fix: remove private keys from config and clean up production.yaml (#164)

* feat: remove pk and dsn from configs * fix: update contract images * fix: override init containers for production
scroll-tech · Sep 11, 2024 · bf24c97 · bf24c97
1 parent c441ddf
commit bf24c97
Show file tree

Hide file tree

Showing 19 changed files with 81 additions and 45 deletions.
diff --git a/charts/bridge-history-fetcher/Chart.yaml b/charts/bridge-history-fetcher/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 description: bridge-history-fetcher helm charts
 name: bridge-history-fetcher
-version: 0.0.7
+version: 0.0.8
 appVersion: v0.1.0
 kubeVersion: ">=1.22.0-0"
 maintainers:

diff --git a/charts/bridge-history-fetcher/README.md b/charts/bridge-history-fetcher/README.md
@@ -1,6 +1,6 @@
 # bridge-history-fetcher
 
-![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
 
 bridge-history-fetcher helm charts
 
@@ -26,7 +26,7 @@ Kubernetes: `>=1.22.0-0`
 | command[0] | string | `"/bin/sh"` |  |
 | command[1] | string | `"-c"` |  |
 | command[2] | string | `"bridgehistoryapi-fetcher --config /app/conf/bridge-history-config.json --metrics --metrics.addr 0.0.0.0 --metrics.port ${METRICS_PORT} --log.debug"` |  |
-| configMaps.migrate-db.data."migrate-db.json" | string | `"{\n  \"l1\": {},\n  \"l2\": {},\n  \"db\": {\n    \"driver_name\": \"postgres\",\n    \"maxOpenNum\": 50,\n    \"maxIdleNume\": 5,\n    \"dsn\": \"postgres://postgres:qwerty12345@postgresql:5432/scroll?sslmode=disable\"\n  }\n}\n"` |  |
+| configMaps.migrate-db.data."migrate-db.json" | string | `"{\n  \"l1\": {},\n  \"l2\": {},\n  \"db\": {\n    \"driver_name\": \"postgres\",\n    \"maxOpenNum\": 50,\n    \"maxIdleNume\": 5,\n    \"dsn\": \"\"\n  }\n}\n"` |  |
 | configMaps.migrate-db.enabled | bool | `true` |  |
 | controller.replicas | int | `1` |  |
 | controller.strategy | string | `"RollingUpdate"` |  |
@@ -52,7 +52,8 @@ Kubernetes: `>=1.22.0-0`
 | initContainers.2-migrate-db.command[0] | string | `"/bin/sh"` |  |
 | initContainers.2-migrate-db.command[1] | string | `"-c"` |  |
 | initContainers.2-migrate-db.command[2] | string | `"db_cli --config /config/migrate-db.json migrate"` |  |
-| initContainers.2-migrate-db.image | string | `"scrolltech/bridgehistoryapi-db-cli:v4.4.14"` |  |
+| initContainers.2-migrate-db.envFrom[0].configMapRef.name | string | `"bridge-history-fetcher-env"` |  |
+| initContainers.2-migrate-db.image | string | `"scrolltech/bridgehistoryapi-db-cli:v4.4.59"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].mountPath | string | `"/config/migrate-db.json"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].name | string | `"migrate-db"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].subPath | string | `"migrate-db.json"` |  |

diff --git a/charts/bridge-history-fetcher/values.yaml b/charts/bridge-history-fetcher/values.yaml
@@ -93,12 +93,15 @@ initContainers:
       - configMapRef:
           name: bridge-history-fetcher-env
   2-migrate-db:
-    image: scrolltech/bridgehistoryapi-db-cli:v4.4.14
+    image: scrolltech/bridgehistoryapi-db-cli:v4.4.59
     command: ["/bin/sh", "-c", "db_cli --config /config/migrate-db.json migrate"]
     volumeMounts:
       - name: migrate-db
         mountPath: /config/migrate-db.json
         subPath: migrate-db.json
+    envFrom:
+      - configMapRef:
+          name: bridge-history-fetcher-env
   3-wait-for-l1:
     image: scrolltech/scroll-alpine:v0.0.1
     command:
@@ -137,7 +140,7 @@ configMaps:
             "driver_name": "postgres",
             "maxOpenNum": 50,
             "maxIdleNume": 5,
-            "dsn": "postgres://postgres:qwerty12345@postgresql:5432/scroll?sslmode=disable"
+            "dsn": ""
           }
         }
 

