From 25c157de140955208f73552985907d76b4ef5f40 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 29 Apr 2026 13:14:19 +0000 Subject: [PATCH 01/34] refactor(spartan): unify deployment config sources --- .github/workflows/deploy-network.yml | 12 +- .../workflows/ensure-funded-environment.yml | 44 +- l1-contracts/scripts/load_network_defaults.sh | 3 +- spartan/.gitignore | 26 +- spartan/CLAUDE.md | 110 +++-- spartan/aztec-bot/Chart.lock | 6 + .../aztec-node/templates/_pod-template.yaml | 141 +------ .../aztec-node/templates/env.configmap.yaml | 17 + spartan/aztec-node/values.yaml | 51 +-- spartan/aztec-validator/Chart.lock | 4 +- spartan/environments/alpha-net.env | 91 ---- spartan/environments/block-capacity.env | 48 --- spartan/environments/devnet.env | 79 ---- spartan/environments/five-tps-long-epoch.env | 75 ---- spartan/environments/five-tps-short-epoch.env | 75 ---- spartan/environments/kind-minimal.env | 56 --- spartan/environments/kind-provers.env | 53 --- spartan/environments/mainnet.env | 58 --- spartan/environments/mbps-net.env | 68 --- spartan/environments/mbps-pipeline.env | 69 --- spartan/environments/network-defaults.yml | 399 +++++++++++------- spartan/environments/networks/alpha-net.yml | 64 +++ .../environments/networks/block-capacity.yml | 39 ++ spartan/environments/networks/devnet.yml | 67 +++ .../networks/five-tps-long-epoch.yml | 55 +++ .../networks/five-tps-short-epoch.yml | 55 +++ .../environments/networks/kind-minimal.yml | 76 ++++ .../environments/networks/kind-provers.yml | 37 ++ spartan/environments/networks/mainnet.yml | 45 ++ spartan/environments/networks/mbps-net.yml | 60 +++ .../environments/networks/mbps-pipeline.yml | 58 +++ spartan/environments/networks/next-net.yml | 68 +++ .../environments/networks/next-scenario.yml | 46 ++ .../networks/prove-n-tps-fake.yml | 43 ++ .../networks/prove-n-tps-real.yml | 41 ++ .../environments/networks/scenario.local.yml | 30 ++ .../networks/staging-ignition.yml | 41 ++ .../environments/networks/staging-public.yml | 64 +++ .../environments/networks/staging.local.yml | 15 + .../networks/ten-tps-long-epoch.yml | 56 +++ .../networks/ten-tps-short-epoch.yml | 56 +++ spartan/environments/networks/testnet.yml | 84 ++++ .../environments/networks/tps-scenario.yml | 68 +++ spartan/environments/next-net.env | 79 ---- spartan/environments/next-scenario.env | 55 --- spartan/environments/prove-n-tps-fake.env | 53 --- spartan/environments/prove-n-tps-real.env | 48 --- spartan/environments/scenario.local.env | 37 -- spartan/environments/staging-ignition.env | 42 -- spartan/environments/staging-public.env | 77 ---- spartan/environments/staging.local.env | 21 - spartan/environments/ten-tps-long-epoch.env | 76 ---- spartan/environments/ten-tps-short-epoch.env | 76 ---- spartan/environments/testnet.env | 90 ---- spartan/environments/tps-scenario.env | 90 ---- .../scripts/calculate_publisher_indices.sh | 12 +- spartan/scripts/deploy_rollup_upgrade.sh | 2 +- spartan/scripts/ensure_funded_environment.sh | 9 +- spartan/scripts/load_network_config.sh | 352 +++++++++++++++ spartan/scripts/source_env_basic.sh | 38 +- spartan/scripts/source_network_env.sh | 47 +-- spartan/terraform/deploy-aztec-infra/main.tf | 345 ++++++--------- .../deploy-aztec-infra/values/archive.yaml | 4 +- .../deploy-aztec-infra/values/blob-sink.yaml | 5 +- .../deploy-aztec-infra/values/full-node.yaml | 5 +- .../values/p2p-bootstrap.yaml | 6 +- .../deploy-aztec-infra/values/prover.yaml | 6 +- .../deploy-aztec-infra/values/rpc.yaml | 11 +- .../deploy-aztec-infra/values/validator.yaml | 10 +- .../terraform/deploy-aztec-infra/variables.tf | 32 ++ yarn-project/cli/scripts/generate.sh | 3 +- 71 files changed, 2161 insertions(+), 2123 deletions(-) create mode 100644 spartan/aztec-bot/Chart.lock create mode 100644 spartan/aztec-node/templates/env.configmap.yaml delete mode 100644 spartan/environments/alpha-net.env delete mode 100644 spartan/environments/block-capacity.env delete mode 100644 spartan/environments/devnet.env delete mode 100644 spartan/environments/five-tps-long-epoch.env delete mode 100644 spartan/environments/five-tps-short-epoch.env delete mode 100644 spartan/environments/kind-minimal.env delete mode 100644 spartan/environments/kind-provers.env delete mode 100644 spartan/environments/mainnet.env delete mode 100644 spartan/environments/mbps-net.env delete mode 100644 spartan/environments/mbps-pipeline.env create mode 100644 spartan/environments/networks/alpha-net.yml create mode 100644 spartan/environments/networks/block-capacity.yml create mode 100644 spartan/environments/networks/devnet.yml create mode 100644 spartan/environments/networks/five-tps-long-epoch.yml create mode 100644 spartan/environments/networks/five-tps-short-epoch.yml create mode 100644 spartan/environments/networks/kind-minimal.yml create mode 100644 spartan/environments/networks/kind-provers.yml create mode 100644 spartan/environments/networks/mainnet.yml create mode 100644 spartan/environments/networks/mbps-net.yml create mode 100644 spartan/environments/networks/mbps-pipeline.yml create mode 100644 spartan/environments/networks/next-net.yml create mode 100644 spartan/environments/networks/next-scenario.yml create mode 100644 spartan/environments/networks/prove-n-tps-fake.yml create mode 100644 spartan/environments/networks/prove-n-tps-real.yml create mode 100644 spartan/environments/networks/scenario.local.yml create mode 100644 spartan/environments/networks/staging-ignition.yml create mode 100644 spartan/environments/networks/staging-public.yml create mode 100644 spartan/environments/networks/staging.local.yml create mode 100644 spartan/environments/networks/ten-tps-long-epoch.yml create mode 100644 spartan/environments/networks/ten-tps-short-epoch.yml create mode 100644 spartan/environments/networks/testnet.yml create mode 100644 spartan/environments/networks/tps-scenario.yml delete mode 100644 spartan/environments/next-net.env delete mode 100644 spartan/environments/next-scenario.env delete mode 100644 spartan/environments/prove-n-tps-fake.env delete mode 100644 spartan/environments/prove-n-tps-real.env delete mode 100644 spartan/environments/scenario.local.env delete mode 100644 spartan/environments/staging-ignition.env delete mode 100644 spartan/environments/staging-public.env delete mode 100644 spartan/environments/staging.local.env delete mode 100644 spartan/environments/ten-tps-long-epoch.env delete mode 100644 spartan/environments/ten-tps-short-epoch.env delete mode 100644 spartan/environments/testnet.env delete mode 100644 spartan/environments/tps-scenario.env create mode 100755 spartan/scripts/load_network_config.sh diff --git a/.github/workflows/deploy-network.yml b/.github/workflows/deploy-network.yml index 046c44b425ef..a2a4016d91a4 100644 --- a/.github/workflows/deploy-network.yml +++ b/.github/workflows/deploy-network.yml @@ -112,11 +112,10 @@ jobs: - name: Validate inputs run: | - # Validate network - if [[ ! -f "spartan/environments/${{ inputs.network }}.env" ]]; then - echo "Error: Environment file not found for network '${{ inputs.network }}'" + if [[ ! -f "spartan/environments/networks/${{ inputs.network }}.yml" ]]; then + echo "Error: Network YAML not found: spartan/environments/networks/${{ inputs.network }}.yml" echo "Available networks:" - ls -1 spartan/environments/ | grep -v '\.local\.env$' || echo "No environment files found" + ls -1 spartan/environments/networks/ exit 1 fi @@ -191,8 +190,9 @@ jobs: ./scripts/install_deps.sh ./scripts/network_deploy.sh "${{ inputs.network }}" - # need to source this for CLUSTER - source "./environments/${{ inputs.network }}.env" + # Source for CLUSTER (prefers YAML loader, falls back to legacy .env). + source "./scripts/source_env_basic.sh" + source_env_basic "${{ inputs.network }}" if [ -n "$CLUSTER" ]; then echo "cluster=$CLUSTER" >> $GITHUB_OUTPUT diff --git a/.github/workflows/ensure-funded-environment.yml b/.github/workflows/ensure-funded-environment.yml index de5a20cec116..e9364041d53a 100644 --- a/.github/workflows/ensure-funded-environment.yml +++ b/.github/workflows/ensure-funded-environment.yml @@ -6,54 +6,54 @@ on: workflow_call: inputs: environment: - description: 'Environment to fund (e.g., staging-public, next-net, staging-ignition, testnet)' + description: "Environment to fund (e.g., staging-public, next-net, staging-ignition, testnet)" required: true type: string low_watermark: - description: 'Minimum ETH balance (default: 0.5)' + description: "Minimum ETH balance (default: 0.5)" required: false type: string - default: '0.5' + default: "0.5" high_watermark: - description: 'Target ETH balance when funding (default: 1.0)' + description: "Target ETH balance when funding (default: 1.0)" required: false type: string - default: '1.0' + default: "1.0" namespace: - description: 'Kubernetes namespace override (e.g., v4-devnet-1). Sets NAMESPACE before sourcing env file.' + description: "Kubernetes namespace override (e.g., v4-devnet-1). Sets NAMESPACE before sourcing env file." required: false type: string workflow_dispatch: inputs: environment: - description: 'Environment to fund' + description: "Environment to fund" required: true type: choice options: - - staging-public - - next-net - - staging-ignition - - testnet - - devnet - - tps-scenario + - staging-public + - next-net + - staging-ignition + - testnet + - devnet + - tps-scenario low_watermark: - description: 'Minimum ETH balance' + description: "Minimum ETH balance" required: false type: string - default: '0.5' + default: "0.5" high_watermark: - description: 'Target ETH balance when funding' + description: "Target ETH balance when funding" required: false type: string - default: '1.0' + default: "1.0" namespace: - description: 'Kubernetes namespace override (e.g., v4-devnet-1)' + description: "Kubernetes namespace override (e.g., v4-devnet-1)" required: false type: string concurrency: group: ensure-funded-environment-${{ inputs.environment }} - cancel-in-progress: false # Don't cancel funding operations + cancel-in-progress: false # Don't cancel funding operations jobs: ensure-funded: @@ -71,10 +71,10 @@ jobs: - name: Validate inputs run: | # Validate environment - if [[ ! -f "spartan/environments/${{ inputs.environment }}.env" ]]; then - echo "Error: Environment file not found for environment '${{ inputs.environment }}'" + if [[ ! -f "spartan/environments/networks/${{ inputs.environment }}.yml" ]]; then + echo "Error: Network YAML not found: spartan/environments/networks/${{ inputs.environment }}.yml" echo "Available environments:" - ls -1 spartan/environments/ | grep -v '\.local\.env$' || echo "No environment files found" + ls -1 spartan/environments/networks/ exit 1 fi diff --git a/l1-contracts/scripts/load_network_defaults.sh b/l1-contracts/scripts/load_network_defaults.sh index b9f16bcc8dfb..9f146ee2d4de 100755 --- a/l1-contracts/scripts/load_network_defaults.sh +++ b/l1-contracts/scripts/load_network_defaults.sh @@ -20,9 +20,10 @@ fi # explode(.) resolves YAML anchors (<<: *prodlike inheritance) # Output as props, filter comments, normalize spacing +# Read from .networks..env (flat env baseline; was .networks. pre-refactor). while IFS='=' read -r key value; do export "$key"="$value" -done < <(yq -o=props "explode(.) | .networks.$network | with_entries(select(.key | test(\"^AZTEC_|^ETHEREUM_\")))" "$network_defaults" \ +done < <(yq -o=props "explode(.) | .networks.$network.env | with_entries(select(.key | test(\"^AZTEC_|^ETHEREUM_\")))" "$network_defaults" \ | grep -v '^#' \ | grep -v '^$' \ | sed 's/ = /=/') diff --git a/spartan/.gitignore b/spartan/.gitignore index 51ea42703871..b2ff51db664b 100644 --- a/spartan/.gitignore +++ b/spartan/.gitignore @@ -9,30 +9,8 @@ tfplan mnemonic.tmp environments/* !environments/network-defaults.yml -!environments/prove-n-tps-fake.env -!environments/prove-n-tps-real.env -!environments/ten-tps-short-epoch.env -!environments/ten-tps-long-epoch.env -!environments/five-tps-short-epoch.env -!environments/five-tps-long-epoch.env -!environments/devnet-next.env -!environments/devnet.env -!environments/block-capacity.env -!environments/next-net.env -!environments/next-scenario.env -!environments/scenario.local.env +!environments/networks/ +!environments/networks/*.yml !environments/source-env.sh -!environments/staging-ignition.env -!environments/staging-public.env -!environments/staging.local.env -!environments/testnet-canary.env -!environments/testnet.env -!environments/mainnet.env -!environments/tps-scenario.env -!environments/kind-minimal.env -!environments/kind-provers.env -!environments/alpha-net.env -!environments/mbps-pipeline.env -!environments/bench-10tps.env *.tfvars !terraform/deploy-external-secrets/*.tfvars diff --git a/spartan/CLAUDE.md b/spartan/CLAUDE.md index 347a9812eae9..714a7a1e49c5 100644 --- a/spartan/CLAUDE.md +++ b/spartan/CLAUDE.md @@ -13,7 +13,7 @@ spartan/ ├── aztec-keystore/ # Key derivation setup chart ├── aztec-postgres/ # Simple PostgreSQL chart for HA signing ├── aztec-snapshots/ # Snapshot management chart -├── environments/ # Environment-specific configurations (.env files) +├── environments/ # Network YAML configs + network-defaults.yml └── terraform/ ├── deploy-aztec-infra/ # Main deployment module └── modules/ # Reusable Terraform modules @@ -48,6 +48,7 @@ The main entry point is `terraform/deploy-aztec-infra/`: ### Helm Charts **aztec-node** (base chart): + - Deployable as Deployment or StatefulSet - Configurable via `node.env` for environment variables - Pre-start scripts for dynamic configuration @@ -55,15 +56,18 @@ The main entry point is `terraform/deploy-aztec-infra/`: - Pod template in `templates/_pod-template.yaml` **aztec-validator** (extends aztec-node): + - Wrapper chart with `aztec-node` as dependency (aliased as `validator`) - Adds validator-specific ConfigMap (`env.configmap.yaml`) - Configures mnemonic, validators-per-node, publishers-per-replica **aztec-prover-stack**: + - Multi-component: prover node, broker, and agent replicas - Each component has its own sub-values (`node`, `broker`, `agent`) **aztec-postgres**: + - Simple PostgreSQL StatefulSet using official `postgres:16-alpine` image - Used for validator HA signing coordination - No third-party chart dependencies (avoids Bitnami, etc.) @@ -115,11 +119,13 @@ module "validator_ha_postgres" { ``` The module: + - Deploys the `aztec-postgres` Helm chart - Runs database migrations via a Kubernetes Job (`aztec migrate-ha-db up`) - Outputs `database_url` for validators to connect Validators receive the database URL via environment variables: + - `VALIDATOR_HA_SIGNING_ENABLED=true` - `VALIDATOR_HA_DATABASE_URL=postgresql://...` - `VALIDATOR_HA_NODE_ID` (auto-set from pod name) @@ -128,20 +134,24 @@ Validators receive the database URL via environment variables: ### Network Defaults (Code Generation) -`environments/network-defaults.yml` is a **code generation source**, not a runtime config file. It centralizes "baked-in" defaults for the yarn-project packages. +`environments/network-defaults.yml` is the **joint source of truth** for both code generation AND runtime deployment. It defines: + +- `l1-contracts:` (anchor `&l1-contracts-defaults`) -- L1 smart contract parameters; consumed by codegen +- `slasher:` (anchor `&slasher`) -- Slasher node operational settings; consumed by codegen +- `_prodlike:` (anchor `&prodlike`) -- merges the above and adds runtime defaults +- `_release_defaults:` -- per-release Helm-shape baselines (replicaCount, env) +- `networks..env:` -- per-network env baseline; consumed by both codegen AND runtime +- `networks..:` -- optional per-release overrides; runtime only -**What it defines:** -- `l1-contracts`: L1 smart contract parameters (timing, validator thresholds, slashing) -- `slasher`: Slasher node operational settings (penalties, offense tracking) -- `networks`: Preset configurations for `devnet`, `testnet`, and `mainnet` +**Codegen outputs (paths and shape unchanged):** -**Generated outputs:** -- `yarn-project/ethereum/src/generated/l1-contracts-defaults.ts` -- `yarn-project/slasher/src/generated/slasher-defaults.ts` -- `yarn-project/cli/src/config/generated/networks.ts` -- `l1-contracts/generated/default.json` +- `yarn-project/ethereum/src/generated/l1-contracts-defaults.ts` (reads `.l1-contracts`) +- `yarn-project/slasher/src/generated/slasher-defaults.ts` (reads `.slasher`) +- `yarn-project/cli/src/config/generated/networks.ts` (reads `.networks..env`) +- `l1-contracts/generated/default.json` (reads `.l1-contracts` + `.networks..env`) **Regenerate after editing:** + ```bash cd yarn-project/ethereum && yarn generate cd yarn-project/slasher && yarn generate @@ -149,41 +159,74 @@ cd yarn-project/cli && yarn generate cd l1-contracts && ./bootstrap.sh ``` -### Deployment Environment Files +### Deployment Configuration (per-network YAML) -Environment files in `environments/*.env` provide deployment-specific values: +Each deployable network has a YAML override at `environments/networks/.yml`: -```bash -# Example: devnet.env -NAMESPACE=devnet -RELEASE_PREFIX=devnet -L1_RPC_URLS=https://... -VALIDATOR_REPLICAS=4 -PROVER_REPLICAS=1 -VALIDATOR_HA_REPLICAS=1 # 0 = no HA, 1 = primary + 1 HA release +```yaml +# environments/networks/devnet.yml +network: devnet # selects networks.devnet.env from network-defaults.yml as the env baseline + +deploy: # consumed by deploy script / Terraform; not pod env + CLUSTER: aztec-gke-private + NAMESPACE: devnet + RPC_INGRESS_ENABLED: true + +env: # adds to / overrides the network env baseline (UPPER_SNAKE pod env vars) + ETHEREUM_RPC_URLS: REPLACE_WITH_GCP_SECRET + LABS_INFRA_MNEMONIC: REPLACE_WITH_GCP_SECRET + +validator: # per-release Helm values (mirrors aztec-validator chart shape) + replicaCount: 1 + env: + P2P_GOSSIPSUB_D: "8" +prover: + agent: + replicaCount: 4 ``` -These are loaded by deployment scripts and passed to Terraform. +**Loader** (`scripts/load_network_config.sh`): + +- Deep-merges `_release_defaults` + `networks..env` + per-network YAML. +- Expands `${VAR}` and `${VAR:-default}` placeholders from shell env. +- Computes derived values (e.g. devnet's `MNEMONIC_INDEX_OFFSET` from NAMESPACE regex). +- Resolves `REPLACE_WITH_GCP_SECRET` placeholders via gcloud (when on PATH). +- Emits in `--format=env` (shell exports), `--format=json` (merged tree), or `--format=tfvars` (terraform.tfvars.json shape). + +The `source_env_basic.sh` and `source_network_env.sh` helpers wrap the YAML loader; existing callers (`bootstrap.sh`, `network_deploy.sh`, GitHub Actions) keep their CLI signatures unchanged. ## Common Patterns ### Passing Environment Variables to Pods -Via Terraform `custom_settings`: +Set under the matching release block in `environments/networks/.yml`: + +```yaml +validator: + env: + MY_VAR: "value" +``` + +The loader emits this as `releases.validator.env.MY_VAR` in `terraform.tfvars.json`, which Terraform forwards to Helm via `yamlencode`. The chart's pod template mounts the values via `envFrom` on a generated ConfigMap (`{release}-env-from-values`). + +For deploy-time-computed values (e.g. internal service URLs, HA postgres URL, per-HA mnemonic indices) that can't live in static YAML, set them via Terraform `custom_settings`: + ```hcl -"validator.node.env.MY_VAR" = var.MY_VALUE +"validator.env.MY_VAR" = local.computed_value ``` -This maps to Helm values that populate the pod's env section. +These end up in the same ConfigMap. ### Conditional Deployments Use ternary operators in the `helm_releases` map: + ```hcl prover = tonumber(var.PROVER_REPLICAS) > 0 ? { ... } : null ``` For dynamic multi-release generation (e.g., HA validators), use `for` expressions: + ```hcl validator_releases = tonumber(var.VALIDATOR_REPLICAS) > 0 ? { for idx in range(1 + var.VALIDATOR_HA_REPLICAS) : @@ -194,6 +237,7 @@ validator_releases = tonumber(var.VALIDATOR_REPLICAS) > 0 ? { ### Values Layering Values are applied in order (later overrides earlier): + 1. `common.yaml` 2. `{component}.yaml` 3. `{component}-resources-{profile}.yaml` @@ -203,11 +247,13 @@ Values are applied in order (later overrides earlier): ### Service Discovery Internal services use Kubernetes DNS: + ``` http://{release-name}-{component}.{namespace}.svc.cluster.local:{port} ``` Example web3signer URL: + ``` http://staging-signer-web3signer.staging.svc.cluster.local:9000/ ``` @@ -227,6 +273,7 @@ When `VALIDATOR_HA_REPLICAS > 0`, validators are deployed as **multiple Helm rel - `VALIDATOR_HA_REPLICAS=2` → 3 releases (primary + 2 HA) Example with `VALIDATOR_HA_REPLICAS=1`: + ``` validator-0 & validator-ha-1-0 share attesters 0-11 validator-1 & validator-ha-1-1 share attesters 12-23 @@ -272,6 +319,7 @@ Publishers are allocated **per replica (pod)**, not per attester key. Each relea ``` Example with 4 replicas, 4 publishers/replica, base index 5000: + - Primary (idx=0): `PUBLISHER_KEY_INDEX_START = 5000` - HA-1 (idx=1): `PUBLISHER_KEY_INDEX_START = 5000 + (1 * 4 * 4) = 5016` @@ -283,28 +331,37 @@ PUBLISHER_KEY_INDEX=$((POD_INDEX * VALIDATOR_PUBLISHERS_PER_REPLICA + PUBLISHER_ ``` The keystore uses **schema v2** with a top-level `publisher` array shared by all validators on the pod: + ```json -{"schemaVersion": 2, "publisher": ["0x1", "0x2", "0x3", "0x4"], "validators": [{"attester": "..."}]} +{ + "schemaVersion": 2, + "publisher": ["0x1", "0x2", "0x3", "0x4"], + "validators": [{ "attester": "..." }] +} ``` This ensures each release uses non-overlapping publisher key ranges while decoupling publisher count from attester count. **HA coordination:** + - Both releases connect to shared PostgreSQL via `VALIDATOR_HA_DATABASE_URL` - Database prevents double-signing by the same attester - If one pod dies, its HA partner continues signing ### Provers + - Generate validity proofs for epochs - Broker distributes proving jobs to agents - Agents can scale horizontally ### RPC Nodes + - Serve public API endpoints - Optional ingress with GCP backend config - Archive nodes for historical data ### Boot Nodes + - P2P bootstrap for network discovery - Internal boot node optional (can use external) @@ -315,6 +372,7 @@ This ensures each release uses non-overlapping publisher key ranges while decoup 3. **New Helm chart**: Add to `spartan/` root (follow aztec-keystore pattern) For new modules, follow the web3signer pattern: + - `main.tf`: Helm release(s) and supporting resources - `variables.tf`: Input variables - `outputs.tf`: Service URLs and other outputs diff --git a/spartan/aztec-bot/Chart.lock b/spartan/aztec-bot/Chart.lock new file mode 100644 index 000000000000..ed13677d6589 --- /dev/null +++ b/spartan/aztec-bot/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: aztec-node + repository: "" + version: 0.1.0 +digest: sha256:a8afaf5383b8e820d533af5bbf78c08b88a4f7ec6c39f482f56ae6e4a9cdfcd1 +generated: "2026-04-23T09:57:04.219240849Z" diff --git a/spartan/aztec-node/templates/_pod-template.yaml b/spartan/aztec-node/templates/_pod-template.yaml index 386163bbe885..6b687c6be81a 100644 --- a/spartan/aztec-node/templates/_pod-template.yaml +++ b/spartan/aztec-node/templates/_pod-template.yaml @@ -137,6 +137,14 @@ spec: mountPath: {{ .Values.node.storage.dataDirectory }} {{- end }} envFrom: + {{- /* + Pod env vars come from the env ConfigMap built from .Values.env (single + source of truth, populated from per-network YAMLs by the loader). + */}} + {{- if .Values.env }} + - configMapRef: + name: {{ include "chart.fullname" . }}-env-from-values + {{- end }} {{- if .Values.node.configMap.envEnabled }} - configMapRef: name: {{ include "chart.fullname" . }}-env @@ -146,6 +154,11 @@ spec: name: {{ include "chart.fullname" . }}-env {{- end }} env: + {{- /* + Only env vars that depend on k8s pod metadata or chart-shape (service + ports, paths derived from storage volumes, JS runtime flags, admin API + key auth) live here. Everything else flows from .Values.env above. + */}} - name: POD_IP valueFrom: fieldRef: @@ -166,22 +179,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - {{- if .Values.global.customAztecNetwork.l1ChainId }} - - name: L1_CHAIN_ID - value: "{{ .Values.global.customAztecNetwork.l1ChainId }}" - {{- end }} - {{- if .Values.global.customAztecNetwork.registryContractAddress }} - - name: REGISTRY_CONTRACT_ADDRESS - value: "{{ .Values.global.customAztecNetwork.registryContractAddress }}" - {{- end }} - {{- if .Values.global.customAztecNetwork.feeAssetHandlerContractAddress }} - - name: FEE_ASSET_HANDLER_CONTRACT_ADDRESS - value: "{{ .Values.global.customAztecNetwork.feeAssetHandlerContractAddress }}" - {{- end }} - {{- if .Values.global.aztecNetwork }} - - name: NETWORK - value: "{{ .Values.global.aztecNetwork }}" - {{- end }} - name: NODE_OPTIONS value: {{ join " " .Values.node.nodeJsOptions | quote }} - name: AZTEC_PORT @@ -195,132 +192,20 @@ spec: - name: AZTEC_DISABLE_ADMIN_API_KEY value: "true" {{- end }} - - name: LOG_LEVEL - value: "{{ .Values.node.logLevel }}" - - name: LOG_JSON - value: "1" - - name: P2P_ENABLED - value: "{{ .Values.service.p2p.enabled }}" - name: P2P_PORT value: "{{ .Values.service.p2p.port }}" - name: P2P_BROADCAST_PORT value: "{{ .Values.service.p2p.announcePort }}" - - name: PROVER_REAL_PROOFS - value: "{{ .Values.node.proverRealProofs }}" - - name: SENTINEL_ENABLED - value: "{{ .Values.node.sentinel.enabled }}" - {{- if .Values.node.slash.validatorsAlways }} - - name: SLASH_VALIDATORS_ALWAYS - value: {{ join "," .Values.node.slash.validatorsAlways | quote }} - {{- end }} - {{- if .Values.node.slash.validatorsNever }} - - name: SLASH_VALIDATORS_NEVER - value: {{ join "," .Values.node.slash.validatorsNever | quote }} - {{- end }} - {{- if .Values.node.slash.prunePenalty }} - - name: SLASH_PRUNE_PENALTY - value: {{ .Values.node.slash.prunePenalty | quote }} - {{- end }} - {{- if .Values.node.slash.dataWithholdingPenalty }} - - name: SLASH_DATA_WITHHOLDING_PENALTY - value: {{ .Values.node.slash.dataWithholdingPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.inactivityPenalty }} - - name: SLASH_INACTIVITY_PENALTY - value: {{ .Values.node.slash.inactivityPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.inactivityTargetPercentage }} - - name: SLASH_INACTIVITY_TARGET_PERCENTAGE - value: {{ .Values.node.slash.inactivityTargetPercentage | quote }} - {{- end }} - {{- if .Values.node.slash.invalidBlockPenalty }} - - name: SLASH_INVALID_BLOCK_PENALTY - value: {{ .Values.node.slash.invalidBlockPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.proposeInvalidAttestationsPenalty }} - - name: SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY - value: {{ .Values.node.slash.proposeInvalidAttestationsPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.duplicateProposalPenalty }} - - name: SLASH_DUPLICATE_PROPOSAL_PENALTY - value: {{ .Values.node.slash.duplicateProposalPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.duplicateAttestationPenalty }} - - name: SLASH_DUPLICATE_ATTESTATION_PENALTY - value: {{ .Values.node.slash.duplicateAttestationPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.attestDescendantOfInvalidPenalty }} - - name: SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY - value: {{ .Values.node.slash.attestDescendantOfInvalidPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.unknownPenalty }} - - name: SLASH_UNKNOWN_PENALTY - value: {{ .Values.node.slash.unknownPenalty | quote }} - {{- end }} - {{- if .Values.node.slash.gracePeriodL2Slots }} - - name: SLASH_GRACE_PERIOD_L2_SLOTS - value: {{ .Values.node.slash.gracePeriodL2Slots | quote }} - {{- end }} - {{- if .Values.node.slash.offenseExpirationRounds }} - - name: SLASH_OFFENSE_EXPIRATION_ROUNDS - value: {{ .Values.node.slash.offenseExpirationRounds | quote }} - {{- end }} - {{- if .Values.node.slash.maxPayloadSize }} - - name: SLASH_MAX_PAYLOAD_SIZE - value: {{ .Values.node.slash.maxPayloadSize | quote }} - {{- end }} - {{- if gt (len .Values.global.l1ExecutionUrls) 0 }} - - name: ETHEREUM_HOSTS - value: {{ join "," .Values.global.l1ExecutionUrls | quote }} - {{- end }} - {{- if gt (len .Values.global.l1ConsensusUrls) 0 }} - - name: L1_CONSENSUS_HOST_URLS - value: {{ join "," .Values.global.l1ConsensusUrls | quote }} - - name: L1_CONSENSUS_HOST_API_KEYS - value: {{ .Values.global.l1ConsensusHostApiKeys | quote }} - - name: L1_CONSENSUS_HOST_API_KEY_HEADERS - value: {{ .Values.global.l1ConsensusHostApiKeyHeaders | quote }} - {{- end }} - name: DATA_DIRECTORY value: "{{ .Values.node.storage.dataDirectory }}/data" - name: CRS_PATH value: "{{ .Values.node.storage.dataDirectory }}/crs" - - name: DATA_STORE_MAP_SIZE_KB - value: {{ .Values.node.storage.dataStoreMapSize | quote }} - - name: WS_DB_MAP_SIZE_KB - value: {{ .Values.node.storage.worldStateMapSize | quote }} - - name: USE_GCLOUD_LOGGING - value: {{ .Values.global.useGcloudLogging | quote }} - - name: SPONSORED_FPC - value: {{ .Values.global.sponsoredFPC | quote }} - - name: TEST_ACCOUNTS - value: {{ .Values.global.testAccounts | quote }} - {{- if .Values.global.otelCollectorEndpoint }} - {{- if .Values.node.otelIncludeMetrics }} - - name: OTEL_INCLUDE_METRICS - value: {{ .Values.node.otelIncludeMetrics | quote }} - {{- end }} - {{- if .Values.node.otelExcludeMetrics }} - - name: OTEL_EXCLUDE_METRICS - value: {{ .Values.node.otelExcludeMetrics | quote }} - {{- end }} - - name: OTEL_EXPORTER_OTLP_METRICS_ENDPOINT - value: "{{ .Values.global.otelCollectorEndpoint }}/v1/metrics" - - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT - value: "{{ .Values.global.otelCollectorEndpoint }}/v1/traces" - - name: OTEL_EXPORTER_OTLP_LOGS_ENDPOINT - value: "{{ .Values.global.otelCollectorEndpoint }}/v1/logs" - {{- end }} {{- if .Values.node.coinbase }} - name: COINBASE value: {{ .Values.node.coinbase | quote }} - name: PROVER_ID value: {{ .Values.node.coinbase | quote }} {{- end }} - {{- range $key, $value := .Values.node.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} ports: - containerPort: {{ .Values.service.rpc.port }} name: rpc diff --git a/spartan/aztec-node/templates/env.configmap.yaml b/spartan/aztec-node/templates/env.configmap.yaml new file mode 100644 index 000000000000..48247b578a0a --- /dev/null +++ b/spartan/aztec-node/templates/env.configmap.yaml @@ -0,0 +1,17 @@ +{{- /* + Generic env ConfigMap built from .Values.env (UPPER_SNAKE keys). + Mounted via envFrom in _pod-template.yaml. + Only rendered when .Values.env has at least one key. +*/}} +{{- if .Values.env }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "chart.fullname" . }}-env-from-values + labels: + {{- include "chart.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.env }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- end }} diff --git a/spartan/aztec-node/values.yaml b/spartan/aztec-node/values.yaml index ff52ba990a61..7ccc19f8dc15 100644 --- a/spartan/aztec-node/values.yaml +++ b/spartan/aztec-node/values.yaml @@ -48,6 +48,13 @@ global: # -- Use host network - this will disable nodePort service and use host networking instead hostNetwork: false +# -- Pod environment variables. Keys here become env vars on the pod via a +# generated ConfigMap (envFrom). Use UPPER_SNAKE_CASE keys matching the actual +# env var names, e.g. PROVER_REAL_PROOFS, LOG_LEVEL, SLASH_PRUNE_PENALTY. +# This is the single source of truth for runtime config; populated by +# spartan/scripts/load_network_config.sh from per-network YAMLs. +env: {} + # -- Number of replicas replicaCount: 1 @@ -69,11 +76,11 @@ affinity: null tolerations: [] topologySpreadConstraints: [] -# -- Aztec node configuration +# -- Aztec node configuration. This block holds k8s-shape and chart-internal +# configuration. All pod runtime env vars (LOG_LEVEL, PROVER_REAL_PROOFS, +# SENTINEL_ENABLED, SLASH_*, etc.) belong in the top-level `env:` map above, +# not here. node: - # -- Log level - info, verbose, debug, trace - logLevel: "info" - preStartScript: null startCmd: @@ -84,12 +91,6 @@ node: repository: "" tag: "" - env: {} - - envFrom: - configMapEnabled: false - secretEnabled: false - configMap: envEnabled: false extraScriptsEnabled: false @@ -110,17 +111,9 @@ node: # the address that will receive block or proof rewards coinbase: - # -- Exclude metrics - comma separated list of metrics to exclude - otelExcludeMetrics: null - otelIncludeMetrics: null - storage: # -- Data directory dataDirectory: /data - # -- Data store map size in kB. (per database) - dataStoreMapSize: "134217728" # 128 GB - # -- World state map size in kB (per merkle tree) - worldStateMapSize: "134217728" # 128 GB nodeJsOptions: - --no-warnings @@ -139,28 +132,6 @@ node: resources: {} - proverRealProofs: true - - sentinel: - enabled: true - slash: - # Validator allowlists/denylists - validatorsAlways: [] - validatorsNever: [] - # Penalty amounts for different offense types - prunePenalty: "" - dataWithholdingPenalty: "" - inactivityPenalty: "" - inactivityTargetPercentage: "" - invalidBlockPenalty: "" - proposeInvalidAttestationsPenalty: "" - attestDescendantOfInvalidPenalty: "" - unknownPenalty: "" - # Slasher behavior configuration - gracePeriodL2Slots: "" - offenseExpirationRounds: "" - maxPayloadSize: "" - persistence: # -- Uses an emptyDir when not enabled enabled: false diff --git a/spartan/aztec-validator/Chart.lock b/spartan/aztec-validator/Chart.lock index 038dc9f8077b..559f2ece2ad6 100644 --- a/spartan/aztec-validator/Chart.lock +++ b/spartan/aztec-validator/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: aztec-node repository: "" version: 0.1.0 -digest: sha256:3bf62f61f0249c0b01785af1d179b8d8b173e35dab496497900675d8d2a600ee -generated: "2025-06-09T16:01:11.090038532Z" +digest: sha256:f268e8cbe1b22f0b06ec1caab8eff1c24817f7fffe741c8841dccd460f8e7165 +generated: "2026-04-23T09:57:22.770738996Z" diff --git a/spartan/environments/alpha-net.env b/spartan/environments/alpha-net.env deleted file mode 100644 index 563054a0f9bb..000000000000 --- a/spartan/environments/alpha-net.env +++ /dev/null @@ -1,91 +0,0 @@ -NAMESPACE=${NAMESPACE:-alpha-net} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a -DESTROY_NAMESPACE=true -DESTROY_ETH_DEVNET=true -CREATE_ETH_DEVNET=${CREATE_ETH_DEVNET:-true} -AZTEC_EPOCH_DURATION=8 -AZTEC_SLOT_DURATION=72 -AZTEC_PROOF_SUBMISSION_EPOCHS=2 -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -# CREATE_CHAOS_MESH=true - -# Install chaos mesh peer isolation after Aztec infra deploys. Validators, -# RPC nodes, and prover nodes can only peer with full-nodes, not each other. -# Requires P2P_PUBLIC_IP=false so P2P uses pod IPs that iptables rules can match. -P2P_PUBLIC_IP=false -CHAOS_MESH_SCENARIOS_FILE=network-requirements.yaml - -AZTEC_MANA_TARGET=2147483647 - -P2P_TX_POOL_DELETE_TXS_AFTER_REORG=true - -# For mbps -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -SEQ_BLOCK_DURATION_MS=6000 -SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT=5 - -CREATE_ROLLUP_CONTRACTS=true -REDEPLOY_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=false -DESTROY_AZTEC_INFRA=true - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=12 -VALIDATORS_PER_NODE=4 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="2-core-dedicated" - -REAL_VERIFIER=false - -RPC_REPLICAS=12 -RPC_INGRESS_ENABLED=false - -FULL_NODE_REPLICAS=500 -FULL_NODE_RESOURCE_PROFILE="2-core-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=128 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_AGENT_POLL_INTERVAL_MS=10000 - -RUN_TESTS=false - -PROVER_TEST_DELAY_TYPE=fixed - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=5 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=0 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 -SPONSORED_FPC=true - -SEQ_MAX_TX_PER_CHECKPOINT=72 -SEQ_MIN_TX_PER_BLOCK=1 -SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER=1 - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -# Enable latency mesaruement for p2p messages -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -# Inject artificial delay of proof verification for all nodes -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -FULL_NODE_INCLUDE_METRICS="aztec.p2p.gossip.agg_" -LOG_LEVEL=info - diff --git a/spartan/environments/block-capacity.env b/spartan/environments/block-capacity.env deleted file mode 100644 index bc98dfd21cc2..000000000000 --- a/spartan/environments/block-capacity.env +++ /dev/null @@ -1,48 +0,0 @@ -NAMESPACE=${NAMESPACE:-block-capacity} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a - -AZTEC_EPOCH_DURATION=8 -AZTEC_SLOT_DURATION=72 -AZTEC_PROOF_SUBMISSION_EPOCHS=4 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -CREATE_ETH_DEVNET=true -DESTROY_NAMESPACE=true -DESTROY_AZTEC_INFRA=true -CREATE_ROLLUP_CONTRACTS=true -REDEPLOY_ROLLUP_CONTRACTS=true - -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=1 -VALIDATORS_PER_NODE=48 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="prod-hi-tps" - -REAL_VERIFIER=false - -RPC_REPLICAS=1 -RPC_INGRESS_ENABLED=false - -PROVER_REPLICAS=10 -PROVER_RESOURCE_PROFILE="dev" -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_AGENT_POLL_INTERVAL_MS=10000 -PUBLISHERS_PER_PROVER=1 - -PROVER_TEST_DELAY_TYPE=realistic -DEBUG_FORCE_TX_PROOF_VERIFICATION=true - -SEQ_MAX_TX_PER_BLOCK=72000 # 1000 tps -SEQ_MIN_TX_PER_BLOCK=0 -SEQ_ENFORCE_TIME_TABLE=true -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -LOG_LEVEL="debug; info: json-rpc, simulator" - diff --git a/spartan/environments/devnet.env b/spartan/environments/devnet.env deleted file mode 100644 index e78d04742203..000000000000 --- a/spartan/environments/devnet.env +++ /dev/null @@ -1,79 +0,0 @@ -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-private - -NETWORK="devnet" -NAMESPACE=${NAMESPACE:-devnet} - -# Compute mnemonic index offset from namespace to avoid nonce conflicts -# between concurrent devnets sharing the same mnemonic on the same L1. -# Namespace format: v-devnet- (e.g., v4-devnet-2) -MNEMONIC_INDEX_OFFSET=0 -if [[ "${NAMESPACE}" =~ ^v([0-9]+)-devnet-([0-9]+)$ ]]; then - MNEMONIC_INDEX_OFFSET=$(( ${BASH_REMATCH[1]} * 100000 + (${BASH_REMATCH[2]} - 1) * 10000 )) -fi - -CREATE_ETH_DEVNET=false -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET - -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-devnet-mnemonic -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-"devnet/$NAMESPACE/snapshots"} -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-"devnet/$NAMESPACE/blobs"} -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET - -VERIFY_CONTRACTS=false -CREATE_ROLLUP_CONTRACTS=${CREATE_ROLLUP_CONTRACTS:-false} -USE_NETWORK_CONFIG=${USE_NETWORK_CONFIG:-false} - -DEPLOY_INTERNAL_BOOTNODE=false - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 -AZTEC_SLOT_DURATION=36 -AZTEC_EPOCH_DURATION=8 -TEST_ACCOUNTS=false -SPONSORED_FPC=false -FLUSH_ENTRY_QUEUE=true - -VALIDATOR_REPLICAS=1 -VALIDATORS_PER_NODE=1 -TOTAL_VALIDATORS=$((VALIDATOR_REPLICAS * VALIDATORS_PER_NODE)) -AZTEC_TARGET_COMMITTEE_SIZE=1 - -VALIDATOR_MNEMONIC_START_INDEX=$((1 + MNEMONIC_INDEX_OFFSET)) -VALIDATOR_INDICES=$(seq -s ',' $VALIDATOR_MNEMONIC_START_INDEX $((VALIDATOR_MNEMONIC_START_INDEX + TOTAL_VALIDATORS - 1))) -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=$((5000 + MNEMONIC_INDEX_OFFSET)) -VALIDATOR_PUBLISHERS_PER_REPLICA=8 - -SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT=12 -SEQ_BLOCK_DURATION_MS=6000 -SEQ_MIN_TX_PER_BLOCK=1 -SEQ_MAX_TX_PER_BLOCK=32 - -PROVER_PUBLISHER_MNEMONIC_START_INDEX=$((8000 + MNEMONIC_INDEX_OFFSET)) -PUBLISHERS_PER_PROVER=1 -PROVER_REPLICAS=1 -PROVER_AGENTS_PER_PROVER=4 - -BOT_TRANSFERS_REPLICAS=0 -BOT_SWAPS_REPLICAS=0 - -REAL_VERIFIER=false -PROVER_RESOURCE_PROFILE="dev" -DEBUG_FORCE_TX_PROOF_VERIFICATION=true - -RPC_INGRESS_ENABLED=true -RPC_INGRESS_HOSTS="[\"$NAMESPACE.aztec-labs.com\"]" -RPC_INGRESS_STATIC_IP_NAME=$NAMESPACE-rpc-ip -RPC_INGRESS_SSL_CERT_NAMES="[\"$NAMESPACE-rpc-cert\"]" - -WS_NUM_HISTORIC_CHECKPOINTS=300 diff --git a/spartan/environments/five-tps-long-epoch.env b/spartan/environments/five-tps-long-epoch.env deleted file mode 100644 index b8ed75aa4346..000000000000 --- a/spartan/environments/five-tps-long-epoch.env +++ /dev/null @@ -1,75 +0,0 @@ -NAMESPACE=${NAMESPACE:-five-tps} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a -DESTROY_NAMESPACE=true -DESTROY_ETH_DEVNET=true -CREATE_ETH_DEVNET=${CREATE_ETH_DEVNET:-true} -AZTEC_EPOCH_DURATION=32 -AZTEC_SLOT_DURATION=36 -AZTEC_PROOF_SUBMISSION_EPOCHS=2 -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -# CREATE_CHAOS_MESH=true - -AZTEC_MANA_TARGET=2147483647 - -CREATE_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=false -DESTROY_AZTEC_INFRA=true - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=12 -VALIDATORS_PER_NODE=4 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="2-core-dedicated" - -REAL_VERIFIER=false - -RPC_REPLICAS=12 -RPC_INGRESS_ENABLED=false - -FULL_NODE_REPLICAS=500 -FULL_NODE_RESOURCE_PROFILE="2-core-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=64 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_AGENT_POLL_INTERVAL_MS=10000 - -RUN_TESTS=false - -PROVER_TEST_DELAY_TYPE=fixed - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=20 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=0 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 - -SEQ_MAX_TX_PER_CHECKPOINT=180 -SEQ_MIN_TX_PER_BLOCK=1 - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -# Enable latency mesaruement for p2p messages -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -# Inject artificial delay of proof verification for all nodes -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -FULL_NODE_INCLUDE_METRICS="aztec.p2p.gossip.agg_" -LOG_LEVEL=info - diff --git a/spartan/environments/five-tps-short-epoch.env b/spartan/environments/five-tps-short-epoch.env deleted file mode 100644 index e78badea2365..000000000000 --- a/spartan/environments/five-tps-short-epoch.env +++ /dev/null @@ -1,75 +0,0 @@ -NAMESPACE=${NAMESPACE:-five-tps} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a -DESTROY_NAMESPACE=true -DESTROY_ETH_DEVNET=true -CREATE_ETH_DEVNET=${CREATE_ETH_DEVNET:-true} -AZTEC_EPOCH_DURATION=8 -AZTEC_SLOT_DURATION=36 -AZTEC_PROOF_SUBMISSION_EPOCHS=10 -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -# CREATE_CHAOS_MESH=true - -AZTEC_MANA_TARGET=2147483647 - -CREATE_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=false -DESTROY_AZTEC_INFRA=true - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=12 -VALIDATORS_PER_NODE=4 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="2-core-dedicated" - -REAL_VERIFIER=false - -RPC_REPLICAS=12 -RPC_INGRESS_ENABLED=false - -FULL_NODE_REPLICAS=500 -FULL_NODE_RESOURCE_PROFILE="2-core-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=64 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_AGENT_POLL_INTERVAL_MS=10000 - -RUN_TESTS=false - -PROVER_TEST_DELAY_TYPE=fixed - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=5 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=0 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 - -SEQ_MAX_TX_PER_CHECKPOINT=180 -SEQ_MIN_TX_PER_BLOCK=1 - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -# Enable latency mesaruement for p2p messages -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -# Inject artificial delay of proof verification for all nodes -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -FULL_NODE_INCLUDE_METRICS="aztec.p2p.gossip.agg_" -LOG_LEVEL=info - diff --git a/spartan/environments/kind-minimal.env b/spartan/environments/kind-minimal.env deleted file mode 100644 index c70b55aede50..000000000000 --- a/spartan/environments/kind-minimal.env +++ /dev/null @@ -1,56 +0,0 @@ -# KIND environment for local Kubernetes testing -# Minimal setup with fast epochs for quick iteration - -NAMESPACE=${NAMESPACE:-kind} -CLUSTER=kind -CREATE_ETH_DEVNET=true -CREATE_ROLLUP_CONTRACTS=true -CREATE_AZTEC_INFRA=true -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -L1_ACCOUNT_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -REAL_VERIFIER=false -SENTINEL_ENABLED=false - -# Fast epoch timing for quick iteration -AZTEC_SLOT_DURATION=24 -AZTEC_EPOCH_DURATION=4 -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=1 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_ACTIVATION_THRESHOLD=100000000000000000000 -AZTEC_EJECTION_THRESHOLD=50000000000000000000 -AZTEC_LOCAL_EJECTION_THRESHOLD=95000000000000000000 -AZTEC_SLASH_AMOUNT_SMALL=5000000000000000000 -AZTEC_SLASH_AMOUNT_MEDIUM=10000000000000000000 -AZTEC_SLASH_AMOUNT_LARGE=15000000000000000000 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -# Governance settings from next-scenario.env (required for upgrade test) -AZTEC_GOVERNANCE_PROPOSER_QUORUM=11 -AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE=20 -AZTEC_GOVERNANCE_VOTING_DURATION=300 - -R2_ACCESS_KEY_ID="" -R2_SECRET_ACCESS_KEY="" - -OTEL_COLLECTOR_ENDPOINT="http://metrics-opentelemetry-collector.metrics:4318" - -# Docker image - use AZTEC_DOCKER_IMAGE if already set (e.g., by CI), otherwise default -AZTEC_DOCKER_IMAGE=${AZTEC_DOCKER_IMAGE:-aztecprotocol/aztec:latest} - -# Validators - minimal setup for upgrade test -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -# Provers - minimal for faster testing -PROVER_REPLICAS=1 -PROVER_AGENTS_PER_PROVER=1 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PUBLISHERS_PER_PROVER=1 - -# RPC -RPC_REPLICAS=1 diff --git a/spartan/environments/kind-provers.env b/spartan/environments/kind-provers.env deleted file mode 100644 index f6e0482d7e1a..000000000000 --- a/spartan/environments/kind-provers.env +++ /dev/null @@ -1,53 +0,0 @@ -# KIND environment spec'd for a 192 core machine. -# Values here chosen to mirror next-scenario.env, with adjustments for 192 cores. - -NAMESPACE=${NAMESPACE:-kind} -CLUSTER=kind -CREATE_ETH_DEVNET=true -CREATE_ROLLUP_CONTRACTS=true -CREATE_AZTEC_INFRA=true -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -L1_ACCOUNT_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -SENTINEL_ENABLED=false - -# Epoch and slot timing -AZTEC_SLOT_DURATION=36 -AZTEC_EPOCH_DURATION=32 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -# Slashing settings -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=17 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=2 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 - -# Governance settings -AZTEC_GOVERNANCE_PROPOSER_QUORUM=11 -AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE=20 -AZTEC_GOVERNANCE_VOTING_DURATION=300 - -R2_ACCESS_KEY_ID="" -R2_SECRET_ACCESS_KEY="" - -OTEL_COLLECTOR_ENDPOINT="http://metrics-opentelemetry-collector.metrics:4318" - -# Validators -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 # We allocate 0.5 per validator, so 4 * 0.5 * 12 = 24 cores total -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -# Provers -PROVER_REPLICAS=8 # 16 * 16 = 128 cores total -PROVER_AGENTS_PER_PROVER=1 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PUBLISHERS_PER_PROVER=1 - -# RPC -RPC_REPLICAS=2 - -# DO NOT auto-run tests - we want to run manually -RUN_TESTS=false -PROVER_RESOURCE_PROFILE=kind-provers diff --git a/spartan/environments/mainnet.env b/spartan/environments/mainnet.env deleted file mode 100644 index 2315e53d29d0..000000000000 --- a/spartan/environments/mainnet.env +++ /dev/null @@ -1,58 +0,0 @@ -NETWORK=${NETWORK:-mainnet} -L1_NETWORK=${L1_NETWORK:-mainnet} -ETHEREUM_CHAIN_ID=${ETHEREUM_CHAIN_ID:-1} - -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-public -NAMESPACE=${NAMESPACE:-mainnet} - -CREATE_ROLLUP_CONTRACTS=false -VERIFY_CONTRACTS=false -DEPLOY_INTERNAL_BOOTNODE=false -VALIDATOR_REPLICAS=0 -RPC_REPLICAS=1 -PROVER_REPLICAS=4 - -CREATE_RPC_INGRESS=true -CREATE_RPC_DNS=true -RPC_INGRESS_HOSTS='["mainnet.rpc.aztec-labs.com"]' -RPC_INGRESS_SESSION_AFFINITY=CLIENT_IP -RPC_INGRESS_LOG_SAMPLE_RATE=1.0 -RPC_CLOUD_ARMOR_POLICY_NAME=mainnet-rpc-policy - -FISHERMAN_REPLICAS=1 -FISHERMAN_MNEMONIC_START_INDEX=1 -PROVER_NODE_DISABLE_PROOF_PUBLISH=true - -RPC_RESOURCE_PROFILE=mainnet -BLOB_SINK_RESOURCE_PROFILE=mainnet -PROVER_RESOURCE_PROFILE=mainnet - -LOG_LEVEL=info -FISHERMAN_LOG_LEVEL=info -USE_NETWORK_CONFIG=true - -PROVER_FAILED_PROOF_STORE=gs://aztec-develop/mainnet/failed-proofs -L1_TX_FAILED_STORE=gs://aztec-develop/mainnet/failed-l1-txs - -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -# intentionally left blank -FUNDING_PRIVATE_KEY="" -ROLLUP_DEPLOYMENT_PRIVATE_KEY="" - -SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-mainnet} - -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-mainnet/blobs} -BLOB_FILE_STORE_URLS="," - -TX_FILE_STORE_ENABLED=true -TX_FILE_STORE_BUCKET_DIRECTORY=${TX_FILE_STORE_BUCKET_DIRECTORY:-mainnet/txs} -TX_COLLECTION_FILE_STORE_URLS="https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" - -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET diff --git a/spartan/environments/mbps-net.env b/spartan/environments/mbps-net.env deleted file mode 100644 index 4357bf8fc037..000000000000 --- a/spartan/environments/mbps-net.env +++ /dev/null @@ -1,68 +0,0 @@ -CREATE_ETH_DEVNET=false -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-private -NETWORK=next-net -NAMESPACE=mbps-net -DESTROY_NAMESPACE=true -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -VERIFY_CONTRACTS=false -ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET -DEPLOY_INTERNAL_BOOTNODE=true -STORE_SNAPSHOT_URL= -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-next-net/blobs} -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET -PROVER_FAILED_PROOF_STORE=gs://aztec-develop/next-net/failed-proofs -TEST_ACCOUNTS=true -SPONSORED_FPC=true -SEQ_MIN_TX_PER_BLOCK=0 -SEQ_MAX_TX_PER_BLOCK=8 -AZTEC_EPOCH_DURATION=8 -REAL_VERIFIER=false -PROVER_REAL_PROOFS=false - -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -SEQ_BLOCK_DURATION_MS=6000 -LOG_LEVEL=verbose - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=2 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=2 - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 - -BOT_TRANSFERS_REPLICAS=1 -BOT_TRANSFERS_TX_INTERVAL_SECONDS=4 -BOT_TRANSFERS_FOLLOW_CHAIN=PROPOSED -BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP=proposed - -BOT_SWAPS_REPLICAS=1 -BOT_SWAPS_TX_INTERVAL_SECONDS=4 -BOT_SWAPS_FOLLOW_CHAIN=PROPOSED -BOT_SWAPS_PXE_SYNC_CHAIN_TIP=proposed - -BOT_CROSS_CHAIN_REPLICAS=1 -BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS=8 -BOT_CROSS_CHAIN_FOLLOW_CHAIN=PROPOSED -BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP=proposed - -REDEPLOY_ROLLUP_CONTRACTS=true - -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -VALIDATOR_HA_REPLICAS=1 -VALIDATOR_RESOURCE_PROFILE="prod-spot" - diff --git a/spartan/environments/mbps-pipeline.env b/spartan/environments/mbps-pipeline.env deleted file mode 100644 index fa00ac5c9f88..000000000000 --- a/spartan/environments/mbps-pipeline.env +++ /dev/null @@ -1,69 +0,0 @@ -CREATE_ETH_DEVNET=true -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-private -NETWORK=next-net -NAMESPACE=mbps-pipe -DESTROY_NAMESPACE=true -ETHEREUM_CHAIN_ID=1337 -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -DEPLOY_INTERNAL_BOOTNODE=true -TEST_ACCOUNTS=true -SPONSORED_FPC=true -SEQ_MIN_TX_PER_BLOCK=0 -SEQ_MAX_TX_PER_BLOCK=8 -AZTEC_EPOCH_DURATION=8 -REAL_VERIFIER=false -PROVER_REAL_PROOFS=false - -CREATE_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=false -DESTROY_AZTEC_INFRA=true - -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -SEQ_BLOCK_DURATION_MS=5500 -SEQ_MAX_TX_PER_CHECKPOINT=96 -SEQ_ENABLE_PROPOSER_PIPELINING=true -SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER=1 -LOG_LEVEL=verbose - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=2 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=2 -AZTEC_INBOX_LAG=2 - -AZTEC_TARGET_COMMITTEE_SIZE=24 - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 - -BOT_TRANSFERS_REPLICAS=1 -BOT_TRANSFERS_TX_INTERVAL_SECONDS=4 -BOT_TRANSFERS_FOLLOW_CHAIN=PROPOSED -BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP=proposed - -BOT_SWAPS_REPLICAS=1 -BOT_SWAPS_TX_INTERVAL_SECONDS=4 -BOT_SWAPS_FOLLOW_CHAIN=PROPOSED -BOT_SWAPS_PXE_SYNC_CHAIN_TIP=proposed - -BOT_CROSS_CHAIN_REPLICAS=1 -BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS=8 -BOT_CROSS_CHAIN_FOLLOW_CHAIN=PROPOSED -BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP=proposed - -REDEPLOY_ROLLUP_CONTRACTS=true - -DEBUG_P2P_INSTRUMENT_MESSAGES=true -OTEL_COLLECT_INTERVAL_MS=10000 -OTEL_EXPORT_TIMEOUT_MS=5000 - -VALIDATOR_HA_REPLICAS=1 -VALIDATOR_RESOURCE_PROFILE="prod-spot" - diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index 4580985d17e5..917d9530ccca 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -1,19 +1,19 @@ # Network Configuration Defaults # -# This file is used for CODE GENERATION, not runtime configuration. -# It centralizes "baked-in" defaults used by yarn-project packages. +# This file is the JOINT source of truth for: +# - Code generation: TypeScript / JSON artifacts shipped with packages. +# - Runtime deployment: defaults consumed by spartan/scripts/load_network_config.sh +# and merged with per-network YAMLs at spartan/environments/networks/.yml. # -# These defaults affect: -# - End-to-end tests -# - CLI usage without environment variables -# - Default values in TypeScript config mappings +# Codegen consumers read: +# - `l1-contracts:` block (top-level anchor) -- L1 contract defaults +# - `slasher:` block (top-level anchor) -- slasher node defaults +# - `networks..env` block -- per-network env baseline # -# They are NOT read at runtime from this file. To override values for -# an existing deployment, use environment variables or a .env file. -# -# The network sections (devnet, testnet, mainnet) define presets for -# the NETWORK env var. You can target them via runtime injection and -# still override individual values. +# Runtime consumers read: +# - `_release_defaults` -- per-release helm-shape baselines (image, replicaCount, resources) +# - `networks..env` -- per-network env baseline (same as codegen) +# - `networks..` -- optional per-release overrides # # Generated outputs: # - yarn-project/ethereum/src/generated/l1-contracts-defaults.ts @@ -112,8 +112,7 @@ l1-contracts: &l1-contracts-defaults # These configure the slasher node's operational behavior. # Used by yarn-project/slasher for penalty calculation and offense tracking. -slasher: &slasher - # Rounds after which an offense expires. +slasher: &slasher # Rounds after which an offense expires. SLASH_OFFENSE_EXPIRATION_ROUNDS: 4 # Maximum size of slashing payload. SLASH_MAX_PAYLOAD_SIZE: 80 @@ -161,6 +160,26 @@ _prodlike: &prodlike P2P_ENABLED: true # Comma-separated list of bootstrap node multiaddrs. BOOTSTRAP_NODES: "" + # Gossipsub mesh degree (target / lower / upper bounds). + P2P_GOSSIPSUB_D: 6 + P2P_GOSSIPSUB_DLO: 4 + P2P_GOSSIPSUB_DHI: 12 + # Probability of dropping outgoing TXs (0-1); used in chaos tests. + P2P_DROP_TX_CHANCE: 0 + # Whether to delete TXs from the pool after a reorg. + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: false + + #--------------------------------------------------------------------------- + # Debug / Test + #--------------------------------------------------------------------------- + # Force pod to verify TX proofs even when the chain doesn't require it. + DEBUG_FORCE_TX_PROOF_VERIFICATION: false + # Instrument P2P messages with extra metrics. + DEBUG_P2P_INSTRUMENT_MESSAGES: false + # Delay (ms) injected during fake proof verification. + PROVER_TEST_VERIFICATION_DELAY_MS: 10 + # Allow blob sources to be empty (set true for prod where some slots have no blobs). + BLOB_ALLOW_EMPTY_SOURCES: false #--------------------------------------------------------------------------- # Sequencer Configuration @@ -201,151 +220,219 @@ _prodlike: &prodlike # Enable sentinel monitoring. SENTINEL_ENABLED: true -# Network presets selected via NETWORK env var; individual values can still be overridden. +#=============================================================================== +# RELEASE DEFAULTS +#=============================================================================== +# Per-release helm-shape baselines (image, replicaCount, resources). +# Each block mirrors the Helm values shape for the corresponding chart release. +# Per-network YAMLs (spartan/environments/networks/.yml) override these. +# Consumed by spartan/scripts/load_network_config.sh; not used by codegen. + +_release_defaults: + validator: + replicaCount: 0 + env: {} + prover: + node: + replicaCount: 1 + env: {} + broker: + replicaCount: 1 + env: + # Broker doesn't actually use bootstrap nodes; the chart requires the var to + # be set so its env block validates. Placeholder retained from legacy config. + BOOTSTRAP_NODES: "asdf" + agent: + replicaCount: 4 + env: + BOOTSTRAP_NODES: "asdf" + CRS_PATH: "/usr/src/crs" + rpc: + replicaCount: 1 + env: {} + archive: + replicaCount: 0 + env: + # Archive nodes hold a much larger TX pool than regular nodes. + P2P_ARCHIVED_TX_LIMIT: "10000000" + full_node: + replicaCount: 0 + env: {} + fisherman: + replicaCount: 0 + env: + # Fishermen run a sequencer-like role to detect invalid blocks. + FISHERMAN_MODE: "true" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + VALIDATORS_PER_NODE: "1" + blob_sink: + replicaCount: 0 + env: {} + bot_transfers: + replicaCount: 0 + env: {} + bot_swaps: + replicaCount: 0 + env: {} + bot_cross_chain: + replicaCount: 0 + env: {} + +#=============================================================================== +# NETWORK PRESETS +#=============================================================================== +# Selected via the `network:` field at the top of a per-deployment YAML, or +# via the NETWORK env var when consumed by the CLI / Solidity scripts. +# `.env` is the joint source of truth for codegen and runtime baseline env. +# Optional `.` blocks add per-release overrides for runtime only. + networks: devnet: - <<: *prodlike - # L1 contract overrides - faster epochs for development - AZTEC_EPOCH_DURATION: 8 - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: 1 - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: 1 - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 1 - # Network identity - L1_CHAIN_ID: 11155111 # Sepolia - # Genesis state - TEST_ACCOUNTS: true # Fund test accounts with fee juice - SPONSORED_FPC: true # Fund sponsored FPC with fee juice - TRANSACTIONS_DISABLED: false - # Sequencer - SEQ_MAX_TX_PER_BLOCK: 18 - # Prover - PROVER_REAL_PROOFS: false # Use mock proofs - PXE_PROVER_ENABLED: false # Disable PXE proving - # Sync - SYNC_SNAPSHOTS_URLS: "" - SKIP_ARCHIVER_INITIAL_SYNC: false - BLOB_ALLOW_EMPTY_SOURCES: false - # P2P - P2P_MAX_PENDING_TX_COUNT: 1000 - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: false - # Telemetry - PUBLIC_OTEL_OPT_OUT: true - PUBLIC_OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "" - PUBLIC_OTEL_COLLECT_FROM: "" - # Slasher penalties - SLASH_PRUNE_PENALTY: 10e18 - SLASH_DATA_WITHHOLDING_PENALTY: 10e18 - SLASH_INACTIVITY_TARGET_PERCENTAGE: 0.9 - SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD: 1 - SLASH_INACTIVITY_PENALTY: 10e18 - SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY: 10e18 - SLASH_DUPLICATE_PROPOSAL_PENALTY: 10e18 - SLASH_DUPLICATE_ATTESTATION_PENALTY: 10e18 - SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY: 10e18 - SLASH_UNKNOWN_PENALTY: 10e18 - SLASH_INVALID_BLOCK_PENALTY: 10e18 - SLASH_GRACE_PERIOD_L2_SLOTS: 0 - ENABLE_VERSION_CHECK: true + env: + <<: *prodlike + # L1 contract overrides - faster epochs for development + AZTEC_EPOCH_DURATION: 8 + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: 1 + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: 1 + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 1 + # Network identity + L1_CHAIN_ID: 11155111 # Sepolia + # Genesis state + TEST_ACCOUNTS: true # Fund test accounts with fee juice + SPONSORED_FPC: true # Fund sponsored FPC with fee juice + TRANSACTIONS_DISABLED: false + # Sequencer + SEQ_MAX_TX_PER_BLOCK: 18 + # Prover + PROVER_REAL_PROOFS: false # Use mock proofs + PXE_PROVER_ENABLED: false # Disable PXE proving + # Sync + SYNC_SNAPSHOTS_URLS: "" + SKIP_ARCHIVER_INITIAL_SYNC: false + BLOB_ALLOW_EMPTY_SOURCES: false + # P2P + P2P_MAX_PENDING_TX_COUNT: 1000 + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: false + # Telemetry + PUBLIC_OTEL_OPT_OUT: true + PUBLIC_OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "" + PUBLIC_OTEL_COLLECT_FROM: "" + # Slasher penalties + SLASH_PRUNE_PENALTY: 10e18 + SLASH_DATA_WITHHOLDING_PENALTY: 10e18 + SLASH_INACTIVITY_TARGET_PERCENTAGE: 0.9 + SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD: 1 + SLASH_INACTIVITY_PENALTY: 10e18 + SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY: 10e18 + SLASH_DUPLICATE_PROPOSAL_PENALTY: 10e18 + SLASH_DUPLICATE_ATTESTATION_PENALTY: 10e18 + SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY: 10e18 + SLASH_UNKNOWN_PENALTY: 10e18 + SLASH_INVALID_BLOCK_PENALTY: 10e18 + SLASH_GRACE_PERIOD_L2_SLOTS: 0 + ENABLE_VERSION_CHECK: true testnet: - <<: *prodlike - # L1 contract overrides - longer slots, higher stakes - AZTEC_SLOT_DURATION: 72 - AZTEC_ACTIVATION_THRESHOLD: 200000e18 - AZTEC_EJECTION_THRESHOLD: 100000e18 - AZTEC_LOCAL_EJECTION_THRESHOLD: 199000e18 - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 2 - AZTEC_SLASHING_VETOER: "0xdfe19Da6a717b7088621d8bBB66be59F2d78e924" - AZTEC_SLASHING_QUORUM: 33 - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: 100 - AZTEC_GOVERNANCE_PROPOSER_QUORUM: 60 - AZTEC_MANA_TARGET: 75000000 - AZTEC_PROVING_COST_PER_MANA: 25000000 - AZTEC_SLASH_AMOUNT_SMALL: 100000e18 - AZTEC_SLASH_AMOUNT_MEDIUM: 100000e18 - AZTEC_SLASH_AMOUNT_LARGE: 100000e18 - # Network identity - L1_CHAIN_ID: 11155111 # Sepolia - # Genesis state - TEST_ACCOUNTS: false - SPONSORED_FPC: false - TRANSACTIONS_DISABLED: false - # Sequencer - SEQ_MAX_TX_PER_CHECKPOINT: 72 # 1 TPS - # Prover - PROVER_REAL_PROOFS: true - # P2P - P2P_MAX_PENDING_TX_COUNT: 1000 - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: true - # Slasher penalties - SLASH_PRUNE_PENALTY: 10e18 - SLASH_DATA_WITHHOLDING_PENALTY: 10e18 - SLASH_INACTIVITY_TARGET_PERCENTAGE: 0.9 - SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD: 1 - SLASH_INACTIVITY_PENALTY: 10e18 - SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY: 10e18 - SLASH_DUPLICATE_PROPOSAL_PENALTY: 10e18 - SLASH_DUPLICATE_ATTESTATION_PENALTY: 10e18 - SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY: 10e18 - SLASH_UNKNOWN_PENALTY: 10e18 - SLASH_INVALID_BLOCK_PENALTY: 10e18 - SLASH_GRACE_PERIOD_L2_SLOTS: 64 - ENABLE_VERSION_CHECK: true + env: + <<: *prodlike + # L1 contract overrides - longer slots, higher stakes + AZTEC_SLOT_DURATION: 72 + AZTEC_ACTIVATION_THRESHOLD: 200000e18 + AZTEC_EJECTION_THRESHOLD: 100000e18 + AZTEC_LOCAL_EJECTION_THRESHOLD: 199000e18 + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 2 + AZTEC_SLASHING_VETOER: "0xdfe19Da6a717b7088621d8bBB66be59F2d78e924" + AZTEC_SLASHING_QUORUM: 33 + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: 100 + AZTEC_GOVERNANCE_PROPOSER_QUORUM: 60 + AZTEC_MANA_TARGET: 75000000 + AZTEC_PROVING_COST_PER_MANA: 25000000 + AZTEC_SLASH_AMOUNT_SMALL: 100000e18 + AZTEC_SLASH_AMOUNT_MEDIUM: 100000e18 + AZTEC_SLASH_AMOUNT_LARGE: 100000e18 + # Network identity + L1_CHAIN_ID: 11155111 # Sepolia + # Genesis state + TEST_ACCOUNTS: false + SPONSORED_FPC: false + TRANSACTIONS_DISABLED: false + # Sequencer + SEQ_MAX_TX_PER_CHECKPOINT: 72 # 1 TPS + # Prover + PROVER_REAL_PROOFS: true + # P2P + P2P_MAX_PENDING_TX_COUNT: 1000 + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: true + # Slasher penalties + SLASH_PRUNE_PENALTY: 10e18 + SLASH_DATA_WITHHOLDING_PENALTY: 10e18 + SLASH_INACTIVITY_TARGET_PERCENTAGE: 0.9 + SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD: 1 + SLASH_INACTIVITY_PENALTY: 10e18 + SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY: 10e18 + SLASH_DUPLICATE_PROPOSAL_PENALTY: 10e18 + SLASH_DUPLICATE_ATTESTATION_PENALTY: 10e18 + SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY: 10e18 + SLASH_UNKNOWN_PENALTY: 10e18 + SLASH_INVALID_BLOCK_PENALTY: 10e18 + SLASH_GRACE_PERIOD_L2_SLOTS: 64 + ENABLE_VERSION_CHECK: true mainnet: - <<: *prodlike - # L1 contract overrides - production parameters - AZTEC_SLOT_DURATION: 72 - AZTEC_ACTIVATION_THRESHOLD: 200000e18 - AZTEC_EJECTION_THRESHOLD: 100000e18 - AZTEC_LOCAL_EJECTION_THRESHOLD: 190000e18 - AZTEC_SLASH_AMOUNT_SMALL: 2000e18 - AZTEC_SLASH_AMOUNT_MEDIUM: 2000e18 - AZTEC_SLASH_AMOUNT_LARGE: 2000e18 - AZTEC_SLASHING_LIFETIME_IN_ROUNDS: 34 - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 28 - AZTEC_SLASHING_VETOER: "0xBbB4aF368d02827945748b28CD4b2D42e4A37480" - AZTEC_SLASHING_QUORUM: 65 - AZTEC_GOVERNANCE_PROPOSER_QUORUM: 600 - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: 1000 - AZTEC_MANA_TARGET: 75000000 - AZTEC_PROVING_COST_PER_MANA: 25000000 - AZTEC_EXIT_DELAY_SECONDS: 345600 # 4 days - AZTEC_SLASHING_DISABLE_DURATION: 259200 # 3 days - AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: 500 - AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: 500 - AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: 1 - AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: 400 - AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: 4 - # Network identity - L1_CHAIN_ID: 1 # Ethereum mainnet - # Genesis state - no test accounts, no sponsored FPC - TEST_ACCOUNTS: false - SPONSORED_FPC: false - TRANSACTIONS_DISABLED: false - # Sequencer - SEQ_MAX_TX_PER_CHECKPOINT: 72 - # Prover - PROVER_REAL_PROOFS: true - # Sync - BLOB_ALLOW_EMPTY_SOURCES: true - # P2P - P2P_MAX_PENDING_TX_COUNT: 1000 - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: true - # Telemetry - PUBLIC_OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "" - PUBLIC_OTEL_COLLECT_FROM: "" - ENABLE_VERSION_CHECK: false - # Slasher penalties - more lenient initially - SLASH_PRUNE_PENALTY: 0 - SLASH_DATA_WITHHOLDING_PENALTY: 0 - SLASH_INACTIVITY_TARGET_PERCENTAGE: 0.8 - SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD: 2 - SLASH_INACTIVITY_PENALTY: 2000e18 - SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY: 2000e18 - SLASH_DUPLICATE_PROPOSAL_PENALTY: 2000e18 - SLASH_DUPLICATE_ATTESTATION_PENALTY: 2000e18 - SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY: 2000e18 - SLASH_UNKNOWN_PENALTY: 2000e18 - SLASH_INVALID_BLOCK_PENALTY: 2000e18 - SLASH_GRACE_PERIOD_L2_SLOTS: 1200 + env: + <<: *prodlike + # L1 contract overrides - production parameters + AZTEC_SLOT_DURATION: 72 + AZTEC_ACTIVATION_THRESHOLD: 200000e18 + AZTEC_EJECTION_THRESHOLD: 100000e18 + AZTEC_LOCAL_EJECTION_THRESHOLD: 190000e18 + AZTEC_SLASH_AMOUNT_SMALL: 2000e18 + AZTEC_SLASH_AMOUNT_MEDIUM: 2000e18 + AZTEC_SLASH_AMOUNT_LARGE: 2000e18 + AZTEC_SLASHING_LIFETIME_IN_ROUNDS: 34 + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 28 + AZTEC_SLASHING_VETOER: "0xBbB4aF368d02827945748b28CD4b2D42e4A37480" + AZTEC_SLASHING_QUORUM: 65 + AZTEC_GOVERNANCE_PROPOSER_QUORUM: 600 + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: 1000 + AZTEC_MANA_TARGET: 75000000 + AZTEC_PROVING_COST_PER_MANA: 25000000 + AZTEC_EXIT_DELAY_SECONDS: 345600 # 4 days + AZTEC_SLASHING_DISABLE_DURATION: 259200 # 3 days + AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: 500 + AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: 500 + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: 1 + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: 400 + AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: 4 + # Network identity + L1_CHAIN_ID: 1 # Ethereum mainnet + # Genesis state - no test accounts, no sponsored FPC + TEST_ACCOUNTS: false + SPONSORED_FPC: false + TRANSACTIONS_DISABLED: false + # Sequencer + SEQ_MAX_TX_PER_CHECKPOINT: 72 + # Prover + PROVER_REAL_PROOFS: true + # Sync + BLOB_ALLOW_EMPTY_SOURCES: true + # P2P + P2P_MAX_PENDING_TX_COUNT: 1000 + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: true + # Telemetry + PUBLIC_OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: "" + PUBLIC_OTEL_COLLECT_FROM: "" + ENABLE_VERSION_CHECK: false + # Slasher penalties - more lenient initially + SLASH_PRUNE_PENALTY: 0 + SLASH_DATA_WITHHOLDING_PENALTY: 0 + SLASH_INACTIVITY_TARGET_PERCENTAGE: 0.8 + SLASH_INACTIVITY_CONSECUTIVE_EPOCH_THRESHOLD: 2 + SLASH_INACTIVITY_PENALTY: 2000e18 + SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY: 2000e18 + SLASH_DUPLICATE_PROPOSAL_PENALTY: 2000e18 + SLASH_DUPLICATE_ATTESTATION_PENALTY: 2000e18 + SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY: 2000e18 + SLASH_UNKNOWN_PENALTY: 2000e18 + SLASH_INVALID_BLOCK_PENALTY: 2000e18 + SLASH_GRACE_PERIOD_L2_SLOTS: 1200 diff --git a/spartan/environments/networks/alpha-net.yml b/spartan/environments/networks/alpha-net.yml new file mode 100644 index 000000000000..90380859e7cc --- /dev/null +++ b/spartan/environments/networks/alpha-net.yml @@ -0,0 +1,64 @@ +deploy: + NAMESPACE: '${NAMESPACE:-alpha-net}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + DESTROY_NAMESPACE: 'true' + DESTROY_ETH_DEVNET: 'true' + CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' + ETHEREUM_CHAIN_ID: '1337' + CHAOS_MESH_SCENARIOS_FILE: 'network-requirements.yaml' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'false' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' + RPC_INGRESS_ENABLED: 'false' + FULL_NODE_RESOURCE_PROFILE: '2-core-spot' + PROVER_RESOURCE_PROFILE: 'hi-tps' + RUN_TESTS: 'false' + +env: + AZTEC_EPOCH_DURATION: '8' + AZTEC_SLOT_DURATION: '72' + AZTEC_PROOF_SUBMISSION_EPOCHS: '2' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + P2P_PUBLIC_IP: 'false' + AZTEC_MANA_TARGET: '2147483647' + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + SEQ_BLOCK_DURATION_MS: '6000' + SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT: '5' + REDEPLOY_ROLLUP_CONTRACTS: 'true' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '12' + VALIDATORS_PER_NODE: '4' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '12' + FULL_NODE_REPLICAS: '500' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '128' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PROVER_TEST_DELAY_TYPE: 'fixed' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '5' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SPONSORED_FPC: 'true' + SEQ_MAX_TX_PER_CHECKPOINT: '72' + SEQ_MIN_TX_PER_BLOCK: '1' + SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER: '1' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/block-capacity.yml b/spartan/environments/networks/block-capacity.yml new file mode 100644 index 000000000000..b11a4159f802 --- /dev/null +++ b/spartan/environments/networks/block-capacity.yml @@ -0,0 +1,39 @@ +deploy: + NAMESPACE: '${NAMESPACE:-block-capacity}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + CREATE_ETH_DEVNET: 'true' + DESTROY_NAMESPACE: 'true' + DESTROY_AZTEC_INFRA: 'true' + CREATE_ROLLUP_CONTRACTS: 'true' + ETHEREUM_CHAIN_ID: '1337' + VALIDATOR_RESOURCE_PROFILE: 'prod-hi-tps' + RPC_INGRESS_ENABLED: 'false' + PROVER_RESOURCE_PROFILE: 'dev' + +env: + AZTEC_EPOCH_DURATION: '8' + AZTEC_SLOT_DURATION: '72' + AZTEC_PROOF_SUBMISSION_EPOCHS: '4' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + REDEPLOY_ROLLUP_CONTRACTS: 'true' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '1' + VALIDATORS_PER_NODE: '48' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '1' + PROVER_REPLICAS: '10' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PUBLISHERS_PER_PROVER: '1' + PROVER_TEST_DELAY_TYPE: 'realistic' + DEBUG_FORCE_TX_PROOF_VERIFICATION: 'true' + SEQ_MAX_TX_PER_BLOCK: '72000 # 1000 tps' + SEQ_MIN_TX_PER_BLOCK: '0' + SEQ_ENFORCE_TIME_TABLE: 'true' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + LOG_LEVEL: 'debug; info: json-rpc, simulator' diff --git a/spartan/environments/networks/devnet.yml b/spartan/environments/networks/devnet.yml new file mode 100644 index 000000000000..4b2bf3ee82da --- /dev/null +++ b/spartan/environments/networks/devnet.yml @@ -0,0 +1,67 @@ +# Devnet (Sepolia, private GKE). +# Inherits env baseline from network-defaults.yml -> networks.devnet.env. +# MNEMONIC_INDEX_OFFSET and the *_MNEMONIC_START_INDEX values are computed by +# the loader's apply_derived (devnet's NAMESPACE pattern selects the offset). +network: devnet + +deploy: + GCP_REGION: us-west1-a + CLUSTER: aztec-gke-private + NETWORK: devnet + NAMESPACE: ${NAMESPACE:-devnet} + CREATE_ETH_DEVNET: "false" + ETHEREUM_CHAIN_ID: "11155111" + LABS_INFRA_MNEMONIC_SECRET_NAME: sepolia-labs-devnet-mnemonic + SNAPSHOT_BUCKET_DIRECTORY: ${SNAPSHOT_BUCKET_DIRECTORY:-devnet/$NAMESPACE/snapshots} + BLOB_BUCKET_DIRECTORY: ${BLOB_BUCKET_DIRECTORY:-devnet/$NAMESPACE/blobs} + VERIFY_CONTRACTS: "false" + CREATE_ROLLUP_CONTRACTS: ${CREATE_ROLLUP_CONTRACTS:-false} + USE_NETWORK_CONFIG: ${USE_NETWORK_CONFIG:-false} + PROVER_RESOURCE_PROFILE: dev + RPC_INGRESS_ENABLED: "true" + RPC_INGRESS_HOSTS: '["$NAMESPACE.aztec-labs.com"]' + RPC_INGRESS_STATIC_IP_NAME: $NAMESPACE-rpc-ip + RPC_INGRESS_SSL_CERT_NAMES: '["$NAMESPACE-rpc-cert"]' + DEPLOY_INTERNAL_BOOTNODE: "false" + # Mnemonic-index bases (loader adds MNEMONIC_INDEX_OFFSET via apply_derived). + VALIDATOR_MNEMONIC_START_INDEX: "1" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + # Counts consumed by deploy_network.sh / Terraform fan-out. + VALIDATOR_REPLICAS: "1" + VALIDATORS_PER_NODE: "1" + VALIDATOR_PUBLISHERS_PER_REPLICA: "8" + PROVER_REPLICAS: "1" + PROVER_AGENTS_PER_PROVER: "4" + PUBLISHERS_PER_PROVER: "1" + BOT_TRANSFERS_REPLICAS: "0" + BOT_SWAPS_REPLICAS: "0" + REAL_VERIFIER: "false" + +env: + # Secrets resolved by the loader via gcloud (see scripts/load_network_config.sh). + ETHEREUM_RPC_URLS: REPLACE_WITH_GCP_SECRET + ETHEREUM_CONSENSUS_HOST_URLS: REPLACE_WITH_GCP_SECRET + ETHEREUM_CONSENSUS_HOST_API_KEYS: REPLACE_WITH_GCP_SECRET + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: REPLACE_WITH_GCP_SECRET + FUNDING_PRIVATE_KEY: REPLACE_WITH_GCP_SECRET + LABS_INFRA_MNEMONIC: REPLACE_WITH_GCP_SECRET + ROLLUP_DEPLOYMENT_PRIVATE_KEY: REPLACE_WITH_GCP_SECRET + OTEL_COLLECTOR_ENDPOINT: REPLACE_WITH_GCP_SECRET + R2_ACCESS_KEY_ID: REPLACE_WITH_GCP_SECRET + R2_SECRET_ACCESS_KEY: REPLACE_WITH_GCP_SECRET + # Devnet-specific overrides on top of network-defaults.yml's networks.devnet.env baseline. + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + AZTEC_SLOT_DURATION: "36" + AZTEC_EPOCH_DURATION: "8" + AZTEC_TARGET_COMMITTEE_SIZE: "1" + TEST_ACCOUNTS: "false" + SPONSORED_FPC: "false" + FLUSH_ENTRY_QUEUE: "true" + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: "12" + SEQ_BLOCK_DURATION_MS: "6000" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_MAX_TX_PER_BLOCK: "32" + DEBUG_FORCE_TX_PROOF_VERIFICATION: "true" + WS_NUM_HISTORIC_CHECKPOINTS: "300" diff --git a/spartan/environments/networks/five-tps-long-epoch.yml b/spartan/environments/networks/five-tps-long-epoch.yml new file mode 100644 index 000000000000..00a9c54f2980 --- /dev/null +++ b/spartan/environments/networks/five-tps-long-epoch.yml @@ -0,0 +1,55 @@ +deploy: + NAMESPACE: '${NAMESPACE:-five-tps}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + DESTROY_NAMESPACE: 'true' + DESTROY_ETH_DEVNET: 'true' + CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' + ETHEREUM_CHAIN_ID: '1337' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'false' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' + RPC_INGRESS_ENABLED: 'false' + FULL_NODE_RESOURCE_PROFILE: '2-core-spot' + PROVER_RESOURCE_PROFILE: 'hi-tps' + RUN_TESTS: 'false' + +env: + AZTEC_EPOCH_DURATION: '32' + AZTEC_SLOT_DURATION: '36' + AZTEC_PROOF_SUBMISSION_EPOCHS: '2' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + AZTEC_MANA_TARGET: '2147483647' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '12' + VALIDATORS_PER_NODE: '4' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '12' + FULL_NODE_REPLICAS: '500' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '64' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PROVER_TEST_DELAY_TYPE: 'fixed' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '20' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SEQ_MAX_TX_PER_CHECKPOINT: '180' + SEQ_MIN_TX_PER_BLOCK: '1' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/five-tps-short-epoch.yml b/spartan/environments/networks/five-tps-short-epoch.yml new file mode 100644 index 000000000000..deb2a1eb3145 --- /dev/null +++ b/spartan/environments/networks/five-tps-short-epoch.yml @@ -0,0 +1,55 @@ +deploy: + NAMESPACE: '${NAMESPACE:-five-tps}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + DESTROY_NAMESPACE: 'true' + DESTROY_ETH_DEVNET: 'true' + CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' + ETHEREUM_CHAIN_ID: '1337' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'false' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' + RPC_INGRESS_ENABLED: 'false' + FULL_NODE_RESOURCE_PROFILE: '2-core-spot' + PROVER_RESOURCE_PROFILE: 'hi-tps' + RUN_TESTS: 'false' + +env: + AZTEC_EPOCH_DURATION: '8' + AZTEC_SLOT_DURATION: '36' + AZTEC_PROOF_SUBMISSION_EPOCHS: '10' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + AZTEC_MANA_TARGET: '2147483647' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '12' + VALIDATORS_PER_NODE: '4' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '12' + FULL_NODE_REPLICAS: '500' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '64' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PROVER_TEST_DELAY_TYPE: 'fixed' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '5' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SEQ_MAX_TX_PER_CHECKPOINT: '180' + SEQ_MIN_TX_PER_BLOCK: '1' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/kind-minimal.yml b/spartan/environments/networks/kind-minimal.yml new file mode 100644 index 000000000000..a073cb680d5f --- /dev/null +++ b/spartan/environments/networks/kind-minimal.yml @@ -0,0 +1,76 @@ +# KIND environment for local Kubernetes testing +# Minimal setup with fast epochs for quick iteration +# (Phase 0 spike: YAML conversion of kind-minimal.env) + +# No `network:` baseline -- KIND uses local L1 (chain id 1337), not a public preset. + +deploy: + NAMESPACE: ${NAMESPACE:-kind} + CLUSTER: kind + CREATE_ETH_DEVNET: true + CREATE_ROLLUP_CONTRACTS: true + CREATE_AZTEC_INFRA: true + +env: + # Mnemonics / keys + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + L1_ACCOUNT_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + REAL_VERIFIER: "false" + PROVER_REAL_PROOFS: "false" + SENTINEL_ENABLED: "false" + LOG_LEVEL: "info" + + # Fast epoch timing for quick iteration + AZTEC_SLOT_DURATION: "24" + AZTEC_EPOCH_DURATION: "4" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "1" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_ACTIVATION_THRESHOLD: "100000000000000000000" + AZTEC_EJECTION_THRESHOLD: "50000000000000000000" + AZTEC_LOCAL_EJECTION_THRESHOLD: "95000000000000000000" + AZTEC_SLASH_AMOUNT_SMALL: "5000000000000000000" + AZTEC_SLASH_AMOUNT_MEDIUM: "10000000000000000000" + AZTEC_SLASH_AMOUNT_LARGE: "15000000000000000000" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + + # Governance settings (required for upgrade test) + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "11" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "20" + AZTEC_GOVERNANCE_VOTING_DURATION: "300" + + R2_ACCESS_KEY_ID: "" + R2_SECRET_ACCESS_KEY: "" + + OTEL_COLLECTOR_ENDPOINT: "http://metrics-opentelemetry-collector.metrics:4318" + +# Image: AZTEC_DOCKER_IMAGE may be pre-set by CI; loader resolves ${VAR} placeholders +shared: + image: + repository: aztecprotocol/aztec + tag: ${AZTEC_DOCKER_IMAGE_TAG:-latest} + +# Validators - minimal setup for upgrade test +validator: + replicaCount: 4 + env: + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + +# Provers - minimal for faster testing +prover: + node: + replicaCount: 1 + env: + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" + agent: + replicaCount: 1 + env: + PROVER_AGENTS_PER_PROVER: "1" + +rpc: + replicaCount: 1 diff --git a/spartan/environments/networks/kind-provers.yml b/spartan/environments/networks/kind-provers.yml new file mode 100644 index 000000000000..63bb539de07a --- /dev/null +++ b/spartan/environments/networks/kind-provers.yml @@ -0,0 +1,37 @@ +deploy: + NAMESPACE: '${NAMESPACE:-kind}' + CLUSTER: 'kind' + CREATE_ETH_DEVNET: 'true' + CREATE_ROLLUP_CONTRACTS: 'true' + CREATE_AZTEC_INFRA: 'true' + RUN_TESTS: 'false' + PROVER_RESOURCE_PROFILE: 'kind-provers' + +env: + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + L1_ACCOUNT_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + SENTINEL_ENABLED: 'false' + AZTEC_SLOT_DURATION: '36' + AZTEC_EPOCH_DURATION: '32' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '17' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' + AZTEC_GOVERNANCE_VOTING_DURATION: '300' + R2_ACCESS_KEY_ID: '' + R2_SECRET_ACCESS_KEY: '' + OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12 # We allocate 0.5 per validator, so 4 * 0.5 * 12 = 24 cores total' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + PROVER_REPLICAS: '8 # 16 * 16 = 128 cores total' + PROVER_AGENTS_PER_PROVER: '1' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PUBLISHERS_PER_PROVER: '1' + RPC_REPLICAS: '2' diff --git a/spartan/environments/networks/mainnet.yml b/spartan/environments/networks/mainnet.yml new file mode 100644 index 000000000000..6395e693e5f0 --- /dev/null +++ b/spartan/environments/networks/mainnet.yml @@ -0,0 +1,45 @@ +# Auto-converted from mainnet.env -- review for correctness +network: mainnet + +deploy: + NETWORK: '${NETWORK:-mainnet}' + L1_NETWORK: '${L1_NETWORK:-mainnet}' + ETHEREUM_CHAIN_ID: '${ETHEREUM_CHAIN_ID:-1}' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-public' + NAMESPACE: '${NAMESPACE:-mainnet}' + CREATE_ROLLUP_CONTRACTS: 'false' + VERIFY_CONTRACTS: 'false' + RPC_RESOURCE_PROFILE: 'mainnet' + BLOB_SINK_RESOURCE_PROFILE: 'mainnet' + PROVER_RESOURCE_PROFILE: 'mainnet' + USE_NETWORK_CONFIG: 'true' + SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-mainnet}' + BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-mainnet/blobs}' + TX_FILE_STORE_ENABLED: 'true' + TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-mainnet/txs}' + +env: + DEPLOY_INTERNAL_BOOTNODE: 'false' + VALIDATOR_REPLICAS: '0' + RPC_REPLICAS: '1' + PROVER_REPLICAS: '4' + FISHERMAN_REPLICAS: '1' + FISHERMAN_MNEMONIC_START_INDEX: '1' + PROVER_NODE_DISABLE_PROOF_PUBLISH: 'true' + LOG_LEVEL: 'info' + FISHERMAN_LOG_LEVEL: 'info' + PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/mainnet/failed-proofs' + L1_TX_FAILED_STORE: 'gs://aztec-develop/mainnet/failed-l1-txs' + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: '' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: '' + BLOB_FILE_STORE_URLS: ',' + TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' + R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' diff --git a/spartan/environments/networks/mbps-net.yml b/spartan/environments/networks/mbps-net.yml new file mode 100644 index 000000000000..86ea0b17fe98 --- /dev/null +++ b/spartan/environments/networks/mbps-net.yml @@ -0,0 +1,60 @@ +deploy: + CREATE_ETH_DEVNET: 'false' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-private' + NETWORK: 'next-net' + NAMESPACE: 'mbps-net' + DESTROY_NAMESPACE: 'true' + ETHEREUM_CHAIN_ID: '11155111' + VERIFY_CONTRACTS: 'false' + STORE_SNAPSHOT_URL: '' + BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-next-net/blobs}' + VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + +env: + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' + DEPLOY_INTERNAL_BOOTNODE: 'true' + R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/next-net/failed-proofs' + TEST_ACCOUNTS: 'true' + SPONSORED_FPC: 'true' + SEQ_MIN_TX_PER_BLOCK: '0' + SEQ_MAX_TX_PER_BLOCK: '8' + AZTEC_EPOCH_DURATION: '8' + REAL_VERIFIER: 'false' + PROVER_REAL_PROOFS: 'false' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + SEQ_BLOCK_DURATION_MS: '6000' + LOG_LEVEL: 'verbose' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + BOT_TRANSFERS_REPLICAS: '1' + BOT_TRANSFERS_TX_INTERVAL_SECONDS: '4' + BOT_TRANSFERS_FOLLOW_CHAIN: 'PROPOSED' + BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP: 'proposed' + BOT_SWAPS_REPLICAS: '1' + BOT_SWAPS_TX_INTERVAL_SECONDS: '4' + BOT_SWAPS_FOLLOW_CHAIN: 'PROPOSED' + BOT_SWAPS_PXE_SYNC_CHAIN_TIP: 'proposed' + BOT_CROSS_CHAIN_REPLICAS: '1' + BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: '8' + BOT_CROSS_CHAIN_FOLLOW_CHAIN: 'PROPOSED' + BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP: 'proposed' + REDEPLOY_ROLLUP_CONTRACTS: 'true' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + VALIDATOR_HA_REPLICAS: '1' diff --git a/spartan/environments/networks/mbps-pipeline.yml b/spartan/environments/networks/mbps-pipeline.yml new file mode 100644 index 000000000000..37831075acff --- /dev/null +++ b/spartan/environments/networks/mbps-pipeline.yml @@ -0,0 +1,58 @@ +deploy: + CREATE_ETH_DEVNET: 'true' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-private' + NETWORK: 'next-net' + NAMESPACE: 'mbps-pipe' + DESTROY_NAMESPACE: 'true' + ETHEREUM_CHAIN_ID: '1337' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'false' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + +env: + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + DEPLOY_INTERNAL_BOOTNODE: 'true' + TEST_ACCOUNTS: 'true' + SPONSORED_FPC: 'true' + SEQ_MIN_TX_PER_BLOCK: '0' + SEQ_MAX_TX_PER_BLOCK: '8' + AZTEC_EPOCH_DURATION: '8' + REAL_VERIFIER: 'false' + PROVER_REAL_PROOFS: 'false' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + SEQ_BLOCK_DURATION_MS: '5500' + SEQ_MAX_TX_PER_CHECKPOINT: '96' + SEQ_ENABLE_PROPOSER_PIPELINING: 'true' + SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER: '1' + LOG_LEVEL: 'verbose' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' + AZTEC_INBOX_LAG: '2' + AZTEC_TARGET_COMMITTEE_SIZE: '24' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + BOT_TRANSFERS_REPLICAS: '1' + BOT_TRANSFERS_TX_INTERVAL_SECONDS: '4' + BOT_TRANSFERS_FOLLOW_CHAIN: 'PROPOSED' + BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP: 'proposed' + BOT_SWAPS_REPLICAS: '1' + BOT_SWAPS_TX_INTERVAL_SECONDS: '4' + BOT_SWAPS_FOLLOW_CHAIN: 'PROPOSED' + BOT_SWAPS_PXE_SYNC_CHAIN_TIP: 'proposed' + BOT_CROSS_CHAIN_REPLICAS: '1' + BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: '8' + BOT_CROSS_CHAIN_FOLLOW_CHAIN: 'PROPOSED' + BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP: 'proposed' + REDEPLOY_ROLLUP_CONTRACTS: 'true' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + OTEL_COLLECT_INTERVAL_MS: '10000' + OTEL_EXPORT_TIMEOUT_MS: '5000' + VALIDATOR_HA_REPLICAS: '1' diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml new file mode 100644 index 000000000000..45f7bbab0d68 --- /dev/null +++ b/spartan/environments/networks/next-net.yml @@ -0,0 +1,68 @@ +deploy: + CREATE_ETH_DEVNET: 'false' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-private' + NETWORK: 'next-net' + NAMESPACE: '${NAMESPACE:-next-net}' + DESTROY_NAMESPACE: 'true' + ETHEREUM_CHAIN_ID: '11155111' + VERIFY_CONTRACTS: 'false' + STORE_SNAPSHOT_URL: '' + BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-next-net/blobs}' + TX_FILE_STORE_ENABLED: 'true' + TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-next-net/txs}' + CREATE_ROLLUP_CONTRACTS: 'true' + RPC_INGRESS_ENABLED: 'true' + RPC_INGRESS_HOSTS: '''["nextnet.aztec-labs.com"]''' + RPC_INGRESS_STATIC_IP_NAME: 'nextnet-rpc-ip' + RPC_INGRESS_SSL_CERT_NAMES: '''["nextnet-rpc-cert"]''' + VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + +env: + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' + DEPLOY_INTERNAL_BOOTNODE: 'true' + BLOB_FILE_STORE_URLS: ',' + TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' + R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/next-net/failed-proofs' + L1_TX_FAILED_STORE: 'gs://aztec-develop/next-net/failed-l1-txs' + TEST_ACCOUNTS: 'true' + SPONSORED_FPC: 'true' + SEQ_ENABLE_PROPOSER_PIPELINING: 'true' + SEQ_MIN_TX_PER_BLOCK: '1' + SEQ_MAX_TX_PER_CHECKPOINT: '12' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + SEQ_BLOCK_DURATION_MS: '5500' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' + AZTEC_INBOX_LAG: '2' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + BOT_TRANSFERS_REPLICAS: '1' + BOT_TRANSFERS_TX_INTERVAL_SECONDS: '250' + BOT_TRANSFERS_FOLLOW_CHAIN: 'PENDING' + BOT_SWAPS_REPLICAS: '1' + BOT_SWAPS_FOLLOW_CHAIN: 'PENDING' + BOT_SWAPS_TX_INTERVAL_SECONDS: '350' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + VALIDATOR_HA_REPLICAS: '1' + REAL_VERIFIER: 'true' + AZTEC_SLOT_DURATION: '72' + AZTEC_EPOCH_DURATION: '32' + AZTEC_TARGET_COMMITTEE_SIZE: '48' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' + AZTEC_PROOF_SUBMISSION_EPOCHS: '1' diff --git a/spartan/environments/networks/next-scenario.yml b/spartan/environments/networks/next-scenario.yml new file mode 100644 index 000000000000..4790b747d61d --- /dev/null +++ b/spartan/environments/networks/next-scenario.yml @@ -0,0 +1,46 @@ +deploy: + NAMESPACE: '${NAMESPACE:-scenario}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + DESTROY_NAMESPACE: 'true' + DESTROY_ETH_DEVNET: 'true' + CREATE_ETH_DEVNET: 'true' + ETHEREUM_CHAIN_ID: '1337' + CREATE_ROLLUP_CONTRACTS: 'true' + DESTROY_AZTEC_INFRA: 'true' + VERIFY_CONTRACTS: 'false' + USE_LOAD_BALANCERS: 'true' + RUN_TESTS: 'true' + VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + +env: + AZTEC_EPOCH_DURATION: '32' + AZTEC_SLOT_DURATION: '36' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + RPC_REPLICAS: '2' + PUBLISHERS_PER_PROVER: '1' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '8' + PROVER_AGENTS_PER_PROVER: '1' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '17' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SPONSORED_FPC: 'true' + AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' + AZTEC_GOVERNANCE_VOTING_DURATION: '300' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + SEQ_MIN_TX_PER_BLOCK: '0' + VALIDATOR_HA_REPLICAS: '1' diff --git a/spartan/environments/networks/prove-n-tps-fake.yml b/spartan/environments/networks/prove-n-tps-fake.yml new file mode 100644 index 000000000000..d9d81e3eb2d7 --- /dev/null +++ b/spartan/environments/networks/prove-n-tps-fake.yml @@ -0,0 +1,43 @@ +deploy: + NAMESPACE: '${NAMESPACE:-prove-n-tps-fake}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + CREATE_ETH_DEVNET: 'true' + DESTROY_NAMESPACE: 'true' + DESTROY_AZTEC_INFRA: 'true' + CREATE_ROLLUP_CONTRACTS: 'true' + ETHEREUM_CHAIN_ID: '1337' + RPC_INGRESS_ENABLED: 'false' + PROVER_RESOURCE_PROFILE: 'hi-tps' + +env: + AZTEC_EPOCH_DURATION: '32' + AZTEC_SLOT_DURATION: '72' + AZTEC_PROOF_SUBMISSION_EPOCHS: '1' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + AZTEC_MANA_TARGET: '1000000000 # 1B mana' + SPONSORED_FPC: 'true' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '1' + PROVER_REPLICAS: '10' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PUBLISHERS_PER_PROVER: '1' + PROVER_TEST_DELAY_TYPE: 'realistic' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + SEQ_MAX_TX_PER_CHECKPOINT: '80' + SEQ_BLOCK_DURATION_MS: '6000' + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '36' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + SEQ_MIN_TX_PER_BLOCK: '1' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/prove-n-tps-real.yml b/spartan/environments/networks/prove-n-tps-real.yml new file mode 100644 index 000000000000..fd28c4e673de --- /dev/null +++ b/spartan/environments/networks/prove-n-tps-real.yml @@ -0,0 +1,41 @@ +deploy: + NAMESPACE: '${NAMESPACE:-prove-n-tps-real}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + CREATE_ETH_DEVNET: 'true' + DESTROY_NAMESPACE: 'true' + DESTROY_AZTEC_INFRA: 'true' + CREATE_ROLLUP_CONTRACTS: 'true' + ETHEREUM_CHAIN_ID: '1337' + RPC_INGRESS_ENABLED: 'false' + PROVER_RESOURCE_PROFILE: 'prod-hi-tps' + +env: + AZTEC_EPOCH_DURATION: '32' + AZTEC_SLOT_DURATION: '72' + AZTEC_PROOF_SUBMISSION_EPOCHS: '1' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + AZTEC_MANA_TARGET: '1000000000 # 1B mana' + SPONSORED_FPC: 'true' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'true' + RPC_REPLICAS: '1' + PROVER_REPLICAS: '4' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PUBLISHERS_PER_PROVER: '1' + SEQ_MAX_TX_PER_CHECKPOINT: '72' + SEQ_MIN_TX_PER_BLOCK: '1' + SEQ_BLOCK_DURATION_MS: '6000' + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '36' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/scenario.local.yml b/spartan/environments/networks/scenario.local.yml new file mode 100644 index 000000000000..db880c0631b7 --- /dev/null +++ b/spartan/environments/networks/scenario.local.yml @@ -0,0 +1,30 @@ +deploy: + NAMESPACE: '${NAMESPACE:-scenario}' + CLUSTER: 'kind' + CREATE_ETH_DEVNET: 'true' + +env: + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + L1_ACCOUNT_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + REAL_VERIFIER: 'false' + SENTINEL_ENABLED: 'true' + AZTEC_EPOCH_DURATION: '4' + AZTEC_SLOT_DURATION: '24' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '2' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '1' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_ACTIVATION_THRESHOLD: '100000000000000000000' + AZTEC_EJECTION_THRESHOLD: '50000000000000000000' + AZTEC_LOCAL_EJECTION_THRESHOLD: '95000000000000000000' + AZTEC_SLASH_AMOUNT_SMALL: '5000000000000000000' + AZTEC_SLASH_AMOUNT_MEDIUM: '10000000000000000000' + AZTEC_SLASH_AMOUNT_LARGE: '15000000000000000000' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' + SPONSORED_FPC: 'true' + R2_ACCESS_KEY_ID: '' + R2_SECRET_ACCESS_KEY: '' + AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' + OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' diff --git a/spartan/environments/networks/staging-ignition.yml b/spartan/environments/networks/staging-ignition.yml new file mode 100644 index 000000000000..d3ee477aa2b9 --- /dev/null +++ b/spartan/environments/networks/staging-ignition.yml @@ -0,0 +1,41 @@ +deploy: + CREATE_ETH_DEVNET: 'false' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-private' + NAMESPACE: '${NAMESPACE:-staging-ignition}' + NETWORK: 'staging-ignition' + ETHEREUM_CHAIN_ID: '11155111' + LABS_INFRA_MNEMONIC_SECRET_NAME: 'sepolia-labs-staging-ignition-mnemonic' + VERIFY_CONTRACTS: 'true' + SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-staging-ignition}' + BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-staging-ignition/blobs}' + CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' + USE_NETWORK_CONFIG: 'true' + +env: + TRANSACTIONS_DISABLED: 'true' + TEST_ACCOUNTS: 'false' + SPONSORED_FPC: 'false' + SEQ_MIN_TX_PER_BLOCK: '0' + SEQ_MAX_TX_PER_BLOCK: '0' + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' + BLOB_FILE_STORE_URLS: ',' + R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + BOT_TRANSFERS_REPLICAS: '0' + BOT_SWAPS_REPLICAS: '0' + DEPLOY_INTERNAL_BOOTNODE: 'false' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' diff --git a/spartan/environments/networks/staging-public.yml b/spartan/environments/networks/staging-public.yml new file mode 100644 index 000000000000..27913c2e244e --- /dev/null +++ b/spartan/environments/networks/staging-public.yml @@ -0,0 +1,64 @@ +deploy: + CREATE_ETH_DEVNET: 'false' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-private' + NETWORK: 'staging-public' + NAMESPACE: '${NAMESPACE:-staging-public}' + ETHEREUM_CHAIN_ID: '11155111' + VERIFY_CONTRACTS: 'true' + SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-staging-public}' + BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-staging-public/blobs}' + TX_FILE_STORE_ENABLED: 'true' + TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-staging-public/txs}' + CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' + VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + +env: + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' + DEPLOY_INTERNAL_BOOTNODE: 'true' + BLOB_FILE_STORE_URLS: ',' + TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' + R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + TEST_ACCOUNTS: 'false' + SPONSORED_FPC: 'false' + AZTEC_MANA_TARGET: '75000000' + AZTEC_PROVING_COST_PER_MANA: '25000000' + SEQ_MAX_L2_BLOCK_GAS: '150000000' + SEQ_MIN_TX_PER_BLOCK: '1' + SEQ_MAX_TX_PER_CHECKPOINT: '7 # 0.1 TPS' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + SEQ_BLOCK_DURATION_MS: '6000' + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '36' + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' + VALIDATOR_REPLICAS: '2' + VALIDATORS_PER_NODE: '64' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + VALIDATOR_HA_REPLICAS: '1' + VALIDATOR_HA_REPLICA_COUNT: '4' + PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/staging-public/failed-proofs' + L1_TX_FAILED_STORE: 'gs://aztec-develop/staging-public/failed-l1-txs' + PROVER_REPLICAS: '4' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + BOT_DA_GAS_LIMIT: '100000' + BOT_L2_GAS_LIMIT: '6540000' + BOT_TRANSFERS_REPLICAS: '1' + BOT_TRANSFERS_TX_INTERVAL_SECONDS: '250' + BOT_TRANSFERS_FOLLOW_CHAIN: 'PROPOSED' + BOT_SWAPS_REPLICAS: '1' + BOT_SWAPS_FOLLOW_CHAIN: 'PROPOSED' + BOT_SWAPS_TX_INTERVAL_SECONDS: '350' + BOT_CROSS_CHAIN_REPLICAS: '1' + BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: '250' + BOT_CROSS_CHAIN_FOLLOW_CHAIN: 'PROPOSED' + LOG_LEVEL: 'debug; info: simulator, json-rpc' diff --git a/spartan/environments/networks/staging.local.yml b/spartan/environments/networks/staging.local.yml new file mode 100644 index 000000000000..020d58a59dd1 --- /dev/null +++ b/spartan/environments/networks/staging.local.yml @@ -0,0 +1,15 @@ +deploy: + NAMESPACE: '${NAMESPACE:-staging}' + CLUSTER: 'kind' + CREATE_ETH_DEVNET: 'false' + ETHEREUM_CHAIN_ID: '1337' + +env: + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '12' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' diff --git a/spartan/environments/networks/ten-tps-long-epoch.yml b/spartan/environments/networks/ten-tps-long-epoch.yml new file mode 100644 index 000000000000..50d7fae02edd --- /dev/null +++ b/spartan/environments/networks/ten-tps-long-epoch.yml @@ -0,0 +1,56 @@ +deploy: + NAMESPACE: '${NAMESPACE:-ten-tps}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + DESTROY_NAMESPACE: 'true' + DESTROY_ETH_DEVNET: 'true' + CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' + ETHEREUM_CHAIN_ID: '1337' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'false' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' + RPC_INGRESS_ENABLED: 'false' + FULL_NODE_RESOURCE_PROFILE: '2-core-spot' + PROVER_RESOURCE_PROFILE: 'hi-tps' + RUN_TESTS: 'false' + +env: + AZTEC_EPOCH_DURATION: '32' + AZTEC_SLOT_DURATION: '36' + AZTEC_PROOF_SUBMISSION_EPOCHS: '2' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + AZTEC_MANA_TARGET: '2147483647' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + SPONSORED_FPC: 'true' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '12' + VALIDATORS_PER_NODE: '4' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '12' + FULL_NODE_REPLICAS: '500' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '128' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PROVER_TEST_DELAY_TYPE: 'fixed' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '20' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SEQ_MAX_TX_PER_CHECKPOINT: '360' + SEQ_MIN_TX_PER_BLOCK: '1' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/ten-tps-short-epoch.yml b/spartan/environments/networks/ten-tps-short-epoch.yml new file mode 100644 index 000000000000..e5758233620c --- /dev/null +++ b/spartan/environments/networks/ten-tps-short-epoch.yml @@ -0,0 +1,56 @@ +deploy: + NAMESPACE: '${NAMESPACE:-ten-tps}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + DESTROY_NAMESPACE: 'true' + DESTROY_ETH_DEVNET: 'true' + CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' + ETHEREUM_CHAIN_ID: '1337' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'false' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' + RPC_INGRESS_ENABLED: 'false' + FULL_NODE_RESOURCE_PROFILE: '2-core-spot' + PROVER_RESOURCE_PROFILE: 'hi-tps' + RUN_TESTS: 'false' + +env: + AZTEC_EPOCH_DURATION: '8' + AZTEC_SLOT_DURATION: '36' + AZTEC_PROOF_SUBMISSION_EPOCHS: '2' + LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' + FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' + AZTEC_MANA_TARGET: '2147483647' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + SPONSORED_FPC: 'true' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + VALIDATOR_REPLICAS: '12' + VALIDATORS_PER_NODE: '4' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '12' + FULL_NODE_REPLICAS: '500' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '128' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + PROVER_TEST_DELAY_TYPE: 'fixed' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '5' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SEQ_MAX_TX_PER_CHECKPOINT: '360' + SEQ_MIN_TX_PER_BLOCK: '1' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' + LOG_LEVEL: 'info' diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml new file mode 100644 index 000000000000..774bbabff0a9 --- /dev/null +++ b/spartan/environments/networks/testnet.yml @@ -0,0 +1,84 @@ +# Auto-converted from testnet.env -- review for correctness +network: testnet + +deploy: + CREATE_ETH_DEVNET: 'false' + GCP_REGION: 'us-west1-a' + CLUSTER: 'aztec-gke-public' + NAMESPACE: '${NAMESPACE:-testnet}' + NETWORK: 'testnet' + ETHEREUM_CHAIN_ID: '11155111' + VERIFY_CONTRACTS: 'true' + CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' + USE_NETWORK_CONFIG: '${USE_NETWORK_CONFIG:-true}' + SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-testnet}' + BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-testnet/blobs}' + TX_FILE_STORE_ENABLED: 'true' + TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs}' + RPC_INGRESS_ENABLED: 'true' + RPC_INGRESS_HOSTS: '''["rpc.testnet.aztec-labs.com"]''' + RPC_INGRESS_STATIC_IP_NAME: 'testnet-rpc-ip' + RPC_INGRESS_SSL_CERT_NAMES: '''["testnet-rpc-cert"]''' + VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + PROVER_RESOURCE_PROFILE: 'prod' + +env: + REAL_VERIFIER: 'true' + AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: '48' + AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: '48' + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: '10' + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: '400' + AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: '10' + AZTEC_SLOT_DURATION: '72' + AZTEC_EPOCH_DURATION: '32' + AZTEC_TARGET_COMMITTEE_SIZE: '48' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' + AZTEC_PROOF_SUBMISSION_EPOCHS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '199000e18' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '2' + AZTEC_SLASHING_QUORUM: '33' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' + AZTEC_SLASHING_LIFETIME_IN_ROUNDS: '5' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '2' + AZTEC_SLASHING_VETOER: '\"0xdfe19Da6a717b7088621d8bBB66be59F2d78e924\"' + AZTEC_MANA_TARGET: '75000000' + AZTEC_PROVING_COST_PER_MANA: '25000000' + AZTEC_SLASH_AMOUNT_SMALL: '100000e18' + AZTEC_SLASH_AMOUNT_MEDIUM: '100000e18' + AZTEC_SLASH_AMOUNT_LARGE: '100000e18' + AZTEC_ACTIVATION_THRESHOLD: '200000e18' + AZTEC_EJECTION_THRESHOLD: '100000e18' + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '100' + AZTEC_GOVERNANCE_PROPOSER_QUORUM: '60' + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' + BLOB_FILE_STORE_URLS: ',' + TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' + R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + DEPLOY_INTERNAL_BOOTNODE: 'false' + BOT_TRANSFERS_REPLICAS: '1' + BOT_TRANSFERS_TX_INTERVAL_SECONDS: '72' + BOT_TRANSFERS_FOLLOW_CHAIN: 'PENDING' + BOT_SWAPS_REPLICAS: '0' + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' + SEQ_MAX_TX_PER_CHECKPOINT: '72' + DEPLOY_ARCHIVAL_NODE: 'true' + VALIDATOR_REPLICAS: '4' + VALIDATORS_PER_NODE: '64' + VALIDATOR_PUBLISHERS_PER_REPLICA: '8' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + VALIDATOR_HA_REPLICAS: '1' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/testnet/failed-proofs' + L1_TX_FAILED_STORE: 'gs://aztec-develop/testnet/failed-l1-txs' + PROVER_REPLICAS: '4' diff --git a/spartan/environments/networks/tps-scenario.yml b/spartan/environments/networks/tps-scenario.yml new file mode 100644 index 000000000000..d79357bfd88f --- /dev/null +++ b/spartan/environments/networks/tps-scenario.yml @@ -0,0 +1,68 @@ +deploy: + NAMESPACE: '${NAMESPACE:-tps-scenario}' + CLUSTER: 'aztec-gke-private' + GCP_REGION: 'us-west1-a' + CREATE_ETH_DEVNET: 'false' + L1_NETWORK: 'sepolia' + ETHEREUM_CHAIN_ID: '11155111' + LABS_INFRA_MNEMONIC_SECRET_NAME: 'sepolia-labs-tps-scenario-mnemonic' + VERIFY_CONTRACTS: 'true' + CREATE_ROLLUP_CONTRACTS: 'true' + VERIFY_CONTRACTS: 'true' + DESTROY_NAMESPACE: 'true' + DESTROY_AZTEC_INFRA: 'true' + VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' + RPC_INGRESS_ENABLED: 'false' + FULL_NODE_RESOURCE_PROFILE: '2-core-spot' + PROVER_RESOURCE_PROFILE: 'hi-tps' + WAIT_FOR_PROVER_DEPLOY: 'false' + RUN_TESTS: 'false' + +env: + AZTEC_EPOCH_DURATION: '8' + AZTEC_SLOT_DURATION: '72' + AZTEC_PROOF_SUBMISSION_EPOCHS: '2' + AZTEC_LAG_IN_EPOCHS: '1' + SPONSORED_FPC: 'true' + ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' + FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' + ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' + OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' + AZTEC_MANA_TARGET: '2147483647' + VALIDATOR_REPLICAS: '12' + VALIDATORS_PER_NODE: '4' + VALIDATOR_PUBLISHERS_PER_REPLICA: '4' + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + REAL_VERIFIER: 'false' + RPC_REPLICAS: '10' + FULL_NODE_REPLICAS: '500' + PUBLISHERS_PER_PROVER: '2' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + PROVER_REPLICAS: '20' + PROVER_AGENT_POLL_INTERVAL_MS: '10000' + P2P_PUBLIC_IP: 'false' + PROVER_TEST_DELAY_TYPE: 'fixed' + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' + AZTEC_SLASHING_QUORUM: '5' + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' + AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' + AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + SEQ_MAX_TX_PER_CHECKPOINT: '15 # approx 0.2 TPS' + SEQ_MIN_TX_PER_BLOCK: '1' + SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' + DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' + P2P_DROP_TX_CHANCE: '0.2' + PROVER_TEST_VERIFICATION_DELAY_MS: '250' + PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' + FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' + LOG_LEVEL: 'info' diff --git a/spartan/environments/next-net.env b/spartan/environments/next-net.env deleted file mode 100644 index c4b5167788bc..000000000000 --- a/spartan/environments/next-net.env +++ /dev/null @@ -1,79 +0,0 @@ -CREATE_ETH_DEVNET=false -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-private -NETWORK=next-net -NAMESPACE=${NAMESPACE:-next-net} -DESTROY_NAMESPACE=true -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -VERIFY_CONTRACTS=false -ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET -DEPLOY_INTERNAL_BOOTNODE=true -STORE_SNAPSHOT_URL= -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-next-net/blobs} -BLOB_FILE_STORE_URLS="," -TX_FILE_STORE_ENABLED=true -TX_FILE_STORE_BUCKET_DIRECTORY=${TX_FILE_STORE_BUCKET_DIRECTORY:-next-net/txs} -TX_COLLECTION_FILE_STORE_URLS="https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET -PROVER_FAILED_PROOF_STORE=gs://aztec-develop/next-net/failed-proofs -L1_TX_FAILED_STORE=gs://aztec-develop/next-net/failed-l1-txs -TEST_ACCOUNTS=true -SPONSORED_FPC=true - -SEQ_ENABLE_PROPOSER_PIPELINING=true -SEQ_MIN_TX_PER_BLOCK=1 -SEQ_MAX_TX_PER_CHECKPOINT=12 - -# Build checkpoint even if block is empty. -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -SEQ_BLOCK_DURATION_MS=5500 - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=2 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=2 -AZTEC_INBOX_LAG=2 - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 - -BOT_TRANSFERS_REPLICAS=1 -BOT_TRANSFERS_TX_INTERVAL_SECONDS=250 -BOT_TRANSFERS_FOLLOW_CHAIN=PENDING - -BOT_SWAPS_REPLICAS=1 -BOT_SWAPS_FOLLOW_CHAIN=PENDING -BOT_SWAPS_TX_INTERVAL_SECONDS=350 - -CREATE_ROLLUP_CONTRACTS=true - -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -RPC_INGRESS_ENABLED=true -RPC_INGRESS_HOSTS='["nextnet.aztec-labs.com"]' -RPC_INGRESS_STATIC_IP_NAME=nextnet-rpc-ip -RPC_INGRESS_SSL_CERT_NAMES='["nextnet-rpc-cert"]' - -VALIDATOR_HA_REPLICAS=1 -VALIDATOR_RESOURCE_PROFILE="prod-spot" - -REAL_VERIFIER=true -AZTEC_SLOT_DURATION=72 -AZTEC_EPOCH_DURATION=32 -AZTEC_TARGET_COMMITTEE_SIZE=48 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=2 