--- apiVersion: v1 kind: Service metadata: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" name: basecoin labels: app: basecoin spec: ports: - port: 46656 name: p2p - port: 46657 name: rpc clusterIP: None selector: app: tm --- apiVersion: v1 kind: ConfigMap metadata: name: tm-config data: seeds: "tm-0,tm-1,tm-2,tm-3" validators: "tm-0,tm-1,tm-2,tm-3" validator.power: "10" genesis.json: |- { "genesis_time": "2016-02-05T06:02:31.526Z", "chain_id": "chain-tTH4mi", "validators": [], "app_hash": "" } pub_key_nginx.conf: |- server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; location /pub_key.json { root /usr/share/nginx/; } location /app_pub_key.json { root /usr/share/nginx/; } } --- apiVersion: v1 kind: ConfigMap metadata: name: app-config data: genesis.json: |- [ "base/chainID", "test_chain_id", "base/account", { "coins" : [ {"denom": "blank", "amount": 1000} ], "pub_key" : ["tm-0"] }, "base/account", { "coins" : [ {"denom": "blank", "amount": 1000} ], "pub_key" : ["tm-1"] }, "base/account", { "coins" : [ {"denom": "blank", "amount": 1000} ], "pub_key" : ["tm-2"] }, "base/account", { "coins" : [ {"denom": "blank", "amount": 1000} ], "pub_key" : ["tm-3"] } ] --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: tm-budget spec: selector: matchLabels: app: tm minAvailable: 2 --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: tm spec: serviceName: basecoin replicas: 4 template: metadata: labels: app: tm annotations: pod.beta.kubernetes.io/init-containers: '[{ "name": "tm-gen-validator", "image": "tendermint/tendermint:0.9.0", "imagePullPolicy": "IfNotPresent", "command": ["bash", "-c", " set -ex\n if [ ! -f /tendermint/priv_validator.json ]; then\n tendermint gen_validator > /tendermint/priv_validator.json\n # pub_key.json will be served by pub-key container\n cat /tendermint/priv_validator.json | jq \".pub_key\" > /tendermint/pub_key.json\n fi\n "], "volumeMounts": [ {"name": "tmdir", "mountPath": "/tendermint"} ] }, { "name": "app-gen-key", "image": "tendermint/basecoin:latest", "imagePullPolicy": "IfNotPresent", "command": ["bash", "-c", " set -ex\n if [ ! -f /app/key.json ]; then\n basecoin key new > /app/key.json\n # pub_key.json will be served by app-pub-key container\n cat /app/key.json | jq \".pub_key\" > /app/pub_key.json\n fi\n "], "volumeMounts": [ {"name": "appdir", "mountPath": "/app"} ] }]' spec: containers: - name: tm imagePullPolicy: IfNotPresent image: tendermint/tendermint:0.9.0 ports: - containerPort: 46656 name: p2p - containerPort: 46657 name: rpc env: - name: SEEDS valueFrom: configMapKeyRef: name: tm-config key: seeds - name: VALIDATOR_POWER valueFrom: configMapKeyRef: name: tm-config key: validator.power - name: VALIDATORS valueFrom: configMapKeyRef: name: tm-config key: validators - name: TMROOT value: /tendermint command: - bash - "-c" - | set -ex # copy template cp /etc/tendermint/genesis.json /tendermint/genesis.json # fill genesis file with validators IFS=',' read -ra VALS_ARR <<< "$VALIDATORS" fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#') for v in "${VALS_ARR[@]}"; do # wait until validator generates priv/pub key pair set +e curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null ERR=$? while [ "$ERR" != 0 ]; do sleep 5 curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null ERR=$? done set -e # add validator to genesis file along with its pub_key curl -s "http://$v.$fqdn_suffix/pub_key.json" | jq ". as \$k | {pub_key: \$k, amount: $VALIDATOR_POWER, name: \"$v\"}" > pub_validator.json cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > /tendermint/genesis.json rm pub_validator.json done # construct seeds IFS=',' read -ra SEEDS_ARR <<< "$SEEDS" seeds=() for s in "${SEEDS_ARR[@]}"; do seeds+=("$s.$fqdn_suffix:46656") done seeds=$(IFS=','; echo "${seeds[*]}") tendermint node --seeds="$seeds" --moniker="`hostname`" --proxy_app="unix:///socks/app.sock" volumeMounts: - name: tmdir mountPath: /tendermint - mountPath: /etc/tendermint/genesis.json name: tmconfigdir subPath: genesis.json - name: socksdir mountPath: /socks - name: app imagePullPolicy: IfNotPresent image: tendermint/basecoin:latest workingDir: /app command: - bash - "-c" - | set -ex # replace "tm-N" with public keys in genesis file cp /etc/app/genesis.json genesis.json fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#') # for every "base/account" i=3 length=$(cat genesis.json | jq ". | length") while [ $i -lt $length ]; do # extract pod name ("tm-0") pod=$(cat genesis.json | jq -r ".[$i].pub_key[0]") # wait until pod starts to serve its pub_key set +e curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" > /dev/null ERR=$? while [ "$ERR" != 0 ]; do sleep 5 curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" > /dev/null ERR=$? done set -e # get its pub_key curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" | jq "." > k.json # replace pod name with it (["tm-0"] => "[1, XXXXXXXXXXXXXXXXXXXX]") cat genesis.json | jq ".[$i].pub_key = $(cat k.json | jq '.')" > genesis.json rm -f k.json i=$((i+2)) # skip "base/account" field itself done rm -f /socks/app.sock # remove old socket basecoin start --address="unix:///socks/app.sock" volumeMounts: - name: appdir mountPath: /app - mountPath: /etc/app/genesis.json name: appconfigdir subPath: genesis.json - name: socksdir mountPath: /socks - name: pub-key imagePullPolicy: IfNotPresent image: nginx:latest ports: - containerPort: 80 command: - bash - "-c" - | set -ex # fixes 403 Permission Denied (open() "/tendermint/pub_key.json" failed (13: Permission denied)) # => we cannot serve from /tendermint, so we copy the file mkdir -p /usr/share/nginx cp /tendermint/pub_key.json /usr/share/nginx/pub_key.json cp /app/pub_key.json /usr/share/nginx/app_pub_key.json nginx -g "daemon off;" volumeMounts: - name: tmdir mountPath: /tendermint - name: appdir mountPath: /app - mountPath: /etc/nginx/conf.d/pub_key.conf name: tmconfigdir subPath: pub_key_nginx.conf volumes: - name: tmconfigdir configMap: name: tm-config - name: appconfigdir configMap: name: app-config - name: socksdir emptyDir: {} volumeClaimTemplates: - metadata: name: tmdir annotations: volume.alpha.kubernetes.io/storage-class: anything spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 2Gi - metadata: name: appdir annotations: volume.alpha.kubernetes.io/storage-class: anything spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 12Mi