From e65afe66b81aaf05c3f5975346977ac20a253d68 Mon Sep 17 00:00:00 2001 From: sbaizet <74511063+sbaizet-ledger@users.noreply.github.com> Date: Wed, 28 Aug 2024 15:08:03 +0200 Subject: [PATCH] feat: use env var instead of secrets in config files (#109) * feat: use env var instead of secrets in config files * remove comment --- charts/bridge-history-api/README.md | 2 +- charts/bridge-history-api/values.yaml | 2 +- .../bridge-history-api/values/production.yaml | 19 + charts/bridge-history-fetcher/README.md | 2 +- charts/bridge-history-fetcher/values.yaml | 2 +- .../values/production.yaml | 10 +- charts/coordinator-api/README.md | 25 +- charts/coordinator-api/values.yaml | 327 ++++++++---------- charts/coordinator-api/values/production.yaml | 15 + charts/coordinator-cron/README.md | 18 +- charts/coordinator-cron/values.yaml | 12 +- .../coordinator-cron/values/production.yaml | 36 +- charts/gas-oracle/README.md | 2 +- charts/gas-oracle/values.yaml | 2 +- charts/gas-oracle/values/production.yaml | 33 +- charts/rollup-node/README.md | 2 +- charts/rollup-node/values.yaml | 2 +- charts/rollup-node/values/production.yaml | 26 +- 18 files changed, 276 insertions(+), 261 deletions(-) diff --git a/charts/bridge-history-api/README.md b/charts/bridge-history-api/README.md index a3049460..3871b055 100644 --- a/charts/bridge-history-api/README.md +++ b/charts/bridge-history-api/README.md @@ -41,7 +41,7 @@ Kubernetes: `>=1.22.0-0` | global.nameOverride | string | `"bridge-history-api"` | | | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"scrolltech/bridgehistoryapi-api"` | | -| image.tag | string | `"v4.4.14"` | | +| image.tag | string | `"v4.4.57"` | | | ingress.main.annotations | object | `{}` | | | ingress.main.enabled | bool | `true` | | | ingress.main.hosts[0].host | string | `"bridge-history-api.scrollsdk"` | | diff --git a/charts/bridge-history-api/values.yaml b/charts/bridge-history-api/values.yaml index fdb313b9..7ddd9458 100644 --- a/charts/bridge-history-api/values.yaml +++ b/charts/bridge-history-api/values.yaml @@ -10,7 +10,7 @@ controller: image: repository: scrolltech/bridgehistoryapi-api pullPolicy: Always - tag: v4.4.14 + tag: v4.4.57 command: [ diff --git a/charts/bridge-history-api/values/production.yaml b/charts/bridge-history-api/values/production.yaml index 381daccc..0d6e2455 100644 --- a/charts/bridge-history-api/values/production.yaml +++ b/charts/bridge-history-api/values/production.yaml @@ -4,6 +4,10 @@ global: controller: replicas: 2 +envFrom: + - secretRef: + name: bridge-history-api-secret-env + # TODO make this consistent with devnet, we should use bridge-history-api-config instead of bridge-history-config persistence: bridge-history-api: @@ -27,3 +31,18 @@ ingress: paths: - path: / pathType: Prefix + +externalSecrets: + bridge-history-api-secret-env: + provider: aws + data: + - remoteRef: + key: scroll/bridge-history-api-secret-env + property: SCROLL_BRIDGE_HISTORY_DB_DSN + secretKey: SCROLL_BRIDGE_HISTORY_DB_DSN + - remoteRef: + key: scroll/bridge-history-api-env + property: SCROLL_BRIDGE_HISTORY_REDIS_PASSWORD + secretKey: SCROLL_BRIDGE_HISTORY_REDIS_PASSWORD + refreshInterval: 2m + serviceAccount: external-secrets diff --git a/charts/bridge-history-fetcher/README.md b/charts/bridge-history-fetcher/README.md index 543621ff..36ce77ea 100644 --- a/charts/bridge-history-fetcher/README.md +++ b/charts/bridge-history-fetcher/README.md @@ -41,7 +41,7 @@ Kubernetes: `>=1.22.0-0` | global.nameOverride | string | `"bridge-history-fetcher"` | | | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"scrolltech/bridgehistoryapi-fetcher"` | | -| image.tag | string | `"v4.4.14"` | | +| image.tag | string | `"v4.4.57"` | | | initContainers.1-check-postgres-connection.args[0] | string | `"postgresql"` | | | initContainers.1-check-postgres-connection.args[1] | string | `"$(DATABASE_URL)"` | | | initContainers.1-check-postgres-connection.args[2] | string | `"--timeout"` | | diff --git a/charts/bridge-history-fetcher/values.yaml b/charts/bridge-history-fetcher/values.yaml index db5eca85..140a5420 100644 --- a/charts/bridge-history-fetcher/values.yaml +++ b/charts/bridge-history-fetcher/values.yaml @@ -10,7 +10,7 @@ controller: image: repository: scrolltech/bridgehistoryapi-fetcher pullPolicy: Always - tag: v4.4.14 + tag: v4.4.57 command: [ diff --git a/charts/bridge-history-fetcher/values/production.yaml b/charts/bridge-history-fetcher/values/production.yaml index 7d8b88ac..b6142ab0 100644 --- a/charts/bridge-history-fetcher/values/production.yaml +++ b/charts/bridge-history-fetcher/values/production.yaml @@ -1,6 +1,10 @@ global: isStandalone: true +envFrom: + - secretRef: + name: bridge-history-fetcher-secret-env + persistence: # TODO make this consistent with devnet, we should use bridge-history-fetcher-config instead of bridge-history-config bridge-history-fetcher: @@ -20,7 +24,7 @@ initContainers: image: atkrad/wait4x:latest args: - postgresql - - $(DATABASE_URL) + - $(SCROLL_BRIDGE_HISTORY_DB_DSN) - --timeout - "0" envFrom: @@ -51,8 +55,8 @@ externalSecrets: data: - remoteRef: key: scroll/bridge-history-fetcher-secret-env - property: DATABASE_URL - secretKey: DATABASE_URL + property: SCROLL_BRIDGE_HISTORY_DB_DSN + secretKey: SCROLL_BRIDGE_HISTORY_DB_DSN refreshInterval: 2m serviceAccount: external-secrets bridge-history-fetcher-migrate-db: diff --git a/charts/coordinator-api/README.md b/charts/coordinator-api/README.md index f50b5c31..528a6e33 100644 --- a/charts/coordinator-api/README.md +++ b/charts/coordinator-api/README.md @@ -26,7 +26,7 @@ Kubernetes: `>=1.22.0-0` | command[0] | string | `"/bin/sh"` | | | command[1] | string | `"-c"` | | | command[2] | string | `"coordinator_api --config /coordinator/conf/coordinator-config.json --genesis /app/genesis/genesis.json --http --http.addr '0.0.0.0' --http.port ${HTTP_PORT} --metrics --metrics.addr '0.0.0.0' --metrics.port ${METRICS_PORT} --log.debug"` | | -| configMaps.download-params.data."download-params.sh" | string | `"#!