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=2 -AZTEC_PROOF_SUBMISSION_EPOCHS=1 - diff --git a/spartan/environments/next-scenario.env b/spartan/environments/next-scenario.env deleted file mode 100644 index e11caa65025e..000000000000 --- a/spartan/environments/next-scenario.env +++ /dev/null @@ -1,55 +0,0 @@ -NAMESPACE=${NAMESPACE:-scenario} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a -DESTROY_NAMESPACE=true -DESTROY_ETH_DEVNET=true -CREATE_ETH_DEVNET=true -AZTEC_EPOCH_DURATION=32 -AZTEC_SLOT_DURATION=36 -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -CREATE_ROLLUP_CONTRACTS=true -DESTROY_AZTEC_INFRA=true -VERIFY_CONTRACTS=false -USE_LOAD_BALANCERS=true - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -RPC_REPLICAS=2 - -PUBLISHERS_PER_PROVER=1 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=8 -PROVER_AGENTS_PER_PROVER=1 - -RUN_TESTS=true - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=17 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=2 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 -SPONSORED_FPC=true - -AZTEC_GOVERNANCE_PROPOSER_QUORUM=11 -AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE=20 -AZTEC_GOVERNANCE_VOTING_DURATION=300 - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -SEQ_MIN_TX_PER_BLOCK=0 - -VALIDATOR_HA_REPLICAS=1 -VALIDATOR_RESOURCE_PROFILE="prod-spot" diff --git a/spartan/environments/prove-n-tps-fake.env b/spartan/environments/prove-n-tps-fake.env deleted file mode 100644 index 553ab562dac7..000000000000 --- a/spartan/environments/prove-n-tps-fake.env +++ /dev/null @@ -1,53 +0,0 @@ -NAMESPACE=${NAMESPACE:-prove-n-tps-fake} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a - -AZTEC_EPOCH_DURATION=32 -AZTEC_SLOT_DURATION=72 -AZTEC_PROOF_SUBMISSION_EPOCHS=1 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 -AZTEC_MANA_TARGET=1000000000 # 1B mana -SPONSORED_FPC=true - -CREATE_ETH_DEVNET=true -DESTROY_NAMESPACE=true -DESTROY_AZTEC_INFRA=true -CREATE_ROLLUP_CONTRACTS=true - -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -REAL_VERIFIER=false - -RPC_REPLICAS=1 -RPC_INGRESS_ENABLED=false - -PROVER_REPLICAS=10 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_AGENT_POLL_INTERVAL_MS=10000 -PUBLISHERS_PER_PROVER=1 - -PROVER_TEST_DELAY_TYPE=realistic -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -SEQ_MAX_TX_PER_CHECKPOINT=80 -SEQ_BLOCK_DURATION_MS=6000 -SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT=36 -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -SEQ_MIN_TX_PER_BLOCK=1 -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -LOG_LEVEL=info - diff --git a/spartan/environments/prove-n-tps-real.env b/spartan/environments/prove-n-tps-real.env deleted file mode 100644 index 41357530292a..000000000000 --- a/spartan/environments/prove-n-tps-real.env +++ /dev/null @@ -1,48 +0,0 @@ -NAMESPACE=${NAMESPACE:-prove-n-tps-real} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a - -AZTEC_EPOCH_DURATION=32 -AZTEC_SLOT_DURATION=72 -AZTEC_PROOF_SUBMISSION_EPOCHS=1 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 -AZTEC_MANA_TARGET=1000000000 # 1B mana -SPONSORED_FPC=true - -CREATE_ETH_DEVNET=true -DESTROY_NAMESPACE=true -DESTROY_AZTEC_INFRA=true -CREATE_ROLLUP_CONTRACTS=true - -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -REAL_VERIFIER=true - -RPC_REPLICAS=1 -RPC_INGRESS_ENABLED=false - -PROVER_REPLICAS=4 -PROVER_RESOURCE_PROFILE="prod-hi-tps" -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_AGENT_POLL_INTERVAL_MS=10000 -PUBLISHERS_PER_PROVER=1 - -SEQ_MAX_TX_PER_CHECKPOINT=72 -SEQ_MIN_TX_PER_BLOCK=1 -SEQ_BLOCK_DURATION_MS=6000 -SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT=36 -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -LOG_LEVEL=info diff --git a/spartan/environments/scenario.local.env b/spartan/environments/scenario.local.env deleted file mode 100644 index 8fcc338a7183..000000000000 --- a/spartan/environments/scenario.local.env +++ /dev/null @@ -1,37 +0,0 @@ -NAMESPACE=${NAMESPACE:-scenario} -CLUSTER=kind -CREATE_ETH_DEVNET=true -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -L1_ACCOUNT_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -REAL_VERIFIER=false -SENTINEL_ENABLED=true - -AZTEC_EPOCH_DURATION=4 -AZTEC_SLOT_DURATION=24 -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=2 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=1 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_ACTIVATION_THRESHOLD=100000000000000000000 -AZTEC_EJECTION_THRESHOLD=50000000000000000000 -AZTEC_LOCAL_EJECTION_THRESHOLD=95000000000000000000 -AZTEC_SLASH_AMOUNT_SMALL=5000000000000000000 -AZTEC_SLASH_AMOUNT_MEDIUM=10000000000000000000 -AZTEC_SLASH_AMOUNT_LARGE=15000000000000000000 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=2 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=2 -SPONSORED_FPC=true - -R2_ACCESS_KEY_ID="" -R2_SECRET_ACCESS_KEY="" -AZTEC_GOVERNANCE_PROPOSER_QUORUM=11 -AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE=20 - -OTEL_COLLECTOR_ENDPOINT="http://metrics-opentelemetry-collector.metrics:4318" - -# The following need to be set manually -# AZTEC_DOCKER_IMAGE=aztecprotocol/aztec:whatever - -# BOT_TRANSFERS_REPLICAS=1 -# BOT_TRANSFERS_TX_INTERVAL_SECONDS=10 -# BOT_TRANSFERS_FOLLOW_CHAIN=PENDING diff --git a/spartan/environments/staging-ignition.env b/spartan/environments/staging-ignition.env deleted file mode 100644 index f1d267365995..000000000000 --- a/spartan/environments/staging-ignition.env +++ /dev/null @@ -1,42 +0,0 @@ -CREATE_ETH_DEVNET=false -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-private -NAMESPACE=${NAMESPACE:-staging-ignition} -TRANSACTIONS_DISABLED=true -TEST_ACCOUNTS=false -SPONSORED_FPC=false -SEQ_MIN_TX_PER_BLOCK=0 -SEQ_MAX_TX_PER_BLOCK=0 -NETWORK=staging-ignition - -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-staging-ignition-mnemonic -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -VERIFY_CONTRACTS=true -ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET -SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-staging-ignition} -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-staging-ignition/blobs} -BLOB_FILE_STORE_URLS="," -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET -BOT_TRANSFERS_REPLICAS=0 -BOT_SWAPS_REPLICAS=0 -DEPLOY_INTERNAL_BOOTNODE=false - -CREATE_ROLLUP_CONTRACTS=${CREATE_ROLLUP_CONTRACTS:-false} - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -USE_NETWORK_CONFIG=true diff --git a/spartan/environments/staging-public.env b/spartan/environments/staging-public.env deleted file mode 100644 index cbc41af5d589..000000000000 --- a/spartan/environments/staging-public.env +++ /dev/null @@ -1,77 +0,0 @@ -CREATE_ETH_DEVNET=false -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-private -NETWORK=staging-public -NAMESPACE=${NAMESPACE:-staging-public} -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -VERIFY_CONTRACTS=true -ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET -DEPLOY_INTERNAL_BOOTNODE=true -SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-staging-public} -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-staging-public/blobs} -BLOB_FILE_STORE_URLS="," -TX_FILE_STORE_ENABLED=true -TX_FILE_STORE_BUCKET_DIRECTORY=${TX_FILE_STORE_BUCKET_DIRECTORY:-staging-public/txs} -TX_COLLECTION_FILE_STORE_URLS="https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET -TEST_ACCOUNTS=false -SPONSORED_FPC=false - -# Match testnet/mainnet mana target (75M) instead of global default (100M). -# AZTEC_MANA_TARGET only takes effect on L1 contract redeployment. -AZTEC_MANA_TARGET=75000000 -AZTEC_PROVING_COST_PER_MANA=25000000 -# Cap sequencer block mana to match 75M target (75M * 2 = 150M limit). -# This takes effect immediately on node restart, even without L1 redeployment. -SEQ_MAX_L2_BLOCK_GAS=150000000 - -SEQ_MIN_TX_PER_BLOCK=1 -SEQ_MAX_TX_PER_CHECKPOINT=7 # 0.1 TPS - -# Build checkpoint even if block is empty. -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true -SEQ_BLOCK_DURATION_MS=6000 -SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT=36 - -CREATE_ROLLUP_CONTRACTS=${CREATE_ROLLUP_CONTRACTS:-false} -P2P_TX_POOL_DELETE_TXS_AFTER_REORG=true - -VALIDATOR_REPLICAS=2 -VALIDATORS_PER_NODE=64 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_HA_REPLICAS=1 -VALIDATOR_HA_REPLICA_COUNT=4 -VALIDATOR_RESOURCE_PROFILE="prod-spot" - -PROVER_FAILED_PROOF_STORE=gs://aztec-develop/staging-public/failed-proofs -L1_TX_FAILED_STORE=gs://aztec-develop/staging-public/failed-l1-txs -PROVER_REPLICAS=4 -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 - -BOT_DA_GAS_LIMIT=100000 -BOT_L2_GAS_LIMIT=6540000 - -BOT_TRANSFERS_REPLICAS=1 -BOT_TRANSFERS_TX_INTERVAL_SECONDS=250 -BOT_TRANSFERS_FOLLOW_CHAIN=PROPOSED - -BOT_SWAPS_REPLICAS=1 -BOT_SWAPS_FOLLOW_CHAIN=PROPOSED -BOT_SWAPS_TX_INTERVAL_SECONDS=350 - -BOT_CROSS_CHAIN_REPLICAS=1 -BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS=250 -BOT_CROSS_CHAIN_FOLLOW_CHAIN=PROPOSED - -LOG_LEVEL="debug; info: simulator, json-rpc" diff --git a/spartan/environments/staging.local.env b/spartan/environments/staging.local.env deleted file mode 100644 index 99054b7b87b1..000000000000 --- a/spartan/environments/staging.local.env +++ /dev/null @@ -1,21 +0,0 @@ -NAMESPACE=${NAMESPACE:-staging} -CLUSTER=kind -CREATE_ETH_DEVNET=false -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" - -# The following need to be set manually -# AZTEC_DOCKER_IMAGE=aztecprotocol/aztec:whatever -# ETHEREUM_RPC_URLS='[""]' -# ETHEREUM_CONSENSUS_HOST_URLS='[""]' -# ETHEREUM_CONSENSUS_HOST_API_KEYS='[""]' -# ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS='[""]' - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=12 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 diff --git a/spartan/environments/ten-tps-long-epoch.env b/spartan/environments/ten-tps-long-epoch.env deleted file mode 100644 index 297e2cd55f96..000000000000 --- a/spartan/environments/ten-tps-long-epoch.env +++ /dev/null @@ -1,76 +0,0 @@ -NAMESPACE=${NAMESPACE:-ten-tps} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a -DESTROY_NAMESPACE=true -DESTROY_ETH_DEVNET=true -CREATE_ETH_DEVNET=${CREATE_ETH_DEVNET:-true} -AZTEC_EPOCH_DURATION=32 -AZTEC_SLOT_DURATION=36 -AZTEC_PROOF_SUBMISSION_EPOCHS=2 -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -# CREATE_CHAOS_MESH=true - -AZTEC_MANA_TARGET=2147483647 - -CREATE_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=false -DESTROY_AZTEC_INFRA=true - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 -SPONSORED_FPC=true - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=12 -VALIDATORS_PER_NODE=4 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="2-core-dedicated" - -REAL_VERIFIER=false - -RPC_REPLICAS=12 -RPC_INGRESS_ENABLED=false - -FULL_NODE_REPLICAS=500 -FULL_NODE_RESOURCE_PROFILE="2-core-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=128 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_AGENT_POLL_INTERVAL_MS=10000 - -RUN_TESTS=false - -PROVER_TEST_DELAY_TYPE=fixed - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=20 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=0 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 - -SEQ_MAX_TX_PER_CHECKPOINT=360 -SEQ_MIN_TX_PER_BLOCK=1 - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -# Enable latency mesaruement for p2p messages -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -# Inject artificial delay of proof verification for all nodes -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -FULL_NODE_INCLUDE_METRICS="aztec.p2p.gossip.agg_" -LOG_LEVEL=info - diff --git a/spartan/environments/ten-tps-short-epoch.env b/spartan/environments/ten-tps-short-epoch.env deleted file mode 100644 index 56518164d2ab..000000000000 --- a/spartan/environments/ten-tps-short-epoch.env +++ /dev/null @@ -1,76 +0,0 @@ -NAMESPACE=${NAMESPACE:-ten-tps} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a -DESTROY_NAMESPACE=true -DESTROY_ETH_DEVNET=true -CREATE_ETH_DEVNET=${CREATE_ETH_DEVNET:-true} -AZTEC_EPOCH_DURATION=8 -AZTEC_SLOT_DURATION=36 -AZTEC_PROOF_SUBMISSION_EPOCHS=2 -ETHEREUM_CHAIN_ID=1337 -LABS_INFRA_MNEMONIC="test test test test test test test test test test test junk" -FUNDING_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" -# CREATE_CHAOS_MESH=true - -AZTEC_MANA_TARGET=2147483647 - -CREATE_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=false -DESTROY_AZTEC_INFRA=true - -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=1 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=1 -SPONSORED_FPC=true - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -VALIDATOR_REPLICAS=12 -VALIDATORS_PER_NODE=4 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="2-core-dedicated" - -REAL_VERIFIER=false - -RPC_REPLICAS=12 -RPC_INGRESS_ENABLED=false - -FULL_NODE_REPLICAS=500 -FULL_NODE_RESOURCE_PROFILE="2-core-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=128 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_AGENT_POLL_INTERVAL_MS=10000 - -RUN_TESTS=false - -PROVER_TEST_DELAY_TYPE=fixed - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=5 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=0 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 - -SEQ_MAX_TX_PER_CHECKPOINT=360 -SEQ_MIN_TX_PER_BLOCK=1 - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -# Enable latency mesaruement for p2p messages -DEBUG_P2P_INSTRUMENT_MESSAGES=true - -# Inject artificial delay of proof verification for all nodes -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -FULL_NODE_INCLUDE_METRICS="aztec.p2p.gossip.agg_" -LOG_LEVEL=info - diff --git a/spartan/environments/testnet.env b/spartan/environments/testnet.env deleted file mode 100644 index 2a88fb1e1826..000000000000 --- a/spartan/environments/testnet.env +++ /dev/null @@ -1,90 +0,0 @@ -CREATE_ETH_DEVNET=false -GCP_REGION=us-west1-a -CLUSTER=aztec-gke-public -NAMESPACE=${NAMESPACE:-testnet} -NETWORK=testnet - -REAL_VERIFIER=true -AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE=48 -AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE=48 -AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN=10 -AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT=400 -AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE=10 -AZTEC_SLOT_DURATION=72 -AZTEC_EPOCH_DURATION=32 -AZTEC_TARGET_COMMITTEE_SIZE=48 -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET=2 -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO=2 -AZTEC_PROOF_SUBMISSION_EPOCHS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=199000e18 -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=2 -AZTEC_SLASHING_QUORUM=33 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=2 -AZTEC_SLASHING_LIFETIME_IN_ROUNDS=5 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=2 -AZTEC_SLASHING_VETOER=\"0xdfe19Da6a717b7088621d8bBB66be59F2d78e924\" -AZTEC_MANA_TARGET=75000000 -AZTEC_PROVING_COST_PER_MANA=25000000 -AZTEC_SLASH_AMOUNT_SMALL=100000e18 -AZTEC_SLASH_AMOUNT_MEDIUM=100000e18 -AZTEC_SLASH_AMOUNT_LARGE=100000e18 -AZTEC_ACTIVATION_THRESHOLD=200000e18 -AZTEC_EJECTION_THRESHOLD=100000e18 -AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE=100 -AZTEC_GOVERNANCE_PROPOSER_QUORUM=60 - - -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -VERIFY_CONTRACTS=true -ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET -CREATE_ROLLUP_CONTRACTS=${CREATE_ROLLUP_CONTRACTS:-false} -USE_NETWORK_CONFIG=${USE_NETWORK_CONFIG:-true} - -SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-testnet} -BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-testnet/blobs} -BLOB_FILE_STORE_URLS="," -TX_FILE_STORE_ENABLED=true -TX_FILE_STORE_BUCKET_DIRECTORY=${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs} -TX_COLLECTION_FILE_STORE_URLS="https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" -R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET -R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET -DEPLOY_INTERNAL_BOOTNODE=false - -# 1 tx every other block -BOT_TRANSFERS_REPLICAS=1 -BOT_TRANSFERS_TX_INTERVAL_SECONDS=72 -BOT_TRANSFERS_FOLLOW_CHAIN=PENDING -BOT_SWAPS_REPLICAS=0 - -P2P_TX_POOL_DELETE_TXS_AFTER_REORG=true -SEQ_MAX_TX_PER_CHECKPOINT=72 - -DEPLOY_ARCHIVAL_NODE=true - -RPC_INGRESS_ENABLED=true -RPC_INGRESS_HOSTS='["rpc.testnet.aztec-labs.com"]' -RPC_INGRESS_STATIC_IP_NAME=testnet-rpc-ip -RPC_INGRESS_SSL_CERT_NAMES='["testnet-rpc-cert"]' - - -VALIDATOR_REPLICAS=4 -VALIDATORS_PER_NODE=64 -VALIDATOR_PUBLISHERS_PER_REPLICA=8 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_HA_REPLICAS=1 -VALIDATOR_RESOURCE_PROFILE="prod-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_FAILED_PROOF_STORE=gs://aztec-develop/testnet/failed-proofs -L1_TX_FAILED_STORE=gs://aztec-develop/testnet/failed-l1-txs -PROVER_REPLICAS=4 -PROVER_RESOURCE_PROFILE="prod" diff --git a/spartan/environments/tps-scenario.env b/spartan/environments/tps-scenario.env deleted file mode 100644 index fc3893282c6c..000000000000 --- a/spartan/environments/tps-scenario.env +++ /dev/null @@ -1,90 +0,0 @@ -NAMESPACE=${NAMESPACE:-tps-scenario} -CLUSTER=aztec-gke-private -GCP_REGION=us-west1-a - -AZTEC_EPOCH_DURATION=8 -AZTEC_SLOT_DURATION=72 -AZTEC_PROOF_SUBMISSION_EPOCHS=2 -AZTEC_LAG_IN_EPOCHS=1 -SPONSORED_FPC=true - -CREATE_ETH_DEVNET=false -L1_NETWORK=sepolia -ETHEREUM_CHAIN_ID=11155111 -ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET -ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET -FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET -LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-tps-scenario-mnemonic -ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET -VERIFY_CONTRACTS=true -ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET - -CREATE_ROLLUP_CONTRACTS=true -VERIFY_CONTRACTS=true - -DESTROY_NAMESPACE=true -DESTROY_AZTEC_INFRA=true - -OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET - -AZTEC_MANA_TARGET=2147483647 - -VALIDATOR_REPLICAS=12 -VALIDATORS_PER_NODE=4 -VALIDATOR_PUBLISHERS_PER_REPLICA=4 -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000 -VALIDATOR_RESOURCE_PROFILE="2-core-dedicated" - -REAL_VERIFIER=false - -RPC_REPLICAS=10 -RPC_INGRESS_ENABLED=false - -FULL_NODE_REPLICAS=500 -FULL_NODE_RESOURCE_PROFILE="2-core-spot" - -PUBLISHERS_PER_PROVER=2 -PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000 -PROVER_REPLICAS=20 -PROVER_RESOURCE_PROFILE="hi-tps" -PROVER_AGENT_POLL_INTERVAL_MS=10000 -WAIT_FOR_PROVER_DEPLOY=false - -P2P_PUBLIC_IP=false - -RUN_TESTS=false - -PROVER_TEST_DELAY_TYPE=fixed - -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS=1 -AZTEC_SLASHING_QUORUM=5 -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS=0 -AZTEC_SLASHING_OFFSET_IN_ROUNDS=1 -AZTEC_LOCAL_EJECTION_THRESHOLD=90000000000000000000 - -SEQ_MAX_TX_PER_CHECKPOINT=15 # approx 0.2 TPS -SEQ_MIN_TX_PER_BLOCK=1 -SEQ_BUILD_CHECKPOINT_IF_EMPTY=true - -# Override L1 tx utils bump percentages for scenario tests -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE=0 -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE=0 - -# Enable latency mesaruement for p2p messages -DEBUG_P2P_INSTRUMENT_MESSAGES=true -P2P_DROP_TX_CHANCE=0.2 - -# Inject artificial delay of proof verification for all nodes -PROVER_TEST_VERIFICATION_DELAY_MS=250 - -# Reduce the amount of metrics produced by prover agents and full nodes -PROVER_AGENT_INCLUDE_METRICS="aztec.circuit" -FULL_NODE_INCLUDE_METRICS="aztec.p2p.gossip.agg_" -LOG_LEVEL=info - diff --git a/spartan/scripts/calculate_publisher_indices.sh b/spartan/scripts/calculate_publisher_indices.sh index 1b8ec890ab8b..90353c740d9b 100755 --- a/spartan/scripts/calculate_publisher_indices.sh +++ b/spartan/scripts/calculate_publisher_indices.sh @@ -15,15 +15,17 @@ fi spartan=$(git rev-parse --show-toplevel)/spartan -ENVIRONMENT_FILE="$spartan/environments/$1.env" +YAML_FILE="$spartan/environments/networks/$1.yml" -if [ ! -f "$ENVIRONMENT_FILE" ]; then - echo "Error: Environment file not found: $ENVIRONMENT_FILE" +if [ ! -f "$YAML_FILE" ]; then + echo "Error: Network YAML not found: $YAML_FILE" exit 1 fi -# Source the environment file to get configuration -source "$ENVIRONMENT_FILE" +set -a +# shellcheck disable=SC1091 +source <("$spartan/scripts/load_network_config.sh" "$1" --format=env --skip-secrets) +set +a # Set defaults (same as deploy_network.sh) VALIDATOR_REPLICAS=${VALIDATOR_REPLICAS:-4} diff --git a/spartan/scripts/deploy_rollup_upgrade.sh b/spartan/scripts/deploy_rollup_upgrade.sh index 3053a8b816bd..ad81bc9e8104 100755 --- a/spartan/scripts/deploy_rollup_upgrade.sh +++ b/spartan/scripts/deploy_rollup_upgrade.sh @@ -38,7 +38,7 @@ registry_address="${1:?Usage: $0 }" if [[ -z "${L1_CHAIN_ID:-}" ]]; then : "${NETWORK:?L1_CHAIN_ID or NETWORK is required}" network_defaults="${repo_root}/spartan/environments/network-defaults.yml" - L1_CHAIN_ID=$(yq "explode(.) | .networks.$NETWORK.L1_CHAIN_ID" "$network_defaults") + L1_CHAIN_ID=$(yq "explode(.) | .networks.$NETWORK.env.L1_CHAIN_ID" "$network_defaults") fi log "Starting rollup upgrade deployment" diff --git a/spartan/scripts/ensure_funded_environment.sh b/spartan/scripts/ensure_funded_environment.sh index 81643cd70a9d..5cc0703f3f39 100755 --- a/spartan/scripts/ensure_funded_environment.sh +++ b/spartan/scripts/ensure_funded_environment.sh @@ -28,13 +28,12 @@ FUNDING_PRIVATE_KEY="$2" LOW_WATERMARK="${3:-0.5}" HIGH_WATERMARK="${4:-1.0}" -# Locate the environment file -ENVIRONMENT_FILE="${spartan}/environments/${ENVIRONMENT_NAME}.env" +YAML_FILE="${spartan}/environments/networks/${ENVIRONMENT_NAME}.yml" -if [ ! -f "$ENVIRONMENT_FILE" ]; then - echo "Error: Environment file not found: $ENVIRONMENT_FILE" +if [ ! -f "$YAML_FILE" ]; then + echo "Error: Network YAML not found: $YAML_FILE" echo "Available environments:" - ls -1 "${spartan}/environments/" | grep -v '\.local\.env$' || echo "No environment files found" + ls -1 "${spartan}/environments/networks/" 2>/dev/null exit 1 fi diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh new file mode 100755 index 000000000000..21f104d5f80f --- /dev/null +++ b/spartan/scripts/load_network_config.sh @@ -0,0 +1,352 @@ +#!/usr/bin/env bash +# Load a per-network YAML config, deep-merge with network-defaults.yml, +# and emit the result in the requested format. +# +# Usage: +# load_network_config.sh [--format=env|json|tfvars] +# +# Path resolution: may be: +# - a bare name like "kind-minimal" (resolved to spartan/environments/networks/kind-minimal.yml) +# - an absolute path to a YAML file +# +# Merge order (later overrides earlier): +# 1. network-defaults.yml._defaults (global defaults) +# 2. network-defaults.yml.networks. (preset selected via `network:` field) +# 3. (the file specified) +# +# Output formats: +# env - shell-source-able `export KEY=VALUE` lines for both deploy: and env: sections. +# Per-release helm values are NOT exported; they're for terraform consumption. +# json - JSON of the fully-merged structure (deploy/env/...). +# tfvars - terraform.tfvars.json shape: { deploy = {...}, releases = {...}, env = {...} } +# +# `${VAR}` and `${VAR:-default}` placeholders inside YAML values are expanded +# from the current shell environment after merging. + +set -euo pipefail + +spartan="$(git rev-parse --show-toplevel)/spartan" +defaults_yaml="$spartan/environments/network-defaults.yml" + +resolve_yaml_path() { + local input="$1" + if [[ "$input" = /* ]]; then + echo "$input" + else + echo "$spartan/environments/networks/${input}.yml" + fi +} + +# Deep-merge YAML files left-to-right and emit JSON. +# Uses yq's `*` operator with deep-merge flag. +merge_to_json() { + yq eval-all --output-format=json '. as $item ireduce ({}; . *+ $item)' "$@" +} + +# Expand ${VAR} and ${VAR:-default} placeholders in string values. +# Reads JSON on stdin, writes JSON on stdout. +expand_placeholders() { + python3 -c ' +import json +import os +import re +import sys + +PATTERN = re.compile(r"\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}") + +def expand(value): + if isinstance(value, str): + return PATTERN.sub(lambda m: os.environ.get(m.group(1), m.group(2) or ""), value) + if isinstance(value, dict): + return {k: expand(v) for k, v in value.items()} + if isinstance(value, list): + return [expand(v) for v in value] + return value + +data = json.load(sys.stdin) +json.dump(expand(data), sys.stdout, indent=2) +' +} + +# Apply derived computations after merging. These replicate bash logic that +# previously lived inside .env files (e.g. devnet.env's MNEMONIC_INDEX_OFFSET +# computed from NAMESPACE regex). Reads JSON on stdin, writes JSON on stdout. +apply_derived() { + python3 -c ' +import json +import re +import sys + +data = json.load(sys.stdin) +env = data.setdefault("env", {}) +deploy = data.setdefault("deploy", {}) + +# devnet: namespace pattern v-devnet- picks a non-conflicting +# mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 +# do not collide on nonces. +namespace = str(deploy.get("NAMESPACE", "") or env.get("NAMESPACE", "")) +m = re.match(r"^v(\d+)-devnet-(\d+)$", namespace) +if m: + major = int(m.group(1)) + iteration = int(m.group(2)) + offset = major * 100000 + (iteration - 1) * 10000 +elif "MNEMONIC_INDEX_OFFSET" in env: + offset = int(env["MNEMONIC_INDEX_OFFSET"]) +else: + offset = 0 +env["MNEMONIC_INDEX_OFFSET"] = str(offset) + +# Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These +# live under deploy: because they configure the deploy script (terraform.tfvars +# generation), not pod env. Defaults match deploy_network.sh fallbacks. +def shift(key, default_base): + base = int(deploy.get(key, default_base)) + deploy[key] = str(base + offset) + +shift("VALIDATOR_MNEMONIC_START_INDEX", 1) +shift("VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", 5000) +shift("PROVER_PUBLISHER_MNEMONIC_START_INDEX", 8000) + +json.dump(data, sys.stdout, indent=2) +' +} + +# Resolve REPLACE_WITH_GCP_SECRET placeholders by calling gcloud. +# Reads JSON on stdin, writes JSON on stdout. +# Skipped if `gcloud` is not on PATH or no placeholders exist. +resolve_secrets() { + python3 -c ' +import json +import os +import shutil +import subprocess +import sys + +PLACEHOLDER = "REPLACE_WITH_GCP_SECRET" + +# Same secret name mapping as setup_gcp_secrets.sh, kept in sync. +def secret_name_for(env_var, env, deploy): + l1_network = env.get("L1_NETWORK") or deploy.get("L1_NETWORK") or "sepolia" + network = env.get("NETWORK") or deploy.get("NETWORK") or "" + custom_mnemonic = deploy.get("LABS_INFRA_MNEMONIC_SECRET_NAME") or env.get("LABS_INFRA_MNEMONIC_SECRET_NAME") + mnemonic_secret = custom_mnemonic if custom_mnemonic else f"{l1_network}-labs-{network}-mnemonic" + mapping = { + "ETHEREUM_RPC_URLS": f"{l1_network}-rpc-urls", + "ETHEREUM_CONSENSUS_HOST_URLS": f"{l1_network}-consensus-host-urls", + "ETHEREUM_CONSENSUS_HOST_API_KEYS": f"{l1_network}-consensus-host-api-keys", + "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS": f"{l1_network}-consensus-host-api-key-headers", + "FUNDING_PRIVATE_KEY": f"{l1_network}-funding-private-key", + "ROLLUP_DEPLOYMENT_PRIVATE_KEY": f"{l1_network}-labs-rollup-private-key", + "OTEL_COLLECTOR_ENDPOINT": "otel-collector-url", + "ETHERSCAN_API_KEY": "etherscan-api-key", + "LABS_INFRA_MNEMONIC": mnemonic_secret, + "STORE_SNAPSHOT_URL": "r2-account-id", + "R2_ACCESS_KEY_ID": "r2-access-key-id", + "R2_SECRET_ACCESS_KEY": "r2-secret-access-key", + } + return mapping.get(env_var) + +def fetch(secret_name, project_id): + if not project_id: + sys.stderr.write(f"resolve_secrets: GCP_PROJECT_ID not set; cannot fetch {secret_name}\n") + return None + try: + result = subprocess.run( + ["gcloud", "secrets", "versions", "access", "latest", + "--secret", secret_name, "--project", project_id], + capture_output=True, text=True, check=True, + ) + # Mask in CI logs (matches setup_gcp_secrets.sh behavior). + print(f"::add-mask::{result.stdout.strip()}") + return result.stdout.strip() + except subprocess.CalledProcessError as e: + sys.stderr.write(f"resolve_secrets: failed to read {secret_name}: {e.stderr}\n") + return None + +data = json.load(sys.stdin) +env = data.get("env", {}) +deploy = data.get("deploy", {}) +project_id = deploy.get("GCP_PROJECT_ID") or os.environ.get("GCP_PROJECT_ID", "") + +if not shutil.which("gcloud"): + json.dump(data, sys.stdout, indent=2) + sys.exit(0) + +# Only iterate keys that contain the placeholder. +for key, val in list(env.items()): + if not isinstance(val, str) or PLACEHOLDER not in val: + continue + secret_name = secret_name_for(key, env, deploy) + if not secret_name: + sys.stderr.write(f"resolve_secrets: no secret mapping for {key}; leaving as placeholder\n") + continue + fetched = fetch(secret_name, project_id) + if fetched is None: + continue + if val == PLACEHOLDER: + env[key] = fetched + else: + env[key] = val.replace(PLACEHOLDER, fetched) + +json.dump(data, sys.stdout, indent=2) +' +} + +# Strip leading underscore-prefixed keys (anchors-only keys like _defaults, _shared_image) +# from a JSON object. Operates at the top level only. +strip_underscore_keys() { + jq 'with_entries(select(.key | startswith("_") | not))' +} + +# Emit shell `export KEY=VALUE` lines for an object's string-valued keys. +emit_env() { + local prefix="$1" # informational; printed as comment + jq -r --arg prefix "$prefix" ' + if . == null then + "" + else + to_entries[] | select(.value != null) | + "export \(.key)=\(.value | tostring | @sh)" + end + ' +} + +main() { + local network_input="${1:?usage: load_network_config.sh [--format=env|json|tfvars] [--skip-secrets]}" + local format="env" + local skip_secrets="false" + shift + for arg in "$@"; do + case "$arg" in + --format=*) format="${arg#--format=}" ;; + --skip-secrets) skip_secrets="true" ;; + *) echo "Unknown arg: $arg" >&2; exit 1 ;; + esac + done + + local network_yaml + network_yaml="$(resolve_yaml_path "$network_input")" + if [[ ! -f "$network_yaml" ]]; then + echo "Network YAML not found: $network_yaml" >&2 + exit 1 + fi + + # Single tmpdir for all intermediate YAML files; cleaned up by global trap. + local tmpdir + tmpdir="$(mktemp -d)" + TMPDIRS+=("$tmpdir") + + # Determine the preset (env baseline) selected by the per-network YAML, if any. + local preset + preset="$(yq -r '.network // ""' "$network_yaml")" + + # Pre-explode network-defaults.yml so YAML anchors (<<: *prodlike etc.) resolve + # before we extract sub-blocks. Without this, extracted blocks would contain + # unresolved anchor references that yq can't merge. + local exploded_defaults="$tmpdir/defaults_exploded.yml" + yq eval 'explode(.)' "$defaults_yaml" > "$exploded_defaults" + + # Extract _release_defaults (and other underscore-prefixed defaults) for the loader baseline. + local defaults_only="$tmpdir/defaults_only.yml" + yq eval '._release_defaults // {}' "$exploded_defaults" > "$defaults_only" + + # Build the merged JSON. + local merged_json + if [[ -n "$preset" ]]; then + # `networks..env` is the env baseline (mirrors what codegen reads). + # Wrap it as `{env: {...}}` so it deep-merges with per-network YAML's env block. + local preset_env_yaml="$tmpdir/preset_env.yml" + { + echo "env:" + yq eval ".networks.\"$preset\".env // {}" "$exploded_defaults" | sed 's/^/ /' + } > "$preset_env_yaml" + # Optional per-release defaults from `networks..` (above _release_defaults). + local preset_releases_yaml="$tmpdir/preset_releases.yml" + yq eval ".networks.\"$preset\" | del(.env)" "$exploded_defaults" > "$preset_releases_yaml" + merged_json="$(merge_to_json "$defaults_only" "$preset_releases_yaml" "$preset_env_yaml" "$network_yaml")" + else + merged_json="$(merge_to_json "$defaults_only" "$network_yaml")" + fi + + # Strip top-level keys we never want to export (network selector). + merged_json="$(echo "$merged_json" | jq 'del(.network)')" + + # Expand ${VAR} placeholders from current shell env. + merged_json="$(echo "$merged_json" | expand_placeholders)" + + # Apply derived computations (e.g. devnet's MNEMONIC_INDEX_OFFSET from NAMESPACE). + merged_json="$(echo "$merged_json" | apply_derived)" + + # Optionally fetch GCP secrets if any REPLACE_WITH_GCP_SECRET placeholders remain. + # Skipped automatically if `gcloud` is not on PATH; opt-out with --skip-secrets. + if [[ "$skip_secrets" != "true" ]] && echo "$merged_json" | grep -q "REPLACE_WITH_GCP_SECRET"; then + merged_json="$(echo "$merged_json" | resolve_secrets)" + fi + + case "$format" in + json) + echo "$merged_json" + ;; + env) + echo "# === deploy: ===" + echo "$merged_json" | jq '.deploy // {}' | emit_env "deploy" + echo "# === env: ===" + echo "$merged_json" | jq '.env // {}' | emit_env "env" + ;; + tfvars) + # Reshape into terraform.tfvars.json structure: + # { deploy = {...}, env = {...}, releases = { : {...}, ... } } + # `releases` collects every top-level key that isn't deploy/env. + # + # Pre-merge the network-wide env into each release's env (release-specific + # overrides win) so Terraform can pass `var.releases[]` straight to + # Helm via yamlencode without needing to merge anything itself. + # Also recurses into nested releases (e.g. prover.{node,broker,agent}) + # so they each get the network-wide env merged in. + echo "$merged_json" | jq ' + def merge_env_into_release($baseline): + if type == "object" then + (if has("env") or (has("replicaCount") or has("image") or has("resources")) then + # leaf release block: merge baseline into env (release wins) + .env = ($baseline + (.env // {})) + else . end) | + with_entries( + if .value | type == "object" then + .value |= merge_env_into_release($baseline) + else . end + ) + else . end; + . as $root | + ($root.env // {}) as $base_env | + { + deploy: ($root.deploy // {}), + env: $base_env, + releases: ( + $root + | with_entries(select(.key != "deploy" and .key != "env")) + | with_entries(.value |= merge_env_into_release($base_env)) + ) + } + ' + ;; + *) + echo "Unknown format: $format (valid: env, json, tfvars)" >&2 + exit 1 + ;; + esac +} + +# Global tmpdir tracking for cleanup; bash array of paths. +TMPDIRS=() +cleanup_tmpdirs() { + local d + for d in "${TMPDIRS[@]:-}"; do + [[ -n "$d" && -d "$d" ]] && rm -rf "$d" + done +} +trap cleanup_tmpdirs EXIT + +# Allow sourcing the file to get just the helper functions, or running it directly. +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + main "$@" +fi diff --git a/spartan/scripts/source_env_basic.sh b/spartan/scripts/source_env_basic.sh index 00bc0f6e9767..61d6bc30853b 100755 --- a/spartan/scripts/source_env_basic.sh +++ b/spartan/scripts/source_env_basic.sh @@ -1,30 +1,38 @@ #!/usr/bin/env bash +# Source basic environment variables from a per-network YAML. +# +# Usage: +# source_env_basic +# +# Skips GCP secret resolution (this is the "basic" pass; secrets are fetched +# in source_network_env.sh). spartan=$(git rev-parse --show-toplevel)/spartan -function resolve_env_file_path { - local env_file_input="$1" - if [[ "$env_file_input" = /* ]]; then - echo "$env_file_input" +function resolve_yaml_file_path { + local input="$1" + if [[ "$input" = /* ]]; then + echo "$input" else - echo "$spartan/environments/$env_file_input.env" + echo "$spartan/environments/networks/$input.yml" fi } function source_env_basic { - local env_file="$1" - local actual_env_file=$(resolve_env_file_path "$env_file") + local name="$1" + local yaml_file + yaml_file=$(resolve_yaml_file_path "$name") - if [[ -f "$actual_env_file" ]]; then - echo "Loading basic environment variables from $actual_env_file" - set -a - # shellcheck disable=SC1090 - source "$actual_env_file" - set +a - else - echo "Env file not found: $actual_env_file" >&2 + if [[ ! -f "$yaml_file" ]]; then + echo "Network YAML not found: $yaml_file" >&2 exit 1 fi + + echo "Loading basic environment from YAML: $yaml_file" + set -a + # shellcheck disable=SC1090 + source <("$spartan/scripts/load_network_config.sh" "$name" --format=env --skip-secrets) + set +a } # If script is run directly with an argument, source the env file diff --git a/spartan/scripts/source_network_env.sh b/spartan/scripts/source_network_env.sh index 9a99c22c5481..be6e305251f4 100755 --- a/spartan/scripts/source_network_env.sh +++ b/spartan/scripts/source_network_env.sh @@ -1,39 +1,32 @@ #!