-
Notifications
You must be signed in to change notification settings - Fork 66
/
README.md.gotmpl
118 lines (92 loc) · 3.96 KB
/
README.md.gotmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
# Examples
## Beacon node on the Holesky testnet connected to Holesky via Infura
```yaml
mode: "beacon"
extraArgs:
- --network=holesky
- --execution.urls=<EXECUTION-ENDPOINT>
```
## Exposing the P2P service via NodePort
This will make your node accessible via the Internet using a service of type [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport).
When using `p2pNodePort.enabled` the exposed IP address on your ENR record will be the "External IP" of the node where the pod is running.
**Limitations:** You can only run a single replica per chart deployment when using `p2pNodePort.enabled=true`.If you need N nodes, simply deploy the chart N times.
```yaml
replicas: 1
p2pNodePort:
enabled: true
port: 31000
```
## Validator node targeting a beacon node service
This example runs a validator on the holesky network that targets a pre-existing `lodestar-beacon`
service by injecting the all-accounts.keystore.json` file via a secret ENV var. You could use a similar
approach to fetch your secrets from some external secret management system (Hashicorp Vault, Azure key vault, etc.):
```yaml
replicas: 1
mode: validator
initContainers:
- name: init-keystore
image: bash:latest
imagePullPolicy: IfNotPresent
securityContext:
runAsNonRoot: false
runAsUser: 0
command:
- bash
- -c
- >
apk add jq;
export INDEX=$(echo $(hostname)| rev | cut -d'-' -f 1 | rev);
mkdir -p /data/validator/keys;
mkdir -p /data/validator/secrets;
KEY_COUNT="NODE_${INDEX}_KEY_COUNT";
for ((i = 0 ; i < "${!KEY_COUNT}" ; i++ ));
do
echo "====";
key="NODE_${INDEX}_KEY_${i}";
PUBKEY=$(echo ${!key} | jq '.pubkey' -j);
mkdir "/data/validator/keys/0x${PUBKEY}";
echo ${!key} > "/data/validator/keys/0x${PUBKEY}/voting-keystore.json";
secret="NODE_${INDEX}_SECRET_${i}";
echo ${!secret} > "/data/validator/secrets/0x${PUBKEY}";
echo "Added 0x${PUBKEY}";
done
volumeMounts:
- name: storage
mountPath: "/data"
readOnly:
env:
- name: NODE_0_KEY_COUNT
value: "1"
- name: NODE_0_SECRET_0
valueFrom:
secretKeyRef:
# Name of the secret that will be generated for you. This is normally `${RELEASE-name}-env`
# You might need to change this
name: lodestar-env
key: NODE_0_SECRET_0
- name: NODE_0_KEY_0
valueFrom:
secretKeyRef:
# See comment on the previous secretKeyRef
name: lodestar-env
key: NODE_0_KEY_0
extraArgs:
- --network=holesky
- --keystoresDir=/data/validator/keys
- --secretsDir=/data/validator/secrets
- --server=http://lodestar-beacon:9596
livenessProbe: null
readinessProbe: null
secretEnv:
# Note: Never publish any of your production secrets online. These are just used for testing purposes.
NODE_0_SECRET_0: Mrc085nWbjTc1mhAPt_Ukj4m_vui2iUQWr6TwNRq_4k=
NODE_0_KEY_0: {"crypto":{"checksum":{"function":"sha256","message":"7bbdd8cda652d792dceae7477b911106296620c44a6c1d0356c6ff52daca2b5b","params":{}},"cipher":{"function":"aes-128-ctr","message":"689f5c97fad87665e2fe8acbc0aad91bdc85de7756ebdc496f1373bae01c02c8","params":{"iv":"7b8e1ed4480dee19cbb1528394ad2095"}},"kdf":{"function":"pbkdf2","message":"","params":{"c":262144,"dklen":32,"prf":"hmac-sha256","salt":"bb560dfbb56016e0630e4415b74d86ede9090c0545854ed7c0ad921047a39cef"}}},"path":"","pubkey":"8e48cbd28d25847a6b122a62179b6ac11ee7877a4c489799918308e6252b7f6601f969179ac7465e256c01815b71b6d1","uuid":"f13ece4f-d57e-4789-accc-ad50f0fef882","version":4}
```