---
|
|
# Single pod installation (see basecoin for distributed setup)
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
annotations:
|
|
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
|
|
name: localchain
|
|
labels:
|
|
app: localchain
|
|
spec:
|
|
ports:
|
|
- port: 46656
|
|
name: p2p
|
|
- port: 46657
|
|
name: rpc
|
|
clusterIP: None
|
|
selector:
|
|
app: tm
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: tm-config
|
|
data:
|
|
validators: "tm-0"
|
|
validator.power: "10"
|
|
genesis.json: |-
|
|
{
|
|
"genesis_time": "2016-03-24T23:29:20.457Z",
|
|
"chain_id": "chain-iqwZgb",
|
|
"validators": [],
|
|
"app_hash": ""
|
|
}
|
|
pub_key_nginx.conf: |-
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server ipv6only=on;
|
|
location /pub_key.json { root /usr/share/nginx/; }
|
|
location /app_pub_key.json { root /usr/share/nginx/; }
|
|
}
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: app-config
|
|
data:
|
|
genesis.json: |-
|
|
[
|
|
"base/chainID",
|
|
"test_chain_id",
|
|
"base/account",
|
|
{
|
|
"pub_key": ["tm-0"],
|
|
"coins": [
|
|
{"denom":"CITI/USD","amount":1000},
|
|
{"denom":"UBS/EURO","amount":1000}
|
|
]
|
|
}
|
|
]
|
|
---
|
|
apiVersion: policy/v1beta1
|
|
kind: PodDisruptionBudget
|
|
metadata:
|
|
name: tm-budget
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: tm
|
|
minAvailable: 2
|
|
---
|
|
apiVersion: apps/v1beta1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: tm
|
|
spec:
|
|
serviceName: localchain
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: tm
|
|
annotations:
|
|
pod.beta.kubernetes.io/init-containers: '[{
|
|
"name": "tm-gen-validator",
|
|
"image": "tendermint/tendermint:0.9.0",
|
|
"imagePullPolicy": "IfNotPresent",
|
|
"command": ["bash", "-c", "
|
|
set -ex\n
|
|
if [ ! -f /tendermint/priv_validator.json ]; then\n
|
|
tendermint gen_validator > /tendermint/priv_validator.json\n
|
|
# pub_key.json will be served by pub-key container\n
|
|
cat /tendermint/priv_validator.json | jq \".pub_key\" > /tendermint/pub_key.json\n
|
|
fi\n
|
|
"],
|
|
"volumeMounts": [
|
|
{"name": "tmdir", "mountPath": "/tendermint"}
|
|
]
|
|
},
|
|
{
|
|
"name": "app-gen-key",
|
|
"image": "tendermint/basecoin:latest",
|
|
"imagePullPolicy": "IfNotPresent",
|
|
"command": ["bash", "-c", "
|
|
set -ex\n
|
|
if [ ! -f /app/key.json ]; then\n
|
|
basecoin key new > /app/key.json\n
|
|
# pub_key.json will be served by app-pub-key container\n
|
|
cat /app/key.json | jq \".pub_key\" > /app/pub_key.json\n
|
|
fi\n
|
|
"],
|
|
"volumeMounts": [
|
|
{"name": "appdir", "mountPath": "/app"}
|
|
]
|
|
}]'
|
|
spec:
|
|
containers:
|
|
- name: tm
|
|
imagePullPolicy: IfNotPresent
|
|
image: tendermint/tendermint:0.9.0
|
|
ports:
|
|
- containerPort: 46656
|
|
name: p2p
|
|
- containerPort: 46657
|
|
name: rpc
|
|
env:
|
|
- name: VALIDATOR_POWER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: tm-config
|
|
key: validator.power
|
|
- name: VALIDATORS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: tm-config
|
|
key: validators
|
|
- name: TMROOT
|
|
value: /tendermint
|
|
command:
|
|
- bash
|
|
- "-c"
|
|
- |
|
|
set -ex
|
|
|
|
# copy template
|
|
cp /etc/tendermint/genesis.json /tendermint/genesis.json
|
|
|
|
# fill genesis file with validators
|
|
IFS=',' read -ra VALS_ARR <<< "$VALIDATORS"
|
|
fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#')
|
|
for v in "${VALS_ARR[@]}"; do
|
|
# wait until validator generates priv/pub key pair
|
|
set +e
|
|
|
|
curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
|
|
ERR=$?
|
|
while [ "$ERR" != 0 ]; do
|
|
sleep 5
|
|
curl -s "http://$v.$fqdn_suffix/pub_key.json" > /dev/null
|
|
ERR=$?
