From aa3fdda6e0774126feefcc7c6196d0dd24949db4 Mon Sep 17 00:00:00 2001 From: gonzalezzfelipe Date: Mon, 4 Nov 2024 12:50:24 -0300 Subject: [PATCH] fix: Admin key is now a secret and protocol parameters is added --- .gitignore | 2 +- bootstrap/stage0/cluster.yml | 4 +- bootstrap/stage1/crd.tf | 36 +- bootstrap/stage2/deployment.tf | 5 + bootstrap/stage2/main.tf | 1 + bootstrap/stage2/protocol-parameters.json | 667 ++++++++++++++++++++++ bootstrap/stage2/secret.tf | 10 + src/config.rs | 2 + src/controller.rs | 2 + src/custom_resource.rs | 19 +- 10 files changed, 721 insertions(+), 27 deletions(-) create mode 100644 bootstrap/stage2/protocol-parameters.json create mode 100644 bootstrap/stage2/secret.tf diff --git a/.gitignore b/.gitignore index c96b2ad..78227ef 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,7 @@ result* .envrc .direnv # runtime -protocol-parameters.json +# protocol-parameters.json utxo.json *.vk *.sk diff --git a/bootstrap/stage0/cluster.yml b/bootstrap/stage0/cluster.yml index 960bf5b..f9d5c17 100644 --- a/bootstrap/stage0/cluster.yml +++ b/bootstrap/stage0/cluster.yml @@ -10,7 +10,7 @@ metadata: managedNodeGroups: # Consistent - - name: be-ad-x86-az1 + - name: be-adm-x86-az1 tags: sundae-labs:cost-allocation:Service: hydra-doom labels: @@ -18,7 +18,7 @@ managedNodeGroups: hydra.doom/compute-profile: admin hydra.doom/compute-arch: x86 hydra.doom/availability-zone: az1 - instanceType: t3a.medium + instanceTypes: [ t3a.medium, t3.medium ] minSize: 0 maxSize: 2 desiredCapacity: 1 diff --git a/bootstrap/stage1/crd.tf b/bootstrap/stage1/crd.tf index f0f4816..8ac38d6 100644 --- a/bootstrap/stage1/crd.tf +++ b/bootstrap/stage1/crd.tf @@ -1,7 +1,7 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_doom" { manifest = { "apiVersion" = "apiextensions.k8s.io/v1" - "kind" = "CustomResourceDefinition" + "kind" = "CustomResourceDefinition" "metadata" = { "name" = "hydradoomnodes.hydra.doom" } @@ -11,7 +11,7 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_do "categories" = [ "hydradoom", ] - "kind" = "HydraDoomNode" + "kind" = "HydraDoomNode" "plural" = "hydradoomnodes" "shortNames" = [ "hydradoomnode", @@ -24,23 +24,23 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_do "additionalPrinterColumns" = [ { "jsonPath" = ".status.state" - "name" = "State" - "type" = "string" + "name" = "State" + "type" = "string" }, { "jsonPath" = ".status.transactions" - "name" = "Transactions" - "type" = "string" + "name" = "Transactions" + "type" = "string" }, { "jsonPath" = ".status.localUrl" - "name" = "Local URI" - "type" = "string" + "name" = "Local URI" + "type" = "string" }, { "jsonPath" = ".status.externalUrl" - "name" = "External URI" - "type" = "string" + "name" = "External URI" + "type" = "string" }, ] "name" = "v1alpha1" @@ -52,7 +52,7 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_do "properties" = { "blockfrostKey" = { "nullable" = true - "type" = "string" + "type" = "string" } "commitInputs" = { "items" = { @@ -62,16 +62,16 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_do } "initialUtxoAddress" = { "nullable" = true - "type" = "string" + "type" = "string" } "networkId" = { - "format" = "uint8" + "format" = "uint8" "minimum" = 0 - "type" = "integer" + "type" = "integer" } "offline" = { "nullable" = true - "type" = "boolean" + "type" = "boolean" } "participant" = { "type" = "string" @@ -106,7 +106,7 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_do } "transactions" = { "format" = "int64" - "type" = "integer" + "type" = "integer" } } "required" = [ @@ -122,10 +122,10 @@ resource "kubernetes_manifest" "customresourcedefinition_hydradoomnodes_hydra_do "spec", ] "title" = "HydraDoomNode" - "type" = "object" + "type" = "object" } } - "served" = true + "served" = true "storage" = true "subresources" = { "status" = {} diff --git a/bootstrap/stage2/deployment.tf b/bootstrap/stage2/deployment.tf index 9781536..1c3775b 100644 --- a/bootstrap/stage2/deployment.tf +++ b/bootstrap/stage2/deployment.tf @@ -60,6 +60,11 @@ resource "kubernetes_deployment_v1" "operator" { value = local.configmap } + env { + name = "SECRET" + value = local.secret + } + env { name = "BLOCKFROST_KEY" value = var.blockfrost_key diff --git a/bootstrap/stage2/main.tf b/bootstrap/stage2/main.tf index b35d518..936696f 100644 --- a/bootstrap/stage2/main.tf +++ b/bootstrap/stage2/main.tf @@ -1,6 +1,7 @@ locals { operator_component = "operator" configmap = "hydra-pod-config" + secret = "hydra-pod-admin-key" control_plane_component = "control-plane" } diff --git a/bootstrap/stage2/protocol-parameters.json b/bootstrap/stage2/protocol-parameters.json new file mode 100644 index 0000000..fcbdd8c --- /dev/null +++ b/bootstrap/stage2/protocol-parameters.json @@ -0,0 +1,667 @@ +{ + "txFeeFixed": 0, + "txFeePerByte": 0, + "executionUnitPrices": { + "priceMemory": 0, + "priceSteps": 0 + }, + "collateralPercentage": 150, + "costModels": { + "PlutusV1": [ + 205665, + 812, + 1, + 1, + 1000, + 571, + 0, + 1, + 1000, + 24177, + 4, + 1, + 1000, + 32, + 117366, + 10475, + 4, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 100, + 100, + 23000, + 100, + 19537, + 32, + 175354, + 32, + 46417, + 4, + 221973, + 511, + 0, + 1, + 89141, + 32, + 497525, + 14068, + 4, + 2, + 196500, + 453240, + 220, + 0, + 1, + 1, + 1000, + 28662, + 4, + 2, + 245000, + 216773, + 62, + 1, + 1060367, + 12586, + 1, + 208512, + 421, + 1, + 187000, + 1000, + 52998, + 1, + 80436, + 32, + 43249, + 32, + 1000, + 32, + 80556, + 1, + 57667, + 4, + 1000, + 10, + 197145, + 156, + 1, + 197145, + 156, + 1, + 204924, + 473, + 1, + 208896, + 511, + 1, + 52467, + 32, + 64832, + 32, + 65493, + 32, + 22558, + 32, + 16563, + 32, + 76511, + 32, + 196500, + 453240, + 220, + 0, + 1, + 1, + 69522, + 11687, + 0, + 1, + 60091, + 32, + 196500, + 453240, + 220, + 0, + 1, + 1, + 196500, + 453240, + 220, + 0, + 1, + 1, + 806990, + 30482, + 4, + 1927926, + 82523, + 4, + 265318, + 0, + 4, + 0, + 85931, + 32, + 205665, + 812, + 1, + 1, + 41182, + 32, + 212342, + 32, + 31220, + 32, + 32696, + 32, + 43357, + 32, + 32247, + 32, + 38314, + 32, + 57996947, + 18975, + 10 + ], + "PlutusV2": [ + 205665, + 812, + 1, + 1, + 1000, + 571, + 0, + 1, + 1000, + 24177, + 4, + 1, + 1000, + 32, + 117366, + 10475, + 4, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 23000, + 100, + 100, + 100, + 23000, + 100, + 19537, + 32, + 175354, + 32, + 46417, + 4, + 221973, + 511, + 0, + 1, + 89141, + 32, + 497525, + 14068, + 4, + 2, + 196500, + 453240, + 220, + 0, + 1, + 1, + 1000, + 28662, + 4, + 2, + 245000, + 216773, + 62, + 1, + 1060367, + 12586, + 1, + 208512, + 421, + 1, + 187000, + 1000, + 52998, + 1, + 80436, + 32, + 43249, + 32, + 1000, + 32, + 80556, + 1, + 57667, + 4, + 1000, + 10, + 197145, + 156, + 1, + 197145, + 156, + 1, + 204924, + 473, + 1, + 208896, + 511, + 1, + 52467, + 32, + 64832, + 32, + 65493, + 32, + 22558, + 32, + 16563, + 32, + 76511, + 32, + 196500, + 453240, + 