Skip to content

Instantly share code, notes, and snippets.

@maoueh
Last active August 15, 2022 14:34
Show Gist options
  • Save maoueh/f44c3bd6078e472405bc702096b3beb4 to your computer and use it in GitHub Desktop.
Save maoueh/f44c3bd6078e472405bc702096b3beb4 to your computer and use it in GitHub Desktop.
apiVersion: v1
data:
beacon-jwt-secret: <secret, can be generated with `cat /dev/urandom | head -c 32 | to_hex -in`>
kind: ConfigMap
metadata:
name: consensus-jwt
namespace: <namespace>
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: consensus
namespace: <namespace>
spec:
podManagementPolicy: Parallel
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: consensus
serviceName: consensus
template:
metadata:
labels:
name: consensus
spec:
containers:
- command:
- lighthouse
- beacon
- --datadir=/data
- --debug-level=info
- --network=goerli
- --listen-address=0.0.0.0
- --port=9000
- --http
- --http-address=0.0.0.0
- --http-port=5052
- --metrics-address=0.0.0.0
- --metrics-port=9102
- --execution-jwt-id=
- --execution-endpoint=http://<pod_name>.<service_name>.<namespace>.svc.cluster.local:8551
- --execution-jwt=/etc/consensus-node/beacon-jwt-secret
image: sigp/lighthouse:v2.5.1-amd64-modern
imagePullPolicy: IfNotPresent
name: lighthouse
ports:
- containerPort: 5052
name: api
protocol: TCP
- containerPort: 9000
name: p2p
protocol: TCP
- containerPort: 9102
name: prometheus
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /eth/v1/node/health
port: 5052
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: "4"
memory: 8Gi
requests:
cpu: "4"
memory: 4Gi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: datadir
- mountPath: /etc/consensus-node
name: consensus-jwt
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: app-node-backup-writer
serviceAccountName: app-node-backup-writer
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: consensus-jwt
name: consensus-jwt
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
resize.topolvm.io/increase: 10%
resize.topolvm.io/storage_limit: 100Gi
resize.topolvm.io/threshold: 10%
creationTimestamp: null
name: datadir
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 32Gi
storageClassName: gcpssd-lazy
volumeMode: Filesystem
status:
phase: Pending

Beacon Chain Manifest

The beacon chain node talks to the execution layer pod 1 by 1. The authrpc must be enabled on Geth and JWT secret must be shared between the two nodes.

Here the extra flags neeed on Geth side to enable engine API over authenticated channel:

  • -authrpc.addr=0.0.0.0
  • --authrpc.port=8551
  • --authrpc.jwtsecret=/etc/geth-config/beacon-jwt-secret
  • --authrpc.vhosts=*
  • --http.api=engine,eth,net,web3 # engine must be enabled, the rest is up to you

The /etc/geth-config/beacon-jwt-secret is from the same consensus-jwt.configmap.yaml file mounted at /etc/geth-config/beacon-jwt-secret.

The geth service must exist and should expose port 8551 now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment