apiVersion: apps/v1 kind: StatefulSet metadata: name: besu-validator namespace: besu-network labels: app: besu component: validator spec: serviceName: besu-validator replicas: 4 selector: matchLabels: app: besu component: validator template: metadata: labels: app: besu component: validator spec: # Tolerate validator node taint tolerations: - key: role operator: Equal value: validator effect: NoSchedule # Node selector for validator pool nodeSelector: pool: validators role: validator # Anti-affinity: spread validators across zones affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: component operator: In values: - validator topologyKey: topology.kubernetes.io/zone # Init container to prepare config initContainers: - name: config-init image: busybox:1.36 command: - sh - -c - | cp /config-source/* /config-dest/ chmod -R 644 /config-dest/* volumeMounts: - name: config-source mountPath: /config-source - name: config-dest mountPath: /config-dest resources: requests: cpu: "10m" memory: "32Mi" limits: cpu: "100m" memory: "64Mi" containers: - name: besu image: hyperledger/besu:23.10.0 imagePullPolicy: IfNotPresent command: - /opt/besu/bin/besu - --config-file=/config/besu-config.toml ports: - name: p2p containerPort: 30303 protocol: TCP - name: p2p-udp containerPort: 30303 protocol: UDP - name: metrics containerPort: 9545 protocol: TCP env: - name: BESU_OPTS value: "" - name: JAVA_OPTS value: "-Xmx4g -Xms4g" resources: requests: cpu: "2" memory: "4Gi" limits: cpu: "4" memory: "8Gi" volumeMounts: - name: data mountPath: /data - name: config mountPath: /config - name: keys mountPath: /keys readOnly: true livenessProbe: httpGet: path: /metrics port: metrics initialDelaySeconds: 120 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /metrics port: metrics initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 startupProbe: httpGet: path: /metrics port: metrics initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 30 volumes: - name: config-source configMap: name: besu-validator-config - name: keys secret: secretName: besu-validator-keys volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce storageClassName: managed-premium resources: requests: storage: 512Gi --- apiVersion: v1 kind: ConfigMap metadata: name: besu-validator-config namespace: besu-network data: besu-config.toml: | data-path="/data/besu" genesis-file="/config/genesis.json" network-id=138 p2p-host="0.0.0.0" p2p-port=30303 consensus-protocol="ibft2" miner-enabled=false sync-mode="FULL" rpc-http-enabled=false rpc-ws-enabled=false metrics-enabled=true metrics-port=9545 metrics-host="0.0.0.0" logging="INFO" permissions-nodes-config-file-enabled=true permissions-nodes-config-file="/config/permissions-nodes.toml" permissions-accounts-config-file-enabled=true permissions-accounts-config-file="/config/permissions-accounts.toml" static-nodes-file="/config/static-nodes.json" genesis.json: | { "config": { "chainId": 138, "berlinBlock": 0, "londonBlock": 0, "istanbulBlock": 0, "clique": null, "ibft2": { "blockperiodseconds": 2, "epochlength": 30000, "requesttimeoutseconds": 10 }, "ethash": {} }, "nonce": "0x0", "timestamp": "0x0", "gasLimit": "0x1c9c380", "difficulty": "0x1", "mixHash": "0x63746963616c2062797a616e74696e65206661756c7420746f6c6572616e6365", "coinbase": "0x0000000000000000000000000000000000000000", "alloc": { "0x0000000000000000000000000000000000000001": { "balance": "0x1" }, "0x0000000000000000000000000000000000000002": { "balance": "0x1" }, "0x0000000000000000000000000000000000000003": { "balance": "0x1" }, "0x0000000000000000000000000000000000000004": { "balance": "0x1" } }, "extraData": "0x", "number": "0x0", "gasUsed": "0x0", "parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000" } permissions-accounts.toml: | accounts-allowlist=[] static-nodes.json: | [] --- apiVersion: v1 kind: Service metadata: name: besu-validator namespace: besu-network labels: app: besu component: validator spec: type: ClusterIP clusterIP: None ports: - name: p2p port: 30303 targetPort: p2p protocol: TCP - name: p2p-udp port: 30303 targetPort: p2p-udp protocol: UDP - name: metrics port: 9545 targetPort: metrics protocol: TCP selector: app: besu component: validator --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: besu-validator-pdb namespace: besu-network spec: minAvailable: 3 selector: matchLabels: app: besu component: validator