diff --git a/.gitignore b/.gitignore index 2279f4cd32..20a61289a5 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,10 @@ # Secret directory used in Kubernetes configurations /infrastructure/kube/**/.secret/ +/infrastructure/kube/**/*.secret + +# Backup directory for local copies of Kubernetes configurations +/infrastructure/kube/**/.backup/ # Keys keystore/ diff --git a/infrastructure/kube/keep-prd/.envrc b/infrastructure/kube/keep-prd/.envrc new file mode 100644 index 0000000000..1f94e4483f --- /dev/null +++ b/infrastructure/kube/keep-prd/.envrc @@ -0,0 +1 @@ +export CLOUDSDK_ACTIVE_CONFIG_NAME=keep-prd diff --git a/infrastructure/kube/keep-prd/bitcoin/bitcoin-namespace.yaml b/infrastructure/kube/keep-prd/bitcoin/bitcoin-namespace.yaml new file mode 100644 index 0000000000..aa47d7b9e4 --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/bitcoin-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: bitcoin diff --git a/infrastructure/kube/keep-prd/bitcoin/bitcoind/bitcoind-data-bitcoind-1-pvc.yaml b/infrastructure/kube/keep-prd/bitcoin/bitcoind/bitcoind-data-bitcoind-1-pvc.yaml new file mode 100644 index 0000000000..639281f2bc --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/bitcoind/bitcoind-data-bitcoind-1-pvc.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitcoind-data-bitcoind-1 + namespace: bitcoin + labels: + app: bitcoind + chain: bitcoin + network: mainnet +spec: + storageClassName: bitcoind + dataSource: + name: bitcoind-snapshot + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 650Gi diff --git a/infrastructure/kube/keep-prd/bitcoin/bitcoind/bitcoind-volumesnapshot.yaml b/infrastructure/kube/keep-prd/bitcoin/bitcoind/bitcoind-volumesnapshot.yaml new file mode 100644 index 0000000000..5182f14be1 --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/bitcoind/bitcoind-volumesnapshot.yaml @@ -0,0 +1,8 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: bitcoind-snapshot +spec: + volumeSnapshotClassName: bitcoind + source: + persistentVolumeClaimName: bitcoind-data-bitcoind-0 diff --git a/infrastructure/kube/keep-prd/bitcoin/bitcoind/kustomization.yaml b/infrastructure/kube/keep-prd/bitcoin/bitcoind/kustomization.yaml new file mode 100644 index 0000000000..726fc3cddf --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/bitcoind/kustomization.yaml @@ -0,0 +1,31 @@ +resources: + - ../../../templates/bitcoin/bitcoind + +namespace: bitcoin + +commonLabels: + network: mainnet + +configMapGenerator: + - name: bitcoind + behavior: merge + literals: + - chain=main + +secretGenerator: + - name: bitcoind + behavior: merge + envs: + - .env.secret + +patches: + - target: + kind: StatefulSet + name: bitcoind + patch: |- + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: bitcoind + spec: + replicas: 2 diff --git a/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-compact-history-job.yaml b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-compact-history-job.yaml new file mode 100644 index 0000000000..f6f79363b9 --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-compact-history-job.yaml @@ -0,0 +1,67 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: electrumx-compact-history + namespace: bitcoin + labels: + chain: bitcoin + app: electrumx + network: mainnet +spec: + backoffLimit: 0 + completions: 1 + parallelism: 1 + template: + metadata: + labels: + chain: bitcoin + app: electrumx + network: mainnet + job-name: electrumx-compact-history + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods + fsGroupChangePolicy: "OnRootMismatch" + containers: + - name: electrumx + image: lukechilds/electrumx:v1.16.0 # TODO: switch to our image + imagePullPolicy: Always + command: + - /electrumx/electrumx_compact_history + env: + - name: COIN + value: BitcoinSegwit + - name: NET + value: mainnet + - name: DB_DIRECTORY + value: /mnt/electrum/data + - name: DAEMON_TOKEN + valueFrom: + secretKeyRef: + name: bitcoind + key: rpc-password + - name: DAEMON_HOST + valueFrom: + configMapKeyRef: + name: electrumx + key: daemon-host + - name: DAEMON_URL + value: http://$(DAEMON_USER):$(DAEMON_TOKEN)@$(DAEMON_HOST) + - name: COST_SOFT_LIMIT + value: "0" + - name: COST_HARD_LIMIT + value: "0" + - name: LOG_LEVEL + value: debug + volumeMounts: + - name: electrumx-data + mountPath: /mnt/electrum/data + restartPolicy: Never + volumes: + - name: electrumx-data + persistentVolumeClaim: + # Update to the desired replica's volume index. + claimName: electrumx-data-electrumx-2 diff --git a/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-data-electrumx-1-pvc.yaml b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-data-electrumx-1-pvc.yaml new file mode 100644 index 0000000000..9898a901a8 --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-data-electrumx-1-pvc.