/usr/bin/env bash +# Source full environment (including GCP secrets) from a per-network YAML. +# +# Usage: +# source_network_env spartan=$(git rev-parse --show-toplevel)/spartan function source_network_env { - local env_file - # Check if the argument is an absolute path - if [[ "$1" = /* ]]; then - env_file="$1" + local name="$1" + local yaml_file + if [[ "$name" = /* ]]; then + yaml_file="$name" else - env_file="$spartan/environments/$1.env" + yaml_file="$spartan/environments/networks/$name.yml" fi - # Optionally source an env file passed as first argument - if [[ -n "${env_file:-}" ]]; then - if [[ -f "$env_file" ]]; then - # Standard behavior for files without GCP secrets - set -a - # shellcheck disable=SC1090 - source "$env_file" - set +a - - # Check if we need to process GCP secrets and if we have gcloud auth - if grep -q "REPLACE_WITH_GCP_SECRET" "$env_file" && command -v gcloud &> /dev/null; then - echo "Environment file contains GCP secret placeholders. Processing secrets..." - - # Process GCP secrets - source $spartan/scripts/setup_gcp_secrets.sh "$env_file" - - echo "Successfully loaded environment with GCP secrets" - fi - else - echo "Env file not found: $env_file" >&2 - exit 1 - fi + if [[ ! -f "$yaml_file" ]]; then + echo "Network YAML not found: $yaml_file" >&2 + exit 1 fi + + echo "Loading network environment from YAML: $yaml_file" + # The YAML loader handles GCP secret resolution internally if gcloud is on PATH. + set -a + # shellcheck disable=SC1090 + source <("$spartan/scripts/load_network_config.sh" "$name" --format=env) + set +a + echo "Successfully loaded YAML config $(basename "$yaml_file")" } # If script is run directly with an argument, source the env file diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 71a835281c00..f69ab33dbf43 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -107,36 +107,48 @@ locals { internal_rpc_url = "http://${var.RELEASE_PREFIX}-rpc-aztec-node.${var.NAMESPACE}.svc.cluster.local:8080" internal_rpc_admin_url = "http://${var.RELEASE_PREFIX}-rpc-aztec-node-admin.${var.NAMESPACE}.svc.cluster.local:8880" - # Common settings for all releases + # Pod image is the only thing the chart actually reads from `global` now. + # Everything else flows under `env:` (mounted via envFrom configmap). common_settings = { - "global.aztecImage.repository" = local.aztec_image.repository - "global.aztecImage.tag" = local.aztec_image.tag - "global.aztecImage.pullPolicy" = local.is_kind ? "IfNotPresent" : "Always" - "global.useGcloudLogging" = true - "global.aztecNetwork" = var.NETWORK - "global.customAztecNetwork.registryContractAddress" = var.REGISTRY_CONTRACT_ADDRESS - "global.customAztecNetwork.feeAssetHandlerContractAddress" = var.FEE_ASSET_HANDLER_CONTRACT_ADDRESS - "global.customAztecNetwork.l1ChainId" = var.L1_CHAIN_ID - "global.otelCollectorEndpoint" = var.OTEL_COLLECTOR_ENDPOINT - "global.sponsoredFPC" = var.SPONSORED_FPC - "global.testAccounts" = var.TEST_ACCOUNTS + "global.aztecImage.repository" = local.aztec_image.repository + "global.aztecImage.tag" = local.aztec_image.tag + "global.aztecImage.pullPolicy" = local.is_kind ? "IfNotPresent" : "Always" } + # Deploy-time-computed env vars (joined lists, computed paths, secrets, + # values that come from the L1 deploy step). Per-network YAML values for the + # same keys take precedence -- this is just the deploy-time fallback. common_inline_values = yamlencode({ - global = merge( + env = merge( + { + USE_GCLOUD_LOGGING = "true" + L1_CHAIN_ID = var.L1_CHAIN_ID + REGISTRY_CONTRACT_ADDRESS = var.REGISTRY_CONTRACT_ADDRESS + FEE_ASSET_HANDLER_CONTRACT_ADDRESS = var.FEE_ASSET_HANDLER_CONTRACT_ADDRESS + SPONSORED_FPC = tostring(var.SPONSORED_FPC) + TEST_ACCOUNTS = tostring(var.TEST_ACCOUNTS) + LOG_JSON = "1" + }, + var.NETWORK != "" ? { NETWORK = var.NETWORK } : {}, + length(var.L1_RPC_URLS) > 0 ? { ETHEREUM_HOSTS = join(",", var.L1_RPC_URLS) } : {}, + length(var.L1_CONSENSUS_HOST_URLS) > 0 ? { + L1_CONSENSUS_HOST_URLS = join(",", var.L1_CONSENSUS_HOST_URLS) + } : {}, length(var.L1_CONSENSUS_HOST_API_KEYS) > 0 ? { - l1ConsensusHostApiKeys = join(",", var.L1_CONSENSUS_HOST_API_KEYS) + L1_CONSENSUS_HOST_API_KEYS = join(",", var.L1_CONSENSUS_HOST_API_KEYS) } : {}, length(var.L1_CONSENSUS_HOST_API_KEY_HEADERS) > 0 ? { - l1ConsensusHostApiKeyHeaders = join(",", var.L1_CONSENSUS_HOST_API_KEY_HEADERS) + L1_CONSENSUS_HOST_API_KEY_HEADERS = join(",", var.L1_CONSENSUS_HOST_API_KEY_HEADERS) + } : {}, + var.OTEL_COLLECTOR_ENDPOINT != "" ? { + OTEL_EXPORTER_OTLP_METRICS_ENDPOINT = "${var.OTEL_COLLECTOR_ENDPOINT}/v1/metrics" + OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = "${var.OTEL_COLLECTOR_ENDPOINT}/v1/traces" + OTEL_EXPORTER_OTLP_LOGS_ENDPOINT = "${var.OTEL_COLLECTOR_ENDPOINT}/v1/logs" } : {} ) }) - common_list_settings = { - "global.l1ExecutionUrls" = var.L1_RPC_URLS - "global.l1ConsensusUrls" = var.L1_CONSENSUS_HOST_URLS - } + common_list_settings = {} # Generate a set of _external_ host ports to use for P2P # K8s will use these values to schedule pods on appropriate machines. Using random ports here will allow it to @@ -189,65 +201,27 @@ locals { wait = true } + # Per-pod env vars now flow from spartan/environments/networks/.yml via + # the loader's pre-merged var.releases.validators.env block (passed through + # main.tf's `inline_values = [yamlencode(var.releases[each.key])]`). Only + # values that are computed at deploy time, set k8s manifest shape, or rename + # one chart key into a different pod env name remain here. validator_common_settings = { - "validator.service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "validator.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/" - "validator.mnemonic" = var.VALIDATOR_MNEMONIC - "validator.mnemonicStartIndex" = var.VALIDATOR_MNEMONIC_START_INDEX - "validator.validatorsPerNode" = var.VALIDATORS_PER_NODE - "validator.publishersPerReplica" = var.VALIDATOR_PUBLISHERS_PER_REPLICA - "validator.publisherMnemonicStartIndex" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX - "validator.sentinel.enabled" = var.SENTINEL_ENABLED - "validator.slash.inactivityTargetPercentage" = var.SLASH_INACTIVITY_TARGET_PERCENTAGE - "validator.slash.inactivityPenalty" = var.SLASH_INACTIVITY_PENALTY - "validator.slash.prunePenalty" = var.SLASH_PRUNE_PENALTY - "validator.slash.dataWithholdingPenalty" = var.SLASH_DATA_WITHHOLDING_PENALTY - "validator.slash.proposeInvalidAttestationsPenalty" = var.SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY - "validator.slash.duplicateProposalPenalty" = var.SLASH_DUPLICATE_PROPOSAL_PENALTY - "validator.slash.duplicateAttestationPenalty" = var.SLASH_DUPLICATE_ATTESTATION_PENALTY - "validator.slash.attestDescendantOfInvalidPenalty" = var.SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY - "validator.slash.unknownPenalty" = var.SLASH_UNKNOWN_PENALTY - "validator.slash.invalidBlockPenalty" = var.SLASH_INVALID_BLOCK_PENALTY - "validator.slash.offenseExpirationRounds" = var.SLASH_OFFENSE_EXPIRATION_ROUNDS - "validator.slash.maxPayloadSize" = var.SLASH_MAX_PAYLOAD_SIZE - "validator.node.env.TRANSACTIONS_DISABLED" = var.TRANSACTIONS_DISABLED - "validator.node.env.DEBUG_FORCE_TX_PROOF_VERIFICATION" = var.DEBUG_FORCE_TX_PROOF_VERIFICATION - "validator.node.env.KEY_INDEX_START" = var.VALIDATOR_MNEMONIC_START_INDEX - "validator.node.env.PUBLISHER_KEY_INDEX_START" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX - "validator.node.env.VALIDATORS_PER_NODE" = var.VALIDATORS_PER_NODE - "validator.node.env.VALIDATOR_PUBLISHERS_PER_REPLICA" = var.VALIDATOR_PUBLISHERS_PER_REPLICA - "validator.node.proverRealProofs" = var.PROVER_REAL_PROOFS - "validator.node.env.SEQ_MIN_TX_PER_BLOCK" = var.SEQ_MIN_TX_PER_BLOCK - "validator.node.env.SEQ_MAX_TX_PER_BLOCK" = var.SEQ_MAX_TX_PER_BLOCK - "validator.node.env.SEQ_MAX_TX_PER_CHECKPOINT" = var.SEQ_MAX_TX_PER_CHECKPOINT - "validator.node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "validator.node.env.SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER" = var.SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER - "validator.node.env.SEQ_BLOCK_DURATION_MS" = var.SEQ_BLOCK_DURATION_MS - "validator.node.env.SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT" = var.SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT - "validator.node.env.SEQ_BUILD_CHECKPOINT_IF_EMPTY" = var.SEQ_BUILD_CHECKPOINT_IF_EMPTY - "validator.node.env.SEQ_ENABLE_PROPOSER_PIPELINING" = var.SEQ_ENABLE_PROPOSER_PIPELINING - "validator.node.env.AZTEC_EPOCHS_LAG" = var.AZTEC_EPOCHS_LAG - "validator.node.env.SEQ_ENFORCE_TIME_TABLE" = var.SEQ_ENFORCE_TIME_TABLE - "validator.node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG - "validator.node.env.L1_PRIORITY_FEE_BUMP_PERCENTAGE" = var.VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE - "validator.node.env.L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE" = var.VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE - "validator.node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "validator.node.env.PROVER_TEST_VERIFICATION_DELAY_MS" = var.PROVER_TEST_VERIFICATION_DELAY_MS - "validator.node.env.BB_CHONK_VERIFY_MAX_BATCH" = var.BB_CHONK_VERIFY_MAX_BATCH - "validator.node.env.BB_CHONK_VERIFY_BATCH_CONCURRENCY" = var.BB_CHONK_VERIFY_BATCH_CONCURRENCY - "validator.node.env.DEBUG_P2P_INSTRUMENT_MESSAGES" = var.DEBUG_P2P_INSTRUMENT_MESSAGES - "validator.node.secret.envEnabled" = true - "validator.node.secret.mnemonic" = var.VALIDATOR_MNEMONIC - "validator.node.secret.mnemonicIndex" = var.VALIDATOR_MNEMONIC_START_INDEX - "validator.node.env.P2P_GOSSIPSUB_D" = var.P2P_GOSSIPSUB_D - "validator.node.env.P2P_GOSSIPSUB_DLO" = var.P2P_GOSSIPSUB_DLO - "validator.node.env.P2P_GOSSIPSUB_DHI" = var.P2P_GOSSIPSUB_DHI - "validator.node.env.P2P_DROP_TX_CHANCE" = var.P2P_DROP_TX_CHANCE - "validator.node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS - "validator.node.env.TX_COLLECTION_FILE_STORE_URLS" = var.TX_COLLECTION_FILE_STORE_URLS - "validator.node.env.SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT" = var.SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT - "validator.node.env.L1_TX_FAILED_STORE" = var.L1_TX_FAILED_STORE - "validator.node.adminApiKeyHash" = var.ADMIN_API_KEY_HASH + # K8s shape / cluster decisions (not pod env). + "validator.service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "validator.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/" + "validator.mnemonic" = var.VALIDATOR_MNEMONIC + "validator.mnemonicStartIndex" = var.VALIDATOR_MNEMONIC_START_INDEX + "validator.validatorsPerNode" = var.VALIDATORS_PER_NODE + "validator.publishersPerReplica" = var.VALIDATOR_PUBLISHERS_PER_REPLICA + "validator.publisherMnemonicStartIndex" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX + "validator.node.secret.envEnabled" = true + "validator.node.secret.mnemonic" = var.VALIDATOR_MNEMONIC + "validator.node.secret.mnemonicIndex" = var.VALIDATOR_MNEMONIC_START_INDEX + "validator.node.adminApiKeyHash" = var.ADMIN_API_KEY_HASH + # Renames: chart-side var name differs from pod env name. + "validator.node.env.KEY_INDEX_START" = var.VALIDATOR_MNEMONIC_START_INDEX + "validator.node.env.PUBLISHER_KEY_INDEX_START" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX } # Note: nonsensitive() is required here because helm_releases is used in for_each, @@ -361,55 +335,27 @@ locals { tolerations = null } })] : []) + # Per-pod env vars flow from spartan/environments/networks/.yml via + # the loader's pre-merged var.releases.prover.{node,broker,agent}.env blocks. + # Only computed/renamed/secret values remain here. custom_settings = merge( { - "node.mnemonic" = var.PROVER_MNEMONIC - "node.mnemonicStartIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX - "node.node.proverRealProofs" = var.PROVER_REAL_PROOFS - "node.node.env.PROVER_FAILED_PROOF_STORE" = var.PROVER_FAILED_PROOF_STORE - "node.node.env.PROVER_PROOF_STORE" = var.PROVER_PROOF_STORE - "node.node.env.L1_TX_FAILED_STORE" = var.L1_TX_FAILED_STORE - "node.node.env.DEBUG_FORCE_TX_PROOF_VERIFICATION" = var.DEBUG_FORCE_TX_PROOF_VERIFICATION - "node.node.env.KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX - "node.node.env.PUBLISHER_KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX - "node.node.env.PUBLISHERS_PER_PROVER" = var.PROVER_PUBLISHERS_PER_PROVER - "node.node.env.PROVER_NODE_DISABLE_PROOF_PUBLISH" = var.PROVER_NODE_DISABLE_PROOF_PUBLISH - "node.node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG - "node.node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "node.node.secret.envEnabled" = true - "node.node.secret.mnemonic" = var.PROVER_MNEMONIC - "node.node.secret.mnemonicIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX - "broker.node.proverRealProofs" = var.PROVER_REAL_PROOFS - "broker.node.env.BOOTSTRAP_NODES" = "asdf" - "broker.node.env.PROVER_BROKER_DEBUG_REPLAY_ENABLED" = var.PROVER_BROKER_DEBUG_REPLAY_ENABLED - "agent.node.image.repository" = local.prover_agent_image.repository - "agent.node.image.tag" = local.prover_agent_image.tag - "agent.node.env.CRS_PATH" = "/usr/src/crs" - "agent.node.proverRealProofs" = var.PROVER_REAL_PROOFS - "agent.node.env.PROVER_AGENT_POLL_INTERVAL_MS" = var.PROVER_AGENT_POLL_INTERVAL_MS - "agent.replicaCount" = var.PROVER_REPLICAS - "agent.node.env.BOOTSTRAP_NODES" = "asdf" - "agent.node.env.PROVER_AGENT_COUNT" = var.PROVER_AGENTS_PER_PROVER - "agent.node.env.PROVER_TEST_DELAY_TYPE" = var.PROVER_TEST_DELAY_TYPE - "agent.node.env.PROVER_AGENT_PROOF_TYPES" = join(",", var.PROVER_AGENT_PROOF_TYPES) - "agent.node.env.PROVER_PROOF_STORE" = var.PROVER_PROOF_STORE - "agent.node.otelIncludeMetrics" = var.PROVER_AGENT_INCLUDE_METRICS - "node.node.env.L1_PRIORITY_FEE_BUMP_PERCENTAGE" = var.PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE - "node.node.env.L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE" = var.PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE - "node.node.env.PROVER_TEST_VERIFICATION_DELAY_MS" = var.PROVER_TEST_VERIFICATION_DELAY_MS - "node.node.env.BB_CHONK_VERIFY_MAX_BATCH" = var.BB_CHONK_VERIFY_MAX_BATCH - "node.node.env.BB_CHONK_VERIFY_BATCH_CONCURRENCY" = var.BB_CHONK_VERIFY_BATCH_CONCURRENCY - "node.node.env.DEBUG_P2P_INSTRUMENT_MESSAGES" = var.DEBUG_P2P_INSTRUMENT_MESSAGES - "node.node.env.P2P_GOSSIPSUB_D" = var.P2P_GOSSIPSUB_D - "node.node.env.P2P_GOSSIPSUB_DLO" = var.P2P_GOSSIPSUB_DLO - "node.node.env.P2P_GOSSIPSUB_DHI" = var.P2P_GOSSIPSUB_DHI - "node.node.env.P2P_DROP_TX_CHANCE" = var.P2P_DROP_TX_CHANCE - "node.node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "node.node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS - "node.node.env.TX_COLLECTION_FILE_STORE_URLS" = var.TX_COLLECTION_FILE_STORE_URLS - "node.service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "node.service.p2p.announcePort" = local.p2p_port_prover - "node.service.p2p.port" = local.p2p_port_prover + # Chart-shape / k8s shape. + "node.mnemonic" = var.PROVER_MNEMONIC + "node.mnemonicStartIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX + "node.node.secret.envEnabled" = true + "node.node.secret.mnemonic" = var.PROVER_MNEMONIC + "node.node.secret.mnemonicIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX + "node.service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "node.service.p2p.announcePort" = local.p2p_port_prover + "node.service.p2p.port" = local.p2p_port_prover + "agent.replicaCount" = var.PROVER_REPLICAS + "agent.node.image.repository" = local.prover_agent_image.repository + "agent.node.image.tag" = local.prover_agent_image.tag + "agent.env.OTEL_INCLUDE_METRICS" = var.PROVER_AGENT_INCLUDE_METRICS + # Renames: chart-side var name differs from pod env name. + "node.node.env.KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX + "node.node.env.PUBLISHER_KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX }, # Only set web3signerUrl if proof publishing is enabled !var.PROVER_NODE_DISABLE_PROOF_PUBLISH ? { @@ -462,34 +408,17 @@ locals { } })]) - custom_settings = merge({ + # Pod env vars flow from var.releases.rpc.env via inline_values. + custom_settings = { "replicaCount" = var.RPC_REPLICAS "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED "service.p2p.announcePort" = local.p2p_port_rpc "service.p2p.port" = local.p2p_port_rpc - - # Ensure the JSON-RPC server binds the same port the probe checks - "node.proverRealProofs" = var.PROVER_REAL_PROOFS - "ingress.rpc.enabled" = var.RPC_INGRESS_ENABLED - "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID - "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY - "node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG - "node.env.DEBUG_FORCE_TX_PROOF_VERIFICATION" = var.DEBUG_FORCE_TX_PROOF_VERIFICATION - "node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "node.env.PROVER_TEST_VERIFICATION_DELAY_MS" = var.PROVER_TEST_VERIFICATION_DELAY_MS - "node.env.BB_CHONK_VERIFY_MAX_BATCH" = var.BB_CHONK_VERIFY_MAX_BATCH - "node.env.BB_CHONK_VERIFY_BATCH_CONCURRENCY" = var.BB_CHONK_VERIFY_BATCH_CONCURRENCY - "node.env.DEBUG_P2P_INSTRUMENT_MESSAGES" = var.DEBUG_P2P_INSTRUMENT_MESSAGES - "node.env.P2P_GOSSIPSUB_D" = var.P2P_GOSSIPSUB_D - "node.env.P2P_GOSSIPSUB_DLO" = var.P2P_GOSSIPSUB_DLO - "node.env.P2P_GOSSIPSUB_DHI" = var.P2P_GOSSIPSUB_DHI - "node.env.P2P_DROP_TX_CHANCE" = var.P2P_DROP_TX_CHANCE - "node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS - "node.env.TX_FILE_STORE_ENABLED" = var.TX_FILE_STORE_ENABLED - "node.env.TX_FILE_STORE_URL" = var.TX_FILE_STORE_URL - "node.env.TX_COLLECTION_FILE_STORE_URLS" = var.TX_COLLECTION_FILE_STORE_URLS - }) + "ingress.rpc.enabled" = var.RPC_INGRESS_ENABLED + # Deploy-time secrets (not in YAML). + "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID + "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY + } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" wait = true @@ -511,24 +440,20 @@ locals { logLevel = var.FISHERMAN_LOG_LEVEL } })] + # Pod env vars flow from var.releases.fisherman.env via inline_values + # (FISHERMAN_MODE, SEQ_BUILD_CHECKPOINT_IF_EMPTY, VALIDATORS_PER_NODE + # come from _release_defaults.fisherman.env in network-defaults.yml). custom_settings = { - "replicaCount" = var.FISHERMAN_REPLICAS - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "service.p2p.announcePort" = local.p2p_port_fisherman - "service.p2p.port" = local.p2p_port_fisherman - "node.proverRealProofs" = var.PROVER_REAL_PROOFS - "node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS - "node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG - "node.secret.envEnabled" = true - "node.env.FISHERMAN_MODE" = "true" - "node.env.SEQ_BUILD_CHECKPOINT_IF_EMPTY" = "true" - "node.secret.mnemonic" = var.FISHERMAN_MNEMONIC - "node.secret.mnemonicIndex" = var.FISHERMAN_MNEMONIC_START_INDEX - "node.env.KEY_INDEX_START" = var.FISHERMAN_MNEMONIC_START_INDEX - "node.env.VALIDATORS_PER_NODE" = "1" - "node.preStartScript" = "source /scripts/get-private-key.sh" + "replicaCount" = var.FISHERMAN_REPLICAS + "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "service.p2p.announcePort" = local.p2p_port_fisherman + "service.p2p.port" = local.p2p_port_fisherman + "node.secret.envEnabled" = true + "node.secret.mnemonic" = var.FISHERMAN_MNEMONIC + "node.secret.mnemonicIndex" = var.FISHERMAN_MNEMONIC_START_INDEX + "node.preStartScript" = "source /scripts/get-private-key.sh" + # Rename: chart-side var name differs from pod env name. + "node.env.KEY_INDEX_START" = var.FISHERMAN_MNEMONIC_START_INDEX } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -548,30 +473,17 @@ locals { p2p = { publicIP = var.P2P_PUBLIC_IP } } })] + # Pod env vars flow from var.releases.full_node.env via inline_values. custom_settings = { - "nodeType" = "full-node" - "replicaCount" = var.FULL_NODE_REPLICAS - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "service.p2p.announcePort" = local.p2p_port_full_node - "service.p2p.port" = local.p2p_port_full_node - "node.proverRealProofs" = var.PROVER_REAL_PROOFS - "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID - "node.env.DEBUG_FORCE_TX_PROOF_VERIFICATION" = var.DEBUG_FORCE_TX_PROOF_VERIFICATION - "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY - "node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG - "node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "node.env.PROVER_TEST_VERIFICATION_DELAY_MS" = var.PROVER_TEST_VERIFICATION_DELAY_MS - "node.env.BB_CHONK_VERIFY_MAX_BATCH" = var.BB_CHONK_VERIFY_MAX_BATCH - "node.env.BB_CHONK_VERIFY_BATCH_CONCURRENCY" = var.BB_CHONK_VERIFY_BATCH_CONCURRENCY - "node.env.DEBUG_P2P_INSTRUMENT_MESSAGES" = var.DEBUG_P2P_INSTRUMENT_MESSAGES - "node.otelIncludeMetrics" = var.FULL_NODE_INCLUDE_METRICS - "node.env.P2P_GOSSIPSUB_D" = var.P2P_GOSSIPSUB_D - "node.env.P2P_GOSSIPSUB_DLO" = var.P2P_GOSSIPSUB_DLO - "node.env.P2P_GOSSIPSUB_DHI" = var.P2P_GOSSIPSUB_DHI - "node.env.P2P_DROP_TX_CHANCE" = var.P2P_DROP_TX_CHANCE - "node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS - "node.env.TX_COLLECTION_FILE_STORE_URLS" = var.TX_COLLECTION_FILE_STORE_URLS + "nodeType" = "full-node" + "replicaCount" = var.FULL_NODE_REPLICAS + "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "service.p2p.announcePort" = local.p2p_port_full_node + "service.p2p.port" = local.p2p_port_full_node + "env.OTEL_INCLUDE_METRICS" = var.FULL_NODE_INCLUDE_METRICS + # Deploy-time secrets (not in YAML). + "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID + "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -592,28 +504,13 @@ locals { p2p = { publicIP = var.P2P_PUBLIC_IP } } })] + # Pod env vars flow from var.releases.archive.env via inline_values. + # P2P_ARCHIVED_TX_LIMIT is set in _release_defaults.archive.env. custom_settings = { - "nodeType" = "archive" - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "service.p2p.announcePort" = local.p2p_port_archive - "service.p2p.port" = local.p2p_port_archive - "node.env.P2P_ARCHIVED_TX_LIMIT" = "10000000" - "node.proverRealProofs" = var.PROVER_REAL_PROOFS - "node.env.PROVER_TEST_VERIFICATION_DELAY_MS" = var.PROVER_TEST_VERIFICATION_DELAY_MS - "node.env.BB_CHONK_VERIFY_MAX_BATCH" = var.BB_CHONK_VERIFY_MAX_BATCH - "node.env.BB_CHONK_VERIFY_BATCH_CONCURRENCY" = var.BB_CHONK_VERIFY_BATCH_CONCURRENCY - "node.env.DEBUG_FORCE_TX_PROOF_VERIFICATION" = var.DEBUG_FORCE_TX_PROOF_VERIFICATION - "node.env.DEBUG_P2P_INSTRUMENT_MESSAGES" = var.DEBUG_P2P_INSTRUMENT_MESSAGES - "node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG - "node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "node.env.P2P_GOSSIPSUB_D" = var.P2P_GOSSIPSUB_D - "node.env.P2P_GOSSIPSUB_DLO" = var.P2P_GOSSIPSUB_DLO - "node.env.P2P_GOSSIPSUB_DHI" = var.P2P_GOSSIPSUB_DHI - "node.env.P2P_DROP_TX_CHANCE" = var.P2P_DROP_TX_CHANCE - "node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS - "node.env.TX_COLLECTION_FILE_STORE_URLS" = var.TX_COLLECTION_FILE_STORE_URLS - "node.env.BLOB_FILE_STORE_URLS" = var.BLOB_FILE_STORE_URLS + "nodeType" = "archive" + "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "service.p2p.announcePort" = local.p2p_port_archive + "service.p2p.port" = local.p2p_port_archive } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -634,22 +531,14 @@ locals { p2p = { publicIP = var.P2P_PUBLIC_IP } } })] + # Pod env vars flow from var.releases.blob_sink.env via inline_values. custom_settings = { - "nodeType" = "blob-sink" - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "node.proverRealProofs" = var.PROVER_REAL_PROOFS - "node.env.BLOB_FILE_STORE_UPLOAD_URL" = var.BLOB_FILE_STORE_UPLOAD_URL - "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID - "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY - "node.env.DEBUG_FORCE_TX_PROOF_VERIFICATION" = var.DEBUG_FORCE_TX_PROOF_VERIFICATION - "node.env.DEBUG_P2P_INSTRUMENT_MESSAGES" = var.DEBUG_P2P_INSTRUMENT_MESSAGES - "node.env.BLOB_ALLOW_EMPTY_SOURCES" = var.BLOB_ALLOW_EMPTY_SOURCES - "node.env.P2P_GOSSIPSUB_D" = var.P2P_GOSSIPSUB_D - "node.env.P2P_GOSSIPSUB_DLO" = var.P2P_GOSSIPSUB_DLO - "node.env.P2P_GOSSIPSUB_DHI" = var.P2P_GOSSIPSUB_DHI - "node.env.P2P_DROP_TX_CHANCE" = var.P2P_DROP_TX_CHANCE - "node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - "node.env.WS_NUM_HISTORIC_CHECKPOINTS" = var.WS_NUM_HISTORIC_CHECKPOINTS + "nodeType" = "blob-sink" + "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + # Deploy-time secrets / computed (not in YAML). + "node.env.BLOB_FILE_STORE_UPLOAD_URL" = var.BLOB_FILE_STORE_UPLOAD_URL + "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID + "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -757,7 +646,13 @@ resource "helm_release" "releases" { values = concat( [for v in each.value.values : file("./values/${v}")], [local.common_inline_values], - lookup(each.value, "inline_values", []) + lookup(each.value, "inline_values", []), + # New (Phase 4): per-release Helm values passed directly from the YAML loader + # via terraform.tfvars.json's `releases.` map. The loader emits + # values that already match the chart's expected shape (validator.env.*, etc.), + # so this is a direct pass-through with no per-key mapping. The existing `set` + # blocks below override these (kept for back-compat with current deploys). + contains(keys(var.releases), each.key) ? [yamlencode(var.releases[each.key])] : [] ) # Common settings diff --git a/spartan/terraform/deploy-aztec-infra/values/archive.yaml b/spartan/terraform/deploy-aztec-infra/values/archive.yaml index a9b81846528d..de1f5bea69a5 100644 --- a/spartan/terraform/deploy-aztec-infra/values/archive.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/archive.yaml @@ -1,6 +1,6 @@ +env: + OTEL_SERVICE_NAME: "archival-node" node: - env: - OTEL_SERVICE_NAME: "archival-node" startCmd: - --node - --archiver diff --git a/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml b/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml index 7970519894a4..539107524b83 100644 --- a/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml @@ -1,7 +1,8 @@ +env: + OTEL_SERVICE_NAME: "blob-sink" + node: nodeType: "blob-sink" - env: - OTEL_SERVICE_NAME: "blob-sink" preStartScript: | if [ -n "${BOOT_NODE_HOST:-}" ]; then diff --git a/spartan/terraform/deploy-aztec-infra/values/full-node.yaml b/spartan/terraform/deploy-aztec-infra/values/full-node.yaml index 44db0c6f9e87..4f8d6bfe4f12 100644 --- a/spartan/terraform/deploy-aztec-infra/values/full-node.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/full-node.yaml @@ -1,7 +1,8 @@ +env: + OTEL_SERVICE_NAME: "full-node" + node: nodeType: "full-node" - env: - OTEL_SERVICE_NAME: "full-node" preStartScript: | if [ -n "${BOOT_NODE_HOST:-}" ]; then diff --git a/spartan/terraform/deploy-aztec-infra/values/p2p-bootstrap.yaml b/spartan/terraform/deploy-aztec-infra/values/p2p-bootstrap.yaml index f4b438d6d67a..3394de2dcadd 100644 --- a/spartan/terraform/deploy-aztec-infra/values/p2p-bootstrap.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/p2p-bootstrap.yaml @@ -6,10 +6,10 @@ podDisruptionBudget: enabled: true minAvailable: 1 -node: - env: - OTEL_SERVICE_NAME: "boot-node" +env: + OTEL_SERVICE_NAME: "boot-node" +node: startCmd: - --p2p-bootstrap diff --git a/spartan/terraform/deploy-aztec-infra/values/prover.yaml b/spartan/terraform/deploy-aztec-infra/values/prover.yaml index fdec6f21015a..11021aac1889 100644 --- a/spartan/terraform/deploy-aztec-infra/values/prover.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/prover.yaml @@ -1,8 +1,8 @@ node: + env: + L1_PRIORITY_FEE_BUMP_PERCENTAGE: "30" + L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "80" node: - env: - L1_PRIORITY_FEE_BUMP_PERCENTAGE: 30 - L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: 80 preStartScript: | export TX_COLLECTION_NODE_RPC_URLS=$(bash /scripts/resolve-node-hosts.sh $NODE_HOSTS) source /scripts/setup-prover-keystore.sh diff --git a/spartan/terraform/deploy-aztec-infra/values/rpc.yaml b/spartan/terraform/deploy-aztec-infra/values/rpc.yaml index 5c3ebdb22b60..2500fc78f2bb 100644 --- a/spartan/terraform/deploy-aztec-infra/values/rpc.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/rpc.yaml @@ -1,11 +1,10 @@ nodeType: "rpc-node" +env: + OTEL_SERVICE_NAME: "node" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + RPC_MAX_BODY_SIZE: "50mb" node: - env: - OTEL_SERVICE_NAME: "node" - AWS_ACCESS_KEY_ID: "" - AWS_SECRET_ACCESS_KEY: "" - RPC_MAX_BODY_SIZE: "50mb" - preStartScript: | if [ -n "${BOOT_NODE_HOST:-}" ]; then until curl --silent --head --fail "${BOOT_NODE_HOST}/status" > /dev/null; do diff --git a/spartan/terraform/deploy-aztec-infra/values/validator.yaml b/spartan/terraform/deploy-aztec-infra/values/validator.yaml index 7fa158864a66..6c04b4662409 100644 --- a/spartan/terraform/deploy-aztec-infra/values/validator.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/validator.yaml @@ -1,6 +1,10 @@ validator: + env: + LOG_LEVEL: "debug; info: aztec:simulator, json-rpc" + L1_PRIORITY_FEE_BUMP_PERCENTAGE: "30" + L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "80" + node: - logLevel: "debug; info: aztec:simulator, json-rpc" # Validators can take a long time to come up (CRS download, heavy init, catch-up). # Keep startupProbe generous to avoid kubelet killing the container mid-boot. startupProbe: @@ -21,10 +25,6 @@ validator: export BOOTSTRAP_NODES=$(curl -X POST -H "content-type: application/json" --data '{"method": "bootstrap_getEncodedEnr"}' $BOOT_NODE_HOST | jq -r .result) fi - env: - L1_PRIORITY_FEE_BUMP_PERCENTAGE: 30 - L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: 80 - persistence: enabled: true diff --git a/spartan/terraform/deploy-aztec-infra/variables.tf b/spartan/terraform/deploy-aztec-infra/variables.tf index 834b4d833217..c7f61e9e24d8 100644 --- a/spartan/terraform/deploy-aztec-infra/variables.tf +++ b/spartan/terraform/deploy-aztec-infra/variables.tf @@ -1,3 +1,35 @@ +# ============================================================================= +# Structured config (Phase 4 -- coexists with legacy individual variables below) +# ============================================================================= +# Populated by spartan/scripts/load_network_config.sh --format=tfvars from a +# per-network YAML file. Each `releases.` is forwarded as Helm values to +# the matching helm_release in main.tf via yamlencode pass-through. Legacy +# individual variables (PROVER_REAL_PROOFS, SLASH_*, etc.) still work and +# override these via the `set` blocks; once a deploy is fully migrated to +# YAML, the legacy variables can be removed. + +variable "deploy" { + description = "Deploy-time config (cluster, namespace, ingress) loaded from per-network YAML" + type = any + default = {} +} + +variable "env" { + description = "Network-wide pod env baseline loaded from per-network YAML (UPPER_SNAKE keys)" + type = map(string) + default = {} +} + +variable "releases" { + description = "Per-release Helm values, keyed by release name (validator, prover, rpc, ...)" + type = any + default = {} +} + +# ============================================================================= +# Legacy individual variables (kept for back-compat; removed in Phase 5 cleanup) +# ============================================================================= + variable "R2_ACCESS_KEY_ID" { description = "Cloudflare R2 access key id for RPC node snapshot uploads" type = string diff --git a/yarn-project/cli/scripts/generate.sh b/yarn-project/cli/scripts/generate.sh index dbb508ba5beb..e595501b600e 100755 --- a/yarn-project/cli/scripts/generate.sh +++ b/yarn-project/cli/scripts/generate.sh @@ -23,7 +23,8 @@ networks=$(yq -o json '.networks | keys' spartan/environments/network-defaults.y for network in $networks; do echo "export const ${network}Config = {" >> yarn-project/cli/src/config/generated/networks.ts - yq -o json "explode(.) | .networks.$network // {}" spartan/environments/network-defaults.yml | \ + # Read from .networks..env (flat env baseline; was .networks. pre-refactor). + yq -o json "explode(.) | .networks.$network.env // {}" spartan/environments/network-defaults.yml | \ jq -r "to_entries | .[] | \" \\(.key): \\(.value | if type == \"string\" then \"'\\(.)'