|
|
done
|
|
set -e
|
|
|
|
# add validator to genesis file along with its pub_key
|
|
curl -s "http://$v.$fqdn_suffix/pub_key.json" | jq ". as \$k | {pub_key: \$k, amount: $VALIDATOR_POWER, name: \"$v\"}" > pub_validator.json
|
|
cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > /tendermint/genesis.json
|
|
rm pub_validator.json
|
|
done
|
|
|
|
tendermint node --moniker="`hostname`" --proxy_app="unix:///socks/app.sock"
|
|
volumeMounts:
|
|
- name: tmdir
|
|
mountPath: /tendermint
|
|
- mountPath: /etc/tendermint/genesis.json
|
|
name: tmconfigdir
|
|
subPath: genesis.json
|
|
- name: socksdir
|
|
mountPath: /socks
|
|
|
|
- name: app
|
|
imagePullPolicy: IfNotPresent
|
|
image: tendermint/basecoin:latest
|
|
workingDir: /app
|
|
command:
|
|
- bash
|
|
- "-c"
|
|
- |
|
|
set -ex
|
|
|
|
# replace "tm-N" with public keys in genesis file
|
|
cp /etc/app/genesis.json genesis.json
|
|
fqdn_suffix=$(echo $(hostname -f) | sed 's#[^.]*\.\(\)#\1#')
|
|
# for every "base/account"
|
|
i=3
|
|
length=$(cat genesis.json | jq ". | length")
|
|
while [ $i -lt $length ]; do
|
|
# extract pod name ("tm-0")
|
|
pod=$(cat genesis.json | jq -r ".[$i].pub_key[0]")
|
|
|
|
# wait until pod starts to serve its pub_key
|
|
set +e
|
|
|
|
curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" > /dev/null
|
|
ERR=$?
|
|
while [ "$ERR" != 0 ]; do
|
|
sleep 5
|
|
curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" > /dev/null
|
|
ERR=$?
|
|
done
|
|
set -e
|
|
|
|
# get its pub_key
|
|
curl -s "http://$pod.$fqdn_suffix/app_pub_key.json" | jq "." > k.json
|
|
|
|
# replace pod name with it (["tm-0"] => "[1, XXXXXXXXXXXXXXXXXXXX]")
|
|
cat genesis.json | jq ".[$i].pub_key = $(cat k.json | jq '.')" > genesis.json
|
|
rm -f k.json
|
|
|
|
i=$((i+2)) # skip "base/account" field itself
|
|
done
|
|
|
|
rm -f /socks/app.sock # remove old socket
|
|
|
|
basecoin start --address="unix:///socks/app.sock"
|
|
volumeMounts:
|
|
- name: appdir
|
|
mountPath: /app
|
|
- mountPath: /etc/app/genesis.json
|
|
name: appconfigdir
|
|
subPath: genesis.json
|
|
- name: socksdir
|
|
mountPath: /socks
|
|
|
|
- name: pub-key
|
|
imagePullPolicy: IfNotPresent
|
|
image: nginx:latest
|
|
ports:
|
|
- containerPort: 80
|
|
name: pub-key
|
|
command:
|
|
- bash
|
|
- "-c"
|
|
- |
|
|
set -ex
|
|
# fixes 403 Permission Denied (open() "/tendermint/pub_key.json" failed (13: Permission denied))
|
|
# => we cannot serve from /tendermint, so we copy the file
|
|
mkdir -p /usr/share/nginx
|
|
cp /tendermint/pub_key.json /usr/share/nginx/pub_key.json
|
|
cp /app/pub_key.json /usr/share/nginx/app_pub_key.json
|
|
nginx -g "daemon off;"
|
|
volumeMounts:
|
|
- name: tmdir
|
|
mountPath: /tendermint
|
|
- name: appdir
|
|
mountPath: /app
|
|
- mountPath: /etc/nginx/conf.d/pub_key.conf
|
|
name: tmconfigdir
|
|
subPath: pub_key_nginx.conf
|
|
|
|
volumes:
|
|
- name: tmconfigdir
|
|
configMap:
|
|
name: tm-config
|
|
- name: appconfigdir
|
|
configMap:
|
|
name: app-config
|
|
- name: socksdir
|
|
emptyDir: {}
|
|
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: tmdir
|
|
annotations:
|
|
volume.alpha.kubernetes.io/storage-class: anything
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
- metadata:
|
|
name: appdir
|
|
annotations:
|
|
volume.alpha.kubernetes.io/storage-class: anything
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
resources:
|
|
requests:
|
|
storage: 12Mi
|