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: electrumx-data-electrumx-1 + namespace: bitcoin + labels: + app: electrumx + chain: bitcoin + network: mainnet +spec: + storageClassName: electrumx-v2 + dataSource: + name: electrumx-snapshot + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 450Gi diff --git a/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-data-electrumx-2-pvc.yaml b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-data-electrumx-2-pvc.yaml new file mode 100644 index 0000000000..4d311f6981 --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-data-electrumx-2-pvc.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: electrumx-data-electrumx-2 + namespace: bitcoin + labels: + app: electrumx + chain: bitcoin + network: mainnet +spec: + storageClassName: electrumx-v2 + dataSource: + name: electrumx-snapshot + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 450Gi diff --git a/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-volumesnapshot.yaml b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-volumesnapshot.yaml new file mode 100644 index 0000000000..36242a68ca --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/electrumx/electrumx-volumesnapshot.yaml @@ -0,0 +1,8 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: electrumx-snapshot +spec: + volumeSnapshotClassName: electrumx + source: + persistentVolumeClaimName: electrumx-data-electrumx-0 diff --git a/infrastructure/kube/keep-prd/bitcoin/electrumx/kustomization.yaml b/infrastructure/kube/keep-prd/bitcoin/electrumx/kustomization.yaml new file mode 100644 index 0000000000..d20f7bd6c5 --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/electrumx/kustomization.yaml @@ -0,0 +1,43 @@ +resources: + - ../../../templates/bitcoin/electrumx + +namespace: bitcoin + +commonLabels: + network: mainnet + +secretGenerator: + - name: tbtc-network-cloudflare-origin-cert + type: kubernetes.io/tls + files: + - .secret/ca.crt + - .secret/tls.crt + - .secret/tls.key + +patches: + - target: + kind: Service + name: electrumx + patch: |- + apiVersion: v1 + kind: Service + metadata: + name: electrumx + spec: + type: LoadBalancer + loadBalancerIP: 35.223.16.19 + - target: + kind: StatefulSet + name: electrumx + patch: |- + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: electrumx + spec: + replicas: 3 + +generatorOptions: + disableNameSuffixHash: true + annotations: + note: generated diff --git a/infrastructure/kube/keep-prd/bitcoin/kustomization.yaml b/infrastructure/kube/keep-prd/bitcoin/kustomization.yaml new file mode 100644 index 0000000000..03ec75721c --- /dev/null +++ b/infrastructure/kube/keep-prd/bitcoin/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - bitcoin-namespace.yaml diff --git a/infrastructure/kube/keep-test/.envrc b/infrastructure/kube/keep-test/.envrc new file mode 100644 index 0000000000..4d732771d6 --- /dev/null +++ b/infrastructure/kube/keep-test/.envrc @@ -0,0 +1 @@ +export CLOUDSDK_ACTIVE_CONFIG_NAME=keep-test diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/bitcoin-namespace.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoin-namespace.yaml new file mode 100644 index 0000000000..28b32f048a --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoin-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: bitcoin-testnet diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/bitcoind-data-bitcoind-1-pvc.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/bitcoind-data-bitcoind-1-pvc.yaml new file mode 100644 index 0000000000..d1e4bbb76e --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/bitcoind-data-bitcoind-1-pvc.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitcoind-data-bitcoind-1 + namespace: bitcoin-testnet + labels: + app: bitcoind + chain: bitcoin + network: testnet +spec: + storageClassName: bitcoind + dataSource: + name: bitcoind-snapshot + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/bitcoind-volumesnapshot.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/bitcoind-volumesnapshot.yaml new file mode 100644 index 0000000000..5182f14be1 --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/bitcoind-volumesnapshot.yaml @@ -0,0 +1,8 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: bitcoind-snapshot +spec: + volumeSnapshotClassName: bitcoind + source: + persistentVolumeClaimName: bitcoind-data-bitcoind-0 diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/kustomization.