Devnet arguments for BigTable connection.
Change-Id: Idc893dc87739d1b309ffefcc67d98641f4bccd9a
This commit is contained in:
parent
ce22a18101
commit
9e16baa040
|
@ -7,4 +7,6 @@ bin
|
||||||
target
|
target
|
||||||
/mutagen.sh
|
/mutagen.sh
|
||||||
venv
|
venv
|
||||||
.env
|
.env
|
||||||
|
bigtable-admin.json
|
||||||
|
bigtable-writer.json
|
||||||
|
|
|
@ -81,3 +81,10 @@ To Solana as CPI instruction:
|
||||||
Set the include path:
|
Set the include path:
|
||||||
|
|
||||||
![](https://i.imgur.com/bDij6Cu.png)
|
![](https://i.imgur.com/bDij6Cu.png)
|
||||||
|
|
||||||
|
|
||||||
|
## BigTable event persistence
|
||||||
|
|
||||||
|
Guardian events can be persisted to a BigTable instance. Launch the devnet with flags supplying your database info to enable forwarding events:
|
||||||
|
|
||||||
|
tilt up -- --num=1 --bigTablePersistence --gcpProject=your-project-id --bigTableKeyPath=./your-service-account-key.json
|
||||||
|
|
24
Tiltfile
24
Tiltfile
|
@ -6,6 +6,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
load("ext://namespace", "namespace_create", "namespace_inject")
|
load("ext://namespace", "namespace_create", "namespace_inject")
|
||||||
|
load('ext://secret', 'secret_yaml_generic')
|
||||||
|
|
||||||
# Runtime configuration
|
# Runtime configuration
|
||||||
|
|
||||||
|
@ -17,9 +18,18 @@ config.define_string("num", False, "Number of guardian nodes to run")
|
||||||
#
|
#
|
||||||
config.define_string("namespace", False, "Kubernetes namespace to use")
|
config.define_string("namespace", False, "Kubernetes namespace to use")
|
||||||
|
|
||||||
|
# These arguments will enable writing Guardian events to a BigTable instance.
|
||||||
|
# Writing to BigTable is optional. These arguments are not required to run the devnet.
|
||||||
|
config.define_bool("bigTablePersistence", False, "Enable forwarding guardian events to BigTable")
|
||||||
|
config.define_string("gcpProject", False, "GCP project ID for BigTable persistence")
|
||||||
|
config.define_string("bigTableKeyPath", False, "Path to BigTable json key file")
|
||||||
|
|
||||||
cfg = config.parse()
|
cfg = config.parse()
|
||||||
num_guardians = int(cfg.get("num", "5"))
|
num_guardians = int(cfg.get("num", "5"))
|
||||||
namespace = cfg.get("namespace", "wormhole")
|
namespace = cfg.get("namespace", "wormhole")
|
||||||
|
bigTablePersistence = cfg.get("bigTablePersistence", False)
|
||||||
|
gcpProject = cfg.get("gcpProject", None)
|
||||||
|
bigTableKeyPath = cfg.get("bigTableKeyPath", "./bigtable-writer.json")
|
||||||
|
|
||||||
# namespace
|
# namespace
|
||||||
|
|
||||||
|
@ -47,6 +57,14 @@ local_resource(
|
||||||
|
|
||||||
# bridge
|
# bridge
|
||||||
|
|
||||||
|
if bigTablePersistence:
|
||||||
|
k8s_yaml_with_ns(
|
||||||
|
secret_yaml_generic(
|
||||||
|
"bridge-bigtable-key",
|
||||||
|
from_file = "bigtable-key.json=" + bigTableKeyPath
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
docker_build(
|
docker_build(
|
||||||
ref = "guardiand-image",
|
ref = "guardiand-image",
|
||||||
context = "bridge",
|
context = "bridge",
|
||||||
|
@ -63,6 +81,12 @@ def build_bridge_yaml():
|
||||||
if container["name"] != "guardiand":
|
if container["name"] != "guardiand":
|
||||||
fail("container 0 is not guardiand")
|
fail("container 0 is not guardiand")
|
||||||
container["command"] += ["--devNumGuardians", str(num_guardians)]
|
container["command"] += ["--devNumGuardians", str(num_guardians)]
|
||||||
|
if bigTablePersistence:
|
||||||
|
container["command"] += [
|
||||||
|
"--bigTablePersistenceEnabled",
|
||||||
|
"--bigTableGCPProject",
|
||||||
|
gcpProject
|
||||||
|
]
|
||||||
|
|
||||||
return encode_yaml_stream(bridge_yaml)
|
return encode_yaml_stream(bridge_yaml)
|
||||||
|
|
||||||
|
|
|
@ -79,6 +79,12 @@ var (
|
||||||
|
|
||||||
publicRPC *string
|
publicRPC *string
|
||||||
publicREST *string
|
publicREST *string
|
||||||
|
|
||||||
|
bigTablePersistenceEnabled *bool
|
||||||
|
bigTableGCPProject *string
|
||||||
|
bigTableInstanceName *string
|
||||||
|
bigTableTableName *string
|
||||||
|
bigTableKeyPath *string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -119,6 +125,12 @@ func init() {
|
||||||
|
|
||||||
publicRPC = BridgeCmd.Flags().String("publicRPC", "", "Listen address for public gRPC interface")
|
publicRPC = BridgeCmd.Flags().String("publicRPC", "", "Listen address for public gRPC interface")
|
||||||
publicREST = BridgeCmd.Flags().String("publicREST", "", "Listen address for public REST interface")
|
publicREST = BridgeCmd.Flags().String("publicREST", "", "Listen address for public REST interface")
|
||||||
|
|
||||||
|
bigTablePersistenceEnabled = BridgeCmd.Flags().Bool("bigTablePersistenceEnabled", false, "Turn on forwarding events to BigTable")
|
||||||
|
bigTableGCPProject = BridgeCmd.Flags().String("bigTableGCPProject", "", "Google Cloud project ID for storing events")
|
||||||
|
bigTableInstanceName = BridgeCmd.Flags().String("bigTableInstanceName", "", "BigTable instance name for storing events")
|
||||||
|
bigTableTableName = BridgeCmd.Flags().String("bigTableTableName", "", "BigTable table name to store events in")
|
||||||
|
bigTableKeyPath = BridgeCmd.Flags().String("bigTableKeyPath", "", "Path to json Service Account key")
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -312,6 +324,21 @@ func runBridge(cmd *cobra.Command, args []string) {
|
||||||
logger.Fatal("Please specify --terraContract")
|
logger.Fatal("Please specify --terraContract")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if *bigTablePersistenceEnabled {
|
||||||
|
if *bigTableGCPProject == "" {
|
||||||
|
logger.Fatal("Please specify --bigTableGCPProject")
|
||||||
|
}
|
||||||
|
if *bigTableInstanceName == "" {
|
||||||
|
logger.Fatal("Please specify --bigTableInstanceName")
|
||||||
|
}
|
||||||
|
if *bigTableTableName == "" {
|
||||||
|
logger.Fatal("Please specify --bigTableTableName")
|
||||||
|
}
|
||||||
|
if *bigTableKeyPath == "" {
|
||||||
|
logger.Fatal("Please specify --bigTableKeyPath")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
ethContractAddr := eth_common.HexToAddress(*ethContract)
|
ethContractAddr := eth_common.HexToAddress(*ethContract)
|
||||||
bscContractAddr := eth_common.HexToAddress(*bscContract)
|
bscContractAddr := eth_common.HexToAddress(*bscContract)
|
||||||
solBridgeAddress, err := solana_types.PublicKeyFromBase58(*solanaBridgeAddress)
|
solBridgeAddress, err := solana_types.PublicKeyFromBase58(*solanaBridgeAddress)
|
||||||
|
|
|
@ -44,12 +44,21 @@ spec:
|
||||||
# mount shared between containers for runtime state
|
# mount shared between containers for runtime state
|
||||||
- name: bridge-rundir
|
- name: bridge-rundir
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
- name: bridge-keysdir
|
||||||
|
secret:
|
||||||
|
secretName: bridge-bigtable-key
|
||||||
|
optional: true
|
||||||
|
items:
|
||||||
|
- key: bigtable-key.json
|
||||||
|
path: bigtable-key.json
|
||||||
containers:
|
containers:
|
||||||
- name: guardiand
|
- name: guardiand
|
||||||
image: guardiand-image
|
image: guardiand-image
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /run/bridge
|
- mountPath: /run/bridge
|
||||||
name: bridge-rundir
|
name: bridge-rundir
|
||||||
|
- mountPath: /tmp/mounted-keys
|