\" else . end),\"" \ >> yarn-project/cli/src/config/generated/networks.ts echo "} as const;" >> yarn-project/cli/src/config/generated/networks.ts From a4e4c4c44eb6c47b627a7e3999179fc1f96f341b Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 29 Apr 2026 15:50:53 +0000 Subject: [PATCH 02/34] refactor(spartan): move deploy defaults into YAML - Add `_deploy_defaults` block to `network-defaults.yml` mirroring the static defaults that previously lived in `deploy_network.sh`'s `${VAR:-default}` block. Loader seeds the `deploy:` baseline from it. - Strip the duplicated bash defaults block in `deploy_network.sh`; keep only deploy-time-derived values (RESOURCE_PROFILE cascade, validator addresses, mnemonic ranges, tf_str helpers, namespace required-var assertion). - Rename `network_deploy.sh` -> `deploy_network_with_env.sh` to make the entrypoint vs inner-script split obvious. Update callers in `bootstrap.sh`, the `deploy-network.yml` workflow, and `test_kind.sh` (which now uses the YAML loader instead of `.env` sourcing). Codegen output (CLI / ethereum / slasher) is byte-identical. --- .github/workflows/deploy-network.yml | 2 +- spartan/bootstrap.sh | 2 +- spartan/environments/network-defaults.yml | 118 +++++++++++ spartan/scripts/deploy_network.sh | 196 +++--------------- ...k_deploy.sh => deploy_network_with_env.sh} | 16 ++ spartan/scripts/load_network_config.sh | 7 +- spartan/scripts/test_kind.sh | 21 +- 7 files changed, 184 insertions(+), 178 deletions(-) rename spartan/scripts/{network_deploy.sh => deploy_network_with_env.sh} (78%) diff --git a/.github/workflows/deploy-network.yml b/.github/workflows/deploy-network.yml index a2a4016d91a4..ec9fc479f5a4 100644 --- a/.github/workflows/deploy-network.yml +++ b/.github/workflows/deploy-network.yml @@ -188,7 +188,7 @@ jobs: cd spartan ./scripts/install_deps.sh - ./scripts/network_deploy.sh "${{ inputs.network }}" + ./scripts/deploy_network_with_env.sh "${{ inputs.network }}" # Source for CLUSTER (prefers YAML loader, falls back to legacy .env). source "./scripts/source_env_basic.sh" diff --git a/spartan/bootstrap.sh b/spartan/bootstrap.sh index d7eb1d24f036..e14295dc4448 100755 --- a/spartan/bootstrap.sh +++ b/spartan/bootstrap.sh @@ -386,7 +386,7 @@ case "$cmd" in source_env_basic "$env_file" # Run the network deploy script - DENOISE=1 denoise "./scripts/network_deploy.sh $env_file" + DENOISE=1 denoise "./scripts/deploy_network_with_env.sh $env_file" export K8S_ENRICHER=${K8S_ENRICHER:-1} if [[ "${RUN_TESTS:-}" == "true" ]]; then diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index 917d9530ccca..0e37d6c914b3 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -220,6 +220,124 @@ _prodlike: &prodlike # Enable sentinel monitoring. SENTINEL_ENABLED: true +#=============================================================================== +# DEPLOY DEFAULTS +#=============================================================================== +# Defaults for the deploy: block consumed by spartan/scripts/deploy_network.sh. +# These are NOT pod env vars; they configure the deploy script and Terraform +# inputs (cluster targeting, replica counts, mnemonic indices, ingress, bots). +# Per-network YAMLs override these via their own `deploy:` block. +# Loader (load_network_config.sh) seeds the deploy: baseline from this block. + +_deploy_defaults: + # Cluster / GCP targeting + CLUSTER: kind + GCP_PROJECT_ID: testnet-440309 + GCP_REGION: us-west1-a + USE_NETWORK_CONFIG: "false" + + # Lifecycle flags + CREATE_ETH_DEVNET: "false" + DESTROY_ETH_DEVNET: "false" + CREATE_ROLLUP_CONTRACTS: "true" + CREATE_AZTEC_INFRA: "true" + DESTROY_AZTEC_INFRA: "false" + DEPLOY_INTERNAL_BOOTNODE: "true" + DEPLOY_ARCHIVAL_NODE: "false" + + # Ethereum (devnet) + ETHEREUM_CHAIN_ID: "1337" + ETHEREUM_BLOCK_TIME: "12" + ETHEREUM_GAS_LIMIT: "100000000" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + # Default prefunded indices: 0..48 + 1000 (admin) + LABS_INFRA_INDICES: "0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,1000" + + # Rollup + REAL_VERIFIER: "true" + SPONSORED_FPC: "false" + TEST_ACCOUNTS: "false" + + # Validator + VALIDATOR_MNEMONIC_START_INDEX: "1" + VALIDATORS_PER_NODE: "12" + VALIDATOR_REPLICAS: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_HA_REPLICAS: "0" + VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H: "24" + + # Prover + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" + PROVER_REPLICAS: "4" + PROVER_AGENTS_PER_PROVER: "1" + PROVER_AGENT_POLL_INTERVAL_MS: "1000" + PROVER_NODE_DISABLE_PROOF_PUBLISH: "false" + PROVER_TEST_DELAY_TYPE: "fixed" + PROVER_TEST_VERIFICATION_DELAY_MS: "10" + + # Sequencer + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_MAX_TX_PER_CHECKPOINT: "8" + SEQ_ENABLE_PROPOSER_PIPELINING: "false" + SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT: "0" + + # Bots + BOT_TRANSFERS_MNEMONIC_START_INDEX: "7000" + BOT_SWAPS_MNEMONIC_START_INDEX: "7100" + BOT_CROSS_CHAIN_MNEMONIC_START_INDEX: "7200" + BOT_TRANSFERS_REPLICAS: "0" + BOT_SWAPS_REPLICAS: "0" + BOT_CROSS_CHAIN_REPLICAS: "0" + BOT_TRANSFERS_TX_INTERVAL_SECONDS: "60" + BOT_SWAPS_TX_INTERVAL_SECONDS: "60" + BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: "10" + BOT_TRANSFERS_FOLLOW_CHAIN: "NONE" + BOT_SWAPS_FOLLOW_CHAIN: "NONE" + BOT_CROSS_CHAIN_FOLLOW_CHAIN: "PENDING" + BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP: "checkpointed" + BOT_SWAPS_PXE_SYNC_CHAIN_TIP: "checkpointed" + BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP: "checkpointed" + + # RPC ingress + RPC_INGRESS_ENABLED: "false" + # Empty JSON arrays for the ingress lists; per-network YAMLs set real values. + RPC_INGRESS_HOSTS: "[]" + RPC_INGRESS_SSL_CERT_NAMES: "[]" + RPC_REPLICAS: "1" + FISHERMAN_REPLICAS: "0" + FISHERMAN_MNEMONIC_START_INDEX: "1" + FULL_NODE_REPLICAS: "0" + + # P2P + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: "false" + P2P_GOSSIPSUB_D: "6" + P2P_GOSSIPSUB_DLO: "4" + P2P_GOSSIPSUB_DHI: "12" + P2P_DROP_TX_CHANCE: "0" + + # Filestore + BLOB_ALLOW_EMPTY_SOURCES: "false" + BLOB_FILE_STORE_URLS: "" + TX_FILE_STORE_ENABLED: "false" + TX_COLLECTION_FILE_STORE_URLS: "" + PROVER_FAILED_PROOF_STORE: "" + + # Optional secrets (overridden by per-network YAML or GCP secrets). + R2_ACCESS_KEY_ID: "" + R2_SECRET_ACCESS_KEY: "" + OTEL_COLLECTOR_ENDPOINT: "" + + # RPC ingress optional fields (per-network YAML overrides when used). + RPC_INGRESS_STATIC_IP_NAME: "" + RPC_CLOUD_ARMOR_POLICY_NAME: "" + RPC_INGRESS_SESSION_AFFINITY: "" + + # Logging / debug + LOG_LEVEL: "info" + DEBUG_P2P_INSTRUMENT_MESSAGES: "false" + #=============================================================================== # RELEASE DEFAULTS #=============================================================================== diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index 6027cad2d272..0939debe2521 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -39,192 +39,56 @@ DEPLOY_START_TIME=$(date +%s) declare -A STAGE_TIMINGS ######################## -# GLOBAL VARIABLES +# REQUIRED + DERIVED VARS ######################## -NAMESPACE=${NAMESPACE} # required -CLUSTER=${CLUSTER:-kind} -RESOURCE_PROFILE=${RESOURCE_PROFILE:-$([[ "${CLUSTER}" == "kind" ]] && echo "dev" || echo "prod")} -BASE_STATE_PATH="${CLUSTER}/${NAMESPACE}" - -# Don't try and retrieve contract addresses, instead allow deployed infra to read from network config -USE_NETWORK_CONFIG=${USE_NETWORK_CONFIG:-false} - -# GCP variables, unused if running on kind -GCP_PROJECT_ID=${GCP_PROJECT_ID:-testnet-440309} -GCP_REGION=${GCP_REGION:-us-west1-a} - -######################## -# ETHEREUM / DEVNET VARIABLES -######################## -DESTROY_ETH_DEVNET=${DESTROY_ETH_DEVNET:-false} -CREATE_ETH_DEVNET=${CREATE_ETH_DEVNET:-false} -ETHEREUM_CHAIN_ID=${ETHEREUM_CHAIN_ID:-1337} -ETHEREUM_BLOCK_TIME=${ETHEREUM_BLOCK_TIME:-12} -ETHEREUM_GAS_LIMIT=${ETHEREUM_GAS_LIMIT:-100000000} -LABS_INFRA_MNEMONIC=${LABS_INFRA_MNEMONIC:-test test test test test test test test test test test junk} -LABS_INFRA_INDICES=${LABS_INFRA_INDICES:-0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,1000} - -######################## -# ROLLUP VARIABLES -######################## -CREATE_ROLLUP_CONTRACTS=${CREATE_ROLLUP_CONTRACTS:-true} -SPONSORED_FPC=${SPONSORED_FPC:-false} -TEST_ACCOUNTS=${TEST_ACCOUNTS:-false} -REAL_VERIFIER=${REAL_VERIFIER:-true} - - -######################## -# AZTEC INFRA VARIABLES -######################## -DESTROY_AZTEC_INFRA=${DESTROY_AZTEC_INFRA:-false} -CREATE_AZTEC_INFRA=${CREATE_AZTEC_INFRA:-true} +# All static defaults live in spartan/environments/network-defaults.yml under +# `_deploy_defaults` and `networks..env`, sourced into this script's env +# by deploy_network_with_env.sh -> source_network_env.sh -> load_network_config.sh. +# Only deploy-time-derived values, required-var assertions, and helpers remain +# below. +NAMESPACE=${NAMESPACE:?NAMESPACE is required (set in YAML deploy: block or env)} +BASE_STATE_PATH="${CLUSTER}/${NAMESPACE}" -LABS_INFRA_MNEMONIC=${LABS_INFRA_MNEMONIC:-test test test test test test test test test test test junk} -ROLLUP_DEPLOYMENT_PRIVATE_KEY=${ROLLUP_DEPLOYMENT_PRIVATE_KEY:-$(cast wallet private-key --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index 0)} - -VALIDATOR_MNEMONIC_START_INDEX=${VALIDATOR_MNEMONIC_START_INDEX:-1} -VALIDATORS_PER_NODE=${VALIDATORS_PER_NODE:-12} -VALIDATOR_REPLICAS=${VALIDATOR_REPLICAS:-4} -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=${VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX:-5000} -VALIDATOR_PUBLISHERS_PER_REPLICA=${VALIDATOR_PUBLISHERS_PER_REPLICA:-4} -VALIDATOR_HA_REPLICAS=${VALIDATOR_HA_REPLICAS:-0} -VALIDATOR_HA_REPLICA_COUNT=${VALIDATOR_HA_REPLICA_COUNT:-} -VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H=${VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H:-24} - -# Max node count: max of primary (VALIDATOR_REPLICAS) and HA pod counts -# Determines how many attester keys and addresses to generate -EFFECTIVE_HA_COUNT=${VALIDATOR_HA_REPLICA_COUNT:-$VALIDATOR_REPLICAS} -if [[ $VALIDATOR_HA_REPLICAS -gt 0 ]]; then - MAX_VALIDATOR_NODES=$(( VALIDATOR_REPLICAS > EFFECTIVE_HA_COUNT ? VALIDATOR_REPLICAS : EFFECTIVE_HA_COUNT )) -else - MAX_VALIDATOR_NODES=$VALIDATOR_REPLICAS -fi - -# Compute VALIDATOR_INDICES from max node count if not explicitly set -TOTAL_ATTESTERS=$((MAX_VALIDATOR_NODES * VALIDATORS_PER_NODE)) -VALIDATOR_INDICES=${VALIDATOR_INDICES:-$(seq "$VALIDATOR_MNEMONIC_START_INDEX" $((VALIDATOR_MNEMONIC_START_INDEX + TOTAL_ATTESTERS - 1)) | tr '\n' ',' | sed 's/,$//')} -PROVER_PUBLISHER_MNEMONIC_START_INDEX=${PROVER_PUBLISHER_MNEMONIC_START_INDEX:-8000} -PUBLISHERS_PER_PROVER=${PUBLISHERS_PER_PROVER:-1} -PROVER_REAL_PROOFS=${REAL_VERIFIER:-true} - -PROVER_AGENT_POLL_INTERVAL_MS=${PROVER_AGENT_POLL_INTERVAL_MS:-1000} - -STORE_SNAPSHOT_URL_TF="" -if [[ -n "${STORE_SNAPSHOT_URL:-}" ]]; then - STORE_SNAPSHOT_URL_TF="\"$STORE_SNAPSHOT_URL\"" -else - STORE_SNAPSHOT_URL_TF="null" -fi - -PROVER_FAILED_PROOF_STORE=${PROVER_FAILED_PROOF_STORE:-} -SEQ_MIN_TX_PER_BLOCK=${SEQ_MIN_TX_PER_BLOCK:-1} -SEQ_MAX_TX_PER_BLOCK=${SEQ_MAX_TX_PER_BLOCK:-null} -SEQ_MAX_TX_PER_CHECKPOINT=${SEQ_MAX_TX_PER_CHECKPOINT:-8} -P2P_MAX_PENDING_TX_COUNT=${P2P_MAX_PENDING_TX_COUNT:-null} -SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER=${SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER:-null} -SEQ_BLOCK_DURATION_MS=${SEQ_BLOCK_DURATION_MS:-} -SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT=${SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT:-} -SEQ_BUILD_CHECKPOINT_IF_EMPTY=${SEQ_BUILD_CHECKPOINT_IF_EMPTY:-} -SEQ_ENABLE_PROPOSER_PIPELINING=${SEQ_ENABLE_PROPOSER_PIPELINING:-false} -AZTEC_EPOCHS_LAG=${AZTEC_EPOCHS_LAG:-} -SEQ_ENFORCE_TIME_TABLE=${SEQ_ENFORCE_TIME_TABLE:-} -SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT=${SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT:-0} -PROVER_REPLICAS=${PROVER_REPLICAS:-4} -PROVER_AGENTS_PER_PROVER=${PROVER_AGENTS_PER_PROVER:-1} -R2_ACCESS_KEY_ID=${R2_ACCESS_KEY_ID:-} -R2_SECRET_ACCESS_KEY=${R2_SECRET_ACCESS_KEY:-} - -OTEL_COLLECTOR_ENDPOINT=${OTEL_COLLECTOR_ENDPOINT:-} -OTEL_COLLECT_INTERVAL_MS=${OTEL_COLLECT_INTERVAL_MS:-} -OTEL_EXPORT_TIMEOUT_MS=${OTEL_EXPORT_TIMEOUT_MS:-} -DEPLOY_INTERNAL_BOOTNODE=${DEPLOY_INTERNAL_BOOTNODE:-} -DEPLOY_ARCHIVAL_NODE=${DEPLOY_ARCHIVAL_NODE:-false} - +# RESOURCE_PROFILE depends on the cluster (kind -> dev, otherwise prod). Each +# release-specific profile cascades from RESOURCE_PROFILE unless overridden. +RESOURCE_PROFILE=${RESOURCE_PROFILE:-$([[ "${CLUSTER}" == "kind" ]] && echo "dev" || echo "prod")} BOT_RESOURCE_PROFILE=${BOT_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -BOT_TRANSFERS_MNEMONIC_START_INDEX=${BOT_TRANSFERS_MNEMONIC_START_INDEX:-7000} -BOT_SWAPS_MNEMONIC_START_INDEX=${BOT_SWAPS_MNEMONIC_START_INDEX:-7100} -BOT_CROSS_CHAIN_MNEMONIC_START_INDEX=${BOT_CROSS_CHAIN_MNEMONIC_START_INDEX:-7200} -BOT_TRANSFERS_REPLICAS=${BOT_TRANSFERS_REPLICAS:-0} -BOT_SWAPS_REPLICAS=${BOT_SWAPS_REPLICAS:-0} -BOT_CROSS_CHAIN_REPLICAS=${BOT_CROSS_CHAIN_REPLICAS:-0} -BOT_TRANSFERS_TX_INTERVAL_SECONDS=${BOT_TRANSFERS_TX_INTERVAL_SECONDS:-60} -BOT_SWAPS_TX_INTERVAL_SECONDS=${BOT_SWAPS_TX_INTERVAL_SECONDS:-60} -BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS=${BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS:-10} -BOT_TRANSFERS_FOLLOW_CHAIN=${BOT_TRANSFERS_FOLLOW_CHAIN:-NONE} -BOT_SWAPS_FOLLOW_CHAIN=${BOT_SWAPS_FOLLOW_CHAIN:-NONE} -BOT_CROSS_CHAIN_FOLLOW_CHAIN=${BOT_CROSS_CHAIN_FOLLOW_CHAIN:-PENDING} -BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP=${BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP:-checkpointed} -BOT_SWAPS_PXE_SYNC_CHAIN_TIP=${BOT_SWAPS_PXE_SYNC_CHAIN_TIP:-checkpointed} -BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP=${BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP:-checkpointed} - -RPC_INGRESS_ENABLED=${RPC_INGRESS_ENABLED:-false} -RPC_INGRESS_HOSTS=${RPC_INGRESS_HOSTS:-[]} -RPC_INGRESS_STATIC_IP_NAME=${RPC_INGRESS_STATIC_IP_NAME:-} -RPC_INGRESS_SSL_CERT_NAMES=${RPC_INGRESS_SSL_CERT_NAMES:-[]} -RPC_CLOUD_ARMOR_POLICY_NAME=${RPC_CLOUD_ARMOR_POLICY_NAME:-} -RPC_INGRESS_SESSION_AFFINITY=${RPC_INGRESS_SESSION_AFFINITY:-} -RPC_INGRESS_LOG_SAMPLE_RATE=${RPC_INGRESS_LOG_SAMPLE_RATE:-null} -RPC_REPLICAS=${RPC_REPLICAS:-1} -FULL_NODE_REPLICAS=${FULL_NODE_REPLICAS:-0} -FISHERMAN_MNEMONIC_START_INDEX=${FISHERMAN_MNEMONIC_START_INDEX:-1} - RPC_RESOURCE_PROFILE=${RPC_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} - FULL_NODE_RESOURCE_PROFILE=${FULL_NODE_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} - P2P_BOOTSTRAP_RESOURCE_PROFILE=${P2P_BOOTSTRAP_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} VALIDATOR_RESOURCE_PROFILE=${VALIDATOR_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} PROVER_RESOURCE_PROFILE=${PROVER_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} ARCHIVE_RESOURCE_PROFILE=${ARCHIVE_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} BLOB_SINK_RESOURCE_PROFILE=${BLOB_SINK_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -PROVER_NODE_DISABLE_PROOF_PUBLISH=${PROVER_NODE_DISABLE_PROOF_PUBLISH:-false} -P2P_TX_POOL_DELETE_TXS_AFTER_REORG=${P2P_TX_POOL_DELETE_TXS_AFTER_REORG:-false} - -PROVER_TEST_DELAY_TYPE=${PROVER_TEST_DELAY_TYPE:-"fixed"} -PROVER_TEST_VERIFICATION_DELAY_MS=${PROVER_TEST_VERIFICATION_DELAY_MS:-10} - -DEBUG_P2P_INSTRUMENT_MESSAGES=${DEBUG_P2P_INSTRUMENT_MESSAGES:-false} - -PROVER_AGENT_INCLUDE_METRICS=${PROVER_AGENT_INCLUDE_METRICS:-} -FULL_NODE_INCLUDE_METRICS=${FULL_NODE_INCLUDE_METRICS:-} -FISHERMAN_REPLICAS=${FISHERMAN_REPLICAS:-0} - -LOG_LEVEL=${LOG_LEVEL:-info} +# Fisherman log level falls back to LOG_LEVEL. FISHERMAN_LOG_LEVEL=${FISHERMAN_LOG_LEVEL:-${LOG_LEVEL}} -BLOB_ALLOW_EMPTY_SOURCES=${BLOB_ALLOW_EMPTY_SOURCES:-false} +# When unset, derive from default mnemonic index 0. +ROLLUP_DEPLOYMENT_PRIVATE_KEY=${ROLLUP_DEPLOYMENT_PRIVATE_KEY:-$(cast wallet private-key --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index 0)} -# Blob filestore configuration -BLOB_FILE_STORE_UPLOAD_URL_TF="" -if [[ -n "${BLOB_FILE_STORE_UPLOAD_URL:-}" ]]; then - BLOB_FILE_STORE_UPLOAD_URL_TF="\"$BLOB_FILE_STORE_UPLOAD_URL\"" -else - BLOB_FILE_STORE_UPLOAD_URL_TF="null" -fi +# PROVER_REAL_PROOFS mirrors REAL_VERIFIER (deploy-script flag). +PROVER_REAL_PROOFS=${REAL_VERIFIER} -# TX filestore configuration -TX_FILE_STORE_ENABLED=${TX_FILE_STORE_ENABLED:-false} -TX_FILE_STORE_URL_TF="" -if [[ -n "${TX_FILE_STORE_URL:-}" ]]; then - TX_FILE_STORE_URL_TF="\"$TX_FILE_STORE_URL\"" +# Max node count: max of primary (VALIDATOR_REPLICAS) and HA pod counts +# Determines how many attester keys and addresses to generate +EFFECTIVE_HA_COUNT=${VALIDATOR_HA_REPLICA_COUNT:-$VALIDATOR_REPLICAS} +if [[ $VALIDATOR_HA_REPLICAS -gt 0 ]]; then + MAX_VALIDATOR_NODES=$(( VALIDATOR_REPLICAS > EFFECTIVE_HA_COUNT ? VALIDATOR_REPLICAS : EFFECTIVE_HA_COUNT )) else - TX_FILE_STORE_URL_TF="null" + MAX_VALIDATOR_NODES=$VALIDATOR_REPLICAS fi -TX_COLLECTION_FILE_STORE_URLS=${TX_COLLECTION_FILE_STORE_URLS:-} -P2P_GOSSIPSUB_D=${P2P_GOSSIPSUB_D:-6} -P2P_GOSSIPSUB_DLO=${P2P_GOSSIPSUB_DLO:-4} -P2P_GOSSIPSUB_DHI=${P2P_GOSSIPSUB_DHI:-12} - -P2P_DROP_TX_CHANCE=${P2P_DROP_TX_CHANCE:-0} +# Compute VALIDATOR_INDICES from max node count if not explicitly set. +TOTAL_ATTESTERS=$((MAX_VALIDATOR_NODES * VALIDATORS_PER_NODE)) +VALIDATOR_INDICES=${VALIDATOR_INDICES:-$(seq "$VALIDATOR_MNEMONIC_START_INDEX" $((VALIDATOR_MNEMONIC_START_INDEX + TOTAL_ATTESTERS - 1)) | tr '\n' ',' | sed 's/,$//')} -# Chaos mesh scenarios values file (e.g., "network-requirements.yaml") -# If set, the experiment is installed after Aztec infra, rules are injected, -# then all pods are restarted so they come up clean with partition rules active. -# Requires the chaos mesh operator to already be running (see deploy_chaos_mesh.sh). -CHAOS_MESH_SCENARIOS_FILE=${CHAOS_MESH_SCENARIOS_FILE:-} +# Convert string-or-empty deploy-time inputs into JSON-encoded null-or-string for +# tfvars consumption. Wraps tf_str helper for the snapshot/blob/tx upload URLs. +STORE_SNAPSHOT_URL_TF=$(tf_str "${STORE_SNAPSHOT_URL:-}") +BLOB_FILE_STORE_UPLOAD_URL_TF=$(tf_str "${BLOB_FILE_STORE_UPLOAD_URL:-}") +TX_FILE_STORE_URL_TF=$(tf_str "${TX_FILE_STORE_URL:-}") # Compute validator addresses (skip if no validators) if [[ $VALIDATOR_REPLICAS -gt 0 ]]; then diff --git a/spartan/scripts/network_deploy.sh b/spartan/scripts/deploy_network_with_env.sh similarity index 78% rename from spartan/scripts/network_deploy.sh rename to spartan/scripts/deploy_network_with_env.sh index eab3b12962f7..bc9109c548a9 100755 --- a/spartan/scripts/network_deploy.sh +++ b/spartan/scripts/deploy_network_with_env.sh @@ -1,4 +1,20 @@ #!/usr/bin/env bash +# Outer entrypoint for deploying an Aztec network from a per-network YAML. +# +# Usage: deploy_network_with_env.sh +# : bare name (resolved to spartan/environments/networks/.yml) +# or absolute path to a YAML file. +# +# Steps: +# 1. Loads basic env from YAML (CLUSTER, NAMESPACE, ...). +# 2. Performs GCP auth (skipped on kind). +# 3. Loads full env (with GCP secrets resolved). +# 4. Optionally provisions network-frontend (RPC ingress IP + SSL cert + DNS). +# 5. Calls deploy_network.sh, which renders Terraform tfvars and runs the +# eth-devnet / rollup-contracts / aztec-infra modules. +# +# For kind tests (test_kind.sh) and direct calls that have already populated +# the environment, deploy_network.sh can be invoked directly. set -euo pipefail diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index 21f104d5f80f..b9d7bf27089e 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -246,9 +246,12 @@ main() { local exploded_defaults="$tmpdir/defaults_exploded.yml" yq eval 'explode(.)' "$defaults_yaml" > "$exploded_defaults" - # Extract _release_defaults (and other underscore-prefixed defaults) for the loader baseline. + # Build the loader baseline by combining: + # - `_release_defaults` -> top-level release blocks (validator, prover, ...) + # - `_deploy_defaults` -> seeds the `deploy:` block (UPPER_SNAKE keys) + # Per-network YAMLs (and the selected preset's env baseline) layer on top. local defaults_only="$tmpdir/defaults_only.yml" - yq eval '._release_defaults // {}' "$exploded_defaults" > "$defaults_only" + yq eval '(._release_defaults // {}) * {"deploy": (._deploy_defaults // {})}' "$exploded_defaults" > "$defaults_only" # Build the merged JSON. local merged_json diff --git a/spartan/scripts/test_kind.sh b/spartan/scripts/test_kind.sh index db338d085525..016fb4a37491 100755 --- a/spartan/scripts/test_kind.sh +++ b/spartan/scripts/test_kind.sh @@ -1,15 +1,15 @@ #!/usr/bin/env bash -# Usage: source environments/kind-provers.env && ./test_kind.sh [namespace] +# Usage: NETWORK= ./test_kind.sh [namespace] # Deploys a network to KIND and runs the specified test. # -# Prerequisites: -# Source the appropriate env file before running: -# - kind-minimal.env: Fast testing with fake provers -# - kind-provers.env: Real provers (slower, matches next-scenario.env) +# NETWORK selects spartan/environments/networks/.yml. Common choices: +# - kind-minimal: Fast testing with fake provers +# - kind-provers: Real provers (slower) # # Environment variables: -# OVERRIDES (default: "") - Helm value overrides -# INSTALL_METRICS (default: "false") - Install metrics stack +# NETWORK (default: "kind-minimal") - YAML config to load +# OVERRIDES (default: "") - Helm value overrides +# INSTALL_METRICS (default: "false") - Install metrics stack set -euo pipefail @@ -19,11 +19,16 @@ test_file="${1:?test_file is required}" namespace="${2:-upgrade-test}" install_metrics="${INSTALL_METRICS:-false}" +network="${NETWORK:-kind-minimal}" # Ensure KIND cluster is running ../bootstrap.sh kind -# Set up namespace (override NAMESPACE from env file with specific test namespace) +# Load env from per-network YAML (skip GCP secrets; KIND has no gcloud auth). +source ./source_env_basic.sh +source_env_basic "$network" + +# Override NAMESPACE / CLUSTER for this specific test invocation. export NAMESPACE="$namespace" export CLUSTER="kind" From af3d8084862ac8b7f7801a6ef4a9bc7c53b059ea Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 29 Apr 2026 16:00:44 +0000 Subject: [PATCH 03/34] fix(spartan): emit GCP secret mask commands on stderr The Python `resolve_secrets` helper inside `load_network_config.sh` wrote `::add-mask::SECRET` workflow commands to stdout. That stream is captured into `merged_json` and then piped to `jq`, so the mask lines prefixed the JSON and broke every downstream `jq` pipeline with a "parse error: Expected string key before ':'", leaving env-var placeholders unresolved and triggering GHA's "the word REPLACE_WITH_GCP_SECRET is invalid" errors during deploys. - Route mask commands and diagnostics to stderr only. - Split JSON-array secrets (`ETHEREUM_RPC_URLS`, consensus arrays) into per-element mask commands, matching the legacy setup_gcp_secrets.sh behavior. - Cache fetched secrets to avoid repeated gcloud calls (R2 account id is now used for snapshot/blob/tx URL construction below). - Construct STORE_SNAPSHOT_URL / BLOB_FILE_STORE_UPLOAD_URL / TX_FILE_STORE_URL from the corresponding *_BUCKET_DIRECTORY inputs + the r2-account-id secret -- another piece that was missing from the YAML loader and was breaking real deploys. - Delete the now-orphan `setup_gcp_secrets.sh` (last consumer was the removed `.env` path; only referenced by comments now). --- spartan/scripts/load_network_config.sh | 75 +++++++++-- spartan/scripts/setup_gcp_secrets.sh | 170 ------------------------- 2 files changed, 66 insertions(+), 179 deletions(-) delete mode 100755 spartan/scripts/setup_gcp_secrets.sh diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index b9d7bf27089e..1f2327117ab7 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -113,6 +113,8 @@ json.dump(data, sys.stdout, indent=2) # Resolve REPLACE_WITH_GCP_SECRET placeholders by calling gcloud. # Reads JSON on stdin, writes JSON on stdout. +# Mask commands and any diagnostic output go to stderr (must NOT pollute the +# JSON stdout or downstream jq pipelines fail with "parse error"). # Skipped if `gcloud` is not on PATH or no placeholders exist. resolve_secrets() { python3 -c ' @@ -124,7 +126,17 @@ import sys PLACEHOLDER = "REPLACE_WITH_GCP_SECRET" -# Same secret name mapping as setup_gcp_secrets.sh, kept in sync. +# JSON-array secrets are unwrapped before masking so each element is masked +# individually (matching setup_gcp_secrets.sh behavior). Otherwise GHA may +# refuse to mask the raw `["url1","url2"]` form. +JSON_ARRAY_SECRETS = { + "ETHEREUM_RPC_URLS", + "ETHEREUM_CONSENSUS_HOST_URLS", + "ETHEREUM_CONSENSUS_HOST_API_KEYS", + "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS", +} + +# Same secret name mapping as the (legacy) setup_gcp_secrets.sh, kept in sync. def secret_name_for(env_var, env, deploy): l1_network = env.get("L1_NETWORK") or deploy.get("L1_NETWORK") or "sepolia" network = env.get("NETWORK") or deploy.get("NETWORK") or "" @@ -146,21 +158,42 @@ def secret_name_for(env_var, env, deploy): } return mapping.get(env_var) +def emit_mask(value): + """Emit ::add-mask:: workflow command(s) on stderr (never stdout).""" + if not value: + return + # Split JSON-array values into elements before masking. + if value.startswith("[") and value.endswith("]"): + try: + for element in json.loads(value): + if element: + sys.stderr.write(f"::add-mask::{element}\n") + return + except json.JSONDecodeError: + pass + sys.stderr.write(f"::add-mask::{value}\n") + +_secret_cache = {} + def fetch(secret_name, project_id): if not project_id: sys.stderr.write(f"resolve_secrets: GCP_PROJECT_ID not set; cannot fetch {secret_name}\n") return None + if secret_name in _secret_cache: + return _secret_cache[secret_name] try: result = subprocess.run( ["gcloud", "secrets", "versions", "access", "latest", "--secret", secret_name, "--project", project_id], capture_output=True, text=True, check=True, ) - # Mask in CI logs (matches setup_gcp_secrets.sh behavior). - print(f"::add-mask::{result.stdout.strip()}") - return result.stdout.strip() + value = result.stdout.strip() + emit_mask(value) + _secret_cache[secret_name] = value + return value except subprocess.CalledProcessError as e: sys.stderr.write(f"resolve_secrets: failed to read {secret_name}: {e.stderr}\n") + _secret_cache[secret_name] = None return None data = json.load(sys.stdin) @@ -172,7 +205,7 @@ if not shutil.which("gcloud"): json.dump(data, sys.stdout, indent=2) sys.exit(0) -# Only iterate keys that contain the placeholder. +# Resolve REPLACE_WITH_GCP_SECRET placeholders in env: block. for key, val in list(env.items()): if not isinstance(val, str) or PLACEHOLDER not in val: continue @@ -183,10 +216,34 @@ for key, val in list(env.items()): fetched = fetch(secret_name, project_id) if fetched is None: continue - if val == PLACEHOLDER: - env[key] = fetched - else: - env[key] = val.replace(PLACEHOLDER, fetched) + env[key] = fetched if val == PLACEHOLDER else val.replace(PLACEHOLDER, fetched) + +# Construct R2-backed URLs from r2-account-id + bucket directory inputs. +# Mirrors setup_gcp_secrets.sh: each *_BUCKET_DIRECTORY var (in deploy: or env:) +# becomes a fully-formed S3-compatible URL. +def get_input(name): + return deploy.get(name) or env.get(name) or "" + +snapshot_dir = get_input("SNAPSHOT_BUCKET_DIRECTORY") +blob_dir = get_input("BLOB_BUCKET_DIRECTORY") +tx_dir = get_input("TX_FILE_STORE_BUCKET_DIRECTORY") + +if snapshot_dir or blob_dir or tx_dir: + r2 = fetch("r2-account-id", project_id) + if r2: + if snapshot_dir: + env["STORE_SNAPSHOT_URL"] = ( + f"s3://testnet-bucket/{snapshot_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" + f"&publicBaseUrl=https://aztec-labs-snapshots.com" + ) + if blob_dir: + env["BLOB_FILE_STORE_UPLOAD_URL"] = ( + f"s3://testnet-bucket/{blob_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" + ) + if tx_dir: + env["TX_FILE_STORE_URL"] = ( + f"s3://testnet-bucket/{tx_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" + ) json.dump(data, sys.stdout, indent=2) ' diff --git a/spartan/scripts/setup_gcp_secrets.sh b/spartan/scripts/setup_gcp_secrets.sh deleted file mode 100755 index 9eadb39ecdc1..000000000000 --- a/spartan/scripts/setup_gcp_secrets.sh +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# Script to replace REPLACE_WITH_GCP_SECRET placeholders with actual GCP secrets -# Usage: setup_gcp_secrets.sh - -ENV_FILE="$1" - -if [[ ! -f "$ENV_FILE" ]]; then - echo "Environment file not found: $ENV_FILE" >&2 - exit 1 -fi - -# Read the network name from the env file -NETWORK=${NETWORK:-} - -L1_NETWORK=${L1_NETWORK:-sepolia} - -# Read optional custom secret name for LABS_INFRA_MNEMONIC -LABS_INFRA_MNEMONIC_SECRET_NAME=${LABS_INFRA_MNEMONIC_SECRET_NAME:-} - -echo "Setting up GCP secrets for network: $NETWORK" - -# Create secure temporary directory for secrets -SECRETS_TMP_DIR=$(mktemp -d) -chmod 700 "$SECRETS_TMP_DIR" -trap "rm -rf '$SECRETS_TMP_DIR'" EXIT - -# Function to get secret from GCP Secret Manager and write to temp file -# Returns the path to the temp file containing the secret -get_secret() { - local secret_name="$1" - local temp_file="$SECRETS_TMP_DIR/${secret_name}.secret" - - gcloud secrets versions access latest --secret="$secret_name" --project="$GCP_PROJECT_ID" --out-file="$temp_file" 2>/dev/null || { - echo "Failed to read secret: $secret_name" >&2 - exit 1 - } - - echo "$temp_file" -} - -# Function to mask secret values from file - handles both plain strings and JSON -# Reads secret from temp file, masks it, and returns the value -mask_secret_value() { - local env_var="$1" - local secret_file="$2" - - # Read secret from file - local secret_value - secret_value=$(cat "$secret_file") - - # Check if this environment variable contains JSON that should be individually masked - local is_json_secret=false - for json_var in "${JSON_SECRETS[@]}"; do - if [[ "$env_var" == "$json_var" ]]; then - is_json_secret=true - break - fi - done - - if [[ "$is_json_secret" == "true" ]]; then - jq -r '.[]' "$secret_file" | while IFS= read -r element; do - if [[ -n "$element" ]]; then - echo "::add-mask::$element" - fi - done - elif [[ -n "$secret_value" ]]; then - echo "::add-mask::$secret_value" - fi -} - -# Determine the mnemonic secret name: use custom if provided, otherwise use default pattern -if [[ -n "$LABS_INFRA_MNEMONIC_SECRET_NAME" ]]; then - MNEMONIC_SECRET="${LABS_INFRA_MNEMONIC_SECRET_NAME}" -else - MNEMONIC_SECRET="${L1_NETWORK}-labs-${NETWORK}-mnemonic" -fi - -# Map of environment variables to GCP secret names -# Generic mappings - network-specific secrets use ${NETWORK} in the name -declare -A SECRET_MAPPINGS=( - ["ETHEREUM_RPC_URLS"]="${L1_NETWORK}-rpc-urls" - ["ETHEREUM_CONSENSUS_HOST_URLS"]="${L1_NETWORK}-consensus-host-urls" - ["ETHEREUM_CONSENSUS_HOST_API_KEYS"]="${L1_NETWORK}-consensus-host-api-keys" - ["ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS"]="${L1_NETWORK}-consensus-host-api-key-headers" - ["FUNDING_PRIVATE_KEY"]="${L1_NETWORK}-funding-private-key" - ["ROLLUP_DEPLOYMENT_PRIVATE_KEY"]="${L1_NETWORK}-labs-rollup-private-key" - ["OTEL_COLLECTOR_ENDPOINT"]="otel-collector-url" - ["ETHERSCAN_API_KEY"]="etherscan-api-key" - ["LABS_INFRA_MNEMONIC"]="${MNEMONIC_SECRET}" - ["STORE_SNAPSHOT_URL"]="r2-account-id" - ["R2_ACCESS_KEY_ID"]="r2-access-key-id" - ["R2_SECRET_ACCESS_KEY"]="r2-secret-access-key" -) - -# List of environment variables that contain JSON and should have individual values masked -JSON_SECRETS=( - "ETHEREUM_RPC_URLS" - "ETHEREUM_CONSENSUS_HOST_URLS" - "ETHEREUM_CONSENSUS_HOST_API_KEYS" - "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS" -) - -# Replace placeholders with actual secrets -for env_var in "${!SECRET_MAPPINGS[@]}"; do - secret_name="${SECRET_MAPPINGS[$env_var]}" - - # Skip if the variable doesn't contain REPLACE_WITH_GCP_SECRET at all - if ! grep -q "^${env_var}=.*REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then - echo "Skipping $env_var (no placeholder value)" - continue - fi - - echo "Fetching secret: $secret_name for $env_var" - - if grep -q "^${env_var}=REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then - # Export the secret value - secret_file=$(get_secret "$secret_name") - mask_secret_value "$env_var" "$secret_file" - export $env_var="$(cat "$secret_file")" - elif grep -q "^${env_var}=REPLACE_WITH_GCP_SECRET/" "$ENV_FILE"; then - # Handle cases like STORE_SNAPSHOT_URL=REPLACE_WITH_GCP_SECRET/network/ - suffix=$(grep "^${env_var}=REPLACE_WITH_GCP_SECRET/" "$ENV_FILE" | cut -d'/' -f2-) - secret_file=$(get_secret "$secret_name") - mask_secret_value "$env_var" "$secret_file" - export $env_var="$(cat $secret_file)/$suffix" - elif grep -q "^${env_var}=.*REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then - # Replace inline occurrences within the value, preserving surrounding content - full_value=$(grep "^${env_var}=" "$ENV_FILE" | cut -d'=' -f2-) - # Strip surrounding double quotes if present - if [[ "$full_value" == \"*\" && "$full_value" == *\" ]]; then - full_value="${full_value:1:-1}" - fi - secret_file=$(get_secret "$secret_name") - mask_secret_value "$env_var" "$secret_file" - secret_value="$(cat "$secret_file")" - replaced_value="${full_value//REPLACE_WITH_GCP_SECRET/$secret_value}" - export $env_var="$replaced_value" - fi -done - -# Construct STORE_SNAPSHOT_URL from the r2-account-id secret and SNAPSHOT_BUCKET_DIRECTORY -# This happens after secret replacement so the R2 account ID is available -if [[ -n "${SNAPSHOT_BUCKET_DIRECTORY:-}" ]]; then - secret_file=$(get_secret "r2-account-id") - mask_secret_value "STORE_SNAPSHOT_URL" "$secret_file" - r2_account_id=$(cat "$secret_file") - export STORE_SNAPSHOT_URL="s3://testnet-bucket/${SNAPSHOT_BUCKET_DIRECTORY}/?endpoint=https://${r2_account_id}.r2.cloudflarestorage.com&publicBaseUrl=https://aztec-labs-snapshots.com" -fi - -# Construct BLOB_FILE_STORE_UPLOAD_URL from the r2-account-id secret and BLOB_BUCKET_DIRECTORY -# Uses the same R2 bucket as snapshots but with a different directory for blobs -if [[ -n "${BLOB_BUCKET_DIRECTORY:-}" ]]; then - secret_file=$(get_secret "r2-account-id") - mask_secret_value "BLOB_FILE_STORE_UPLOAD_URL" "$secret_file" - r2_account_id=$(cat "$secret_file") - export BLOB_FILE_STORE_UPLOAD_URL="s3://testnet-bucket/${BLOB_BUCKET_DIRECTORY}/?endpoint=https://${r2_account_id}.r2.cloudflarestorage.com" -fi - -# Construct TX_FILE_STORE_URL from the r2-account-id secret and TX_FILE_STORE_BUCKET_DIRECTORY -if [[ -n "${TX_FILE_STORE_BUCKET_DIRECTORY:-}" ]]; then - secret_file=$(get_secret "r2-account-id") - mask_secret_value "TX_FILE_STORE_URL" "$secret_file" - r2_account_id=$(cat "$secret_file") - export TX_FILE_STORE_URL="s3://testnet-bucket/${TX_FILE_STORE_BUCKET_DIRECTORY}/?endpoint=https://${r2_account_id}.r2.cloudflarestorage.com" -fi - -echo "Successfully set up GCP secrets for $NETWORK" From 4191d7658bba280a51b62a3bebe997e732b19151 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 29 Apr 2026 16:17:54 +0000 Subject: [PATCH 04/34] refactor(spartan): single var.deploy/env/releases for deploy-aztec-infra Cuts ~900 lines from terraform/deploy-aztec-infra/variables.tf by replacing all ~70 legacy individual `variable "X"` declarations with three structured inputs: variable "deploy" { type = any } # YAML deploy: + computed variable "env" { type = map(string) } # YAML env: pod baseline variable "releases" { type = any } # YAML per-release blocks main.tf now reads everything via local.d. (alias for var.deploy) with appropriate tonumber()/tobool()/try() coercions at the boundary -- the YAML loader emits all values as strings. deploy_network.sh writes terraform.tfvars.json (instead of HCL tfvars) by running load_network_config.sh --format=tfvars, then jq-merging deploy-time computed values (cluster context, image overrides, contract addresses, admin API key hash, mnemonic plumbing, P2P cluster gating, L1 endpoints) into the deploy block. R2-derived URLs from resolve_secrets are promoted from env: into deploy: where main.tf gates helm releases on them. Plumbing: - deploy_network.sh now takes arg (passed by deploy_network_with_env.sh and test_kind.sh) so it can re-invoke the loader for the structured JSON. Validation: - terraform validate passes. - terraform plan against generated tfvars.json resolves all variables and proceeds to k8s provider connect (failing only on cluster reachability, as expected without a real kube context). --- spartan/scripts/deploy_network.sh | 255 ++--- spartan/scripts/deploy_network_with_env.sh | 2 +- spartan/scripts/test_kind.sh | 2 +- spartan/terraform/deploy-aztec-infra/main.tf | 492 +++++---- .../terraform/deploy-aztec-infra/variables.tf | 950 +----------------- 5 files changed, 397 insertions(+), 1304 deletions(-) diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index 0939debe2521..bf5bb0fde36d 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -1,6 +1,19 @@ #!