/bin/sh\napt update\napt install wget libdigest-sha-perl -y\n\nP_CHECKSUMS=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/setup/sha256sum)\nDOWNLOAD_RESULT=$?\nERROR=$(echo \"$P_CHECKSUMS\" | grep \"Error\")\n\nif [ $DOWNLOAD_RESULT -ne 0 ] || [ \"$ERROR\" != \"\" ]; then\necho \"Failed to download params checksums\"\necho \"$P_CHECKSUMS\"\nexit 1\nfi\n\nR_CHECKSUMS=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/sha256sum)\nDOWNLOAD_RESULT=$?\nERROR=$(echo \"$R_CHECKSUMS\" | grep \"Error\")\n\nif [ $DOWNLOAD_RESULT -ne 0 ] || [ \"$ERROR\" != \"\" ]; then\necho \"Failed to download release checksum\"\necho \"$R_CHECKSUMS\"\nexit 1\nfi\n\nPARAMS20_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params20\" | cut -d \" \" -f 1)\nPARAMS21_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params21\" | cut -d \" \" -f 1)\nPARAMS24_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params24\" | cut -d \" \" -f 1)\nPARAMS25_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params25\" | cut -d \" \" -f 1)\nPARAMS26_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params26\" | cut -d \" \" -f 1)\nCHUNK_VK_SHASUM=$(echo \"$R_CHECKSUMS\" | grep \"chunk_vk.vkey\" | cut -d \" \" -f 1)\nBATCH_VK_SHASUM=$(echo \"$R_CHECKSUMS\" | grep \"agg_vk.vkey\" | cut -d \" \" -f 1)\nVRFR_SHASUM=$(echo \"$R_CHECKSUMS\" | grep \"evm_verifier.bin\" | cut -d \" \" -f 1)\nCFG2_SHASUM=$(echo \"$R_CHECKSUMS\" | grep \"layer2.config\" | cut -d \" \" -f 1)\nCFG4_SHASUM=$(echo \"$R_CHECKSUMS\" | grep \"layer4.config\" | cut -d \" \" -f 1)\n\ncheck_shasum () {\nSHASUM=$(shasum -a 256 $1 | cut -d \" \" -f 1)\nif [ \"$SHASUM\" != \"$2\" ]; then\necho \"Shasum mismatch: expected=$2, actual=$SHASUM\"\n return 1;\n else\n return 0;\n fi\n}\n# check existing file checksums\nif [ -f /data/params/params20 ]; then\nif ! check_shasum \"/data/params/params20\" \"$PARAMS20_SHASUM\"; then\necho \"Removing incorrect file /data/params/params20\\n\"\nrm /data/params/params20\nfi\nfi\n\nif [ -f /data/params/params21 ]; then\nif ! check_shasum \"/data/params/params21\" \"$PARAMS21_SHASUM\"; then\necho \"Removing incorrect file /data/params/params21\\n\"\nrm /data/params/params21\nfi\nfi\n\nif [ -f /data/params/params24 ]; then\nif ! check_shasum \"/data/params/params24\" \"$PARAMS24_SHASUM\"; then\necho \"Removing incorrect file /data/params/params24\\n\"\nrm /data/params/params24\nfi\nfi\n\nif [ -f /data/params/params25 ]; then\nif ! check_shasum \"/data/params/params25\" \"$PARAMS25_SHASUM\"; then\necho \"Removing incorrect file /data/params/params25\\n\"\nrm /data/params/params25\nfi\nfi\n\nif [ -f /data/params/params26 ]; then\nif ! check_shasum \"/data/params/params26\" \"$PARAMS26_SHASUM\"; then\necho \"Removing incorrect file /data/params/params26\\n\"\nrm /data/params/params26\nfi\nfi\n\nif [ -f /data/assets/chunk_vk.vkey ]; then\nif ! check_shasum \"/data/assets/chunk_vk.vkey\" \"$CHUNK_VK_SHASUM\"; then\necho \"Removing incorrect file /data/assets/chunk_vk.vkey\\n\"\nrm /data/assets/chunk_vk.vkey\nfi\nfi\n\nif [ -f /data/assets/agg_vk.vkey ]; then\nif ! check_shasum \"/data/assets/agg_vk.vkey\" \"$BATCH_VK_SHASUM\"; then\necho \"Removing incorrect file /data/assets/agg_vk.vkey\\n\"\nrm /data/assets/agg_vk.vkey\nfi\nfi\n\nif [ -f /data/assets/evm_verifier.bin ]; then\nif ! check_shasum \"/data/assets/evm_verifier.bin\" \"$VRFR_SHASUM\"; then\necho \"Removing incorrect file /data/assets/evm_verifier.bin\\n\"\nrm /data/assets/evm_verifier.bin\nfi\nfi\n\nif [ -f /data/assets/layer2.config ]; then\nif ! check_shasum \"/data/assets/layer2.config\" \"$CFG2_SHASUM\"; then\necho \"Removing incorrect file /data/assets/layer2.config\\n\"\nrm /data/assets/layer2.config\nfi\nfi\n\nif [ -f /data/assets/layer4.config ]; then\nif ! check_shasum \"/data/assets/layer4.config\" \"$CFG4_SHASUM\"; then\necho \"Removing incorrect file /data/assets/layer4.config\\n\"\nrm /data/assets/layer4.config\nfi\nfi\n\n\n# download missing files\n\nif [ ! -f /data/params/params20 ]; then\nmkdir -p /data/params\necho \"Downloading /data/params/params20...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params20 -O /data/params/params20\necho \"Download completed\\n\"\nif ! check_shasum \"/data/params/params20\" \"$PARAMS20_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/params/params21 ]; then\nmkdir -p /data/params\necho \"Downloading /data/params/params21...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params21 -O /data/params/params21\necho \"Download completed\\n\"\nif ! check_shasum \"/data/params/params21\" \"$PARAMS21_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/params/params24 ]; then\nmkdir -p /data/params\necho \"Downloading /data/params/params24...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params24 -O /data/params/params24\necho \"Download completed\\n\"\nif ! check_shasum \"/data/params/params24\" \"$PARAMS24_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/params/params25 ]; then\nmkdir -p /data/params\necho \"Downloading /data/params/params25...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params25 -O /data/params/params25\necho \"Download completed\\n\"\nif ! check_shasum \"/data/params/params25\" \"$PARAMS25_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/params/params26 ]; then\nmkdir -p /data/params\necho \"Downloading /data/params/params26...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params26 -O /data/params/params26\necho \"Download completed\\n\"\nif ! check_shasum \"/data/params/params26\" \"$PARAMS26_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/assets/chunk_vk.vkey ]; then\nmkdir -p /data/assets\necho \"Downloading /data/assets/chunk_vk.vkey...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/chunk_vk.vkey -O /data/assets/chunk_vk.vkey\necho \"Download completed\\n\"\nif ! check_shasum \"/data/assets/chunk_vk.vkey\" \"$CHUNK_VK_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/assets/agg_vk.vkey ]; then\nmkdir -p /data/assets\necho \"Downloading /data/assets/agg_vk.vkey...