||||||
|
name: bridge-keysdir
|
||||||
command:
|
command:
|
||||||
# Uncomment this to enable in-place debugging using dlv
|
# Uncomment this to enable in-place debugging using dlv
|
||||||
# (not suitable for regular development since the process will no longer restart on its own)
|
# (not suitable for regular development since the process will no longer restart on its own)
|
||||||
|
@ -93,6 +102,12 @@ spec:
|
||||||
- /tmp/admin.sock
|
- /tmp/admin.sock
|
||||||
- --dataDir
|
- --dataDir
|
||||||
- /tmp/data
|
- /tmp/data
|
||||||
|
- --bigTableInstanceName
|
||||||
|
- wormhole-dev
|
||||||
|
- --bigTableTableName
|
||||||
|
- v2Events
|
||||||
|
- --bigTableKeyPath
|
||||||
|
- /tmp/mounted-keys/bigtable-key.json
|
||||||
# - --logLevel=debug
|
# - --logLevel=debug
|
||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
capabilities:
|
||||||
|
|
|
@ -4,6 +4,11 @@
|
||||||
"Name": "namespace",
|
"Name": "namespace",
|
||||||
"ExtensionRegistry": "https://github.com/tilt-dev/tilt-extensions",
|
"ExtensionRegistry": "https://github.com/tilt-dev/tilt-extensions",
|
||||||
"TimeFetched": "2020-12-05T16:06:07.229737938+01:00"
|
"TimeFetched": "2020-12-05T16:06:07.229737938+01:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "secret",
|
||||||
|
"ExtensionRegistry": "https://github.com/tilt-dev/tilt-extensions",
|
||||||
|
"TimeFetched": "2021-07-01T15:08:09.818136358-05:00"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
|
@ -0,0 +1,51 @@
|
||||||
|
# Secret
|
||||||
|
|
||||||
|
Author: [Nick Santos](https://github.com/nicks)
|
||||||
|
|
||||||
|
Helper functions for creating Kubernetes secrets.
|
||||||
|
|
||||||
|
## Functions
|
||||||
|
|
||||||
|
### secret_yaml_generic
|
||||||
|
|
||||||
|
```
|
||||||
|
secret_yaml_generic(name: str, namespace: str = "", from_file: Union[str, List] = None, secret_type: str = None): Blob
|
||||||
|
```
|
||||||
|
|
||||||
|
Returns YAML for a generic secret.
|
||||||
|
|
||||||
|
* `from_file` ( str ) – equivalent to `kubectl create secret --from-file`
|
||||||
|
* `secret_type` ( str ) - equivalent to `kubectl create secret --type`
|
||||||
|
|
||||||
|
### secret_create_generic
|
||||||
|
|
||||||
|
```
|
||||||
|
secret_create_generic(name: str, namespace: str = "", from_file: Union[str, List] = None, secret_type: str = None)
|
||||||
|
```
|
||||||
|
|
||||||
|
Deploys a secret to the cluster. Equivalent to
|
||||||
|
|
||||||
|
```
|
||||||
|
load('ext://namespace', 'secret_yaml_generic')
|
||||||
|
k8s_yaml(secret_yaml_generic('name', from_file=[...]))
|
||||||
|
```
|
||||||
|
|
||||||
|
## Example Usage
|
||||||
|
|
||||||
|
### For a Postgres password:
|
||||||
|
|
||||||
|
```
|
||||||
|
load('ext://secret', 'secret_create_generic')
|
||||||
|
secret_create_generic('pgpass', from_file='.pgpass=./.pgpass')
|
||||||
|
```
|
||||||
|
|
||||||
|
### For Google Cloud Platform Key:
|
||||||
|
|
||||||
|
```
|
||||||
|
load('ext://secret', 'secret_generic_create')
|
||||||
|
secret_create_generic('gcp-key', from_file='key.json=./gcp-creds.json')
|
||||||
|
```
|
||||||
|
|
||||||
|
## Caveats
|
||||||
|
|
||||||
|
- This extension doesn't do any validation to confirm that names or namespaces are valid.
|
|
@ -0,0 +1,75 @@
|
||||||
|
# -*- mode: Python -*-
|
||||||
|
|
||||||
|
def secret_yaml_generic(name, namespace="", from_file=None, secret_type=None, from_env_file=None):
|
||||||
|
"""Returns YAML for a generic secret
|
||||||
|
|
||||||
|
Args:
|
||||||
|
name: The secret name.
|
||||||
|
namespace: The namespace.
|
||||||
|
from_file: Use the from-file secret generator. May be a string or a list of strings.
|
||||||
|
Example: ["ssh--privatekey=path/to/id_rsa", "ssh-publickey=path/to/id_rsa.pub"]
|
||||||
|
from_env_file: Specify the path to a file to read lines of key=val pairs to create a secret
|
||||||
|
(i.e. a Docker .env file)
|
||||||
|
secret_type (optional): Specify the type of the secret
|
||||||
|
Example: 'kubernetes.io/dockerconfigjson'
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
The secret YAML as a blob
|
||||||
|
"""
|
||||||
|
|
||||||
|
args = [
|
||||||
|
"kubectl",
|
||||||
|
"create",
|
||||||
|
"secret",
|
||||||
|
"generic",
|
||||||
|
name,
|
||||||
|
]
|
||||||
|
|
||||||
|
if namespace:
|
||||||
|
args.extend(["-n", namespace])
|
||||||
|
|
||||||
|
generator = False
|
||||||
|
if from_file:
|
||||||
|
if type(from_file) == "string":
|
||||||
|
args.extend(["--from-file", from_file])
|
||||||
|
generator = True
|
||||||
|
elif type(from_file) == "list":
|
||||||
|
for f in from_file:
|
||||||
|
args.extend(["--from-file", f])
|
||||||
|
generator = True
|
||||||
|
else:
|
||||||
|
fail("Bad from_file argument: %s" % from_file)
|
||||||
|
|
||||||
|
if from_env_file:
|
||||||
|
if type(from_env_file) != "string":
|
||||||
|
fail("from_env_file only accepts strings")
|
||||||
|
|
||||||
|
args.extend(["--from-env-file", from_env_file])
|
||||||
|
generator = True
|
||||||
|
|
||||||
|
if not generator:
|
||||||
|
fail("No secret generator specified")
|
||||||
|
|
||||||
|
if secret_type:
|
||||||
|
if type(secret_type) == "string":
|
||||||
|
args.extend(["--type", secret_type])
|
||||||
|
else:
|
||||||
|
fail("Bad secret_type argument: %s" % secret_type)
|
||||||
|
|
||||||
|
args.extend(["-o=yaml", "--dry-run=client"])
|
||||||
|
return local(args)
|
||||||
|
|
||||||
|
def secret_create_generic(name, namespace="", from_file=None, secret_type=None, from_env_file=None):
|
||||||
|
"""Creates a secret in the current Kubernetes cluster.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
name: The secret name.
|
||||||
|
namespace: The namespace.
|
||||||
|
from_file: Use the from-file secret generator. May be a string or a list of strings.
|
||||||
|
Example: ["ssh--privatekey=path/to/id_rsa", "ssh-publickey=path/to/id_rsa.pub"]
|
||||||
|
from_env_file: Specify the path to a file to read lines of key=val pairs to create a secret
|
||||||
|
(i.e. a Docker .env file)
|
||||||
|
secret_type (optional): Specify the type of the secret
|
||||||
|
Example: 'kubernetes.io/dockerconfigjson'
|
||||||
|
"""
|
||||||
|
k8s_yaml(secret_yaml_generic(name, namespace, from_file, secret_type, from_env_file))
|
|
@ -0,0 +1 @@
|
||||||
|
hostname:5432:database:username:password
|
|
@ -0,0 +1,4 @@
|
||||||
|
load('../Tiltfile', 'secret_create_generic')
|
||||||
|
|
||||||
|
secret_create_generic('pgpass', namespace='default', from_file='.pgpass=./.pgpass')
|
||||||
|
k8s_yaml('job.yaml')
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: secret-verify
|
||||||
|
spec:
|
||||||
|
backoffLimit: 1
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: secret-verify
|
||||||
|
image: alpine
|
||||||
|
command: ["grep", "password", "/var/secrets/pgpass/.pgpass"]
|
||||||
|
volumeMounts:
|
||||||
|
- name: pgpass
|
||||||
|
mountPath: /var/secrets/pgpass
|
||||||
|
env:
|
||||||
|
- name: PGPASSFILE
|
||||||
|
value: /var/secrets/pgpass/.pgpass
|
||||||
|
restartPolicy: Never
|
||||||
|
volumes:
|
||||||
|
- name: pgpass
|
||||||
|
secret:
|
||||||
|
secretName: pgpass
|
||||||
|
defaultMode: 0600
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cd $(dirname $0)
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
tilt ci
|
||||||
|
tilt down --delete-namespaces
|
Loading…
Reference in New Issue