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/kustomization.yaml new file mode 100644 index 0000000000..5e140ca5cd --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/bitcoind/kustomization.yaml @@ -0,0 +1,46 @@ +resources: + - ../../../../templates/bitcoin/bitcoind + +namespace: bitcoin-testnet + +commonLabels: + network: testnet + +configMapGenerator: + - name: bitcoind + behavior: merge + literals: + - chain=test + +secretGenerator: + - name: bitcoind + behavior: merge + envs: + - .env.secret + +patches: + # Patch bitcoind StatefulSet by setting a storage request specific for testnet. + - target: + kind: StatefulSet + name: bitcoind + patch: |- + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: bitcoind + spec: + replicas: 2 + volumeClaimTemplates: + - metadata: + name: bitcoind-data + labels: + chain: bitcoin + app: bitcoind + network: testnet + spec: + storageClassName: bitcoind + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/electrumx-data-electrumx-1-pvc.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/electrumx-data-electrumx-1-pvc.yaml new file mode 100644 index 0000000000..5e932e65dc --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/electrumx-data-electrumx-1-pvc.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: electrumx-data-electrumx-1 + namespace: bitcoin-testnet + labels: + app: electrumx + chain: bitcoin + network: testnet +spec: + storageClassName: electrumx-v2 + dataSource: + name: electrumx-snapshot + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/electrumx-volumesnapshot.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/electrumx-volumesnapshot.yaml new file mode 100644 index 0000000000..36242a68ca --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/electrumx-volumesnapshot.yaml @@ -0,0 +1,8 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: electrumx-snapshot +spec: + volumeSnapshotClassName: electrumx + source: + persistentVolumeClaimName: electrumx-data-electrumx-0 diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/kustomization.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/kustomization.yaml new file mode 100644 index 0000000000..89df2e1d46 --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/electrumx/kustomization.yaml @@ -0,0 +1,67 @@ +resources: + - ../../../../templates/bitcoin/electrumx + +namespace: bitcoin-testnet + +commonLabels: + network: testnet + +secretGenerator: + - name: test-tbtc-network-cloudflare-origin-cert + type: kubernetes.io/tls + files: + - .secret/tls.crt + - .secret/tls.key + +patches: + - target: + kind: Service + name: electrumx + patch: |- + apiVersion: v1 + kind: Service + metadata: + name: electrumx + spec: + type: LoadBalancer + loadBalancerIP: 34.70.22.39 + - target: + kind: StatefulSet + name: electrumx + patch: |- + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: electrumx + spec: + replicas: 2 + template: + spec: + containers: + - name: electrumx + env: + - name: NET + value: testnet + volumes: + - name: tbtc-network-cloudflare-origin-cert + secret: + secretName: test-tbtc-network-cloudflare-origin-cert + volumeClaimTemplates: + - metadata: + name: electrumx-data + labels: + chain: bitcoin + app: electrumx + network: testnet + spec: + storageClassName: electrumx-v2 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi + +generatorOptions: + disableNameSuffixHash: true + annotations: + note: generated diff --git a/infrastructure/kube/keep-test/bitcoin/testnet/kustomization.yaml b/infrastructure/kube/keep-test/bitcoin/testnet/kustomization.yaml new file mode 100644 index 0000000000..03ec75721c --- /dev/null +++ b/infrastructure/kube/keep-test/bitcoin/testnet/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - bitcoin-namespace.yaml diff --git a/infrastructure/kube/templates/bitcoin/bitcoind/.env.sample b/infrastructure/kube/templates/bitcoin/bitcoind/.env.sample new file mode 100644 index 0000000000..fd955ccfd0 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/bitcoind/.env.sample @@ -0,0 +1,2 @@ +rpc-user= +rpc-password= diff --git a/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-service.yaml b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-service.yaml new file mode 100644 index 0000000000..c2513a87bf --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitcoind +spec: + type: ClusterIP + ports: + - name: rpc + port: 