You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

196 lines
5.2 KiB

  1. ---
  2. apiVersion: v1
  3. kind: Service
  4. metadata:
  5. annotations:
  6. service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
  7. name: dummy
  8. labels:
  9. app: dummy
  10. spec:
  11. ports:
  12. - port: 46656
  13. name: p2p
  14. - port: 46657
  15. name: rpc
  16. clusterIP: None
  17. selector:
  18. app: tm
  19. ---
  20. apiVersion: v1
  21. kind: ConfigMap
  22. metadata:
  23. name: tm-config
  24. data:
  25. seeds: "tm-0,tm-1,tm-2,tm-3"
  26. validators: "tm-0,tm-1,tm-2,tm-3"
  27. validator.power: "10"
  28. genesis.json: |-
  29. {
  30. "genesis_time": "2016-02-05T23:17:31.164Z",
  31. "chain_id": "chain-B5XXm5",
  32. "validators": [],
  33. "app_hash": ""
  34. }
  35. pub_key_nginx.conf: |-
  36. server {
  37. listen 80 default_server;
  38. listen [::]:80 default_server ipv6only=on;
  39. location /pub_key.json { root /usr/share/nginx/; }
  40. }
  41. ---
  42. apiVersion: policy/v1beta1
  43. kind: PodDisruptionBudget
  44. metadata:
  45. name: tm-budget
  46. spec:
  47. selector:
  48. matchLabels:
  49. app: tm
  50. minAvailable: 2
  51. ---
  52. apiVersion: apps/v1beta1
  53. kind: StatefulSet
  54. metadata:
  55. name: tm
  56. spec:
  57. serviceName: dummy
  58. replicas: 4
  59. template:
  60. metadata:
  61. labels:
  62. app: tm
  63. annotations:
  64. pod.beta.kubernetes.io/init-containers: '[{
  65. "name": "tm-gen-validator",
  66. "image": "tendermint/tendermint:0.10.0",
  67. "imagePullPolicy": "IfNotPresent",
  68. "command": ["bash", "-c", "
  69. set -ex\n
  70. if [ ! -f /tendermint/priv_validator.json ]; then\n
  71. tendermint gen_validator > /tendermint/priv_validator.json\n
  72. # pub_key.json will be served by pub-key container\n
  73. cat /tendermint/priv_validator.json | jq \".pub_key\" > /tendermint/pub_key.json\n
  74. fi\n
  75. "],
  76. "volumeMounts": [
  77. {"name": "tmdir", "mountPath": "/tendermint"}
  78. ]
  79. }]'
  80. spec:
  81. containers:
  82. - name: tm
  83. imagePullPolicy: IfNotPresent
  84. image: tendermint/tendermint:0.10.0
  85. ports:
  86. - containerPort: 46656
  87. name: p2p
  88. - containerPort: 46657
  89. name: rpc
  90. env:
  91. - name: SEEDS
  92. valueFrom:
  93. configMapKeyRef:
  94. name: tm-config
  95. key: seeds
  96. - name: VALIDATOR_POWER
  97. valueFrom:
  98. configMapKeyRef:
  99. name: tm-config
  100. key: validator.power
  101. - name: VALIDATORS
  102. valueFrom:
  103. configMapKeyRef:
  104. name: tm-config
  105. key: validators
  106. - name: TMHOME
  107. value: /tendermint
  108. command:
  109. - bash
  110. - "-c"
  111. - |
  112. set -ex
  113. # copy template
  114. cp /etc/tendermint/genesis.json /tendermint/genesis.json
  115. # fill genesis file with validators
  116. IFS=',' read -ra VALS_ARR <<< "$VALIDATORS"
  117. fqdn_suffix=$(hostname -f | sed 's#[^.]*\.\(\)#\1#')
  118. for v in "${VALS_ARR[@]}"; do
  119. # wait until validator generates priv/pub key pair
  120. set +e
  121. curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
  122. ERR=$?
  123. while [ "$ERR" != 0 ]; do
  124. sleep 5
  125. curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
  126. ERR=$?
  127. done
  128. set -e
  129. # add validator to genesis file along with its pub_key
  130. curl -s "http://$v.$fqdn_suffix/pub_key.json" | jq ". as \$k | {pub_key: \$k, amount: $VALIDATOR_POWER, name: \"$v\"}" > pub_validator.json
  131. cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > tmpgenesis && mv tmpgenesis /tendermint/genesis.json
  132. rm pub_validator.json
  133. done
  134. # construct seeds
  135. IFS=',' read -ra SEEDS_ARR <<< "$SEEDS"
  136. seeds=()
  137. for s in "${SEEDS_ARR[@]}"; do
  138. seeds+=("$s.$fqdn_suffix:46656")
  139. done
  140. seeds=$(IFS=','; echo "${seeds[*]}")
  141. tendermint node --p2p.seeds="$seeds" --moniker="`hostname`" --proxy_app="dummy"
  142. volumeMounts:
  143. - name: tmdir
  144. mountPath: /tendermint
  145. - mountPath: /etc/tendermint/genesis.json
  146. name: tmconfigdir
  147. subPath: genesis.json
  148. - name: socksdir
  149. mountPath: /socks
  150. - name: pub-key
  151. imagePullPolicy: IfNotPresent
  152. image: nginx:latest
  153. ports:
  154. - containerPort: 80
  155. name: pub-key
  156. command:
  157. - bash
  158. - "-c"
  159. - |
  160. set -ex
  161. # fixes 403 Permission Denied (open() "/tendermint/pub_key.json" failed (13: Permission denied))
  162. # => we cannot serve from /tendermint, so we copy the file
  163. mkdir -p /usr/share/nginx
  164. cp /tendermint/pub_key.json /usr/share/nginx/pub_key.json
  165. nginx -g "daemon off;"
  166. volumeMounts:
  167. - name: tmdir
  168. mountPath: /tendermint
  169. - mountPath: /etc/nginx/conf.d/pub_key.conf
  170. name: tmconfigdir
  171. subPath: pub_key_nginx.conf
  172. volumes:
  173. - name: tmconfigdir
  174. configMap:
  175. name: tm-config
  176. - name: socksdir
  177. emptyDir: {}
  178. volumeClaimTemplates:
  179. - metadata:
  180. name: tmdir
  181. annotations:
  182. volume.alpha.kubernetes.io/storage-class: anything
  183. spec:
  184. accessModes: ["ReadWriteOnce"]
  185. resources:
  186. requests:
  187. storage: 2Gi