/usr/bin/env bash +# Inner deploy script: renders Terraform tfvars and runs eth-devnet, +# rollup-contracts, and aztec-infra modules. +# +# Usage: deploy_network.sh +# : bare YAML name (resolved to spartan/environments/networks/.yml) +# or absolute path. Used to re-invoke load_network_config.sh for +# the structured deploy/env/releases JSON written to +# deploy-aztec-infra/terraform.tfvars.json. +# +# Assumes env was already sourced by deploy_network_with_env.sh (or the caller). + set -euo pipefail +NETWORK_YAML="${1:?usage: deploy_network.sh }" + # Resolve repo root and script directory for reliable relative paths REPO_ROOT="$(git rev-parse --show-toplevel)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" @@ -396,156 +409,96 @@ else P2P_PUBLIC_IP=${P2P_PUBLIC_IP:-true} fi -cat > "${DEPLOY_AZTEC_INFRA_DIR}/terraform.tfvars" << EOF -K8S_CLUSTER_CONTEXT = "${K8S_CLUSTER_CONTEXT}" -RELEASE_PREFIX = "${NAMESPACE}" -NAMESPACE = "${NAMESPACE}" -GCP_PROJECT_ID = "${GCP_PROJECT_ID}" -GCP_REGION = "${GCP_REGION}" -R2_ACCESS_KEY_ID="${R2_ACCESS_KEY_ID}" -R2_SECRET_ACCESS_KEY="${R2_SECRET_ACCESS_KEY}" -P2P_BOOTSTRAP_RESOURCE_PROFILE = "${P2P_BOOTSTRAP_RESOURCE_PROFILE}" -VALIDATOR_RESOURCE_PROFILE = "${VALIDATOR_RESOURCE_PROFILE}" -PROVER_RESOURCE_PROFILE = "${PROVER_RESOURCE_PROFILE}" -RPC_RESOURCE_PROFILE = "${RPC_RESOURCE_PROFILE}" -FULL_NODE_RESOURCE_PROFILE = "${FULL_NODE_RESOURCE_PROFILE}" -ARCHIVE_RESOURCE_PROFILE = "${ARCHIVE_RESOURCE_PROFILE}" -BLOB_SINK_RESOURCE_PROFILE = "${BLOB_SINK_RESOURCE_PROFILE}" -AZTEC_DOCKER_IMAGE = "${AZTEC_DOCKER_IMAGE}" -PROVER_AGENT_DOCKER_IMAGE = "${PROVER_AGENT_DOCKER_IMAGE:-$AZTEC_DOCKER_IMAGE}" -VALIDATOR_HA_DOCKER_IMAGE = "${VALIDATOR_HA_DOCKER_IMAGE:-}" -SPONSORED_FPC = ${SPONSORED_FPC} -TEST_ACCOUNTS = ${TEST_ACCOUNTS} -L1_CHAIN_ID = "${ETHEREUM_CHAIN_ID}" -L1_RPC_URLS = ${L1_RPC_URLS_JSON} -L1_CONSENSUS_HOST_URLS = ${L1_CONSENSUS_HOST_URLS_JSON} -L1_CONSENSUS_HOST_API_KEYS = ${L1_CONSENSUS_HOST_API_KEYS_JSON:-null} -L1_CONSENSUS_HOST_API_KEY_HEADERS = ${L1_CONSENSUS_HOST_API_KEY_HEADERS_JSON:-null} -REGISTRY_CONTRACT_ADDRESS = "${REGISTRY_ADDRESS}" -FEE_ASSET_HANDLER_CONTRACT_ADDRESS = "${FEE_ASSET_HANDLER_ADDRESS}" -VALIDATOR_MNEMONIC = "${LABS_INFRA_MNEMONIC}" -VALIDATOR_MNEMONIC_START_INDEX = ${VALIDATOR_MNEMONIC_START_INDEX} -VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX = ${VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX} -VALIDATORS_PER_NODE = ${VALIDATORS_PER_NODE} -VALIDATOR_REPLICAS = ${VALIDATOR_REPLICAS} -VALIDATOR_PUBLISHERS_PER_REPLICA = ${VALIDATOR_PUBLISHERS_PER_REPLICA} -VALIDATOR_HA_REPLICAS = ${VALIDATOR_HA_REPLICAS} -VALIDATOR_HA_REPLICA_COUNT = ${VALIDATOR_HA_REPLICA_COUNT:-null} -VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H = ${VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H} -SEQ_MIN_TX_PER_BLOCK = ${SEQ_MIN_TX_PER_BLOCK} -SEQ_MAX_TX_PER_BLOCK = ${SEQ_MAX_TX_PER_BLOCK} -SEQ_MAX_TX_PER_CHECKPOINT = ${SEQ_MAX_TX_PER_CHECKPOINT} -P2P_MAX_PENDING_TX_COUNT = ${P2P_MAX_PENDING_TX_COUNT} -SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER = ${SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER} -SEQ_BLOCK_DURATION_MS = ${SEQ_BLOCK_DURATION_MS:-null} -SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT = ${SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT:-null} -SEQ_BUILD_CHECKPOINT_IF_EMPTY = ${SEQ_BUILD_CHECKPOINT_IF_EMPTY:-null} -SEQ_ENABLE_PROPOSER_PIPELINING = ${SEQ_ENABLE_PROPOSER_PIPELINING} -AZTEC_EPOCHS_LAG = ${AZTEC_EPOCHS_LAG:-null} -SEQ_ENFORCE_TIME_TABLE = ${SEQ_ENFORCE_TIME_TABLE:-null} -SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT = ${SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT} -PROVER_MNEMONIC = "${LABS_INFRA_MNEMONIC}" -PROVER_PUBLISHER_MNEMONIC_START_INDEX = ${PROVER_PUBLISHER_MNEMONIC_START_INDEX} -PROVER_PUBLISHERS_PER_PROVER = ${PUBLISHERS_PER_PROVER} -SENTINEL_ENABLED = ${SENTINEL_ENABLED:-null} -SLASH_INACTIVITY_TARGET_PERCENTAGE = ${SLASH_INACTIVITY_TARGET_PERCENTAGE:-null} -SLASH_INACTIVITY_PENALTY = ${SLASH_INACTIVITY_PENALTY:-null} -SLASH_PRUNE_PENALTY = ${SLASH_PRUNE_PENALTY:-null} -SLASH_DATA_WITHHOLDING_PENALTY = ${SLASH_DATA_WITHHOLDING_PENALTY:-null} -SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY = ${SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY:-null} -SLASH_DUPLICATE_PROPOSAL_PENALTY = ${SLASH_DUPLICATE_PROPOSAL_PENALTY:-null} -SLASH_DUPLICATE_ATTESTATION_PENALTY = ${SLASH_DUPLICATE_ATTESTATION_PENALTY:-null} -SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY = ${SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY:-null} -SLASH_UNKNOWN_PENALTY = ${SLASH_UNKNOWN_PENALTY:-null} -SLASH_INVALID_BLOCK_PENALTY = ${SLASH_INVALID_BLOCK_PENALTY:-null} -SLASH_OFFENSE_EXPIRATION_ROUNDS = ${SLASH_OFFENSE_EXPIRATION_ROUNDS:-null} -SLASH_MAX_PAYLOAD_SIZE = ${SLASH_MAX_PAYLOAD_SIZE:-null} -OTEL_COLLECTOR_ENDPOINT = "${OTEL_COLLECTOR_ENDPOINT}" -OTEL_COLLECT_INTERVAL_MS = ${OTEL_COLLECT_INTERVAL_MS:-null} -OTEL_EXPORT_TIMEOUT_MS = ${OTEL_EXPORT_TIMEOUT_MS:-null} -DEPLOY_INTERNAL_BOOTNODE = ${DEPLOY_INTERNAL_BOOTNODE:-true} -PROVER_REAL_PROOFS = ${PROVER_REAL_PROOFS} -TRANSACTIONS_DISABLED = ${TRANSACTIONS_DISABLED:-null} -NETWORK = $(tf_str "${NETWORK:-}") -STORE_SNAPSHOT_URL = ${STORE_SNAPSHOT_URL_TF} -BOT_RESOURCE_PROFILE = "${BOT_RESOURCE_PROFILE}" -BOT_MNEMONIC = "${LABS_INFRA_MNEMONIC}" -BOT_TRANSFERS_MNEMONIC_START_INDEX = ${BOT_TRANSFERS_MNEMONIC_START_INDEX} -BOT_TRANSFERS_REPLICAS = ${BOT_TRANSFERS_REPLICAS} -BOT_TRANSFERS_TX_INTERVAL_SECONDS = ${BOT_TRANSFERS_TX_INTERVAL_SECONDS} -BOT_TRANSFERS_FOLLOW_CHAIN = "${BOT_TRANSFERS_FOLLOW_CHAIN}" -BOT_SWAPS_MNEMONIC_START_INDEX = ${BOT_SWAPS_MNEMONIC_START_INDEX} -BOT_SWAPS_REPLICAS = ${BOT_SWAPS_REPLICAS} -BOT_SWAPS_TX_INTERVAL_SECONDS = ${BOT_SWAPS_TX_INTERVAL_SECONDS} -BOT_SWAPS_FOLLOW_CHAIN = "${BOT_SWAPS_FOLLOW_CHAIN}" -BOT_CROSS_CHAIN_MNEMONIC_START_INDEX = ${BOT_CROSS_CHAIN_MNEMONIC_START_INDEX} -BOT_CROSS_CHAIN_REPLICAS = ${BOT_CROSS_CHAIN_REPLICAS} -BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS = ${BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS} -BOT_CROSS_CHAIN_FOLLOW_CHAIN = "${BOT_CROSS_CHAIN_FOLLOW_CHAIN}" -BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP = "${BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP}" -BOT_SWAPS_PXE_SYNC_CHAIN_TIP = "${BOT_SWAPS_PXE_SYNC_CHAIN_TIP}" -BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP = "${BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP}" -BOT_TRANSFERS_L2_PRIVATE_KEY = "${BOT_TRANSFERS_L2_PRIVATE_KEY:-0xcafe01}" -BOT_SWAPS_L2_PRIVATE_KEY = "${BOT_SWAPS_L2_PRIVATE_KEY:-0xcafe02}" -BOT_CROSS_CHAIN_L2_PRIVATE_KEY = "${BOT_CROSS_CHAIN_L2_PRIVATE_KEY:-0xcafe03}" - -PROVER_AGENTS_PER_PROVER = ${PROVER_AGENTS_PER_PROVER} -PROVER_AGENT_POLL_INTERVAL_MS = ${PROVER_AGENT_POLL_INTERVAL_MS} - -RPC_INGRESS_ENABLED = ${RPC_INGRESS_ENABLED} -RPC_INGRESS_HOSTS = ${RPC_INGRESS_HOSTS} -RPC_INGRESS_STATIC_IP_NAME = "${RPC_INGRESS_STATIC_IP_NAME}" -RPC_INGRESS_SSL_CERT_NAMES = ${RPC_INGRESS_SSL_CERT_NAMES} -RPC_CLOUD_ARMOR_POLICY_NAME = "${RPC_CLOUD_ARMOR_POLICY_NAME}" -RPC_INGRESS_SESSION_AFFINITY = "${RPC_INGRESS_SESSION_AFFINITY}" -RPC_INGRESS_LOG_SAMPLE_RATE = ${RPC_INGRESS_LOG_SAMPLE_RATE} -RPC_REPLICAS = ${RPC_REPLICAS:-1} -FISHERMAN_REPLICAS = ${FISHERMAN_REPLICAS} -FISHERMAN_MNEMONIC = "${LABS_INFRA_MNEMONIC}" -FISHERMAN_MNEMONIC_START_INDEX = ${FISHERMAN_MNEMONIC_START_INDEX} - -FULL_NODE_REPLICAS = ${FULL_NODE_REPLICAS:-1} - -PROVER_FAILED_PROOF_STORE = "${PROVER_FAILED_PROOF_STORE}" -PROVER_PROOF_STORE = "${PROVER_PROOF_STORE:-}" -PROVER_BROKER_DEBUG_REPLAY_ENABLED = ${PROVER_BROKER_DEBUG_REPLAY_ENABLED:-false} -DEPLOY_ARCHIVAL_NODE = ${DEPLOY_ARCHIVAL_NODE} -PROVER_REPLICAS = ${PROVER_REPLICAS} - -PROVER_TEST_DELAY_TYPE = "${PROVER_TEST_DELAY_TYPE}" -PROVER_TEST_VERIFICATION_DELAY_MS = ${PROVER_TEST_VERIFICATION_DELAY_MS} - -PROVER_NODE_DISABLE_PROOF_PUBLISH = ${PROVER_NODE_DISABLE_PROOF_PUBLISH} -P2P_TX_POOL_DELETE_TXS_AFTER_REORG = ${P2P_TX_POOL_DELETE_TXS_AFTER_REORG} -VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE = ${VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE:-null} -VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE = ${VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE:-null} -PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE = ${PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE:-null} -PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE = ${PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE:-null} -BLOB_ALLOW_EMPTY_SOURCES = ${BLOB_ALLOW_EMPTY_SOURCES:-false} -BLOB_FILE_STORE_UPLOAD_URL = ${BLOB_FILE_STORE_UPLOAD_URL_TF} -BLOB_FILE_STORE_URLS = "${BLOB_FILE_STORE_URLS:-}" -TX_FILE_STORE_ENABLED = ${TX_FILE_STORE_ENABLED} -TX_FILE_STORE_URL = ${TX_FILE_STORE_URL_TF} -TX_COLLECTION_FILE_STORE_URLS = "${TX_COLLECTION_FILE_STORE_URLS}" -DEBUG_P2P_INSTRUMENT_MESSAGES = ${DEBUG_P2P_INSTRUMENT_MESSAGES:-false} - -PROVER_AGENT_INCLUDE_METRICS = "${PROVER_AGENT_INCLUDE_METRICS-null}" -FULL_NODE_INCLUDE_METRICS = "${FULL_NODE_INCLUDE_METRICS-null}" - -LOG_LEVEL = $(tf_str "$LOG_LEVEL") -FISHERMAN_LOG_LEVEL = $(tf_str "$FISHERMAN_LOG_LEVEL") - -WS_NUM_HISTORIC_CHECKPOINTS = ${WS_NUM_HISTORIC_CHECKPOINTS:-null} - -P2P_PUBLIC_IP = ${P2P_PUBLIC_IP} -P2P_NODEPORT_ENABLED = ${P2P_NODEPORT_ENABLED} - -PROVER_AGENT_PROOF_TYPES = ${PROVER_AGENT_PROOF_TYPES:-[]} -DEBUG_FORCE_TX_PROOF_VERIFICATION = ${DEBUG_FORCE_TX_PROOF_VERIFICATION:-false} - -WAIT_FOR_PROVER_DEPLOY = ${WAIT_FOR_PROVER_DEPLOY:-null} -ADMIN_API_KEY_HASH = "${ADMIN_API_KEY_HASH}" -EOF +# Build deploy-aztec-infra/terraform.tfvars.json from the YAML loader's +# structured {deploy, env, releases} output plus deploy-time-computed values +# overlaid on the deploy block (cluster context, image overrides, contract +# addresses from the rollup-contracts step, admin API key hash, mnemonic +# plumbing, P2P cluster gating, L1 endpoints, R2-derived URLs). +# +# main.tf reads everything via var.deploy. / var.env / var.releases -- +# no individual `variable "X"` declarations remain in variables.tf. +# +# Stale terraform.tfvars (HCL) is removed first; Terraform reads both formats +# but a leftover HCL file can shadow the JSON one. +rm -f "${DEPLOY_AZTEC_INFRA_DIR}/terraform.tfvars" + +LOADER_JSON=$("${SCRIPT_DIR}/load_network_config.sh" "${NETWORK_YAML}" --format=tfvars) + +DEPLOY_OVERRIDES=$(jq -n \ + --arg namespace "${NAMESPACE}" \ + --arg release_prefix "${NAMESPACE}" \ + --arg cluster_context "${K8S_CLUSTER_CONTEXT}" \ + --arg image "${AZTEC_DOCKER_IMAGE}" \ + --arg prover_image "${PROVER_AGENT_DOCKER_IMAGE:-$AZTEC_DOCKER_IMAGE}" \ + --arg ha_image "${VALIDATOR_HA_DOCKER_IMAGE:-}" \ + --arg admin_api_key_hash "${ADMIN_API_KEY_HASH}" \ + --arg registry "${REGISTRY_ADDRESS}" \ + --arg fee_handler "${FEE_ASSET_HANDLER_ADDRESS}" \ + --arg l1_chain_id "${ETHEREUM_CHAIN_ID}" \ + --arg validator_mnemonic "${LABS_INFRA_MNEMONIC}" \ + --arg p2p_nodeport_enabled "${P2P_NODEPORT_ENABLED}" \ + --arg p2p_public_ip "${P2P_PUBLIC_IP}" \ + --arg gcp_project "${GCP_PROJECT_ID}" \ + --arg gcp_region "${GCP_REGION}" \ + --arg validator_resource "${VALIDATOR_RESOURCE_PROFILE}" \ + --arg prover_resource "${PROVER_RESOURCE_PROFILE}" \ + --arg rpc_resource "${RPC_RESOURCE_PROFILE}" \ + --arg full_node_resource "${FULL_NODE_RESOURCE_PROFILE}" \ + --arg p2p_bootstrap_resource "${P2P_BOOTSTRAP_RESOURCE_PROFILE}" \ + --arg archive_resource "${ARCHIVE_RESOURCE_PROFILE}" \ + --arg blob_sink_resource "${BLOB_SINK_RESOURCE_PROFILE}" \ + --arg bot_resource "${BOT_RESOURCE_PROFILE}" \ + --arg fisherman_log_level "${FISHERMAN_LOG_LEVEL}" \ + --arg prover_real_proofs "${PROVER_REAL_PROOFS}" \ + --argjson l1_rpc_urls "${L1_RPC_URLS_JSON}" \ + --argjson l1_consensus_urls "${L1_CONSENSUS_HOST_URLS_JSON}" \ + --argjson l1_consensus_keys "${L1_CONSENSUS_HOST_API_KEYS_JSON:-null}" \ + --argjson l1_consensus_headers "${L1_CONSENSUS_HOST_API_KEY_HEADERS_JSON:-null}" \ + '{ + NAMESPACE: $namespace, + RELEASE_PREFIX: $release_prefix, + K8S_CLUSTER_CONTEXT: $cluster_context, + GCP_PROJECT_ID: $gcp_project, + GCP_REGION: $gcp_region, + AZTEC_DOCKER_IMAGE: $image, + PROVER_AGENT_DOCKER_IMAGE: $prover_image, + VALIDATOR_HA_DOCKER_IMAGE: $ha_image, + ADMIN_API_KEY_HASH: $admin_api_key_hash, + REGISTRY_CONTRACT_ADDRESS: $registry, + FEE_ASSET_HANDLER_CONTRACT_ADDRESS: $fee_handler, + L1_CHAIN_ID: $l1_chain_id, + L1_RPC_URLS: $l1_rpc_urls, + L1_CONSENSUS_HOST_URLS: $l1_consensus_urls, + L1_CONSENSUS_HOST_API_KEYS: $l1_consensus_keys, + L1_CONSENSUS_HOST_API_KEY_HEADERS: $l1_consensus_headers, + VALIDATOR_MNEMONIC: $validator_mnemonic, + PROVER_MNEMONIC: $validator_mnemonic, + BOT_MNEMONIC: $validator_mnemonic, + FISHERMAN_MNEMONIC: $validator_mnemonic, + P2P_NODEPORT_ENABLED: $p2p_nodeport_enabled, + P2P_PUBLIC_IP: $p2p_public_ip, + VALIDATOR_RESOURCE_PROFILE: $validator_resource, + PROVER_RESOURCE_PROFILE: $prover_resource, + RPC_RESOURCE_PROFILE: $rpc_resource, + FULL_NODE_RESOURCE_PROFILE: $full_node_resource, + P2P_BOOTSTRAP_RESOURCE_PROFILE: $p2p_bootstrap_resource, + ARCHIVE_RESOURCE_PROFILE: $archive_resource, + BLOB_SINK_RESOURCE_PROFILE: $blob_sink_resource, + BOT_RESOURCE_PROFILE: $bot_resource, + FISHERMAN_LOG_LEVEL: $fisherman_log_level, + PROVER_REAL_PROOFS: $prover_real_proofs, + }') + +# Promote env-side construction outputs (R2-derived URLs from +# load_network_config.sh's resolve_secrets) into deploy: -- main.tf gates +# helm releases on these (e.g. blob_sink only if BLOB_FILE_STORE_UPLOAD_URL). +echo "${LOADER_JSON}" | jq \ + --argjson overrides "${DEPLOY_OVERRIDES}" \ + '.deploy = (.deploy + $overrides) + | .deploy.BLOB_FILE_STORE_UPLOAD_URL = (.env.BLOB_FILE_STORE_UPLOAD_URL // "") + | .deploy.STORE_SNAPSHOT_URL = (.env.STORE_SNAPSHOT_URL // "") + | .deploy.TX_FILE_STORE_URL = (.env.TX_FILE_STORE_URL // "")' \ + > "${DEPLOY_AZTEC_INFRA_DIR}/terraform.tfvars.json" k8s_denoise "tf_run "${DEPLOY_AZTEC_INFRA_DIR}" "${DESTROY_AZTEC_INFRA}" "${CREATE_AZTEC_INFRA}"" STAGE_TIMINGS[aztec_infra]=$(($(date +%s) - AZTEC_INFRA_START)) @@ -562,7 +515,7 @@ log "Deployed aztec infra" # # IMPORTANT: Do NOT restart pods after chaos injection. Chaos Mesh does not # automatically re-inject rules into recreated pods, leaving them unpartitioned. -if [[ -n "${CHAOS_MESH_SCENARIOS_FILE}" ]]; then +if [[ -n "${CHAOS_MESH_SCENARIOS_FILE:-}" ]]; then CHAOS_SCENARIOS_DIR="${SCRIPT_DIR}/../aztec-chaos-scenarios" log "Installing chaos mesh scenarios from ${CHAOS_MESH_SCENARIOS_FILE}" helm upgrade --install network-shaping "${CHAOS_SCENARIOS_DIR}" \ diff --git a/spartan/scripts/deploy_network_with_env.sh b/spartan/scripts/deploy_network_with_env.sh index bc9109c548a9..4f632240cdbd 100755 --- a/spartan/scripts/deploy_network_with_env.sh +++ b/spartan/scripts/deploy_network_with_env.sh @@ -93,5 +93,5 @@ if [[ "$CREATE_RPC_INGRESS" == "true" ]]; then echo "network-frontend: ip=$RPC_INGRESS_STATIC_IP_NAME cert=$RPC_INGRESS_SSL_CERT_NAMES hosts=$RPC_INGRESS_HOSTS" fi -$scripts_dir/deploy_network.sh +$scripts_dir/deploy_network.sh "$env_file" echo "Deployed network" diff --git a/spartan/scripts/test_kind.sh b/spartan/scripts/test_kind.sh index 016fb4a37491..247d103e1dff 100755 --- a/spartan/scripts/test_kind.sh +++ b/spartan/scripts/test_kind.sh @@ -59,7 +59,7 @@ trap 'handle_interrupt' INT TERM # Deploy the network echo "Deploying network to KIND namespace: $namespace" -./deploy_network.sh +./deploy_network.sh "$network" export DENOISE=1 # Wait for L2 blocks with k8s context injection diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index f69ab33dbf43..1a2c480b23d3 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -5,7 +5,10 @@ # - metrics in use # - ingress type # - resource profile - +# +# All inputs flow through three structured variables (var.deploy, var.env, +# var.releases) populated by spartan/scripts/deploy_network.sh from the YAML +# loader output + deploy-time-computed values. See variables.tf for details. terraform { backend "local" {} @@ -21,40 +24,93 @@ terraform { } } +locals { + # Shorthand for the deploy block (UPPER_SNAKE keys from YAML + script overrides). + d = var.deploy + + # Numeric / bool coercions: YAML loader emits all values as strings, so cast + # at the boundary where main.tf needs typed comparisons or arithmetic. + validator_replicas = tonumber(local.d.VALIDATOR_REPLICAS) + validator_ha_replicas = tonumber(local.d.VALIDATOR_HA_REPLICAS) + validator_ha_replica_cnt = try(tonumber(local.d.VALIDATOR_HA_REPLICA_COUNT), null) + validators_per_node = tonumber(local.d.VALIDATORS_PER_NODE) + validator_pubs_per_replica = tonumber(local.d.VALIDATOR_PUBLISHERS_PER_REPLICA) + validator_mnemonic_idx = tonumber(local.d.VALIDATOR_MNEMONIC_START_INDEX) + validator_pub_mnemonic_idx = tonumber(local.d.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX) + prover_replicas = tonumber(local.d.PROVER_REPLICAS) + prover_pub_mnemonic_idx = tonumber(local.d.PROVER_PUBLISHER_MNEMONIC_START_INDEX) + prover_pubs_per_prover = tonumber(local.d.PUBLISHERS_PER_PROVER) + rpc_replicas = tonumber(local.d.RPC_REPLICAS) + fisherman_replicas = tonumber(local.d.FISHERMAN_REPLICAS) + fisherman_mnemonic_idx = tonumber(local.d.FISHERMAN_MNEMONIC_START_INDEX) + full_node_replicas = tonumber(local.d.FULL_NODE_REPLICAS) + bot_transfers_replicas = tonumber(local.d.BOT_TRANSFERS_REPLICAS) + bot_swaps_replicas = tonumber(local.d.BOT_SWAPS_REPLICAS) + bot_cross_chain_replicas = tonumber(local.d.BOT_CROSS_CHAIN_REPLICAS) + validator_ha_old_duties_h = tonumber(local.d.VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H) + + rpc_ingress_enabled = tobool(local.d.RPC_INGRESS_ENABLED) + rpc_ingress_log_rate = try(tonumber(local.d.RPC_INGRESS_LOG_SAMPLE_RATE), null) + deploy_internal_boot = tobool(local.d.DEPLOY_INTERNAL_BOOTNODE) + deploy_archival_node = tobool(local.d.DEPLOY_ARCHIVAL_NODE) + prover_no_proof_pub = tobool(local.d.PROVER_NODE_DISABLE_PROOF_PUBLISH) + wait_for_prover = try(tobool(local.d.WAIT_FOR_PROVER_DEPLOY), true) + p2p_nodeport_enabled = tobool(local.d.P2P_NODEPORT_ENABLED) + p2p_public_ip = tobool(local.d.P2P_PUBLIC_IP) + + # Optional strings: "" means "not set" for legacy callers; null when the key + # may be entirely absent. + network = try(local.d.NETWORK, "") + store_snapshot_url = try(local.d.STORE_SNAPSHOT_URL, "") + blob_file_store_upload_url = try(local.d.BLOB_FILE_STORE_UPLOAD_URL, "") + prover_agent_image_str = try(local.d.PROVER_AGENT_DOCKER_IMAGE, "") + validator_ha_image_str = try(local.d.VALIDATOR_HA_DOCKER_IMAGE, "") + otel_endpoint = try(local.d.OTEL_COLLECTOR_ENDPOINT, "") + rpc_cloud_armor = try(local.d.RPC_CLOUD_ARMOR_POLICY_NAME, "") + rpc_session_affinity = try(local.d.RPC_INGRESS_SESSION_AFFINITY, "") + external_bootnodes = try(local.d.EXTERNAL_BOOTNODES, []) + + # Lists from deploy block (default to []) for L1 endpoints. + l1_rpc_urls = try(local.d.L1_RPC_URLS, []) + l1_consensus_urls = try(local.d.L1_CONSENSUS_HOST_URLS, []) + l1_consensus_keys = try(local.d.L1_CONSENSUS_HOST_API_KEYS, []) + l1_consensus_headers = try(local.d.L1_CONSENSUS_HOST_API_KEY_HEADERS, []) +} + provider "kubernetes" { alias = "gke-cluster" config_path = "~/.kube/config" - config_context = var.K8S_CLUSTER_CONTEXT + config_context = local.d.K8S_CLUSTER_CONTEXT } provider "helm" { alias = "gke-cluster" kubernetes { config_path = "~/.kube/config" - config_context = var.K8S_CLUSTER_CONTEXT + config_context = local.d.K8S_CLUSTER_CONTEXT } } module "web3signer" { # Only deploy web3signer if we have validators or provers that need to publish to L1 - count = tonumber(var.VALIDATOR_REPLICAS) > 0 ? 1 : 0 + count = local.validator_replicas > 0 ? 1 : 0 source = "../modules/web3signer" - NAMESPACE = var.NAMESPACE - RELEASE_NAME = var.RELEASE_PREFIX - AZTEC_DOCKER_IMAGE = var.AZTEC_DOCKER_IMAGE - CHAIN_ID = var.L1_CHAIN_ID - MNEMONIC = var.VALIDATOR_MNEMONIC - ADDRESS_CONFIGMAP_NAME = "${var.RELEASE_PREFIX}-attester-addresses" - ATTESTERS_PER_NODE = tonumber(var.VALIDATORS_PER_NODE) + NAMESPACE = local.d.NAMESPACE + RELEASE_NAME = local.d.RELEASE_PREFIX + AZTEC_DOCKER_IMAGE = local.d.AZTEC_DOCKER_IMAGE + CHAIN_ID = local.d.L1_CHAIN_ID + MNEMONIC = local.d.VALIDATOR_MNEMONIC + ADDRESS_CONFIGMAP_NAME = "${local.d.RELEASE_PREFIX}-attester-addresses" + ATTESTERS_PER_NODE = local.validators_per_node NODE_COUNT = local.max_validator_nodes - VALIDATOR_HA_REPLICAS = tonumber(var.VALIDATOR_HA_REPLICAS) - VALIDATOR_MNEMONIC_START_INDEX = tonumber(var.VALIDATOR_MNEMONIC_START_INDEX) - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX = tonumber(var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX) - VALIDATOR_PUBLISHERS_PER_REPLICA = var.VALIDATOR_PUBLISHERS_PER_REPLICA - PROVER_COUNT = tonumber(var.PROVER_REPLICAS) - PUBLISHERS_PER_PROVER = tonumber(var.PROVER_PUBLISHERS_PER_PROVER) - PROVER_PUBLISHER_MNEMONIC_START_INDEX = tonumber(var.PROVER_PUBLISHER_MNEMONIC_START_INDEX) + VALIDATOR_HA_REPLICAS = local.validator_ha_replicas + VALIDATOR_MNEMONIC_START_INDEX = local.validator_mnemonic_idx + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX = local.validator_pub_mnemonic_idx + VALIDATOR_PUBLISHERS_PER_REPLICA = local.validator_pubs_per_replica + PROVER_COUNT = local.prover_replicas + PUBLISHERS_PER_PROVER = local.prover_pubs_per_prover + PROVER_PUBLISHER_MNEMONIC_START_INDEX = local.prover_pub_mnemonic_idx providers = { helm = helm.gke-cluster @@ -64,12 +120,12 @@ module "web3signer" { module "validator_ha_postgres" { # Only deploy HA postgres if we have validators and HA replicas > 0 - count = tonumber(var.VALIDATOR_REPLICAS) > 0 && var.VALIDATOR_HA_REPLICAS > 0 ? 1 : 0 + count = local.validator_replicas > 0 && local.validator_ha_replicas > 0 ? 1 : 0 source = "../modules/validator-ha-postgres" - NAMESPACE = var.NAMESPACE - RELEASE_NAME = var.RELEASE_PREFIX - AZTEC_DOCKER_IMAGE = var.AZTEC_DOCKER_IMAGE + NAMESPACE = local.d.NAMESPACE + RELEASE_NAME = local.d.RELEASE_PREFIX + AZTEC_DOCKER_IMAGE = local.d.AZTEC_DOCKER_IMAGE # DB_PASSWORD auto-generated by module providers = { @@ -80,32 +136,32 @@ module "validator_ha_postgres" { locals { aztec_image = { - repository = split(":", var.AZTEC_DOCKER_IMAGE)[0] - tag = split(":", var.AZTEC_DOCKER_IMAGE)[1] + repository = split(":", local.d.AZTEC_DOCKER_IMAGE)[0] + tag = split(":", local.d.AZTEC_DOCKER_IMAGE)[1] } - prover_agent_image = var.PROVER_AGENT_DOCKER_IMAGE != "" ? { - repository = split(":", var.PROVER_AGENT_DOCKER_IMAGE)[0] - tag = split(":", var.PROVER_AGENT_DOCKER_IMAGE)[1] + prover_agent_image = local.prover_agent_image_str != "" ? { + repository = split(":", local.prover_agent_image_str)[0] + tag = split(":", local.prover_agent_image_str)[1] } : local.aztec_image - validator_ha_image = var.VALIDATOR_HA_DOCKER_IMAGE != "" ? { - repository = split(":", var.VALIDATOR_HA_DOCKER_IMAGE)[0] - tag = split(":", var.VALIDATOR_HA_DOCKER_IMAGE)[1] + validator_ha_image = local.validator_ha_image_str != "" ? { + repository = split(":", local.validator_ha_image_str)[0] + tag = split(":", local.validator_ha_image_str)[1] } : local.aztec_image # Max node count: max of primary (VALIDATOR_REPLICAS) and HA pod counts # Determines how many attester keystores and publisher key ranges to generate - effective_ha_count = var.VALIDATOR_HA_REPLICAS > 0 ? coalesce(var.VALIDATOR_HA_REPLICA_COUNT, tonumber(var.VALIDATOR_REPLICAS)) : 0 - max_validator_nodes = max(tonumber(var.VALIDATOR_REPLICAS), local.effective_ha_count) + effective_ha_count = local.validator_ha_replicas > 0 ? coalesce(local.validator_ha_replica_cnt, local.validator_replicas) : 0 + max_validator_nodes = max(local.validator_replicas, local.effective_ha_count) # Detect local kind context (e.g., "kind-kind") to gate Service types - is_kind = can(regex("^kind", var.K8S_CLUSTER_CONTEXT)) + is_kind = can(regex("^kind", local.d.K8S_CLUSTER_CONTEXT)) - internal_boot_node_url = var.DEPLOY_INTERNAL_BOOTNODE ? "http://${var.RELEASE_PREFIX}-p2p-bootstrap-node.${var.NAMESPACE}.svc.cluster.local:8080" : "" + internal_boot_node_url = local.deploy_internal_boot ? "http://${local.d.RELEASE_PREFIX}-p2p-bootstrap-node.${local.d.NAMESPACE}.svc.cluster.local:8080" : "" - internal_rpc_url = "http://${var.RELEASE_PREFIX}-rpc-aztec-node.${var.NAMESPACE}.svc.cluster.local:8080" - internal_rpc_admin_url = "http://${var.RELEASE_PREFIX}-rpc-aztec-node-admin.${var.NAMESPACE}.svc.cluster.local:8880" + internal_rpc_url = "http://${local.d.RELEASE_PREFIX}-rpc-aztec-node.${local.d.NAMESPACE}.svc.cluster.local:8080" + internal_rpc_admin_url = "http://${local.d.RELEASE_PREFIX}-rpc-aztec-node-admin.${local.d.NAMESPACE}.svc.cluster.local:8880" # Pod image is the only thing the chart actually reads from `global` now. # Everything else flows under `env:` (mounted via envFrom configmap). @@ -122,28 +178,28 @@ locals { env = merge( { USE_GCLOUD_LOGGING = "true" - L1_CHAIN_ID = var.L1_CHAIN_ID - REGISTRY_CONTRACT_ADDRESS = var.REGISTRY_CONTRACT_ADDRESS - FEE_ASSET_HANDLER_CONTRACT_ADDRESS = var.FEE_ASSET_HANDLER_CONTRACT_ADDRESS - SPONSORED_FPC = tostring(var.SPONSORED_FPC) - TEST_ACCOUNTS = tostring(var.TEST_ACCOUNTS) + L1_CHAIN_ID = local.d.L1_CHAIN_ID + REGISTRY_CONTRACT_ADDRESS = local.d.REGISTRY_CONTRACT_ADDRESS + FEE_ASSET_HANDLER_CONTRACT_ADDRESS = local.d.FEE_ASSET_HANDLER_CONTRACT_ADDRESS + SPONSORED_FPC = tostring(local.d.SPONSORED_FPC) + TEST_ACCOUNTS = tostring(local.d.TEST_ACCOUNTS) LOG_JSON = "1" }, - var.NETWORK != "" ? { NETWORK = var.NETWORK } : {}, - length(var.L1_RPC_URLS) > 0 ? { ETHEREUM_HOSTS = join(",", var.L1_RPC_URLS) } : {}, - length(var.L1_CONSENSUS_HOST_URLS) > 0 ? { - L1_CONSENSUS_HOST_URLS = join(",", var.L1_CONSENSUS_HOST_URLS) + local.network != "" ? { NETWORK = local.network } : {}, + length(local.l1_rpc_urls) > 0 ? { ETHEREUM_HOSTS = join(",", local.l1_rpc_urls) } : {}, + length(local.l1_consensus_urls) > 0 ? { + L1_CONSENSUS_HOST_URLS = join(",", local.l1_consensus_urls) } : {}, - length(var.L1_CONSENSUS_HOST_API_KEYS) > 0 ? { - L1_CONSENSUS_HOST_API_KEYS = join(",", var.L1_CONSENSUS_HOST_API_KEYS) + length(local.l1_consensus_keys) > 0 ? { + L1_CONSENSUS_HOST_API_KEYS = join(",", local.l1_consensus_keys) } : {}, - length(var.L1_CONSENSUS_HOST_API_KEY_HEADERS) > 0 ? { - L1_CONSENSUS_HOST_API_KEY_HEADERS = join(",", var.L1_CONSENSUS_HOST_API_KEY_HEADERS) + length(local.l1_consensus_headers) > 0 ? { + L1_CONSENSUS_HOST_API_KEY_HEADERS = join(",", local.l1_consensus_headers) } : {}, - var.OTEL_COLLECTOR_ENDPOINT != "" ? { - OTEL_EXPORTER_OTLP_METRICS_ENDPOINT = "${var.OTEL_COLLECTOR_ENDPOINT}/v1/metrics" - OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = "${var.OTEL_COLLECTOR_ENDPOINT}/v1/traces" - OTEL_EXPORTER_OTLP_LOGS_ENDPOINT = "${var.OTEL_COLLECTOR_ENDPOINT}/v1/logs" + local.otel_endpoint != "" ? { + OTEL_EXPORTER_OTLP_METRICS_ENDPOINT = "${local.otel_endpoint}/v1/metrics" + OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = "${local.otel_endpoint}/v1/traces" + OTEL_EXPORTER_OTLP_LOGS_ENDPOINT = "${local.otel_endpoint}/v1/logs" } : {} ) }) @@ -154,15 +210,15 @@ locals { # K8s will use these values to schedule pods on appropriate machines. Using random ports here will allow it to # colocate pods from different services or even pods from different networks onto the same physical machine # (so long as the VM has enough resources) - p2p_port_p2p_bootstrap = 40400 + (parseint(substr(md5("${var.NAMESPACE}-p2p-bootstrap"), 0, 4), 16) % 100) - p2p_port_prover = 40400 + (parseint(substr(md5("${var.NAMESPACE}-prover"), 0, 4), 16) % 100) - p2p_port_rpc = 40400 + (parseint(substr(md5("${var.NAMESPACE}-rpc"), 0, 4), 16) % 100) - p2p_port_fisherman = 40400 + (parseint(substr(md5("${var.NAMESPACE}-fisherman"), 0, 4), 16) % 100) - p2p_port_full_node = 40400 + (parseint(substr(md5("${var.NAMESPACE}-full-node"), 0, 4), 16) % 100) - p2p_port_archive = 40400 + (parseint(substr(md5("${var.NAMESPACE}-archive"), 0, 4), 16) % 100) + p2p_port_p2p_bootstrap = 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-p2p-bootstrap"), 0, 4), 16) % 100) + p2p_port_prover = 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-prover"), 0, 4), 16) % 100) + p2p_port_rpc = 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-rpc"), 0, 4), 16) % 100) + p2p_port_fisherman = 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-fisherman"), 0, 4), 16) % 100) + p2p_port_full_node = 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-full-node"), 0, 4), 16) % 100) + p2p_port_archive = 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-archive"), 0, 4), 16) % 100) p2p_port_validators = { - for idx in range(1 + var.VALIDATOR_HA_REPLICAS) : idx => 40400 + (parseint(substr(md5("${var.NAMESPACE}-validator-${idx}"), 0, 4), 16) % 100) + for idx in range(1 + local.validator_ha_replicas) : idx => 40400 + (parseint(substr(md5("${local.d.NAMESPACE}-validator-${idx}"), 0, 4), 16) % 100) } # Validator configuration - extracted for dynamic HA release generation @@ -172,15 +228,15 @@ locals { values = [ "common.yaml", "validator.yaml", - "validator-resources-${var.VALIDATOR_RESOURCE_PROFILE}.yaml" + "validator-resources-${local.d.VALIDATOR_RESOURCE_PROFILE}.yaml" ] inline_values = [yamlencode({ validator = { service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } node = { - logLevel = var.LOG_LEVEL + logLevel = local.d.LOG_LEVEL } # spread validator pods to different nodes to avoid having two validators with the same attester keys on the same physical node topologySpreadConstraints = [{ @@ -208,51 +264,51 @@ locals { # one chart key into a different pod env name remain here. validator_common_settings = { # K8s shape / cluster decisions (not pod env). - "validator.service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "validator.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/" - "validator.mnemonic" = var.VALIDATOR_MNEMONIC - "validator.mnemonicStartIndex" = var.VALIDATOR_MNEMONIC_START_INDEX - "validator.validatorsPerNode" = var.VALIDATORS_PER_NODE - "validator.publishersPerReplica" = var.VALIDATOR_PUBLISHERS_PER_REPLICA - "validator.publisherMnemonicStartIndex" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX + "validator.service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled + "validator.web3signerUrl" = "http://${local.d.RELEASE_PREFIX}-signer-web3signer.${local.d.NAMESPACE}.svc.cluster.local:9000/" + "validator.mnemonic" = local.d.VALIDATOR_MNEMONIC + "validator.mnemonicStartIndex" = local.validator_mnemonic_idx + "validator.validatorsPerNode" = local.validators_per_node + "validator.publishersPerReplica" = local.validator_pubs_per_replica + "validator.publisherMnemonicStartIndex" = local.validator_pub_mnemonic_idx "validator.node.secret.envEnabled" = true - "validator.node.secret.mnemonic" = var.VALIDATOR_MNEMONIC - "validator.node.secret.mnemonicIndex" = var.VALIDATOR_MNEMONIC_START_INDEX - "validator.node.adminApiKeyHash" = var.ADMIN_API_KEY_HASH + "validator.node.secret.mnemonic" = local.d.VALIDATOR_MNEMONIC + "validator.node.secret.mnemonicIndex" = local.validator_mnemonic_idx + "validator.node.adminApiKeyHash" = local.d.ADMIN_API_KEY_HASH # Renames: chart-side var name differs from pod env name. - "validator.node.env.KEY_INDEX_START" = var.VALIDATOR_MNEMONIC_START_INDEX - "validator.node.env.PUBLISHER_KEY_INDEX_START" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX + "validator.node.env.KEY_INDEX_START" = local.validator_mnemonic_idx + "validator.node.env.PUBLISHER_KEY_INDEX_START" = local.validator_pub_mnemonic_idx } # Note: nonsensitive() is required here because helm_releases is used in for_each, # and sensitive values cannot be used as for_each keys. The database URL will be # passed to pods as an env var, which is the intended behavior. - validator_ha_settings = var.VALIDATOR_HA_REPLICAS > 0 ? { + validator_ha_settings = local.validator_ha_replicas > 0 ? { "validator.node.env.VALIDATOR_HA_SIGNING_ENABLED" = "true" "validator.node.env.VALIDATOR_HA_DATABASE_URL" = nonsensitive(module.validator_ha_postgres[0].database_url) # Limit pool size per pod to avoid exhausting PostgreSQL connections # With 12 pods × 5 max = 60 connections (well under PostgreSQL's 500 max) "validator.node.env.VALIDATOR_HA_POOL_MAX" = "5" - "validator.node.env.VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H" = tostring(var.VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H) + "validator.node.env.VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H" = tostring(local.validator_ha_old_duties_h) } : {} # Generate validator releases: primary (idx=0) plus N HA replicas (idx=1..N) - validator_releases = tonumber(var.VALIDATOR_REPLICAS) > 0 ? { - for idx in range(1 + var.VALIDATOR_HA_REPLICAS) : + validator_releases = local.validator_replicas > 0 ? { + for idx in range(1 + local.validator_ha_replicas) : "validators${idx > 0 ? "-ha-${idx}" : ""}" => merge(local.validator_base_config, { - name = "${var.RELEASE_PREFIX}-validator${idx > 0 ? "-ha-${idx}" : ""}" + name = "${local.d.RELEASE_PREFIX}-validator${idx > 0 ? "-ha-${idx}" : ""}" custom_settings = merge( local.validator_common_settings, local.validator_ha_settings, { - "validator.replicaCount" = idx > 0 ? coalesce(var.VALIDATOR_HA_REPLICA_COUNT, var.VALIDATOR_REPLICAS) : var.VALIDATOR_REPLICAS + "validator.replicaCount" = idx > 0 ? coalesce(local.validator_ha_replica_cnt, local.validator_replicas) : local.validator_replicas "validator.node.env.VALIDATOR_HA_REPLICA_INDEX" = tostring(idx) - "validator.node.env.PUBLISHER_KEY_INDEX_START" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX + (idx * (var.VALIDATOR_PUBLISHERS_PER_REPLICA * local.max_validator_nodes)) + "validator.node.env.PUBLISHER_KEY_INDEX_START" = local.validator_pub_mnemonic_idx + (idx * (local.validator_pubs_per_replica * local.max_validator_nodes)) "validator.service.p2p.announcePort" = local.p2p_port_validators[idx] "validator.service.p2p.port" = local.p2p_port_validators[idx] }, # Override image for HA releases (idx > 0) when VALIDATOR_HA_DOCKER_IMAGE is set - idx > 0 && var.VALIDATOR_HA_DOCKER_IMAGE != "" ? { + idx > 0 && local.validator_ha_image_str != "" ? { "global.aztecImage.repository" = local.validator_ha_image.repository "global.aztecImage.tag" = local.validator_ha_image.tag } : {} @@ -262,70 +318,71 @@ locals { # Define all releases in a map helm_releases = merge({ - snapshot = var.STORE_SNAPSHOT_URL != null ? { - name = "${var.RELEASE_PREFIX}-snapshot" + snapshot = local.store_snapshot_url != "" ? { + name = "${local.d.RELEASE_PREFIX}-snapshot" chart = "aztec-snapshots" values = [] custom_settings = { "snapshots.aztecNodeAdminUrl" = local.internal_rpc_admin_url - "snapshots.uploadLocation" = var.STORE_SNAPSHOT_URL - "snapshots.frequency" = var.SNAPSHOT_CRON + "snapshots.uploadLocation" = local.store_snapshot_url + "snapshots.frequency" = try(local.d.SNAPSHOT_CRON, "0 */12 * * *") } boot_node_host_path = "" bootstrap_nodes_path = "" wait = true } : null - p2p_bootstrap = var.DEPLOY_INTERNAL_BOOTNODE ? { - name = "${var.RELEASE_PREFIX}-p2p-bootstrap" + p2p_bootstrap = local.deploy_internal_boot ? { + name = "${local.d.RELEASE_PREFIX}-p2p-bootstrap" chart = "aztec-node" values = [ "common.yaml", "p2p-bootstrap.yaml", - "p2p-bootstrap-resources-${var.P2P_BOOTSTRAP_RESOURCE_PROFILE}.yaml" + "p2p-bootstrap-resources-${local.d.P2P_BOOTSTRAP_RESOURCE_PROFILE}.yaml" ] inline_values = [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } })] - custom_settings = { - "nodeType" = "p2p-bootstrap" - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED - "service.p2p.announcePort" = local.p2p_port_p2p_bootstrap - "service.p2p.port" = local.p2p_port_p2p_bootstrap - "node.env.P2P_MAX_PENDING_TX_COUNT" = var.P2P_MAX_PENDING_TX_COUNT - } + custom_settings = merge({ + "nodeType" = "p2p-bootstrap" + "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled + "service.p2p.announcePort" = local.p2p_port_p2p_bootstrap + "service.p2p.port" = local.p2p_port_p2p_bootstrap + }, try(local.d.P2P_MAX_PENDING_TX_COUNT, "") != "" ? { + "node.env.P2P_MAX_PENDING_TX_COUNT" = local.d.P2P_MAX_PENDING_TX_COUNT + } : {}) boot_node_host_path = "" bootstrap_nodes_path = "" wait = true } : null prover = { - name = "${var.RELEASE_PREFIX}-prover" + name = "${local.d.RELEASE_PREFIX}-prover" chart = "aztec-prover-stack" values = [ "common.yaml", "prover.yaml", - "prover-resources-${var.PROVER_RESOURCE_PROFILE}.yaml" + "prover-resources-${local.d.PROVER_RESOURCE_PROFILE}.yaml" ] inline_values = concat([yamlencode({ node = { service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } node = { - logLevel = var.LOG_LEVEL + logLevel = local.d.LOG_LEVEL } } broker = { node = { - logLevel = var.LOG_LEVEL + logLevel = local.d.LOG_LEVEL } } agent = { node = { - logLevel = var.LOG_LEVEL + logLevel = local.d.LOG_LEVEL } } })], local.is_kind ? [yamlencode({ @@ -341,66 +398,68 @@ locals { custom_settings = merge( { # Chart-shape / k8s shape. - "node.mnemonic" = var.PROVER_MNEMONIC - "node.mnemonicStartIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX + "node.mnemonic" = local.d.PROVER_MNEMONIC + "node.mnemonicStartIndex" = local.prover_pub_mnemonic_idx "node.node.secret.envEnabled" = true - "node.node.secret.mnemonic" = var.PROVER_MNEMONIC - "node.node.secret.mnemonicIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX - "node.service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "node.node.secret.mnemonic" = local.d.PROVER_MNEMONIC + "node.node.secret.mnemonicIndex" = local.prover_pub_mnemonic_idx + "node.service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "node.service.p2p.announcePort" = local.p2p_port_prover "node.service.p2p.port" = local.p2p_port_prover - "agent.replicaCount" = var.PROVER_REPLICAS + "agent.replicaCount" = local.prover_replicas "agent.node.image.repository" = local.prover_agent_image.repository "agent.node.image.tag" = local.prover_agent_image.tag - "agent.env.OTEL_INCLUDE_METRICS" = var.PROVER_AGENT_INCLUDE_METRICS # Renames: chart-side var name differs from pod env name. - "node.node.env.KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX - "node.node.env.PUBLISHER_KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX + "node.node.env.KEY_INDEX_START" = local.prover_pub_mnemonic_idx + "node.node.env.PUBLISHER_KEY_INDEX_START" = local.prover_pub_mnemonic_idx }, + try(local.d.PROVER_AGENT_INCLUDE_METRICS, "") != "" ? { + "agent.env.OTEL_INCLUDE_METRICS" = local.d.PROVER_AGENT_INCLUDE_METRICS + } : {}, # Only set web3signerUrl if proof publishing is enabled - !var.PROVER_NODE_DISABLE_PROOF_PUBLISH ? { - "node.node.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/" + !local.prover_no_proof_pub ? { + "node.node.web3signerUrl" = "http://${local.d.RELEASE_PREFIX}-signer-web3signer.