8332 + targetPort: rpc + - name: network + port: 8333 + targetPort: network diff --git a/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-statefulset.yaml b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-statefulset.yaml new file mode 100644 index 0000000000..3b1968f487 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-statefulset.yaml @@ -0,0 +1,92 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: bitcoind +spec: + replicas: 1 + serviceName: bitcoind + template: + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods + fsGroupChangePolicy: "OnRootMismatch" + containers: + - name: bitcoind + image: keepnetwork/bitcoind:24.1 + imagePullPolicy: Always + command: + - bitcoind + - -chain=$(CHAIN) + - -datadir=/mnt/bitcoind/data + - -rpcport=8332 + - -port=8333 + - -rpcbind=0.0.0.0 + - -rpcallowip=0.0.0.0/0 + - -rpcuser=$(RPC_USER) + - -rpcpassword=$(RPC_PASSWORD) + - -disablewallet=1 + - -txindex=1 + env: + - name: RPC_USER + valueFrom: + secretKeyRef: + name: bitcoind + key: rpc-user + - name: RPC_PASSWORD + valueFrom: + secretKeyRef: + name: bitcoind + key: rpc-password + - name: CHAIN + valueFrom: + configMapKeyRef: + name: bitcoind + key: chain + ports: + - name: rpc + containerPort: 8332 + protocol: TCP + - name: network + containerPort: 8333 + protocol: TCP + livenessProbe: + tcpSocket: + port: rpc + initialDelaySeconds: 20 + periodSeconds: 10 + # TODO: Define readiness probe based on: https://bitcoin.stackexchange.com/a/103370 + # readinessProbe: + # exec: + # command: + # - bitcoin-cli + # - getblockcount + # initialDelaySeconds: 20 + # periodSeconds: 15 + resources: + requests: + cpu: 100m + memory: 2Gi + volumeMounts: + - mountPath: /mnt/bitcoind/data + name: bitcoind-data + volumes: + - name: bitcoind-data + persistentVolumeClaim: + claimName: bitcoind-data + volumeClaimTemplates: + - metadata: + name: bitcoind-data + spec: + storageClassName: bitcoind + accessModes: + - ReadWriteOnce + resources: + requests: + # Estimated required storage based on the network: + # - for mainnet: 650 Gi (default) + # - for testnet: 40 Gi + storage: 650Gi diff --git a/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-storageclass.yaml b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-storageclass.yaml new file mode 100644 index 0000000000..3f66a4ba3c --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-storageclass.yaml @@ -0,0 +1,13 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: bitcoind +# Requires Google Compute Engine persistent disk CSI Driver to be enabled on the +# cluster, see: https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver +provisioner: pd.csi.storage.gke.io +parameters: + type: pd-ssd + replication-type: none +reclaimPolicy: Retain +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer diff --git a/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-volumesnapshotclass.yaml b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-volumesnapshotclass.yaml new file mode 100644 index 0000000000..8529d3fa4c --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/bitcoind/bitcoind-volumesnapshotclass.yaml @@ -0,0 +1,6 @@ +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: bitcoind +driver: pd.csi.storage.gke.io +deletionPolicy: Retain diff --git a/infrastructure/kube/templates/bitcoin/bitcoind/kustomization.yaml b/infrastructure/kube/templates/bitcoin/bitcoind/kustomization.yaml new file mode 100644 index 0000000000..ea88cfd445 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/bitcoind/kustomization.yaml @@ -0,0 +1,24 @@ +resources: + - bitcoind-service.yaml + - bitcoind-statefulset.yaml + - bitcoind-storageclass.yaml + - bitcoind-volumesnapshotclass.yaml + +commonLabels: + chain: bitcoin + app: bitcoind + +configMapGenerator: + - name: bitcoind + literals: + - chain=main + +secretGenerator: + - name: bitcoind + envs: + - .env.sample + +generatorOptions: + disableNameSuffixHash: true + annotations: + note: generated diff --git a/infrastructure/kube/templates/bitcoin/electrumx/electrumx-service.yaml b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-service.yaml new file mode 100644 index 0000000000..5b618b17c4 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-service.