diff --git a/charts/bridge-history-fetcher/values/production.yaml b/charts/bridge-history-fetcher/values/production.yaml
@@ -30,15 +30,23 @@ initContainers:
     envFrom:
       - secretRef:
           name: bridge-history-fetcher-secret-env
+  2-migrate-db:
+    image: scrolltech/bridgehistoryapi-db-cli:v4.4.59
+    command: ["/bin/sh", "-c", "db_cli --config /config/migrate-db.json migrate"]
+    volumeMounts:
+      - name: migrate-db
+        mountPath: /config/migrate-db.json
+        subPath: migrate-db.json
+    envFrom:
+      - configMapRef:
+          name: bridge-history-fetcher-secret-env
 
 configMaps:
   env:
     enabled: true
     data:
       SCROLL_L1_RPC: ""
       SCROLL_L2_RPC: "http://l2-rpc:8545"
-  migrate-db:
-    enabled: false
 
 ingress:
   main:

diff --git a/charts/contracts/Chart.yaml b/charts/contracts/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 description: contracts helm charts
 name: contracts
-version: 0.0.5
+version: 0.0.6
 appVersion: v0.1.0
 kubeVersion: ">=1.22.0-0"
 maintainers:

diff --git a/charts/contracts/README.md b/charts/contracts/README.md
@@ -1,6 +1,6 @@
 # contracts
 
-![Version: 0.0.5](https://img.shields.io/badge/Version-0.0.5-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
 
 contracts helm charts
 
@@ -25,7 +25,7 @@ Kubernetes: `>=1.22.0-0`
 | envFrom[0].configMapRef.name | string | `"contracts-deployment-env"` |  |
 | global.isStandalone | bool | `false` |  |
 | image.repository | string | `"scrolltech/scroll-stack-contracts"` |  |
-| image.tag | string | `"deploy-v0.0.20"` |  |
+| image.tag | string | `"deploy-v0.0.21"` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/contracts/values.yaml b/charts/contracts/values.yaml
@@ -4,7 +4,7 @@ global:
 
 image:
   repository: scrolltech/scroll-stack-contracts
-  tag: deploy-v0.0.20
+  tag: deploy-v0.0.21
 
 envFrom:
   - configMapRef:

diff --git a/charts/gas-oracle/Chart.yaml b/charts/gas-oracle/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 description: gas-oracle helm charts
 name: gas-oracle
-version: 0.0.6
+version: 0.0.7
 appVersion: v0.1.0
 kubeVersion: ">=1.22.0-0"
 maintainers:

diff --git a/charts/gas-oracle/README.md b/charts/gas-oracle/README.md
@@ -1,6 +1,6 @@
 # gas-oracle
 
-![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
 
 gas-oracle helm charts
 
@@ -26,7 +26,7 @@ Kubernetes: `>=1.22.0-0`
 | command[0] | string | `"/bin/sh"` |  |
 | command[1] | string | `"-c"` |  |
 | command[2] | string | `"gas_oracle --config /app/conf/rollup-config.json --genesis /app/genesis/genesis.json --metrics --metrics.addr 0.0.0.0 --metrics.port ${METRICS_PORT} --log.debug"` |  |
-| configMaps.migrate-db.data."migrate-db.json" | string | `"{\n    \"driver_name\": \"postgres\",\n    \"dsn\": \"postgres://postgres:qwerty12345@postgresql:5432/scroll?sslmode=disable\"\n}\n"` |  |
+| configMaps.migrate-db.data."migrate-db.json" | string | `"{\n    \"driver_name\": \"postgres\",\n    \"dsn\": \"\"\n}\n"` |  |
 | configMaps.migrate-db.enabled | bool | `true` |  |
 | defaultProbes.custom | bool | `true` |  |
 | defaultProbes.enabled | bool | `true` |  |
@@ -39,7 +39,7 @@ Kubernetes: `>=1.22.0-0`
 | global.nameOverride | string | `"gas-oracle"` |  |
 | image.pullPolicy | string | `"Always"` |  |
 | image.repository | string | `"scrolltech/gas-oracle"` |  |
-| image.tag | string | `"v4.4.59"` |  |
+| image.tag | string | `"v4.4.60"` |  |
 | initContainers.1-check-postgres-connection.args[0] | string | `"postgresql"` |  |
 | initContainers.1-check-postgres-connection.args[1] | string | `"$(SCROLL_ROLLUP_DB_CONFIG_DSN)"` |  |
 | initContainers.1-check-postgres-connection.args[2] | string | `"--timeout"` |  |
@@ -49,7 +49,8 @@ Kubernetes: `>=1.22.0-0`
 | initContainers.2-migrate-db.command[0] | string | `"/bin/sh"` |  |
 | initContainers.2-migrate-db.command[1] | string | `"-c"` |  |
 | initContainers.2-migrate-db.command[2] | string | `"db_cli migrate --config /config/migrate-db.json"` |  |
-| initContainers.2-migrate-db.image | string | `"scrolltech/rollup-db-cli"` |  |
+| initContainers.2-migrate-db.envFrom[0].configMapRef.name | string | `"gas-oracle-env"` |  |
+| initContainers.2-migrate-db.image | string | `"scrolltech/rollup-db-cli:v4.4.60"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].mountPath | string | `"/config/migrate-db.json"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].name | string | `"migrate-db"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].subPath | string | `"migrate-db.json"` |  |

