tendermint/mintnet-kubernetes/examples/localchain/app.yaml

---
# Single pod installation (see basecoin for distributed setup)
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
  name: localchain
  labels:
    app: localchain
spec:
  ports:
  - port: 46656
    name: p2p
  - port: 46657
    name: rpc
  clusterIP: None
  selector:
    app: tm
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: tm-config
data:
  validators: "tm-0"
  validator.power: "10"
  genesis.json: |-
    {
      "genesis_time": "2016-03-24T23:29:20.457Z",
      "chain_id": "chain-iqwZgb",
      "validators": [],
      "app_hash": ""
    }
  pub_key_nginx.conf: |-
    server {
      listen 80 default_server;
      listen [::]:80 default_server ipv6only=on;
      location /pub_key.json { root /usr/share/nginx/; }
      location /app_pub_key.json { root /usr/share/nginx/; }
    }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  genesis.json: |-
    [
      "base/chainID",
      "test_chain_id",
      "base/account",
      {
        "pub_key": ["tm-0"],
        "coins": [
          {"denom":"CITI/USD","amount":1000},
          {"denom":"UBS/EURO","amount":1000}
        ]
      }
    ]
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: tm-budget
spec:
  selector:
    matchLabels:
      app: tm
  minAvailable: 2
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: tm
spec:
  serviceName: localchain
  replicas: 1
  template:
    metadata:
      labels:
        app: tm
      annotations:
        pod.beta.kubernetes.io/init-containers: '[{
          "name": "tm-gen-validator",
          "image": "tendermint/tendermint:0.9.0",
          "imagePullPolicy": "IfNotPresent",
          "command": ["bash", "-c", "
            set -ex\n
            if [ ! -f /tendermint/priv_validator.json ]; then\n
              tendermint gen_validator > /tendermint/priv_validator.json\n
              # pub_key.json will be served by pub-key container\n
              cat /tendermint/priv_validator.json | jq \".pub_key\" > /tendermint/pub_key.json\n
            fi\n
          "],
          "volumeMounts": [
            {"name": "tmdir", "mountPath": "/tendermint"}
          ]
        },
        {
          "name": "app-gen-key",
          "image": "tendermint/basecoin:latest",
          "imagePullPolicy": "IfNotPresent",
          "command": ["bash", "-c", "
            set -ex\n
            if [ ! -f /app/key.json ]; then\n
              basecoin key new > /app/key.json\n
              # pub_key.json will be served by app-pub-key container\n
              cat /app/key.json | jq \".pub_key\" > /app/pub_key.json\n
            fi\n
          "],
          "volumeMounts": [
            {"name": "appdir", "mountPath": "/app"}
          ]
        }]'
    spec:
      containers:
      - name: tm
        imagePullPolicy: IfNotPresent
        image: tendermint/tendermint:0.9.0
        ports:
        - containerPort: 46656
          name: p2p
        - containerPort: 46657
          name: rpc
        env:
        - name: VALIDATOR_POWER
          valueFrom:
            configMapKeyRef:
              name: tm-config
              key: validator.power
        - name: VALIDATORS
          valueFrom:
            configMapKeyRef:
              name: tm-config
              key: validators
        - name: TMROOT
          value: /tendermint
        command:
        - bash
        - "-c"
        - |
          set -ex

          # copy template
          cp /etc/tendermint/genesis.json /tendermint/genesis.json

          # fill genesis file with validators
          IFS=',' read -ra VALS_ARR <<< "$VALIDATORS"
          fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#')
          for v in "${VALS_ARR[@]}"; do
            # wait until validator generates priv/pub key pair
            set +e

            curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
            ERR=$?
            while [ "$ERR" != 0 ]; do
              sleep 5
              curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
              ERR=$?
            done
            set -e

            # add validator to genesis file along with its pub_key
            curl -s "http://$v.$fqdn_suffix/pub_key.json" | jq ". as \$k | {pub_key: \$k, amount: $VALIDATOR_POWER, name: \"$v\"}" > pub_validator.json
            cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > /tendermint/genesis.json
            rm pub_validator.json
          done

          tendermint node --moniker="`hostname`" --proxy_app="unix:///socks/app.sock"
        volumeMounts:
        - name: tmdir
          mountPath: /tendermint
        - mountPath: /etc/tendermint/genesis.json
          name: tmconfigdir
          subPath: genesis.json
        - name: socksdir
          mountPath: /socks

      - name: app
        imagePullPolicy: IfNotPresent
        image: tendermint/basecoin:latest
        workingDir: /app
        command:
        - bash
        - "-c"
        - |
          set -ex

          # replace "tm-N" with public keys in genesis file
          cp /etc/app/genesis.json genesis.json
          fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#')
          # for every "base/account"
          i=3
          length=$(cat genesis.json | jq ". | length")
          while [ $i -lt $length ]; do
            # extract pod name ("tm-0")
            pod=$(cat genesis.json | jq -r ".[$i].pub_key[0]")

            # wait until pod starts to serve its pub_key
            set +e

            curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" > /dev/null
            ERR=$?
            while [ "$ERR" != 0 ]; do
              sleep 5
              curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" > /dev/null
              ERR=$?
            done
            set -e

            # get its pub_key
            curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" | jq "." > k.json

            # replace pod name with it (["tm-0"] => "[1, XXXXXXXXXXXXXXXXXXXX]")
            cat genesis.json | jq ".[$i].pub_key = $(cat k.json | jq '.')" > genesis.json
            rm -f k.json

            i=$((i+2)) # skip "base/account" field itself
          done

          rm -f /socks/app.sock # remove old socket

          basecoin start --address="unix:///socks/app.sock"
        volumeMounts:
        - name: appdir
          mountPath: /app
        - mountPath: /etc/app/genesis.json
          name: appconfigdir
          subPath: genesis.json
        - name: socksdir
          mountPath: /socks

      - name: pub-key
        imagePullPolicy: IfNotPresent
        image: nginx:latest
        ports:
        - containerPort: 80
          name: pub-key
        command:
        - bash
        - "-c"
        - |
          set -ex
          # fixes 403 Permission Denied (open() "/tendermint/pub_key.json" failed (13: Permission denied))
          # => we cannot serve from /tendermint, so we copy the file
          mkdir -p /usr/share/nginx
          cp /tendermint/pub_key.json /usr/share/nginx/pub_key.json
          cp /app/pub_key.json /usr/share/nginx/app_pub_key.json
          nginx -g "daemon off;"
        volumeMounts:
        - name: tmdir
          mountPath: /tendermint
        - name: appdir
          mountPath: /app
        - mountPath: /etc/nginx/conf.d/pub_key.conf
          name: tmconfigdir
          subPath: pub_key_nginx.conf

      volumes:
      - name: tmconfigdir
        configMap:
          name: tm-config
      - name: appconfigdir
        configMap:
          name: app-config
      - name: socksdir
        emptyDir: {}

  volumeClaimTemplates:
  - metadata:
      name: tmdir
      annotations:
        volume.alpha.kubernetes.io/storage-class: anything
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 2Gi
  - metadata:
      name: appdir
      annotations:
        volume.alpha.kubernetes.io/storage-class: anything
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 12Mi