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/agg_vk.vkey -O /data/assets/agg_vk.vkey\necho \"Download completed\\n\"\nif ! check_shasum \"/data/assets/agg_vk.vkey\" \"$BATCH_VK_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/assets/evm_verifier.bin ]; then\nmkdir -p /data/assets\necho \"Downloading /data/assets/evm_verifier.bin...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/evm_verifier.bin -O /data/assets/evm_verifier.bin\necho \"Download completed\\n\"\nif ! check_shasum \"/data/assets/evm_verifier.bin\" \"$VRFR_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/assets/layer2.config ]; then\nmkdir -p /data/assets\necho \"Downloading /data/assets/layer2.config...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/layer2.config -O /data/assets/layer2.config\necho \"Download completed\\n\"\nif ! check_shasum \"/data/assets/layer2.config\" \"$CFG2_SHASUM\"; then exit 1; fi\nfi\n\nif [ ! -f /data/assets/layer4.config ]; then\nmkdir -p /data/assets\necho \"Downloading /data/assets/layer4.config...\"\nwget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/layer4.config -O /data/assets/layer4.config\necho \"Download completed\\n\"\nif ! check_shasum \"/data/assets/layer4.config\" \"$CFG4_SHASUM\"; then exit 1; fi\nfi\n\nls -l /data/assets\n"` | | +| configMaps.download-params.data."download-params.sh" | string | `"#!/bin/sh\nset -ex\napt update\napt install wget libdigest-sha-perl -y\n\nRELEASE_VERSION_HI=v0.12.0\nRELEASE_VERSION_LO=v0.11.4\n\ncase $CHAIN_ID in\n\"5343532222\") # staging network\n echo \"staging network not supported\"\n exit 1\n ;;\n\"534353\") # alpha network\n echo \"alpha network not supported\"\n exit 1\n ;;\nesac\n\nP_CHECKSUMS=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/setup/sha256sum)\n# DOWNLOAD_RESULT=$?\n# ERROR=$(echo \"$P_CHECKSUMS\" | grep \"Error\")\n\n# if [ $DOWNLOAD_RESULT -ne 0 ] || [ \"$ERROR\" != \"\" ]; then\n# echo \"Failed to download params checksums\"\n# echo \"$P_CHECKSUMS\"\n# exit 1\n# fi\n\nR_CHECKSUMS_HI=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/sha256sum)\n# DOWNLOAD_RESULT=$?\n# ERROR=$(echo \"$R_CHECKSUMS_HI\" | grep \"Error\")\n# if [ $DOWNLOAD_RESULT -ne 0 ] || [ \"$ERROR\" != \"\" ]; then\n# echo \"Failed to download release checksum for $RELEASE_VERSION_HI\"\n# echo \"$R_CHECKSUMS_HI\"\n# exit 1\n# fi\n\nR_CHECKSUMS_LO=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/sha256sum)\n# DOWNLOAD_RESULT=$?\n# ERROR=$(echo \"$R_CHECKSUMS_LO\" | grep \"Error\")\n# if [ $DOWNLOAD_RESULT -ne 0 ] || [ \"$ERROR\" != \"\" ]; then\n# echo \"Failed to download release checksum for $RELEASE_VERSION_LO\"\n# echo \"$R_CHECKSUMS_LO\"\n# exit 1\n# fi\n\nPARAMS20_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params20\" | cut -d \" \" -f 1)\nPARAMS21_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params21\" | cut -d \" \" -f 1)\nPARAMS24_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params24\" | cut -d \" \" -f 1)\nPARAMS25_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params25\" | cut -d \" \" -f 1)\nPARAMS26_SHASUM=$(echo \"$P_CHECKSUMS\" | grep \"params26\" | cut -d \" \" -f 1)\n\n# assets_high\nVK_CHUNK_SHASUM_HI=$(echo \"$R_CHECKSUMS_HI\" | grep \"vk_chunk.vkey\" | cut -d \" \" -f 1)\nVK_BATCH_SHASUM_HI=$(echo \"$R_CHECKSUMS_HI\" | grep \"vk_batch.vkey\" | cut -d \" \" -f 1)\nVK_BUNDLE_SHASUM_HI=$(echo \"$R_CHECKSUMS_HI\" | grep \"vk_bundle.vkey\" | cut -d \" \" -f 1)\nVRFR_SHASUM_HI=$(echo \"$R_CHECKSUMS_HI\" | grep \"evm_verifier.bin\" | cut -d \" \" -f 1)\nCFG2_SHASUM_HI=$(echo \"$R_CHECKSUMS_HI\" | grep \"layer2.config\" | cut -d \" \" -f 1)\nCFG4_SHASUM_HI=$(echo \"$R_CHECKSUMS_HI\" | grep \"layer4.config\" | cut -d \" \" -f 1)\n\n# assets_low\nVK_CHUNK_SHASUM_LO=$(echo \"$R_CHECKSUMS_LO\" | grep \"chunk_vk.vkey\" | cut -d \" \" -f 1)\nVK_BATCH_SHASUM_LO=$(echo \"$R_CHECKSUMS_LO\" | grep \"agg_vk.vkey\" | cut -d \" \" -f 1)\nVRFR_SHASUM_LO=$(echo \"$R_CHECKSUMS_LO\" | grep \"evm_verifier.bin\" | cut -d \" \" -f 1)\nCFG2_SHASUM_LO=$(echo \"$R_CHECKSUMS_LO\" | grep \"layer2.config\" | cut -d \" \" -f 1)\nCFG4_SHASUM_LO=$(echo \"$R_CHECKSUMS_LO\" | grep \"layer4.config\" | cut -d \" \" -f 1)\n\ncheck_file() {\n file=$1\n url=$2\n shasum=$3\n if [ -f $file ]; then\n SHASUM=$(shasum -a 256 $file | cut -d \" \" -f 1)\n if [ \"$SHASUM\" != \"$shasum\" ]; then\n echo \"Shasum mismatch: expected=$shasum, actual=$SHASUM, Removing incorrect file $file\"\n rm $file\n download_file $file $url $shasum\n else\n echo \"Shasum matched, no need to download\"\n fi\n else\n download_file $file $url $shasum\n fi\n}\n\n# download files\ndownload_file() {\n file=$1\n url=$2\n shasum=$3\n if [ ! -f $file ]; then\n mkdir -p $(dirname $file)\n echo \"Downloading $file...\"\n wget --progress=dot:giga $url -O $file\n echo \"Download completed $file\"\n if [ $(shasum -a 256 $file | cut -d \" \" -f 1) != $shasum ];then exit 1;fi\n fi\n}\n\n\nmain(){\n case $1 in\n \"params\")\n # download params\n # check_file \"/verifier/params/params20\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params20\" \"$PARAMS20_SHASUM\"\n # check_file \"/verifier/params/params21\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params21\" \"$PARAMS21_SHASUM\"\n # check_file \"/verifier/params/params24\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params24\" \"$PARAMS24_SHASUM\"\n # check_file \"/verifier/params/params25\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params25\" \"$PARAMS25_SHASUM\"\n check_file \"/verifier/params/params26\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params26\" \"$PARAMS26_SHASUM\"\n ;;\n \"assets\")\n check_file \"/verifier/params/params20\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params20\" \"$PARAMS20_SHASUM\"\n check_file \"/verifier/params/params21\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params21\" \"$PARAMS21_SHASUM\"\n check_file \"/verifier/params/params24\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params24\" \"$PARAMS24_SHASUM\"\n check_file \"/verifier/params/params25\" \"https://circuit-release.s3.us-west-2.amazonaws.com/setup/params25\" \"$PARAMS25_SHASUM\"\n\n # download assets_hi v0.12.0\n check_file \"/verifier/assets/hi/vk_chunk.vkey\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/vk_chunk.vkey\" \"$VK_CHUNK_SHASUM_HI\"\n check_file \"/verifier/assets/hi/vk_batch.vkey\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/vk_batch.vkey\" \"$VK_BATCH_SHASUM_HI\"\n check_file \"/verifier/assets/hi/vk_bundle.vkey\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/vk_bundle.vkey\" \"$VK_BUNDLE_SHASUM_HI\"\n check_file \"/verifier/assets/hi/evm_verifier.bin\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/evm_verifier.bin\" \"$VRFR_SHASUM_HI\"\n check_file \"/verifier/assets/hi/layer2.config\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/layer2.config\" \"$CFG2_SHASUM_HI\"\n check_file \"/verifier/assets/hi/layer4.config\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/layer4.config\" \"$CFG4_SHASUM_HI\"\n # download assets_low v0.11.4\n check_file \"/verifier/assets/lo/chunk_vk.vkey\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/chunk_vk.vkey\" \"$VK_CHUNK_SHASUM_LO\"\n check_file \"/verifier/assets/lo/agg_vk.vkey\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/agg_vk.vkey\" \"$VK_BATCH_SHASUM_LO\"\n check_file \"/verifier/assets/lo/evm_verifier.bin\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/evm_verifier.bin\" \"$VRFR_SHASUM_LO\"\n check_file \"/verifier/assets/lo/layer2.config\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/layer2.config\" \"$CFG2_SHASUM_LO\"\n check_file \"/verifier/assets/lo/layer4.config\" \"https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/layer4.config\" \"$CFG4_SHASUM_LO\"\n ;;\n *)\n echo \"only suppoerts params or assets\"\n exit 1\n ;;\n esac\n}\n\nmain $1\n\nls -l /verifier/assets/li\nls -l /verifier/assets/ho\nls -l /verifier/params/\n"` | | | configMaps.download-params.enabled | bool | `true` | | | controller.replicas | int | `1` | | | controller.strategy | string | `"RollingUpdate"` | | @@ -47,7 +47,7 @@ Kubernetes: `>=1.22.0-0` | global.nameOverride | string | `"coordinator-api"` | | | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"scrolltech/coordinator-api"` | | -| image.tag | string | `"v4.4.26-devnet"` | | +| image.tag | string | `"v4.4.46"` | | | ingress.main.annotations | object | `{}` | | | ingress.main.enabled | bool | `true` | | | ingress.main.hosts[0].host | string | `"coordinator-api.scrollsdk"` | | @@ -56,17 +56,28 @@ Kubernetes: `>=1.22.0-0` | ingress.main.ingressClassName | string | `"nginx"` | | | ingress.main.labels | object | `{}` | | | ingress.main.primary | bool | `true` | | +| initContainers.assets-download.command[0] | string | `"sh"` | | +| initContainers.assets-download.command[1] | string | `"-c"` | | +| initContainers.assets-download.command[2] | string | `"/download-params.sh assets"` | | +| initContainers.assets-download.image | string | `"ubuntu"` | | +| initContainers.assets-download.resources.limits.cpu | string | `"2"` | | +| initContainers.assets-download.resources.limits.memory | string | `"8Gi"` | | +| initContainers.assets-download.resources.requests.cpu | string | `"1"` | | +| initContainers.assets-download.resources.requests.memory | string | `"2Gi"` | | +| initContainers.assets-download.volumeMounts[0].mountPath | string | `"/verifier"` | | +| initContainers.assets-download.volumeMounts[0].name | string | `"verifier"` | | +| initContainers.assets-download.volumeMounts[1].mountPath | string | `"/download-params.sh"` | | +| initContainers.assets-download.volumeMounts[1].name | string | `"download-params"` | | +| initContainers.assets-download.volumeMounts[1].subPath | string | `"download-params.sh"` | | | initContainers.parameter-download.command[0] | string | `"sh"` | | | initContainers.parameter-download.command[1] | string | `"-c"` | | -| initContainers.parameter-download.command[2] | string | `"/download-params.sh "` | | -| initContainers.parameter-download.env[0].name | string | `"RELEASE_VERSION"` | | -| initContainers.parameter-download.env[0].value | string | `"v0.11.4"` | | +| initContainers.parameter-download.command[2] | string | `"/download-params.sh params"` | | | initContainers.parameter-download.image | string | `"ubuntu"` | | | initContainers.parameter-download.resources.limits.cpu | string | `"2"` | | -| initContainers.parameter-download.resources.limits.memory | string | `"4Gi"` | | +| initContainers.parameter-download.resources.limits.memory | string | `"8Gi"` | | | initContainers.parameter-download.resources.requests.cpu | string | `"1"` | | | initContainers.parameter-download.resources.requests.memory | string | `"2Gi"` | | -| initContainers.parameter-download.volumeMounts[0].mountPath | string | `"/data"` | | +| initContainers.parameter-download.volumeMounts[0].mountPath | string | `"/verifier"` | | | initContainers.parameter-download.volumeMounts[0].name | string | `"verifier"` | | | initContainers.parameter-download.volumeMounts[1].mountPath | string | `"/download-params.sh"` | | | initContainers.parameter-download.volumeMounts[1].name | string | `"download-params"` | | diff --git a/charts/coordinator-api/values.yaml b/charts/coordinator-api/values.yaml index f0fcb103..3e6341b1 100644 --- a/charts/coordinator-api/values.yaml +++ b/charts/coordinator-api/values.yaml @@ -11,7 +11,7 @@ global: image: repository: scrolltech/coordinator-api pullPolicy: Always - tag: v4.4.26-devnet + tag: v4.4.46 env: - name: HTTP_PORT @@ -98,13 +98,10 @@ probes: initContainers: parameter-download: image: ubuntu - command: ["sh", "-c", "/download-params.sh "] - env: - - name: RELEASE_VERSION - value: "v0.11.4" + command: ["sh", "-c", "/download-params.sh params"] volumeMounts: - name: verifier - mountPath: /data + mountPath: /verifier - name: download-params mountPath: /download-params.sh subPath: download-params.sh @@ -113,7 +110,23 @@ initContainers: memory: "2Gi" cpu: "1" limits: - memory: "4Gi" + memory: "8Gi" + cpu: "2" + assets-download: + image: ubuntu + command: ["sh", "-c", "/download-params.sh assets"] + volumeMounts: + - name: verifier + mountPath: /verifier + - name: download-params + mountPath: /download-params.sh + subPath: download-params.sh + resources: + requests: + memory: "2Gi" + cpu: "1" + limits: + memory: "8Gi" cpu: "2" configMaps: @@ -122,204 +135,148 @@ configMaps: data: download-params.sh: | #!