diff --git a/charts/gas-oracle/values.yaml b/charts/gas-oracle/values.yaml
@@ -6,7 +6,7 @@ global:
 image:
   repository: scrolltech/gas-oracle
   pullPolicy: Always
-  tag: v4.4.59
+  tag: v4.4.60
 
 command:
   [
@@ -98,12 +98,15 @@ initContainers:
       - configMapRef:
           name: gas-oracle-env
   2-migrate-db:
-    image: scrolltech/rollup-db-cli
+    image: scrolltech/rollup-db-cli:v4.4.60
     command: ["/bin/sh", "-c", "db_cli migrate --config /config/migrate-db.json"]
     volumeMounts:
       - name: migrate-db
         mountPath: /config/migrate-db.json
         subPath: migrate-db.json
+    envFrom:
+      - configMapRef:
+          name: gas-oracle-env
   3-wait-for-l1:
     image: scrolltech/scroll-alpine:v0.0.1
     command:
@@ -134,7 +137,7 @@ configMaps:
       migrate-db.json: |
         {
             "driver_name": "postgres",
-            "dsn": "postgres://postgres:qwerty12345@postgresql:5432/scroll?sslmode=disable"
+            "dsn": ""
         }
 
 serviceMonitor:

diff --git a/charts/gas-oracle/values/production.yaml b/charts/gas-oracle/values/production.yaml
@@ -30,6 +30,16 @@ initContainers:
     envFrom:
       - secretRef:
           name: gas-oracle-secret-env
+  2-migrate-db:
+    image: scrolltech/rollup-db-cli:v4.4.60
+    command: ["/bin/sh", "-c", "db_cli migrate --config /config/migrate-db.json"]
+    volumeMounts:
+      - name: migrate-db
+        mountPath: /config/migrate-db.json
+        subPath: migrate-db.json
+    envFrom:
+      - configMapRef:
+          name: gas-oracle-secret-env
   4-wait-for-l2-sequencer:
     image: atkrad/wait4x:latest
     args:
@@ -49,8 +59,6 @@ configMaps:
     data:
       SCROLL_L1_RPC: ""
       SCROLL_L2_RPC: ""
-  migrate-db:
-    enabled: false
 
 externalSecrets:
   gas-oracle-secret-env:

diff --git a/charts/rollup-node/Chart.yaml b/charts/rollup-node/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 description: rollup-node helm charts
 name: rollup-node
-version: 0.0.8
+version: 0.0.9
 appVersion: v0.1.0
 kubeVersion: ">=1.22.0-0"
 maintainers:

diff --git a/charts/rollup-node/README.md b/charts/rollup-node/README.md
@@ -1,6 +1,6 @@
 # rollup-node
 
-![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
 
 rollup-node helm charts
 
@@ -26,7 +26,7 @@ Kubernetes: `>=1.22.0-0`
 | command[0] | string | `"/bin/sh"` |  |
 | command[1] | string | `"-c"` |  |
 | command[2] | string | `"rollup_relayer --config /app/conf/rollup-config.json --genesis /app/genesis/genesis.json --import-genesis --metrics --metrics.addr 0.0.0.0 --metrics.port ${METRICS_PORT} --log.debug --verbosity 3"` |  |
-| configMaps.migrate-db.data."migrate-db.json" | string | `"{\n    \"driver_name\": \"postgres\",\n    \"dsn\": \"postgres://postgres:qwerty12345@postgresql:5432/scroll?sslmode=disable\"\n}\n"` |  |
+| configMaps.migrate-db.data."migrate-db.json" | string | `"{\n    \"driver_name\": \"postgres\",\n    \"dsn\": \"\"\n}\n"` |  |
 | configMaps.migrate-db.enabled | bool | `true` |  |
 | controller.replicas | int | `1` |  |
 | controller.strategy | string | `"Recreate"` |  |
@@ -38,7 +38,7 @@ Kubernetes: `>=1.22.0-0`
 | global.nameOverride | string | `"rollup-node"` |  |
 | image.pullPolicy | string | `"Always"` |  |
 | image.repository | string | `"scrolltech/rollup-relayer"` |  |
-| image.tag | string | `"v4.4.59"` |  |
+| image.tag | string | `"v4.4.60"` |  |
 | initContainers.1-check-postgres-connection.args[0] | string | `"postgresql"` |  |
 | initContainers.1-check-postgres-connection.args[1] | string | `"$(SCROLL_ROLLUP_DB_CONFIG_DSN)"` |  |
 | initContainers.1-check-postgres-connection.args[2] | string | `"--timeout"` |  |
@@ -48,7 +48,8 @@ Kubernetes: `>=1.22.0-0`
 | initContainers.2-migrate-db.command[0] | string | `"/bin/sh"` |  |
 | initContainers.2-migrate-db.command[1] | string | `"-c"` |  |
 | initContainers.2-migrate-db.command[2] | string | `"db_cli migrate --config /config/migrate-db.json"` |  |
-| initContainers.2-migrate-db.image | string | `"scrolltech/rollup-db-cli"` |  |
+| initContainers.2-migrate-db.envFrom[0].configMapRef.name | string | `"rollup-node-env"` |  |
+| initContainers.2-migrate-db.image | string | `"scrolltech/rollup-db-cli:v4.4.60"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].mountPath | string | `"/config/migrate-db.json"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].name | string | `"migrate-db"` |  |
 | initContainers.2-migrate-db.volumeMounts[0].subPath | string | `"migrate-db.json"` |  |

