declarative devnet deployments with kubernetes PT.1

[DaMandal0rian]

Type

enhancement

---

Description

• This is Part 1 of running devnet in kubernetes, the bootstrap and rpc nodes are the first manifests.
• Introduced Kubernetes configurations for archival and RPC nodes including Deployments, Services, ConfigMaps, and PVCs.
• Manage manifests with Kustomize
• Configured node-specific settings such as node affinity, tolerations, and resource requests for both node types.
• Established network communication settings through Services and Ingress configurations.
• Set up storage solutions using PersistentVolumeClaims and AWS EBS StorageClasses.

---

Changes walkthrough

Relevant files

Configuration changes

14 files archival-node-configmap.yaml Add ConfigMap for Archival Node                                                    kubernetes/devnet/overlays/bootstrap-node/archival-node-configmap.yaml Created a new ConfigMap for archival node configuration with network and node identifiers. +12/-0    archival-node-service.yaml Define Kubernetes Service for Archival Node                            kubernetes/devnet/overlays/bootstrap-node/archival-node-service.yaml Defined a new Kubernetes Service for the archival node with multiple ports for TCP and UDP protocols. +25/-0    archival-node.yaml Setup Deployment for Archival Node                                              kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml Setup a new Deployment for the archival node with specific node affinity, tolerations, and resource requests. Configured environment variables and ports for the archival node container. +112/-0  dsn-bootstrap-node.yaml New Deployment for DSN Bootstrap Node                                        kubernetes/devnet/overlays/bootstrap-node/dsn-bootstrap-node.yaml Introduced a new Deployment for DSN bootstrap node with detailed node affinity, tolerations, and container specifications. +149/-0  dsn-service.yaml Create Service for DSN Bootstrap Node                                        kubernetes/devnet/overlays/bootstrap-node/dsn-service.yaml Created a new Service for DSN bootstrap node specifying TCP and UDP ports. +18/-0    pvc.yaml Add PersistentVolumeClaim for Archival Node                            kubernetes/devnet/overlays/bootstrap-node/pvc.yaml Added a PersistentVolumeClaim for archival node data storage. +12/-0    storageclass-aws.yaml Define AWS EBS StorageClass                                                            kubernetes/devnet/overlays/bootstrap-node/storageclass-aws.yaml Created a new AWS EBS StorageClass with specific parameters and policies. +13/-0    archival-node-configmap.yaml Add ConfigMap for RPC Node                                                              kubernetes/devnet/overlays/rpc-node/archival-node-configmap.yaml Created a new ConfigMap for RPC node configuration mirroring the archival node setup. +12/-0    archival-node-service.yaml Define Kubernetes Service for RPC Node                                      kubernetes/devnet/overlays/rpc-node/archival-node-service.yaml Defined a new Kubernetes Service for the RPC node similar to the archival node's service setup. +25/-0    archival-node.yaml Setup Deployment for RPC Node                                                        kubernetes/devnet/overlays/rpc-node/archival-node.yaml Setup a new Deployment for the RPC node with specific node affinity, tolerations, and resource requests. Configured environment variables and ports for the RPC node container. +93/-0    ingress.yaml Configure Ingress for RPC Node                                                      kubernetes/devnet/overlays/rpc-node/ingress.yaml Configured an Ingress for the RPC node to handle external HTTPS traffic. +25/-0    pvc.yaml Add PersistentVolumeClaim for RPC Node                                      kubernetes/devnet/overlays/rpc-node/pvc.yaml Added a PersistentVolumeClaim for RPC node data storage, similar to the archival node's PVC. +12/-0    service.yaml Create Service for RPC Node                                                            kubernetes/devnet/overlays/rpc-node/service.yaml Created a new Service for the RPC node specifying TCP ports for RPC and Prometheus metrics. +17/-0    storageclass-aws.yaml Define AWS EBS StorageClass for RPC Node                                  kubernetes/devnet/overlays/rpc-node/storageclass-aws.yaml Defined an AWS EBS StorageClass for the RPC node, identical to the one used for the archival node. +13/-0

---

✨ PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions]

PR Description updated to latest commit (231e137)

[github-actions]

