--- apiVersion: v1 kind: Service metadata: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" name: dummy labels: app: dummy spec: ports: - port: 46656 name: p2p - port: 46657 name: rpc clusterIP: None selector: app: tm --- apiVersion: v1 kind: ConfigMap metadata: name: tm-config data: seeds: "tm-0,tm-1,tm-2,tm-3" validators: "tm-0,tm-1,tm-2,tm-3" validator.power: "10" genesis.json: |- { "genesis_time": "2016-02-05T23:17:31.164Z", "chain_id": "chain-B5XXm5", "validators": [], "app_hash": "" } pub_key_nginx.conf: |- server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; location /pub_key.json { root /usr/share/nginx/; } } --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: tm-budget spec: selector: matchLabels: app: tm minAvailable: 2 --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: tm spec: serviceName: dummy replicas: 4 template: metadata: labels: app: tm annotations: pod.beta.kubernetes.io/init-containers: '[{ "name": "tm-gen-validator", "image": "tendermint/tendermint:0.9.0", "imagePullPolicy": "IfNotPresent", "command": ["bash", "-c", " set -ex\n if [ ! -f /tendermint/priv_validator.json ]; then\n tendermint gen_validator > /tendermint/priv_validator.json\n # pub_key.json will be served by pub-key container\n cat /tendermint/priv_validator.json | jq \".pub_key\" > /tendermint/pub_key.json\n fi\n "], "volumeMounts": [ {"name": "tmdir", "mountPath": "/tendermint"} ] }]' spec: containers: - name: tm imagePullPolicy: IfNotPresent image: tendermint/tendermint:0.9.0 ports: - containerPort: 46656 name: p2p - containerPort: 46657 name: rpc env: - name: SEEDS valueFrom: configMapKeyRef: name: tm-config key: seeds - name: VALIDATOR_POWER valueFrom: configMapKeyRef: name: tm-config key: validator.power - name: VALIDATORS valueFrom: configMapKeyRef: name: tm-config key: validators - name: TMROOT value: /tendermint command: - bash - "-c" - | set -ex # copy template cp /etc/tendermint/genesis.json /tendermint/genesis.json # fill genesis file with validators IFS=',' read -ra VALS_ARR <<< "$VALIDATORS" fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#') for v in "${VALS_ARR[@]}"; do # wait until validator generates priv/pub key pair set +e curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null ERR=$? while [ "$ERR" != 0 ]; do sleep 5 curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null ERR=$? done set -e # add validator to genesis file along with its pub_key curl -s "http://$v.$fqdn_suffix/pub_key.json" | jq ". as \$k | {pub_key: \$k, amount: $VALIDATOR_POWER, name: \"$v\"}" > pub_validator.json cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > /tendermint/genesis.json rm pub_validator.json done # construct seeds IFS=',' read -ra SEEDS_ARR <<< "$SEEDS" seeds=() for s in "${SEEDS_ARR[@]}"; do seeds+=("$s.$fqdn_suffix:46656") done seeds=$(IFS=','; echo "${seeds[*]}") tendermint node --seeds="$seeds" --moniker="`hostname`" --proxy_app="dummy" volumeMounts: - name: tmdir mountPath: /tendermint - mountPath: /etc/tendermint/genesis.json name: tmconfigdir subPath: genesis.json - name: socksdir mountPath: /socks - name: pub-key imagePullPolicy: IfNotPresent image: nginx:latest ports: - containerPort: 80 name: pub-key command: - bash - "-c" - | set -ex # fixes 403 Permission Denied (open() "/tendermint/pub_key.json" failed (13: Permission denied)) # => we cannot serve from /tendermint, so we copy the file mkdir -p /usr/share/nginx cp /tendermint/pub_key.json /usr/share/nginx/pub_key.json nginx -g "daemon off;" volumeMounts: - name: tmdir mountPath: /tendermint - mountPath: /etc/nginx/conf.d/pub_key.conf name: tmconfigdir subPath: pub_key_nginx.conf volumes: - name: tmconfigdir configMap: name: tm-config - name: socksdir emptyDir: {} volumeClaimTemplates: - metadata: name: tmdir annotations: volume.alpha.kubernetes.io/storage-class: anything spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 2Gi