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: electrumx +spec: + type: LoadBalancer + # Replace the value. + loadBalancerIP: XX.XX.XX.XX + # Expose the service on ports that are proxied by Cloudflare. + # See: https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/ + ports: + - name: tcp + port: 80 + targetPort: tcp + - name: ssl + port: 443 + targetPort: ssl + - name: ws + port: 8080 + targetPort: ws + - name: wss + port: 8443 + targetPort: wss diff --git a/infrastructure/kube/templates/bitcoin/electrumx/electrumx-statefulset.yaml b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-statefulset.yaml new file mode 100644 index 0000000000..a553ee5a58 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-statefulset.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: electrumx +spec: + replicas: 1 + serviceName: electrumx + template: + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods + fsGroupChangePolicy: "OnRootMismatch" + containers: + - name: electrumx + image: lukechilds/electrumx:v1.16.0 # TODO: switch to our image + imagePullPolicy: Always + # Full list of env vars: https://electrumx.readthedocs.io/en/latest/environment.html + env: + - name: COIN + value: BitcoinSegwit + - name: NET + value: mainnet + - name: DAEMON_USER + valueFrom: + secretKeyRef: + name: bitcoind + key: rpc-user + - name: DAEMON_TOKEN + valueFrom: + secretKeyRef: + name: bitcoind + key: rpc-password + - name: DAEMON_HOST + valueFrom: + configMapKeyRef: + name: electrumx + key: daemon-host + - name: DAEMON_URL + value: http://$(DAEMON_USER):$(DAEMON_TOKEN)@$(DAEMON_HOST) + - name: DB_DIRECTORY + value: /mnt/electrum/data + - name: SSL_CERTFILE + value: /mnt/electrum/cert/tls.crt + - name: SSL_KEYFILE + value: /mnt/electrum/cert/tls.key + - name: SERVICES + value: tcp://:80,ssl://:443,ws://:8080,wss://:8443,rpc://0.0.0.0:8000 + - name: COST_SOFT_LIMIT + value: "0" + - name: COST_HARD_LIMIT + value: "0" + - name: LOG_LEVEL + value: debug + ports: + - name: tcp + containerPort: 80 + - name: ssl + containerPort: 443 + - name: ws + containerPort: 8080 + - name: wss + containerPort: 8443 + - name: rpc + containerPort: 8000 + livenessProbe: + tcpSocket: + port: rpc + initialDelaySeconds: 20 + periodSeconds: 30 + readinessProbe: + tcpSocket: + port: tcp + initialDelaySeconds: 20 + periodSeconds: 30 + resources: + requests: + cpu: 500m + memory: 8Gi + volumeMounts: + - name: electrumx-data + mountPath: /mnt/electrum/data + - name: tbtc-network-cloudflare-origin-cert + mountPath: /mnt/electrum/cert + volumes: + - name: electrumx-data + persistentVolumeClaim: + claimName: electrumx + - name: tbtc-network-cloudflare-origin-cert + secret: + secretName: tbtc-network-cloudflare-origin-cert + volumeClaimTemplates: + - metadata: + name: electrumx-data + spec: + storageClassName: electrumx-v2 + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 450Gi diff --git a/infrastructure/kube/templates/bitcoin/electrumx/electrumx-storageclass.yaml b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-storageclass.yaml new file mode 100644 index 0000000000..b83cd30c20 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-storageclass.yaml @@ -0,0 +1,13 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: electrumx-v2 +# Requires Google Compute Engine persistent disk CSI Driver to be enabled on the +# cluster, see: https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver +provisioner: pd.csi.storage.gke.io +parameters: + type: pd-ssd + replication-type: none +reclaimPolicy: Retain +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer diff --git a/infrastructure/kube/templates/bitcoin/electrumx/electrumx-volumesnapshotclass.yaml b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-volumesnapshotclass.yaml new file mode 100644 index 0000000000..45069c78c1 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/electrumx/electrumx-volumesnapshotclass.yaml @@ -0,0 +1,7 @@ +apiVersion: snapshot.storage.k8s.io/v1 +# Read more: https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/volume-snapshots#v1 +kind: VolumeSnapshotClass +metadata: + name: electrumx +driver: pd.csi.storage.gke.io +deletionPolicy: Retain diff --git a/infrastructure/kube/templates/bitcoin/electrumx/kustomization.yaml b/infrastructure/kube/templates/bitcoin/electrumx/kustomization.yaml new file mode 100644 index 0000000000..d001cae390 --- /dev/null +++ b/infrastructure/kube/templates/bitcoin/electrumx/kustomization.yaml @@ -0,0 +1,19 @@ +resources: + - electrumx-service.yaml + - electrumx-statefulset.yaml + - electrumx-storageclass.yaml + - electrumx-volumesnapshotclass.yaml + +commonLabels: + chain: bitcoin + app: electrumx + +configMapGenerator: + - name: electrumx + literals: + - daemon-host=bitcoind:8332 + +generatorOptions: + disableNameSuffixHash: true + annotations: + note: generated