220, + 0, + 1, + 1, + 69522, + 11687, + 0, + 1, + 60091, + 32, + 196500, + 453240, + 220, + 0, + 1, + 1, + 196500, + 453240, + 220, + 0, + 1, + 1, + 1159724, + 392670, + 0, + 2, + 806990, + 30482, + 4, + 1927926, + 82523, + 4, + 265318, + 0, + 4, + 0, + 85931, + 32, + 205665, + 812, + 1, + 1, + 41182, + 32, + 212342, + 32, + 31220, + 32, + 32696, + 32, + 43357, + 32, + 32247, + 32, + 38314, + 32, + 35892428, + 10, + 57996947, + 18975, + 10, + 38887044, + 32947, + 10 + ], + "PlutusV3": [ + 100788, + 420, + 1, + 1, + 1000, + 173, + 0, + 1, + 1000, + 59957, + 4, + 1, + 11183, + 32, + 201305, + 8356, + 4, + 16000, + 100, + 16000, + 100, + 16000, + 100, + 16000, + 100, + 16000, + 100, + 16000, + 100, + 100, + 100, + 16000, + 100, + 94375, + 32, + 132994, + 32, + 61462, + 4, + 72010, + 178, + 0, + 1, + 22151, + 32, + 91189, + 769, + 4, + 2, + 85848, + 123203, + 7305, + -900, + 1716, + 549, + 57, + 85848, + 0, + 1, + 1, + 1000, + 42921, + 4, + 2, + 24548, + 29498, + 38, + 1, + 898148, + 27279, + 1, + 51775, + 558, + 1, + 39184, + 1000, + 60594, + 1, + 141895, + 32, + 83150, + 32, + 15299, + 32, + 76049, + 1, + 13169, + 4, + 22100, + 10, + 28999, + 74, + 1, + 28999, + 74, + 1, + 43285, + 552, + 1, + 44749, + 541, + 1, + 33852, + 32, + 68246, + 32, + 72362, + 32, + 7243, + 32, + 7391, + 32, + 11546, + 32, + 85848, + 123203, + 7305, + -900, + 1716, + 549, + 57, + 85848, + 0, + 1, + 90434, + 519, + 0, + 1, + 74433, + 32, + 85848, + 123203, + 7305, + -900, + 1716, + 549, + 57, + 85848, + 0, + 1, + 1, + 85848, + 123203, + 7305, + -900, + 1716, + 549, + 57, + 85848, + 0, + 1, + 955506, + 213312, + 0, + 2, + 270652, + 22588, + 4, + 1457325, + 64566, + 4, + 20467, + 1, + 4, + 0, + 141992, + 32, + 100788, + 420, + 1, + 1, + 81663, + 32, + 59498, + 32, + 20142, + 32, + 24588, + 32, + 20744, + 32, + 25933, + 32, + 24623, + 32, + 43053543, + 10, + 53384111, + 14333, + 10, + 43574283, + 26308, + 10, + 16000, + 100, + 16000, + 100, + 962335, + 18, + 2780678, + 6, + 442008, + 1, + 52538055, + 3756, + 18, + 267929, + 18, + 76433006, + 8868, + 18, + 52948122, + 18, + 1995836, + 36, + 3227919, + 12, + 901022, + 1, + 166917843, + 4307, + 36, + 284546, + 36, + 158221314, + 26549, + 36, + 74698472, + 36, + 333849714, + 1, + 254006273, + 72, + 2174038, + 72, + 2261318, + 64571, + 4, + 207616, + 8310, + 4, + 1293828, + 28716, + 63, + 0, + 1, + 1006041, + 43623, + 251, + 0, + 1 + ] + }, + "maxBlockBodySize": 90112, + "maxBlockExecutionUnits": { + "memory": 62000000, + "steps": 20000000000 + }, + "maxBlockHeaderSize": 1100, + "maxCollateralInputs": 3, + "maxTxExecutionUnits": { + "memory": 14000000, + "steps": 10000000000 + }, + "maxTxSize": 16384, + "maxValueSize": 5000, + "minPoolCost": 170000000, + "monetaryExpansion": 0.0030, + "poolPledgeInfluence": 0.3, + "poolRetireMaxEpoch": 18, + "protocolVersion": { + "major": 8, + "minor": 0 + }, + "stakeAddressDeposit": 2000000, + "stakePoolDeposit": 500000000, + "stakePoolTargetNum": 500, + "treasuryCut": 0.2, + "utxoCostPerByte": 0, + "poolVotingThresholds": { + "committeeNormal": 0.51, + "committeeNoConfidence": 0.51, + "hardForkInitiation": 0.51, + "motionNoConfidence": 0.51, + "ppSecurityGroup": 0.51 + }, + "dRepVotingThresholds": { + "motionNoConfidence": 0.51, + "committeeNormal": 0.51, + "committeeNoConfidence": 0.51, + "updateToConstitution": 0.51, + "hardForkInitiation": 0.51, + "ppNetworkGroup": 0.51, + "ppEconomicGroup": 0.51, + "ppTechnicalGroup": 0.51, + "ppGovGroup": 