-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lotus bundle chart #84
Conversation
This is the helm-chart version of the bundle idea in https://docs.google.com/document/d/11OhCYqcmT5AI8zK__5EfWzVKQOHL75YaWyZR6tgpy8Y/edit?usp=sharing This works as well with the deployment model where applications are given lite nodes that connect to a HA lotus service backend. |
## Default behaviors: | ||
|
||
Lotus will run as a sidecar to your application. You can access lotus at 127.0.0.1:1234. | ||
There is no authentication, and lotus will not be accessible outside of your pod. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by no authentication? To use any write APIs the user will still need to be able to read the $LOTUS_PATH/token
, this is required for wallet interaction so I think we will need to find a way to ensure access to the token. On first review I don't see there is any access.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be as simple as
volumes:
- name: lotus-path
mountPath: /var/lib/lotus
readOnly: true
...
env:
- name: LOTUS_PATH
value: /var/lib/lotus
This would require that the backing volume support multiple readers and I don't remember if this is common or not. This is the same as your shared volume, which is required for this chart at the moment, so it could work. If the share volume ends up being optional and this feature isnt' common we may need to find another approach.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to say that because they are in the same pod this isn't an issue, and should just work as long as there is only one writer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right. Adding the lotus-path into the application container as read-only.
## Options: | ||
|
||
lite-mode: Run lotus lite. | ||
lite-backend: if running in lite-mode, use this service backend. By default, api.chain.love. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a note that api.chain.love is a lotus-gateway service and has a limited api surface area.
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: 500Gi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming this isn't going to be used to run a miner, the parameters are a tad under 300MB, I'd say set this to 1Gi. With a miner they are only currently 102Gi. I think we can assume though that this chart will not be used for running a miner so 1Gi should be fine.
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: 2000Gi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this size should have two values depending on if lite mode is enabled. There is very little to store when using a remote node. I think the only consumer of space might be for creating storage deals as a temporary hold over of the dag. I'm not sure if that is automatically cleaned up yet.
We can leave this as 2000Gi for now, but we should look into make this smaller so that this chart is more approachable. On most platforms the cost is 0.10/Gi which would be $200 a month in storage costs alone.
args: {{ .Values.application.container.args }} | ||
env: | ||
- name: FULLNODE_API_INFO | ||
value: "/ip4/127.0.0.1/tcp/1234/http" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason to force http?
This will limit the use of the API and not allow the use of any method that returns channels, as they require websockets to work. We should probably either force websockets or make it configurable. Http is a lot nicer as it's less prone to networking issues, so I like the idea of allowing it.
mountPath: /var/tmp/filecoin-proof-parameters | ||
- name: shared-volume | ||
mountPath: {{ .Values.application.storage.mount }} | ||
readOnly: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should check with the Dealbot team, but I think this might have to exist within certain constraints to $LOTUS_PATH. Eg when using lotus locally in $HOME/.lotus, you can't import data outside of $HOME.
I haven't verified this recently, but I know this was a thing a while back, not sure if the dealbot team is working around this in some other way.
imagePullPolicy: IfNotPresent | ||
command: [ "bash", "-c" ] | ||
args: | ||
- 'while sleep 60; do for key in /wallets/*; do lotus wallet import "${key}" || true; done; done' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've filed a ticket to address this || true
. This is fine for now.
- port: {{ .Values.prometheus.port }} | ||
path: {{ .Values.prometheus.path }} | ||
interval: 30s | ||
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if we should include a service monitor for lotus, don't know what it exports in lite mode, but it would help with at least basic go metrics, and would be beneficial when not running in lite mode.
…/helm-charts into feat/lotus-bundle
This is a helm chart to help you bundle your application with lotus along-side it.
Think of this as a decorator or a wrapper for lotus apps.
Key details:
In service of making things consumable outside of PL, This uses the docker image from filecoin-project/lotus#6544 . Any change made there, could necessitate a change here.
The developer experience is intended to be similar regardless of whether using docker-compose with that provided docker-compose file, docker-swarm or this helm chart, providing an easy path to develop locally and uplift.