/bin/sh + set -ex apt update apt install wget libdigest-sha-perl -y - P_CHECKSUMS=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/setup/sha256sum) - DOWNLOAD_RESULT=$? - ERROR=$(echo "$P_CHECKSUMS" | grep "Error") - - if [ $DOWNLOAD_RESULT -ne 0 ] || [ "$ERROR" != "" ]; then - echo "Failed to download params checksums" - echo "$P_CHECKSUMS" - exit 1 - fi + RELEASE_VERSION_HI=v0.12.0 + RELEASE_VERSION_LO=v0.11.4 - R_CHECKSUMS=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/sha256sum) - DOWNLOAD_RESULT=$? - ERROR=$(echo "$R_CHECKSUMS" | grep "Error") + case $CHAIN_ID in + "5343532222") # staging network + echo "staging network not supported" + exit 1 + ;; + "534353") # alpha network + echo "alpha network not supported" + exit 1 + ;; + esac - if [ $DOWNLOAD_RESULT -ne 0 ] || [ "$ERROR" != "" ]; then - echo "Failed to download release checksum" - echo "$R_CHECKSUMS" - exit 1 - fi + P_CHECKSUMS=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/setup/sha256sum) + # DOWNLOAD_RESULT=$? + # ERROR=$(echo "$P_CHECKSUMS" | grep "Error") + + # if [ $DOWNLOAD_RESULT -ne 0 ] || [ "$ERROR" != "" ]; then + # echo "Failed to download params checksums" + # echo "$P_CHECKSUMS" + # exit 1 + # fi + + R_CHECKSUMS_HI=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/sha256sum) + # DOWNLOAD_RESULT=$? + # ERROR=$(echo "$R_CHECKSUMS_HI" | grep "Error") + # if [ $DOWNLOAD_RESULT -ne 0 ] || [ "$ERROR" != "" ]; then + # echo "Failed to download release checksum for $RELEASE_VERSION_HI" + # echo "$R_CHECKSUMS_HI" + # exit 1 + # fi + + R_CHECKSUMS_LO=$(wget -O- https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/sha256sum) + # DOWNLOAD_RESULT=$? + # ERROR=$(echo "$R_CHECKSUMS_LO" | grep "Error") + # if [ $DOWNLOAD_RESULT -ne 0 ] || [ "$ERROR" != "" ]; then + # echo "Failed to download release checksum for $RELEASE_VERSION_LO" + # echo "$R_CHECKSUMS_LO" + # exit 1 + # fi PARAMS20_SHASUM=$(echo "$P_CHECKSUMS" | grep "params20" | cut -d " " -f 1) PARAMS21_SHASUM=$(echo "$P_CHECKSUMS" | grep "params21" | cut -d " " -f 1) PARAMS24_SHASUM=$(echo "$P_CHECKSUMS" | grep "params24" | cut -d " " -f 1) PARAMS25_SHASUM=$(echo "$P_CHECKSUMS" | grep "params25" | cut -d " " -f 1) PARAMS26_SHASUM=$(echo "$P_CHECKSUMS" | grep "params26" | cut -d " " -f 1) - CHUNK_VK_SHASUM=$(echo "$R_CHECKSUMS" | grep "chunk_vk.vkey" | cut -d " " -f 1) - BATCH_VK_SHASUM=$(echo "$R_CHECKSUMS" | grep "agg_vk.vkey" | cut -d " " -f 1) - VRFR_SHASUM=$(echo "$R_CHECKSUMS" | grep "evm_verifier.bin" | cut -d " " -f 1) - CFG2_SHASUM=$(echo "$R_CHECKSUMS" | grep "layer2.config" | cut -d " " -f 1) - CFG4_SHASUM=$(echo "$R_CHECKSUMS" | grep "layer4.config" | cut -d " " -f 1) - check_shasum () { - SHASUM=$(shasum -a 256 $1 | cut -d " " -f 1) - if [ "$SHASUM" != "$2" ]; then - echo "Shasum mismatch: expected=$2, actual=$SHASUM" - return 1; + # assets_high + VK_CHUNK_SHASUM_HI=$(echo "$R_CHECKSUMS_HI" | grep "vk_chunk.vkey" | cut -d " " -f 1) + VK_BATCH_SHASUM_HI=$(echo "$R_CHECKSUMS_HI" | grep "vk_batch.vkey" | cut -d " " -f 1) + VK_BUNDLE_SHASUM_HI=$(echo "$R_CHECKSUMS_HI" | grep "vk_bundle.vkey" | cut -d " " -f 1) + VRFR_SHASUM_HI=$(echo "$R_CHECKSUMS_HI" | grep "evm_verifier.bin" | cut -d " " -f 1) + CFG2_SHASUM_HI=$(echo "$R_CHECKSUMS_HI" | grep "layer2.config" | cut -d " " -f 1) + CFG4_SHASUM_HI=$(echo "$R_CHECKSUMS_HI" | grep "layer4.config" | cut -d " " -f 1) + + # assets_low + VK_CHUNK_SHASUM_LO=$(echo "$R_CHECKSUMS_LO" | grep "chunk_vk.vkey" | cut -d " " -f 1) + VK_BATCH_SHASUM_LO=$(echo "$R_CHECKSUMS_LO" | grep "agg_vk.vkey" | cut -d " " -f 1) + VRFR_SHASUM_LO=$(echo "$R_CHECKSUMS_LO" | grep "evm_verifier.bin" | cut -d " " -f 1) + CFG2_SHASUM_LO=$(echo "$R_CHECKSUMS_LO" | grep "layer2.config" | cut -d " " -f 1) + CFG4_SHASUM_LO=$(echo "$R_CHECKSUMS_LO" | grep "layer4.config" | cut -d " " -f 1) + + check_file() { + file=$1 + url=$2 + shasum=$3 + if [ -f $file ]; then + SHASUM=$(shasum -a 256 $file | cut -d " " -f 1) + if [ "$SHASUM" != "$shasum" ]; then + echo "Shasum mismatch: expected=$shasum, actual=$SHASUM, Removing incorrect file $file" + rm $file + download_file $file $url $shasum + else + echo "Shasum matched, no need to download" + fi else - return 0; + download_file $file $url $shasum fi } - # check existing file checksums - if [ -f /data/params/params20 ]; then - if ! check_shasum "/data/params/params20" "$PARAMS20_SHASUM"; then - echo "Removing incorrect file /data/params/params20\n" - rm /data/params/params20 - fi - fi - - if [ -f /data/params/params21 ]; then - if ! check_shasum "/data/params/params21" "$PARAMS21_SHASUM"; then - echo "Removing incorrect file /data/params/params21\n" - rm /data/params/params21 - fi - fi - - if [ -f /data/params/params24 ]; then - if ! check_shasum "/data/params/params24" "$PARAMS24_SHASUM"; then - echo "Removing incorrect file /data/params/params24\n" - rm /data/params/params24 - fi - fi - - if [ -f /data/params/params25 ]; then - if ! check_shasum "/data/params/params25" "$PARAMS25_SHASUM"; then - echo "Removing incorrect file /data/params/params25\n" - rm /data/params/params25 - fi - fi - if [ -f /data/params/params26 ]; then - if ! check_shasum "/data/params/params26" "$PARAMS26_SHASUM"; then - echo "Removing incorrect file /data/params/params26\n" - rm /data/params/params26 - fi - fi - - if [ -f /data/assets/chunk_vk.vkey ]; then - if ! check_shasum "/data/assets/chunk_vk.vkey" "$CHUNK_VK_SHASUM"; then - echo "Removing incorrect file /data/assets/chunk_vk.vkey\n" - rm /data/assets/chunk_vk.vkey - fi - fi - - if [ -f /data/assets/agg_vk.vkey ]; then - if ! check_shasum "/data/assets/agg_vk.vkey" "$BATCH_VK_SHASUM"; then - echo "Removing incorrect file /data/assets/agg_vk.vkey\n" - rm /data/assets/agg_vk.vkey - fi - fi - - if [ -f /data/assets/evm_verifier.bin ]; then - if ! check_shasum "/data/assets/evm_verifier.bin" "$VRFR_SHASUM"; then - echo "Removing incorrect file /data/assets/evm_verifier.bin\n" - rm /data/assets/evm_verifier.bin - fi - fi - - if [ -f /data/assets/layer2.config ]; then - if ! check_shasum "/data/assets/layer2.config" "$CFG2_SHASUM"; then - echo "Removing incorrect file /data/assets/layer2.config\n" - rm /data/assets/layer2.config - fi - fi - - if [ -f /data/assets/layer4.config ]; then - if ! check_shasum "/data/assets/layer4.config" "$CFG4_SHASUM"; then - echo "Removing incorrect file /data/assets/layer4.config\n" - rm /data/assets/layer4.config - fi - fi - - - # download missing files - - if [ ! -f /data/params/params20 ]; then - mkdir -p /data/params - echo "Downloading /data/params/params20..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params20 -O /data/params/params20 - echo "Download completed\n" - if ! check_shasum "/data/params/params20" "$PARAMS20_SHASUM"; then exit 1; fi - fi - - if [ ! -f /data/params/params21 ]; then - mkdir -p /data/params - echo "Downloading /data/params/params21..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params21 -O /data/params/params21 - echo "Download completed\n" - if ! check_shasum "/data/params/params21" "$PARAMS21_SHASUM"; then exit 1; fi - fi - - if [ ! -f /data/params/params24 ]; then - mkdir -p /data/params - echo "Downloading /data/params/params24..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params24 -O /data/params/params24 - echo "Download completed\n" - if ! check_shasum "/data/params/params24" "$PARAMS24_SHASUM"; then exit 1; fi - fi - - if [ ! -f /data/params/params25 ]; then - mkdir -p /data/params - echo "Downloading /data/params/params25..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params25 -O /data/params/params25 - echo "Download completed\n" - if ! check_shasum "/data/params/params25" "$PARAMS25_SHASUM"; then exit 1; fi - fi - - if [ ! -f /data/params/params26 ]; then - mkdir -p /data/params - echo "Downloading /data/params/params26..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/setup/params26 -O /data/params/params26 - echo "Download completed\n" - if ! check_shasum "/data/params/params26" "$PARAMS26_SHASUM"; then exit 1; fi - fi - - if [ ! -f /data/assets/chunk_vk.vkey ]; then - mkdir -p /data/assets - echo "Downloading /data/assets/chunk_vk.vkey..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/chunk_vk.vkey -O /data/assets/chunk_vk.vkey - echo "Download completed\n" - if ! check_shasum "/data/assets/chunk_vk.vkey" "$CHUNK_VK_SHASUM"; then exit 1; fi - fi - - if [ ! -f /data/assets/agg_vk.vkey ]; then - mkdir -p /data/assets - echo "Downloading /data/assets/agg_vk.vkey..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/agg_vk.vkey -O /data/assets/agg_vk.vkey - echo "Download completed\n" - if ! check_shasum "/data/assets/agg_vk.vkey" "$BATCH_VK_SHASUM"; then exit 1; fi - fi + # download files + download_file() { + file=$1 + url=$2 + shasum=$3 + if [ ! -f $file ]; then + mkdir -p $(dirname $file) + echo "Downloading $file..." + wget --progress=dot:giga $url -O $file + echo "Download completed $file" + if [ $(shasum -a 256 $file | cut -d " " -f 1) != $shasum ];then exit 1;fi + fi + } - if [ ! -f /data/assets/evm_verifier.bin ]; then - mkdir -p /data/assets - echo "Downloading /data/assets/evm_verifier.bin..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/evm_verifier.bin -O /data/assets/evm_verifier.bin - echo "Download completed\n" - if ! check_shasum "/data/assets/evm_verifier.bin" "$VRFR_SHASUM"; then exit 1; fi - fi - if [ ! -f /data/assets/layer2.config ]; then - mkdir -p /data/assets - echo "Downloading /data/assets/layer2.config..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/layer2.config -O /data/assets/layer2.config - echo "Download completed\n" - if ! check_shasum "/data/assets/layer2.config" "$CFG2_SHASUM"; then exit 1; fi - fi + main(){ + case $1 in + "params") + # download params + # check_file "/verifier/params/params20" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params20" "$PARAMS20_SHASUM" + # check_file "/verifier/params/params21" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params21" "$PARAMS21_SHASUM" + # check_file "/verifier/params/params24" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params24" "$PARAMS24_SHASUM" + # check_file "/verifier/params/params25" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params25" "$PARAMS25_SHASUM" + check_file "/verifier/params/params26" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params26" "$PARAMS26_SHASUM" + ;; + "assets") + check_file "/verifier/params/params20" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params20" "$PARAMS20_SHASUM" + check_file "/verifier/params/params21" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params21" "$PARAMS21_SHASUM" + check_file "/verifier/params/params24" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params24" "$PARAMS24_SHASUM" + check_file "/verifier/params/params25" "https://circuit-release.s3.us-west-2.amazonaws.com/setup/params25" "$PARAMS25_SHASUM" + + # download assets_hi v0.12.0 + check_file "/verifier/assets/hi/vk_chunk.vkey" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/vk_chunk.vkey" "$VK_CHUNK_SHASUM_HI" + check_file "/verifier/assets/hi/vk_batch.vkey" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/vk_batch.vkey" "$VK_BATCH_SHASUM_HI" + check_file "/verifier/assets/hi/vk_bundle.vkey" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/vk_bundle.vkey" "$VK_BUNDLE_SHASUM_HI" + check_file "/verifier/assets/hi/evm_verifier.bin" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/evm_verifier.bin" "$VRFR_SHASUM_HI" + check_file "/verifier/assets/hi/layer2.config" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/layer2.config" "$CFG2_SHASUM_HI" + check_file "/verifier/assets/hi/layer4.config" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_HI/layer4.config" "$CFG4_SHASUM_HI" + # download assets_low v0.11.4 + check_file "/verifier/assets/lo/chunk_vk.vkey" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/chunk_vk.vkey" "$VK_CHUNK_SHASUM_LO" + check_file "/verifier/assets/lo/agg_vk.vkey" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/agg_vk.vkey" "$VK_BATCH_SHASUM_LO" + check_file "/verifier/assets/lo/evm_verifier.bin" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/evm_verifier.bin" "$VRFR_SHASUM_LO" + check_file "/verifier/assets/lo/layer2.config" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/layer2.config" "$CFG2_SHASUM_LO" + check_file "/verifier/assets/lo/layer4.config" "https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION_LO/layer4.config" "$CFG4_SHASUM_LO" + ;; + *) + echo "only suppoerts params or assets" + exit 1 + ;; + esac + } - if [ ! -f /data/assets/layer4.config ]; then - mkdir -p /data/assets - echo "Downloading /data/assets/layer4.config..." - wget https://circuit-release.s3.us-west-2.amazonaws.com/release-$RELEASE_VERSION/layer4.config -O /data/assets/layer4.config - echo "Download completed\n" - if ! check_shasum "/data/assets/layer4.config" "$CFG4_SHASUM"; then exit 1; fi - fi + main $1 - ls -l /data/assets + ls -l /verifier/assets/li + ls -l /verifier/assets/ho + ls -l /verifier/params/ serviceMonitor: main: diff --git a/charts/coordinator-api/values/production.yaml b/charts/coordinator-api/values/production.yaml index 36edb040..91abbea0 100644 --- a/charts/coordinator-api/values/production.yaml +++ b/charts/coordinator-api/values/production.yaml @@ -4,6 +4,10 @@ global: controller: replicas: 2 +envFrom: + - secretRef: + name: coordinator-api-secret-env + ingress: main: ingressClassName: "nginx" @@ -12,3 +16,14 @@ ingress: paths: - path: / pathType: Prefix + +externalSecrets: + coordinator-api-secret-env: + provider: aws + data: + - remoteRef: + key: scroll/coordinator-api-secret-env + property: SCROLL_COORDINATOR_AUTH_SECRET + secretKey: SCROLL_COORDINATOR_AUTH_SECRET + refreshInterval: 2m + serviceAccount: external-secrets diff --git a/charts/coordinator-cron/README.md b/charts/coordinator-cron/README.md index f47e78b8..cf2d5b0b 100644 --- a/charts/coordinator-cron/README.md +++ b/charts/coordinator-cron/README.md @@ -45,18 +45,12 @@ Kubernetes: `>=1.22.0-0` | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"scrolltech/coordinator-cron"` | | | image.tag | string | `"v4.4.26"` | | -| initContainers.1-wait-for-postgres.args[0] | string | `"tcp"` | | -| initContainers.1-wait-for-postgres.args[1] | string | `"$(DATABASE_HOST):$(DATABASE_PORT)"` | | -| initContainers.1-wait-for-postgres.args[2] | string | `"--timeout"` | | -| initContainers.1-wait-for-postgres.args[3] | string | `"0"` | | -| initContainers.1-wait-for-postgres.envFrom[0].configMapRef.name | string | `"coordinator-env"` | | -| initContainers.1-wait-for-postgres.image | string | `"atkrad/wait4x:latest"` | | -| initContainers.2-check-postgres-connection.args[0] | string | `"postgresql"` | | -| initContainers.2-check-postgres-connection.args[1] | string | `"$(DATABASE_URL)"` | | -| initContainers.2-check-postgres-connection.args[2] | string | `"--timeout"` | | -| initContainers.2-check-postgres-connection.args[3] | string | `"0"` | | -| initContainers.2-check-postgres-connection.envFrom[0].configMapRef.name | string | `"coordinator-env"` | | -| initContainers.2-check-postgres-connection.image | string | `"atkrad/wait4x:latest"` | | +| initContainers.1-check-postgres-connection.args[0] | string | `"postgresql"` | | +| initContainers.1-check-postgres-connection.args[1] | string | `"$(DATABASE_URL)"` | | +| initContainers.1-check-postgres-connection.args[2] | string | `"--timeout"` | | +| initContainers.1-check-postgres-connection.args[3] | string | `"0"` | | +| initContainers.1-check-postgres-connection.envFrom[0].configMapRef.name | string | `"coordinator-env"` | | +| initContainers.1-check-postgres-connection.image | string | `"atkrad/wait4x:latest"` | | | persistence.app_name.enabled | bool | `true` | | | persistence.app_name.mountPath | string | `"/app/conf/"` | | | persistence.app_name.name | string | `"coordinator-cron-config"` | | diff --git a/charts/coordinator-cron/values.yaml b/charts/coordinator-cron/values.yaml index 155113d0..d08f768e 100644 --- a/charts/coordinator-cron/values.yaml +++ b/charts/coordinator-cron/values.yaml @@ -29,17 +29,7 @@ command: [ ] initContainers: - 1-wait-for-postgres: - image: atkrad/wait4x:latest - args: - - tcp - - $(DATABASE_HOST):$(DATABASE_PORT) - - --timeout - - "0" - envFrom: - - configMapRef: - name: coordinator-env - 2-check-postgres-connection: + 1-check-postgres-connection: image: atkrad/wait4x:latest args: - postgresql diff --git a/charts/coordinator-cron/values/production.yaml b/charts/coordinator-cron/values/production.yaml index 5872ff04..f8311063 100644 --- a/charts/coordinator-cron/values/production.yaml +++ b/charts/coordinator-cron/values/production.yaml @@ -4,35 +4,22 @@ global: controller: replicas: 2 +envFrom: + - secretRef: + name: coordinator-cron-secret-env + initContainers: - 1-wait-for-postgres: - image: atkrad/wait4x:latest - args: - - tcp - - $(DATABASE_HOST):$(DATABASE_PORT) - - --timeout - - "0" - envFrom: - - configMapRef: - name: coordinator-cron-env - 2-check-postgres-connection: + 1-check-postgres-connection: image: atkrad/wait4x:latest args: - postgresql - - $(DATABASE_URL) + - $(SCROLL_COORDINATOR_DB_DSN) - --timeout - "0" envFrom: - secretRef: name: coordinator-cron-secret-env -configMaps: - env: - enabled: true - data: - DATABASE_HOST: "postgresql" - DATABASE_PORT: "5432" - ingress: main: ingressClassName: "nginx" @@ -44,11 +31,14 @@ ingress: externalSecrets: coordinator-cron-secret-env: - provider: aws data: - remoteRef: - key: scroll/coordinator-secret-env - property: DATABASE_URL - secretKey: DATABASE_URL + key: scroll/coordinator-cron-secret-env + property: SCROLL_COORDINATOR_DB_DSN + secretKey: SCROLL_COORDINATOR_DB_DSN + - remoteRef: + key: scroll/coordinator-api-secret-env + property: SCROLL_COORDINATOR_AUTH_SECRET + secretKey: SCROLL_COORDINATOR_AUTH_SECRET refreshInterval: 2m serviceAccount: external-secrets diff --git a/charts/gas-oracle/README.md b/charts/gas-oracle/README.md index a00afaf2..4ac82d17 100644 --- a/charts/gas-oracle/README.md +++ b/charts/gas-oracle/README.md @@ -38,7 +38,7 @@ Kubernetes: `>=1.22.0-0` | global.nameOverride | string | `"gas-oracle"` | | | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"scrolltech/gas-oracle"` | | -| image.tag | string | `"v4.4.31"` | | +| image.tag | string | `"v4.4.57"` | | | initContainers.1-check-postgres-connection.args[0] | string | `"postgresql"` | | | initContainers.1-check-postgres-connection.args[1] | string | `"$(DATABASE_URL)"` | | | initContainers.1-check-postgres-connection.args[2] | string | `"--timeout"` | | diff --git a/charts/gas-oracle/values.yaml b/charts/gas-oracle/values.yaml index 93c08941..25497943 100644 --- a/charts/gas-oracle/values.yaml +++ b/charts/gas-oracle/values.yaml @@ -6,7 +6,7 @@ global: image: repository: scrolltech/gas-oracle pullPolicy: Always - tag: v4.4.31 + tag: v4.4.57 command: [ diff --git a/charts/gas-oracle/values/production.yaml b/charts/gas-oracle/values/production.yaml index 8aa8283b..ef9a4bfb 100644 --- a/charts/gas-oracle/values/production.yaml +++ b/charts/gas-oracle/values/production.yaml @@ -15,12 +15,16 @@ persistence: name: gas-oracle-migrate-db defaultMode: "0777" +envFrom: + - secretRef: + name: gas-oracle-secret-env + initContainers: 1-check-postgres-connection: image: atkrad/wait4x:latest args: - postgresql - - $(DATABASE_URL) + - $(SCROLL_ROLLUP_DB_CONFIG_DSN) - --timeout - "0" envFrom: @@ -31,12 +35,7 @@ configMaps: env: enabled: true data: - SCROLL_L1_RPC: "https://alien-flashy-arm.ethereum-sepolia.quiknode.pro/2aeb75414e5ee0e930b64c2e7feff59efb537f30" -# POSTGRES_DB: "scroll" -# PG_USER: "postgres" -# PG_HOST: "postgresql-rollup" -# PG_PORT: "5432" -# DB_USER: "gasoracle" + SCROLL_L1_RPC: "" migrate-db: enabled: false @@ -46,8 +45,24 @@ externalSecrets: data: - remoteRef: key: scroll/gas-oracle-secret-env - property: DATABASE_URL - secretKey: DATABASE_URL + property: SCROLL_ROLLUP_DB_CONFIG_DSN + secretKey: SCROLL_ROLLUP_DB_CONFIG_DSN + - remoteRef: + key: scroll/gas-oracle-secret-env + property: SCROLL_ROLLUP_L1_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L1_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + - remoteRef: + key: scroll/gas-oracle-secret-env + property: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + - remoteRef: + key: scroll/gas-oracle-secret-env + property: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_COMMIT_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_COMMIT_SENDER_PRIVATE_KEY + - remoteRef: + key: scroll/gas-oracle-secret-env + property: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_FINALIZE_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_FINALIZE_SENDER_PRIVATE_KEY refreshInterval: 2m serviceAccount: external-secrets gas-oracle-migrate-db: diff --git a/charts/rollup-node/README.md b/charts/rollup-node/README.md index e743f2cc..317adf0a 100644 --- a/charts/rollup-node/README.md +++ b/charts/rollup-node/README.md @@ -37,7 +37,7 @@ Kubernetes: `>=1.22.0-0` | global.nameOverride | string | `"rollup-node"` | | | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"scrolltech/rollup-relayer"` | | -| image.tag | string | `"v4.4.31"` | | +| image.tag | string | `"v4.4.57"` | | | initContainers.1-check-postgres-connection.args[0] | string | `"postgresql"` | | | initContainers.1-check-postgres-connection.args[1] | string | `"$(DATABASE_URL)"` | | | initContainers.1-check-postgres-connection.args[2] | string | `"--timeout"` | | diff --git a/charts/rollup-node/values.yaml b/charts/rollup-node/values.yaml index c543a01a..43183ba1 100644 --- a/charts/rollup-node/values.yaml +++ b/charts/rollup-node/values.yaml @@ -11,7 +11,7 @@ controller: image: repository: scrolltech/rollup-relayer pullPolicy: Always - tag: v4.4.31 + tag: v4.4.57 env: - name: METRICS_PORT diff --git a/charts/rollup-node/values/production.yaml b/charts/rollup-node/values/production.yaml index 58df550e..9df5d181 100644 --- a/charts/rollup-node/values/production.yaml +++ b/charts/rollup-node/values/production.yaml @@ -6,13 +6,17 @@ initContainers: image: atkrad/wait4x:latest args: - postgresql - - $(DATABASE_URL) + - $(SCROLL_ROLLUP_DB_CONFIG_DSN) - --timeout - "0" envFrom: - secretRef: name: rollup-node-secret-env +envFrom: + - secretRef: + name: rollup-node-secret-env + persistence: migrate-db: enabled: true @@ -46,8 +50,24 @@ externalSecrets: data: - remoteRef: key: scroll/rollup-node-secret-env - property: DATABASE_URL - secretKey: DATABASE_URL + property: SCROLL_ROLLUP_DB_CONFIG_DSN + secretKey: SCROLL_ROLLUP_DB_CONFIG_DSN + - remoteRef: + key: scroll/rollup-node-secret-env + property: SCROLL_ROLLUP_L1_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L1_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + - remoteRef: + key: scroll/rollup-node-secret-env + property: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_GAS_ORACLE_SENDER_PRIVATE_KEY + - remoteRef: + key: scroll/rollup-node-secret-env + property: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_COMMIT_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_COMMIT_SENDER_PRIVATE_KEY + - remoteRef: + key: scroll/rollup-node-secret-env + property: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_FINALIZE_SENDER_PRIVATE_KEY + secretKey: SCROLL_ROLLUP_L2_CONFIG_RELAYER_CONFIG_FINALIZE_SENDER_PRIVATE_KEY refreshInterval: 2m serviceAccount: external-secrets rollup-node-migrate-db: