
  188. # volumeMounts:
  189. # - name: socksdir
  190. # mountPath: /socks
  191. ######## OPTIONALLY ########
  192. #
  193. # - name: data
  194. # imagePullPolicy: IfNotPresent
  195. # image: golang:1.7.5
  196. # command:
  197. # - bash
  198. # - "-c"
  199. # - |
  200. # set -ex
  201. # go get github.com/tendermint/merkleeyes/cmd/merkleeyes
  202. # rm -f /socks/data.sock # remove old socket
  203. # merkleeyes server --address="unix:///socks/data.sock"
  204. # volumeMounts:
  205. # - name: socksdir
  206. # mountPath: /socks
  207. - name: pub-key
  208. imagePullPolicy: IfNotPresent
  209. image: nginx:1.11.9
  210. resources:
  211. requests:
  212. cpu: 10m
  213. memory: 12Mi
  214. limits:
  215. cpu: 20m
  216. memory: 24Mi
  217. ports:
  218. - containerPort: 80
  219. name: pub-key
  220. command:
  221. - bash
  222. - "-c"
  223. - |
  224. set -ex
  225. # fixes 403 Permission Denied (open() "/tendermint/pub_key.json" failed (13: Permission denied))
  226. # => we cannot serve from /tendermint, so we copy the file
  227. mkdir -p /usr/share/nginx
  228. cp /tendermint/pub_key.json /usr/share/nginx/pub_key.json
  229. nginx -g "daemon off;"
  230. volumeMounts:
  231. - name: tmdir
  232. mountPath: /tendermint
  233. - mountPath: /etc/nginx/conf.d/pub_key.conf
  234. name: configdir
  235. subPath: pub_key_nginx.conf
  236. volumes:
  237. - name: configdir
  238. configMap:
  239. name: tm-config
  240. - name: socksdir
  241. emptyDir: {}
  242. volumeClaimTemplates:
  243. - metadata:
  244. name: tmdir
  245. annotations:
  246. volume.alpha.kubernetes.io/storage-class: anything
  247. spec:
  248. accessModes: ["ReadWriteOnce"]
  249. resources:
  250. requests:
  251. storage: 2Gi