PR Review

⏱️ Estimated effort to review [1-5]	4, due to the complexity and number of files involved in setting up Kubernetes configurations for different node types, including services, deployments, and storage. The PR includes detailed configurations for node affinity, tolerations, resource requests, and network settings, which require careful review to ensure they meet the intended operational requirements and best practices in Kubernetes deployments.
🧪 Relevant tests	No
🔍 Possible issues	Possible Misconfiguration: The use of placeholder values like "your-network-name" and "your-external-ip" in ConfigMaps suggests that these values need to be replaced before deployment. If not managed properly, this could lead to deployment failures or misconfigurations in a production environment.
🔒 Security concerns	No

Code feedback:

---

relevant file	kubernetes/devnet/overlays/bootstrap-node/archival-node-configmap.yaml
suggestion	Consider using environment-specific placeholders or a templating tool to manage environment-specific configurations. This approach helps prevent manual errors during configuration changes and deployments. [important]
relevant line	NETWORK_NAME: "your-network-name"

---

relevant file	kubernetes/devnet/overlays/bootstrap-node/archival-node-service.yaml
suggestion	Ensure that the service ports do not conflict with other services in the same Kubernetes cluster to avoid networking issues. It might be beneficial to parameterize the port numbers or make them configurable through environment variables. [important]
relevant line	port: 30333

---

relevant file	kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml
suggestion	For the liveness and readiness probes, consider configuring more specific success thresholds and failure thresholds to better manage the pods' lifecycle and stability. [medium]
relevant line	livenessProbe:

---

relevant file	kubernetes/devnet/overlays/bootstrap-node/pvc.yaml
suggestion	Verify that the 'storageClassName' specified matches an existing StorageClass in your Kubernetes cluster. Misconfiguration here could lead to persistent volume claim issues. [important]
relevant line	storageClassName: ebs-storageclass

---

---

✨ Review tool usage guide:

---

Overview:
The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

• When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

• With a configuration file, use the following template:

[pr_reviewer]
some_config1=...
some_config2=...

See the review usage page for a comprehensive guide on using this tool.

[github-actions]

PR Code Suggestions

Category	Suggestions
Best practice	Add resource limits to the container specifications. It is recommended to specify resource limits in addition to requests to ensure that the container does not exceed the expected amount of resources, which helps in maintaining cluster stability and resource allocation efficiency. kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml [96-98] resources: requests: memory: "500Mi" cpu: "500m" + limits: + memory: "1Gi" + cpu: "1"
	Use a specific namespace for deployment instead of the default. To enhance the security and isolation, consider using a more specific namespace rather than the default for deploying your workloads. kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml [3-4] metadata: name: archival-node + namespace: specific-namespace
Possible issue	Assign distinct ports for TCP and UDP protocols to avoid conflicts. Using both TCP and UDP protocols on the same port for different services might lead to misconfigurations or potential network issues. Consider using distinct ports for TCP and UDP if feasible. kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml [82-85] - containerPort: 30333 protocol: TCP -- containerPort: 30333 +- containerPort: 30334 protocol: UDP
Enhancement	Reduce the initialDelaySeconds for probes to improve responsiveness. The initialDelaySeconds for liveness and readiness probes are quite high, which might delay the detection of service readiness and liveness. Consider reducing these values to improve the startup time. kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml [99-108] livenessProbe: - tcpSocket: - port: 30333 - initialDelaySeconds: 60 - periodSeconds: 60 -readinessProbe: tcpSocket: port: 30333 initialDelaySeconds: 30 periodSeconds: 30 +readinessProbe: + tcpSocket: + port: 30333 + initialDelaySeconds: 15 + periodSeconds: 15
Security	Use Kubernetes secrets for sensitive data instead of ConfigMaps. The deployment configuration uses environment variables from a ConfigMap which includes sensitive data like NODE_ID. It's recommended to use Kubernetes secrets for such sensitive data to enhance security. kubernetes/devnet/overlays/bootstrap-node/archival-node.yaml [61-65] - name: NODE_ID valueFrom: - configMapKeyRef: - name: archival-node-config + secretKeyRef: + name: archival-node-secret key: NODE_ID

---

✨ Improve tool usage guide:

---

Overview:
The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

• When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:

/improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

• With a configuration file, use the following template:

[pr_code_suggestions]
some_config1=...
some_config2=...

See the improve usage page for a comprehensive guide on using this tool.