0.51, + "treasuryWithdrawal": 0.51 + }, + "committeeMinSize": 0, + "committeeMaxTermLength": 200, + "govActionLifetime": 10, + "govActionDeposit": 1000000000, + "dRepDeposit": 2000000, + "dRepActivity": 20, + "constitution": { + "anchor": { + "url": "", + "dataHash": "0000000000000000000000000000000000000000000000000000000000000000" + } + }, + "minFeeRefScriptCostPerByte": 0 +} diff --git a/bootstrap/stage2/secret.tf b/bootstrap/stage2/secret.tf new file mode 100644 index 0000000..b096fb6 --- /dev/null +++ b/bootstrap/stage2/secret.tf @@ -0,0 +1,10 @@ +resource "kubernetes_secret" "postgres" { + metadata { + name = local.secret + namespace = var.namespace + } + data = { + "admin.sk" = "${file("${path.module}/admin.sk")}" + } + type = "Opaque" +} diff --git a/src/config.rs b/src/config.rs index b28c66f..e566da2 100644 --- a/src/config.rs +++ b/src/config.rs @@ -15,6 +15,7 @@ pub struct Config { pub open_head_image: String, pub sidecar_image: String, pub configmap: String, + pub secret: String, pub blockfrost_key: String, pub external_domain: String, pub external_port: String, @@ -27,6 +28,7 @@ impl Config { open_head_image: env::var("OPEN_HEAD_IMAGE").expect("Missing OPEN_HEAD_IMAGE env var"), sidecar_image: env::var("SIDECAR_IMAGE").expect("Missing SIDECAR_IMAGE env var"), configmap: env::var("CONFIGMAP").expect("Missing CONFIGMAP env var"), + secret: env::var("SECRET").expect("Missing SECRET env var"), blockfrost_key: env::var("BLOCKFROST_KEY").expect("Missing BLOCKFROST_KEY env var"), external_domain: env::var("EXTERNAL_DOMAIN").expect("Missing EXTERNAL_DOMAIN env var."), external_port: env::var("EXTERNAL_PORT").expect("Missing EXTERNAL_PORT env var."), diff --git a/src/controller.rs b/src/controller.rs index 3461fbf..df5ba68 100644 --- a/src/controller.rs +++ b/src/controller.rs @@ -47,6 +47,7 @@ impl From for String { pub struct K8sConstants { pub config_dir: String, + pub secret_dir: String, pub initial_utxo_config_dir: String, pub data_dir: String, pub persistence_dir: String, @@ -63,6 +64,7 @@ impl Default for K8sConstants { fn default() -> Self { Self { config_dir: "/etc/config".to_string(), + secret_dir: "/var/secret".to_string(), initial_utxo_config_dir: "/etc/initial_utxo_config".to_string(), data_dir: "/var/data".to_string(), persistence_dir: "/var/persistence".to_string(), diff --git a/src/custom_resource.rs b/src/custom_resource.rs index 059347d..3382c4c 100644 --- a/src/custom_resource.rs +++ b/src/custom_resource.rs @@ -140,7 +140,7 @@ impl HydraDoomNode { "--party".to_string(), self.spec.party.clone(), "--cardano-key-file".to_string(), - format!("{}/admin.sk", constants.config_dir), + format!("{}/admin.sk", constants.secret_dir), "--blockfrost-key".to_string(), self.spec .blockfrost_key @@ -253,11 +253,18 @@ impl HydraDoomNode { // name: "open-head".to_string(), // image: Some(self.spec.open_head_image.clone()), // args: Some(open_head_args), - // volume_mounts: Some(vec![VolumeMount { - // name: "config".to_string(), - // mount_path: constants.config_dir.clone(), - // ..Default::default() - // }]), + // volume_mounts: Some(vec![ + // VolumeMount { + // name: "config".to_string(), + // mount_path: constants.config_dir.clone(), + // ..Default::default() + // }, + // VolumeMount { + // name: "secret".to_string(), + // mount_path: constants.secret_dir.clone(), + // ..Default::default() + // }, + // ]), // resources: None, // TODO: Parametrize this // ..Default::default() // },