diff --git a/charts/rollup-node/values.yaml b/charts/rollup-node/values.yaml
@@ -11,7 +11,7 @@ controller:
 image:
   repository: scrolltech/rollup-relayer
   pullPolicy: Always
-  tag: v4.4.59
+  tag: v4.4.60
 
 env:
   - name: METRICS_PORT
@@ -96,12 +96,15 @@ initContainers:
       - configMapRef:
           name: rollup-node-env
   2-migrate-db:
-    image: scrolltech/rollup-db-cli
+    image: scrolltech/rollup-db-cli:v4.4.60
     command: ["/bin/sh", "-c", "db_cli migrate --config /config/migrate-db.json"]
     volumeMounts:
       - name: migrate-db
         mountPath: /config/migrate-db.json
         subPath: migrate-db.json
+    envFrom:
+      - configMapRef:
+          name: rollup-node-env
   3-wait-for-l1:
     image: scrolltech/scroll-alpine:v0.0.1
     command:
@@ -136,7 +139,7 @@ configMaps:
       migrate-db.json: |
         {
             "driver_name": "postgres",
-            "dsn": "postgres://postgres:qwerty12345@postgresql:5432/scroll?sslmode=disable"
+            "dsn": ""
         }
 
 serviceMonitor:

diff --git a/charts/rollup-node/values/production.yaml b/charts/rollup-node/values/production.yaml
@@ -12,6 +12,16 @@ initContainers:
     envFrom:
       - secretRef:
           name: rollup-node-secret-env
+  2-migrate-db:
+    image: scrolltech/rollup-db-cli:v4.4.60
+    command: ["/bin/sh", "-c", "db_cli migrate --config /config/migrate-db.json"]
+    volumeMounts:
+      - name: migrate-db
+        mountPath: /config/migrate-db.json
+        subPath: migrate-db.json
+    envFrom:
+      - secretRef:
+          name: rollup-node-secret-env
 
 envFrom:
   - secretRef:
@@ -32,8 +42,6 @@ configMaps:
       L1_RPC_ENDPOINT: ""
       L2_RPC_ENDPOINT: ""
       L1_SCROLL_CHAIN_PROXY_ADDR: ""
-  migrate-db:
-    enabled: false
 
 externalSecrets:
   rollup-node-secret-env:

diff --git a/charts/scroll-sdk/Chart.yaml b/charts/scroll-sdk/Chart.yaml
@@ -2,7 +2,7 @@
 apiVersion: v2
 description: scroll helm charts to deploy scroll sdk
 name: scroll-sdk
-version: 0.0.30
+version: 0.0.31
 appVersion: v0.1.0
 kubeVersion: ">=1.22.0-0"
 maintainers:
@@ -30,7 +30,7 @@ dependencies:
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: bridge-history-api.enabled
   - name: bridge-history-fetcher
-    version: 0.0.7
+    version: 0.0.8
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: bridge-history-fetcher.enabled
   - name: blockscout-sc-verifier
@@ -42,7 +42,7 @@ dependencies:
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: chain-monitor.enabled
   - name: contracts
-    version: 0.0.5
+    version: 0.0.6
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: contracts.enabled
   - name: coordinator-api
@@ -58,7 +58,7 @@ dependencies:
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: frontends.enabled
   - name: gas-oracle
-    version: 0.0.6
+    version: 0.0.7
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: gas-oracle.enabled
   - name: l1-explorer
@@ -98,7 +98,7 @@ dependencies:
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: rollup-explorer-backend.enabled
   - name: rollup-node
-    version: 0.0.8
+    version: 0.0.9
     repository: "oci://ghcr.io/scroll-tech/scroll-sdk/helm"
     condition: rollup-node.enabled
   - name: rpc-gateway