${local.d.NAMESPACE}.svc.cluster.local:9000/" } : {} ) boot_node_host_path = "node.node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.node.env.BOOTSTRAP_NODES" - wait = var.WAIT_FOR_PROVER_DEPLOY + wait = local.wait_for_prover } rpc = { - name = "${var.RELEASE_PREFIX}-rpc" + name = "${local.d.RELEASE_PREFIX}-rpc" chart = "aztec-node" values = [ "common.yaml", "rpc.yaml", - "rpc-resources-${var.RPC_RESOURCE_PROFILE}.yaml" + "rpc-resources-${local.d.RPC_RESOURCE_PROFILE}.yaml" ] - inline_values = concat(var.RPC_INGRESS_ENABLED ? [yamlencode({ + inline_values = concat(local.rpc_ingress_enabled ? [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } rpc = { annotations = { "cloud.google.com/neg" = jsonencode({ ingress = true }) "cloud.google.com/backend-config" = jsonencode({ - default = "${var.RELEASE_PREFIX}-rpc-ingress-backend" + default = "${local.d.RELEASE_PREFIX}-rpc-ingress-backend" }) } } } ingress = { rpc = { - hosts = var.RPC_INGRESS_HOSTS + hosts = local.d.RPC_INGRESS_HOSTS annotations = { "kubernetes.io/ingress.class" = "gce" - "kubernetes.io/ingress.global-static-ip-name" = var.RPC_INGRESS_STATIC_IP_NAME - "ingress.gcp.kubernetes.io/pre-shared-cert" = join(",", var.RPC_INGRESS_SSL_CERT_NAMES) + "kubernetes.io/ingress.global-static-ip-name" = local.d.RPC_INGRESS_STATIC_IP_NAME + "ingress.gcp.kubernetes.io/pre-shared-cert" = join(",", local.d.RPC_INGRESS_SSL_CERT_NAMES) "kubernetes.io/ingress.allow-http" = "false" } } } })] : [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } rpc = { enabled = true type = local.is_kind ? "ClusterIP" : "LoadBalancer" @@ -410,105 +469,106 @@ locals { # Pod env vars flow from var.releases.rpc.env via inline_values. custom_settings = { - "replicaCount" = var.RPC_REPLICAS - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "replicaCount" = local.rpc_replicas + "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "service.p2p.announcePort" = local.p2p_port_rpc "service.p2p.port" = local.p2p_port_rpc - "ingress.rpc.enabled" = var.RPC_INGRESS_ENABLED + "ingress.rpc.enabled" = local.rpc_ingress_enabled # Deploy-time secrets (not in YAML). - "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID - "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY + "node.env.AWS_ACCESS_KEY_ID" = try(local.d.R2_ACCESS_KEY_ID, "") + "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.R2_SECRET_ACCESS_KEY, "") } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" wait = true } - fisherman = tonumber(var.FISHERMAN_REPLICAS) > 0 ? { - name = "${var.RELEASE_PREFIX}-fisherman" + fisherman = local.fisherman_replicas > 0 ? { + name = "${local.d.RELEASE_PREFIX}-fisherman" chart = "aztec-node" values = [ "common.yaml", "rpc.yaml", - "rpc-resources-${var.RPC_RESOURCE_PROFILE}.yaml" + "rpc-resources-${local.d.RPC_RESOURCE_PROFILE}.yaml" ] inline_values = [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } node = { - logLevel = var.FISHERMAN_LOG_LEVEL + logLevel = try(local.d.FISHERMAN_LOG_LEVEL, local.d.LOG_LEVEL) } })] # Pod env vars flow from var.releases.fisherman.env via inline_values # (FISHERMAN_MODE, SEQ_BUILD_CHECKPOINT_IF_EMPTY, VALIDATORS_PER_NODE # come from _release_defaults.fisherman.env in network-defaults.yml). custom_settings = { - "replicaCount" = var.FISHERMAN_REPLICAS - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "replicaCount" = local.fisherman_replicas + "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "service.p2p.announcePort" = local.p2p_port_fisherman "service.p2p.port" = local.p2p_port_fisherman "node.secret.envEnabled" = true - "node.secret.mnemonic" = var.FISHERMAN_MNEMONIC - "node.secret.mnemonicIndex" = var.FISHERMAN_MNEMONIC_START_INDEX + "node.secret.mnemonic" = local.d.FISHERMAN_MNEMONIC + "node.secret.mnemonicIndex" = local.fisherman_mnemonic_idx "node.preStartScript" = "source /scripts/get-private-key.sh" # Rename: chart-side var name differs from pod env name. - "node.env.KEY_INDEX_START" = var.FISHERMAN_MNEMONIC_START_INDEX + "node.env.KEY_INDEX_START" = local.fisherman_mnemonic_idx } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" wait = true } : null - full_node = tonumber(var.FULL_NODE_REPLICAS) > 0 ? { - name = "${var.RELEASE_PREFIX}-full-node" + full_node = local.full_node_replicas > 0 ? { + name = "${local.d.RELEASE_PREFIX}-full-node" chart = "aztec-node" values = [ "common.yaml", "full-node.yaml", - "full-node-resources-${var.FULL_NODE_RESOURCE_PROFILE}.yaml" + "full-node-resources-${local.d.FULL_NODE_RESOURCE_PROFILE}.yaml" ] inline_values = [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } })] # Pod env vars flow from var.releases.full_node.env via inline_values. - custom_settings = { + custom_settings = merge({ "nodeType" = "full-node" - "replicaCount" = var.FULL_NODE_REPLICAS - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "replicaCount" = local.full_node_replicas + "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "service.p2p.announcePort" = local.p2p_port_full_node "service.p2p.port" = local.p2p_port_full_node - "env.OTEL_INCLUDE_METRICS" = var.FULL_NODE_INCLUDE_METRICS # Deploy-time secrets (not in YAML). - "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID - "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY - } + "node.env.AWS_ACCESS_KEY_ID" = try(local.d.R2_ACCESS_KEY_ID, "") + "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.R2_SECRET_ACCESS_KEY, "") + }, try(local.d.FULL_NODE_INCLUDE_METRICS, "") != "" ? { + "env.OTEL_INCLUDE_METRICS" = local.d.FULL_NODE_INCLUDE_METRICS + } : {}) boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" // this Helm app will have lots of replicas, if we wait for all to come online we'll surely time out. wait = false } : null - archive = var.DEPLOY_ARCHIVAL_NODE ? { - name = "${var.RELEASE_PREFIX}-archive" + archive = local.deploy_archival_node ? { + name = "${local.d.RELEASE_PREFIX}-archive" chart = "aztec-node" values = [ "common.yaml", "archive.yaml", - "archive-resources-${var.ARCHIVE_RESOURCE_PROFILE}.yaml" + "archive-resources-${local.d.ARCHIVE_RESOURCE_PROFILE}.yaml" ] inline_values = [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } })] # Pod env vars flow from var.releases.archive.env via inline_values. # P2P_ARCHIVED_TX_LIMIT is set in _release_defaults.archive.env. custom_settings = { "nodeType" = "archive" - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "service.p2p.announcePort" = local.p2p_port_archive "service.p2p.port" = local.p2p_port_archive } @@ -518,27 +578,27 @@ locals { } : null # Blob sink: uploads blobs to filestore as it syncs - blob_sink = var.BLOB_FILE_STORE_UPLOAD_URL != null ? { - name = "${var.RELEASE_PREFIX}-blob-sink" + blob_sink = local.blob_file_store_upload_url != "" ? { + name = "${local.d.RELEASE_PREFIX}-blob-sink" chart = "aztec-node" values = [ "common.yaml", "blob-sink.yaml", - "blob-sink-resources-${var.BLOB_SINK_RESOURCE_PROFILE}.yaml" + "blob-sink-resources-${local.d.BLOB_SINK_RESOURCE_PROFILE}.yaml" ] inline_values = [yamlencode({ service = { - p2p = { publicIP = var.P2P_PUBLIC_IP } + p2p = { publicIP = local.p2p_public_ip } } })] # Pod env vars flow from var.releases.blob_sink.env via inline_values. custom_settings = { "nodeType" = "blob-sink" - "service.p2p.nodePortEnabled" = var.P2P_NODEPORT_ENABLED + "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled # Deploy-time secrets / computed (not in YAML). - "node.env.BLOB_FILE_STORE_UPLOAD_URL" = var.BLOB_FILE_STORE_UPLOAD_URL - "node.env.AWS_ACCESS_KEY_ID" = var.R2_ACCESS_KEY_ID - "node.env.AWS_SECRET_ACCESS_KEY" = var.R2_SECRET_ACCESS_KEY + "node.env.BLOB_FILE_STORE_UPLOAD_URL" = local.blob_file_store_upload_url + "node.env.AWS_ACCESS_KEY_ID" = try(local.d.R2_ACCESS_KEY_ID, "") + "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.R2_SECRET_ACCESS_KEY, "") } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -546,25 +606,25 @@ locals { } : null # Optional: transfer bots - bot_transfers = var.BOT_TRANSFERS_REPLICAS > 0 ? { - name = "${var.RELEASE_PREFIX}-bot-transfers" + bot_transfers = local.bot_transfers_replicas > 0 ? { + name = "${local.d.RELEASE_PREFIX}-bot-transfers" chart = "aztec-bot" values = [ "common.yaml", "bot-token-transfer.yaml", - "bot-resources-${var.BOT_RESOURCE_PROFILE}.yaml", + "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", ] custom_settings = { - "bot.replicaCount" = var.BOT_TRANSFERS_REPLICAS - "bot.txIntervalSeconds" = var.BOT_TRANSFERS_TX_INTERVAL_SECONDS - "bot.followChain" = var.BOT_TRANSFERS_FOLLOW_CHAIN - "bot.pxeSyncChainTip" = var.BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP - "bot.botPrivateKey" = var.BOT_TRANSFERS_L2_PRIVATE_KEY + "bot.replicaCount" = local.bot_transfers_replicas + "bot.txIntervalSeconds" = local.d.BOT_TRANSFERS_TX_INTERVAL_SECONDS + "bot.followChain" = local.d.BOT_TRANSFERS_FOLLOW_CHAIN + "bot.pxeSyncChainTip" = local.d.BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP + "bot.botPrivateKey" = try(local.d.BOT_TRANSFERS_L2_PRIVATE_KEY, "0xcafe01") "bot.nodeUrl" = local.internal_rpc_url - "bot.mnemonic" = var.BOT_MNEMONIC - "bot.mnemonicStartIndex" = var.BOT_TRANSFERS_MNEMONIC_START_INDEX - "bot.daGasLimit" = var.BOT_DA_GAS_LIMIT - "bot.l2GasLimit" = var.BOT_L2_GAS_LIMIT + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_TRANSFERS_MNEMONIC_START_INDEX + "bot.daGasLimit" = try(local.d.BOT_DA_GAS_LIMIT, "") + "bot.l2GasLimit" = try(local.d.BOT_L2_GAS_LIMIT, "") } boot_node_host_path = "" bootstrap_nodes_path = "" @@ -572,25 +632,25 @@ locals { } : null # Optional: AMM swap bots - bot_swaps = var.BOT_SWAPS_REPLICAS > 0 ? { - name = "${var.RELEASE_PREFIX}-bot-swaps" + bot_swaps = local.bot_swaps_replicas > 0 ? { + name = "${local.d.RELEASE_PREFIX}-bot-swaps" chart = "aztec-bot" values = [ "common.yaml", "bot-amm-swaps.yaml", - "bot-resources-${var.BOT_RESOURCE_PROFILE}.yaml", + "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", ] custom_settings = { - "bot.replicaCount" = var.BOT_SWAPS_REPLICAS - "bot.txIntervalSeconds" = var.BOT_SWAPS_TX_INTERVAL_SECONDS - "bot.followChain" = var.BOT_SWAPS_FOLLOW_CHAIN - "bot.pxeSyncChainTip" = var.BOT_SWAPS_PXE_SYNC_CHAIN_TIP - "bot.botPrivateKey" = var.BOT_SWAPS_L2_PRIVATE_KEY + "bot.replicaCount" = local.bot_swaps_replicas + "bot.txIntervalSeconds" = local.d.BOT_SWAPS_TX_INTERVAL_SECONDS + "bot.followChain" = local.d.BOT_SWAPS_FOLLOW_CHAIN + "bot.pxeSyncChainTip" = local.d.BOT_SWAPS_PXE_SYNC_CHAIN_TIP + "bot.botPrivateKey" = try(local.d.BOT_SWAPS_L2_PRIVATE_KEY, "0xcafe02") "bot.nodeUrl" = local.internal_rpc_url - "bot.mnemonic" = var.BOT_MNEMONIC - "bot.mnemonicStartIndex" = var.BOT_SWAPS_MNEMONIC_START_INDEX - "bot.daGasLimit" = var.BOT_DA_GAS_LIMIT - "bot.l2GasLimit" = var.BOT_L2_GAS_LIMIT + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_SWAPS_MNEMONIC_START_INDEX + "bot.daGasLimit" = try(local.d.BOT_DA_GAS_LIMIT, "") + "bot.l2GasLimit" = try(local.d.BOT_L2_GAS_LIMIT, "") } boot_node_host_path = "" bootstrap_nodes_path = "" @@ -598,25 +658,25 @@ locals { } : null # Optional: cross-chain message bots - bot_cross_chain = var.BOT_CROSS_CHAIN_REPLICAS > 0 ? { - name = "${var.RELEASE_PREFIX}-bot-cross-chain" + bot_cross_chain = local.bot_cross_chain_replicas > 0 ? { + name = "${local.d.RELEASE_PREFIX}-bot-cross-chain" chart = "aztec-bot" values = [ "common.yaml", "bot-cross-chain.yaml", - "bot-resources-${var.BOT_RESOURCE_PROFILE}.yaml", + "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", ] custom_settings = { - "bot.replicaCount" = var.BOT_CROSS_CHAIN_REPLICAS - "bot.txIntervalSeconds" = var.BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS - "bot.followChain" = var.BOT_CROSS_CHAIN_FOLLOW_CHAIN - "bot.pxeSyncChainTip" = var.BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP - "bot.botPrivateKey" = var.BOT_CROSS_CHAIN_L2_PRIVATE_KEY + "bot.replicaCount" = local.bot_cross_chain_replicas + "bot.txIntervalSeconds" = local.d.BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS + "bot.followChain" = local.d.BOT_CROSS_CHAIN_FOLLOW_CHAIN + "bot.pxeSyncChainTip" = local.d.BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP + "bot.botPrivateKey" = try(local.d.BOT_CROSS_CHAIN_L2_PRIVATE_KEY, "0xcafe03") "bot.nodeUrl" = local.internal_rpc_url - "bot.mnemonic" = var.BOT_MNEMONIC - "bot.mnemonicStartIndex" = var.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX - "bot.daGasLimit" = var.BOT_DA_GAS_LIMIT - "bot.l2GasLimit" = var.BOT_L2_GAS_LIMIT + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX + "bot.daGasLimit" = try(local.d.BOT_DA_GAS_LIMIT, "") + "bot.l2GasLimit" = try(local.d.BOT_L2_GAS_LIMIT, "") } boot_node_host_path = "" bootstrap_nodes_path = "" @@ -633,7 +693,7 @@ resource "helm_release" "releases" { name = each.value.name repository = "../../" chart = each.value.chart - namespace = var.NAMESPACE + namespace = local.d.NAMESPACE create_namespace = true upgrade_install = true force_update = true @@ -647,11 +707,11 @@ resource "helm_release" "releases" { [for v in each.value.values : file("./values/${v}")], [local.common_inline_values], lookup(each.value, "inline_values", []), - # New (Phase 4): per-release Helm values passed directly from the YAML loader - # via terraform.tfvars.json's `releases.` map. The loader emits + # Per-release Helm values passed directly from the YAML loader via + # terraform.tfvars.json's `releases.` map. The loader emits # values that already match the chart's expected shape (validator.env.*, etc.), - # so this is a direct pass-through with no per-key mapping. The existing `set` - # blocks below override these (kept for back-compat with current deploys). + # so this is a direct pass-through with no per-key mapping. The `set` + # blocks below (custom_settings) layer deploy-time computed values on top. contains(keys(var.releases), each.key) ? [yamlencode(var.releases[each.key])] : [] ) @@ -664,8 +724,8 @@ resource "helm_release" "releases" { each.value.boot_node_host_path != "" && local.internal_boot_node_url != "" ? { (each.value.boot_node_host_path) = local.internal_boot_node_url } : {}, - each.value.bootstrap_nodes_path != "" && length(var.EXTERNAL_BOOTNODES) > 0 ? { - (each.value.bootstrap_nodes_path) = join(",", var.EXTERNAL_BOOTNODES) + each.value.bootstrap_nodes_path != "" && length(local.external_bootnodes) > 0 ? { + (each.value.bootstrap_nodes_path) = join(",", local.external_bootnodes) } : {} ) : k => v if v != null } content { @@ -685,15 +745,15 @@ resource "helm_release" "releases" { } resource "kubernetes_manifest" "rpc_ingress_backend" { - count = var.RPC_INGRESS_ENABLED ? 1 : 0 + count = local.rpc_ingress_enabled ? 1 : 0 provider = kubernetes.gke-cluster manifest = { apiVersion = "cloud.google.com/v1" kind = "BackendConfig" metadata = { - name = "${var.RELEASE_PREFIX}-rpc-ingress-backend" - namespace = var.NAMESPACE + name = "${local.d.RELEASE_PREFIX}-rpc-ingress-backend" + namespace = local.d.NAMESPACE } spec = merge( { @@ -707,20 +767,20 @@ resource "kubernetes_manifest" "rpc_ingress_backend" { requestPath = "/status" } }, - var.RPC_CLOUD_ARMOR_POLICY_NAME != "" ? { + local.rpc_cloud_armor != "" ? { securityPolicy = { - name = var.RPC_CLOUD_ARMOR_POLICY_NAME + name = local.rpc_cloud_armor } } : {}, - var.RPC_INGRESS_SESSION_AFFINITY != "" ? { + local.rpc_session_affinity != "" ? { sessionAffinity = { - affinityType = var.RPC_INGRESS_SESSION_AFFINITY + affinityType = local.rpc_session_affinity } } : {}, - var.RPC_INGRESS_LOG_SAMPLE_RATE != null ? { + local.rpc_ingress_log_rate != null ? { logging = { enable = true - sampleRate = var.RPC_INGRESS_LOG_SAMPLE_RATE + sampleRate = local.rpc_ingress_log_rate } } : {} ) diff --git a/spartan/terraform/deploy-aztec-infra/variables.tf b/spartan/terraform/deploy-aztec-infra/variables.tf index c7f61e9e24d8..540ff7594e88 100644 --- a/spartan/terraform/deploy-aztec-infra/variables.tf +++ b/spartan/terraform/deploy-aztec-infra/variables.tf @@ -1,949 +1,29 @@ -# ============================================================================= -# Structured config (Phase 4 -- coexists with legacy individual variables below) -# ============================================================================= -# Populated by spartan/scripts/load_network_config.sh --format=tfvars from a -# per-network YAML file. Each `releases.` is forwarded as Helm values to -# the matching helm_release in main.tf via yamlencode pass-through. Legacy -# individual variables (PROVER_REAL_PROOFS, SLASH_*, etc.) still work and -# override these via the `set` blocks; once a deploy is fully migrated to -# YAML, the legacy variables can be removed. +# Inputs for the deploy-aztec-infra Terraform module. +# +# All deploy-script and per-network configuration flows through three +# structured inputs, populated by spartan/scripts/deploy_network.sh from +# spartan/scripts/load_network_config.sh's `--format=tfvars` output plus +# deploy-time-computed values (cluster context, contract addresses, image +# overrides, admin API key hash, etc.). +# +# main.tf reads these as `var.deploy.`, `var.env.`, and +# `var.releases..<...>` -- never as individual `var.` legacy +# variables (those have all been deleted; defaults live in +# spartan/environments/network-defaults.yml `_deploy_defaults`). variable "deploy" { - description = "Deploy-time config (cluster, namespace, ingress) loaded from per-network YAML" + description = "Deploy-time config (cluster, namespace, ingress, mnemonics, contract addresses, ...). Loaded from per-network YAML's `deploy:` block by load_network_config.sh and merged with script-computed values by deploy_network.sh." type = any - default = {} } variable "env" { - description = "Network-wide pod env baseline loaded from per-network YAML (UPPER_SNAKE keys)" + description = "Network-wide pod env baseline (UPPER_SNAKE keys) loaded from per-network YAML's `env:` block." type = map(string) default = {} } variable "releases" { - description = "Per-release Helm values, keyed by release name (validator, prover, rpc, ...)" + description = "Per-release Helm values keyed by release name (validator, prover, rpc, ...). Loaded from per-network YAML's per-release blocks." type = any default = {} } - -# ============================================================================= -# Legacy individual variables (kept for back-compat; removed in Phase 5 cleanup) -# ============================================================================= - -variable "R2_ACCESS_KEY_ID" { - description = "Cloudflare R2 access key id for RPC node snapshot uploads" - type = string - default = null -} - -variable "R2_SECRET_ACCESS_KEY" { - description = "Cloudflare R2 secret access key for RPC node snapshot uploads" - type = string - default = null -} - -variable "GCP_PROJECT_ID" { - description = "GCP project id" - type = string - default = "testnet-440309" -} - -variable "GCP_REGION" { - default = "us-west1" - type = string -} - -variable "FULL_NODE_RESOURCE_PROFILE" { - description = "Resource profile to use for the full node" - type = string - default = "prod" -} - -variable "P2P_BOOTSTRAP_RESOURCE_PROFILE" { - description = "Resource profile to use for the p2p bootstrap" - type = string - default = "prod" -} - -variable "VALIDATOR_RESOURCE_PROFILE" { - description = "Resource profile to use for the validator" - type = string - default = "prod" -} - -variable "PROVER_RESOURCE_PROFILE" { - description = "Resource profile to use for the prover" - type = string - default = "prod" -} - -variable "RPC_RESOURCE_PROFILE" { - description = "Resource profile to use for the rpc" - type = string - default = "prod" -} - -variable "BOT_RESOURCE_PROFILE" { - description = "Resource profile to use for the bots" - type = string - default = "prod" -} - -variable "ARCHIVE_RESOURCE_PROFILE" { - description = "Resource profile to use for the archive node" - type = string - default = "prod" -} - -variable "BLOB_SINK_RESOURCE_PROFILE" { - description = "Resource profile to use for the blob sink" - type = string - default = "prod" -} - -variable "DEBUG_P2P_INSTRUMENT_MESSAGES" { - description = "Whether to enable debug instrumentation of P2P messages" - type = bool - default = false -} - -variable "PROVER_TEST_VERIFICATION_DELAY_MS" { - description = "The delay (ms) to inject during fake proof verification" - type = number - default = 10 -} - -variable "BB_CHONK_VERIFY_MAX_BATCH" { - description = "Upper bound on proofs per batch for the peer chonk batch verifier" - type = number - default = 16 -} - -variable "BB_CHONK_VERIFY_BATCH_CONCURRENCY" { - description = "Thread count for the peer batch verifier parallel reduce (0 = auto)" - type = number - default = 6 -} - -variable "K8S_CLUSTER_CONTEXT" { - description = "GKE cluster context" - type = string - default = "gke_testnet-440309_us-west1-a_aztec-gke-public" -} - -variable "RELEASE_PREFIX" { - description = "The prefix to use for the helm installs" - type = string - default = "staging-testnet" -} - -variable "NAMESPACE" { - description = "The namespace to install into" - type = string - default = "staging-testnet" -} - -variable "AZTEC_DOCKER_IMAGE" { - description = "Docker image to use for the aztec network" - type = string - default = "aztecprotocol/aztec:staging" -} - -variable "PROVER_AGENT_DOCKER_IMAGE" { - description = "Docker image for prover agents (includes baked-in CRS). Defaults to AZTEC_DOCKER_IMAGE." - type = string - default = "" -} - -variable "VALIDATOR_HA_DOCKER_IMAGE" { - description = "Docker image for HA validator releases. When set, HA releases (idx > 0) use this image instead of AZTEC_DOCKER_IMAGE." - type = string - default = "" -} - -variable "VALIDATOR_VALUES" { - description = "The values file to apply" - type = string - default = "staging-testnet-validator.yaml" -} - -variable "PROVER_VALUES" { - description = "The values file to apply" - type = string - default = "staging-testnet-prover.yaml" -} - -variable "RPC_VALUES" { - description = "The values file to apply" - type = string - default = "staging-testnet-rpc.yaml" -} - -variable "L1_CHAIN_ID" { - description = "The L1 chain id" - type = string -} - -variable "L1_RPC_URLS" { - description = "The L1 RPC URLs" - type = list(string) - default = [] -} - -variable "L1_CONSENSUS_HOST_URLS" { - description = "The L1 consensus host URLs" - type = list(string) - default = [] -} - -variable "L1_CONSENSUS_HOST_API_KEYS" { - description = "The L1 consensus host API keys" - type = list(string) - default = [] -} - -variable "L1_CONSENSUS_HOST_API_KEY_HEADERS" { - description = "The L1 consensus host API key headers" - type = list(string) - default = [] -} - -variable "REGISTRY_CONTRACT_ADDRESS" { - description = "The registry contract address" - type = string -} - -variable "FEE_ASSET_HANDLER_CONTRACT_ADDRESS" { - description = "The fee asset handler contract address" - type = string -} - -variable "VALIDATOR_MNEMONIC" { - description = "The validator mnemonic" - type = string - default = "" -} - -variable "VALIDATOR_MNEMONIC_START_INDEX" { - description = "The validator mnemonic start index" - type = string - default = 1 -} - -variable "VALIDATORS_PER_NODE" { - description = "The number of validators per node" - type = number - default = 12 -} - -variable "VALIDATOR_PUBLISHERS_PER_REPLICA" { - description = "Number of publisher EOAs per validator replica (pod)" - type = number - default = 4 -} - -variable "VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX" { - description = "Mnemonic start index for validator publishers" - type = number - default = 5000 -} - -variable "VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE" { - description = "Override for validator L1 priority fee bump percentage" - type = string - nullable = true - default = null -} - -variable "VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE" { - description = "Override for validator L1 priority fee retry bump percentage" - type = string - nullable = true - default = null -} - -variable "VALIDATOR_REPLICAS" { - description = "The number of validator replicas" - type = string - default = 4 -} - -variable "VALIDATOR_HA_REPLICAS" { - description = "Number of additional HA validator releases (0 = no HA, 1 = primary + 1 HA, etc.)" - type = number - default = 0 -} - -variable "VALIDATOR_HA_REPLICA_COUNT" { - description = "Number of pod replicas per HA validator release. Defaults to VALIDATOR_REPLICAS if not set." - type = number - default = null -} - -variable "VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H" { - description = "Clean up old signed HA duties after this many hours (prevents unbounded DB growth)" - type = number - default = 24 -} - -variable "ADMIN_API_KEY_HASH" { - description = "SHA-256 hex hash of the admin API key. When set, enables admin API authentication on validator nodes. Leave empty to disable admin auth (default)." - type = string - default = "" -} - -variable "PROVER_MNEMONIC" { - description = "The prover mnemonic" - type = string - default = "test test test test test test test test test test test junk" -} - -variable "PROVER_REPLICAS" { - description = "The number of prover replicas" - type = string - default = 4 -} - -variable "PROVER_TEST_DELAY_TYPE" { - description = "The type of test delay to introduce in the prover (fixed, realistic)" - type = string - default = "fixed" -} - -variable "PROVER_AGENT_PROOF_TYPES" { - description = "The types of proofs these agents will run. Default: all" - type = list(string) - default = [] -} - -variable "PROVER_PUBLISHERS_PER_PROVER" { - description = "Number of publisher keys per prover" - type = string - default = 1 -} - -variable "PROVER_PUBLISHER_MNEMONIC_START_INDEX" { - description = "The prover publisher mnemonic start index" - type = string - default = 8000 -} - -variable "PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE" { - description = "Override for prover L1 priority fee bump percentage" - type = string - nullable = true - default = null -} - -variable "PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE" { - description = "Override for prover L1 priority fee retry bump percentage" - type = string - nullable = true - default = null -} - -variable "PROVER_NODE_DISABLE_PROOF_PUBLISH" { - description = "Whether to disable proof publishing from the prover node" - type = bool - default = false -} - -variable "FISHERMAN_MNEMONIC" { - description = "The fisherman mnemonic for RPC nodes (used when validators are disabled, e.g., fisherman mode)" - type = string - default = "" -} - -variable "FISHERMAN_MNEMONIC_START_INDEX" { - description = "The fisherman mnemonic start index for RPC nodes (used when validators are disabled)" - type = string - default = 1 -} - -variable "OTEL_COLLECTOR_ENDPOINT" { - description = "Optional OpenTelemetry collector endpoint URL (e.g., http://otel-collector:4318)" - type = string - default = null - nullable = true -} - -variable "OTEL_COLLECT_INTERVAL_MS" { - description = "Interval in ms at which OTEL metrics are exported from nodes" - type = string - nullable = true - default = null -} - -variable "OTEL_EXPORT_TIMEOUT_MS" { - description = "Timeout in ms for OTEL metric exports (must be <= OTEL_COLLECT_INTERVAL_MS)" - type = string - nullable = true - default = null -} - -variable "LOG_LEVEL" { - description = "Log level for all nodes" - type = string - default = "info" -} - -variable "FISHERMAN_LOG_LEVEL" { - description = "Log level for fisherman nodes" - type = string - default = "debug" -} - -variable "SPONSORED_FPC" { - description = "Enable sponsored FPC" - type = bool -} - -variable "TEST_ACCOUNTS" { - description = "Enable test accounts" - type = bool -} - -variable "SEQ_MIN_TX_PER_BLOCK" { - description = "Minimum number of sequencer transactions per block" - type = string - default = "1" -} - -variable "SEQ_MAX_TX_PER_BLOCK" { - description = "Maximum number of sequencer transactions per block" - type = string - default = "8" -} - -variable "SEQ_MAX_TX_PER_CHECKPOINT" { - description = "Maximum number of sequencer transactions per checkpoint" - type = string - default = null -} - -variable "P2P_MAX_PENDING_TX_COUNT" { - description = "Maximum number of pending txs the local mempool will hold before evictions kick in" - type = string - default = null -} - -variable "SEQ_ENFORCE_TIME_TABLE" { - description = "Whether to enforce the time table when building blocks" - type = string - nullable = true - default = null -} - -variable "SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT" { - description = "Percentage probability of skipping checkpoint publishing" - type = string - default = "0" -} - -variable "SEQ_BLOCK_DURATION_MS" { - description = "Duration per block in milliseconds when building multiple blocks per slot" - type = string - nullable = true - default = null -} - -variable "SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT" { - description = "Time allocated for publishing to L1, in seconds" - type = string - nullable = true - default = null -} - -variable "SEQ_BUILD_CHECKPOINT_IF_EMPTY" { - description = "Have sequencer build and publish an empty checkpoint if there are no txs" - type = string - nullable = true - default = null -} - -variable "SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER" { - description = "Per-block gas budget multiplier for both L2 and DA gas." - type = string - default = null -} - -variable "SEQ_ENABLE_PROPOSER_PIPELINING" { - description = "Whether to enable build-ahead proposer pipelining" - type = string - default = "false" -} - -variable "AZTEC_EPOCHS_LAG" { - description = "Epoch lag override for validator nodes" - type = string - nullable = true - default = null -} - -variable "SENTINEL_ENABLED" { - description = "Whether to enable sentinel" - type = string - default = true -} - -variable "SLASH_INACTIVITY_TARGET_PERCENTAGE" { - description = "The slash inactivity target percentage" - type = string - nullable = true -} - -variable "SLASH_INACTIVITY_PENALTY" { - description = "The slash inactivity penalty" - type = string - nullable = true -} - -variable "SLASH_PRUNE_PENALTY" { - description = "The slash prune penalty" - type = string - nullable = true -} - -variable "SLASH_DATA_WITHHOLDING_PENALTY" { - description = "The slash data withholding penalty" - type = string - nullable = true -} - -variable "SLASH_PROPOSE_INVALID_ATTESTATIONS_PENALTY" { - description = "The slash propose invalid attestations penalty" - type = string - default = 0.0 -} - -variable "SLASH_DUPLICATE_PROPOSAL_PENALTY" { - description = "The slash duplicate proposal penalty" - type = string - nullable = true -} - -variable "SLASH_DUPLICATE_ATTESTATION_PENALTY" { - description = "The slash duplicate attestation penalty" - type = string - nullable = true -} - -variable "SLASH_ATTEST_DESCENDANT_OF_INVALID_PENALTY" { - description = "The slash attest descendant of invalid penalty" - type = string - nullable = true -} - -variable "SLASH_UNKNOWN_PENALTY" { - description = "The slash unknown penalty" - type = string - nullable = true -} - -variable "SLASH_INVALID_BLOCK_PENALTY" { - description = "The slash invalid block penalty" - type = string - nullable = true -} - -variable "SLASH_OFFENSE_EXPIRATION_ROUNDS" { - description = "The slash offense expiration rounds" - type = string - nullable = true -} - -variable "SLASH_MAX_PAYLOAD_SIZE" { - description = "The slash max payload size" - type = string - nullable = true -} - -variable "PROVER_REAL_PROOFS" { - description = "Whether to enable prover real proofs" - type = string -} - -variable "TRANSACTIONS_DISABLED" { - description = "Whether transactions are disabled by the nodes" - type = string - nullable = true -} - -variable "DEPLOY_INTERNAL_BOOTNODE" { - description = "Whether to deploy an internal" - type = bool - default = false -} - -variable "EXTERNAL_BOOTNODES" { - description = "Whether to use externally deployed bootnodes" - type = list(string) - default = [] -} - -variable "DEPLOY_ARCHIVAL_NODE" { - description = "Whether to deploy the archival node" - type = bool - default = false -} - -variable "NETWORK" { - description = "One of the existing network names to use default config for" - type = string - nullable = true -} - -variable "STORE_SNAPSHOT_URL" { - description = "Location to store snapshots in" - type = string - nullable = true - default = null -} - -variable "SNAPSHOT_CRON" { - description = "Location to store snapshots in" - type = string - default = "0 */12 * * *" -} - -variable "BOT_MNEMONIC" { - description = "The bot mnemonic" - type = string - default = "test test test test test test test test test test test junk" -} - -variable "BOT_TRANSFERS_MNEMONIC_START_INDEX" { - description = "The prover mnemonic start index" - type = string - default = "" -} - -variable "BOT_TRANSFERS_REPLICAS" { - description = "Number of transfer bot replicas to deploy (0 to disable)" - type = number - default = 0 -} - -variable "BOT_TRANSFERS_TX_INTERVAL_SECONDS" { - description = "Interval in seconds between transfer bot transactions" - type = number - default = 10 -} - -variable "BOT_TRANSFERS_FOLLOW_CHAIN" { - description = "Transfers bot follow-chain mode (e.g., NONE)" - type = string - default = "PENDING" -} - -variable "BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP" { - description = "Transfers bot PXE sync chain tip mode (e.g., checkpointed)" - type = string - default = "checkpointed" -} - -variable "BOT_TRANSFERS_L2_PRIVATE_KEY" { - description = "Private key for the transfers bot (hex string starting with 0x)" - nullable = true - default = null -} - -variable "BOT_SWAPS_MNEMONIC_START_INDEX" { - description = "The prover mnemonic start index" - type = string - default = "" -} - -variable "BOT_SWAPS_REPLICAS" { - description = "Number of AMM swap bot replicas to deploy (0 to disable)" - type = number - default = 0 -} - -variable "BOT_SWAPS_TX_INTERVAL_SECONDS" { - description = "Interval in seconds between AMM swap bot transactions" - type = number - default = 10 -} - -variable "BOT_SWAPS_FOLLOW_CHAIN" { - description = "AMM swaps bot follow-chain mode (e.g., NONE)" - type = string - default = "PENDING" -} - -variable "BOT_SWAPS_PXE_SYNC_CHAIN_TIP" { - description = "AMM swaps bot PXE sync chain tip mode (e.g., checkpointed)" - type = string - default = "checkpointed" -} - -variable "BOT_SWAPS_L2_PRIVATE_KEY" { - description = "Private key for the AMM swaps bot (hex string starting with 0x)" - type = string - nullable = true - default = null -} - -variable "BOT_CROSS_CHAIN_MNEMONIC_START_INDEX" { - description = "The cross-chain bot mnemonic start index" - type = string - default = "" -} - -variable "BOT_CROSS_CHAIN_REPLICAS" { - description = "Number of cross-chain bot replicas to deploy (0 to disable)" - type = number - default = 0 -} - -variable "BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS" { - description = "Interval in seconds between cross-chain bot transactions" - type = number - default = 10 -} - -variable "BOT_CROSS_CHAIN_FOLLOW_CHAIN" { - description = "Cross-chain bot follow-chain mode" - type = string - default = "PENDING" -} - -variable "BOT_CROSS_CHAIN_L2_PRIVATE_KEY" { - description = "Private key for the cross-chain bot (hex string starting with 0x)" - type = string - nullable = true - default = null -} - -variable "BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP" { - description = "Cross-chain bot PXE sync chain tip mode (e.g., checkpointed)" - type = string - default = "checkpointed" -} - -variable "BOT_DA_GAS_LIMIT" { - description = "DA gas limit for bot transactions (empty to use gas estimation)" - type = string - default = "" -} - -variable "BOT_L2_GAS_LIMIT" { - description = "L2 gas limit for bot transactions (empty to use gas estimation)" - type = string - default = "" -} - -# RPC ingress configuration (GKE-specific) -variable "RPC_INGRESS_ENABLED" { - description = "Enable GKE ingress for RPC nodes" - type = bool - default = false -} - -variable "RPC_INGRESS_HOSTS" { - description = "Hostnames for RPC ingress" - type = list(string) - default = [] -} - -variable "RPC_INGRESS_STATIC_IP_NAME" { - description = "Name of the GCP static IP resource for the ingress" - type = string - default = "" -} - -variable "RPC_INGRESS_SSL_CERT_NAMES" { - description = "Names of the GCP managed SSL certificates for the ingress" - type = list(string) - default = [] -} - -variable "RPC_CLOUD_ARMOR_POLICY_NAME" { - description = "Name of a Cloud Armor security policy to attach to the RPC ingress BackendConfig. Leave empty to disable." - type = string - default = "" -} - -variable "RPC_INGRESS_SESSION_AFFINITY" { - description = "Session affinity type for the RPC BackendConfig. One of NONE, CLIENT_IP, GENERATED_COOKIE. Leave empty for no affinity (GCE default)." - type = string - default = "" -} - -variable "RPC_INGRESS_LOG_SAMPLE_RATE" { - description = "LB access-log sample rate for the RPC BackendConfig (0.0-1.0). When set, logs include the Cloud Armor matched rule priority. Leave null to disable logging (GCE default)." - type = number - nullable = true - default = null -} - -variable "PROVER_FAILED_PROOF_STORE" { - description = "Optional GCS/URI to store failed proofs from the prover" - type = string - nullable = false - default = "" -} - -variable "L1_TX_FAILED_STORE" { - description = "Optional GCS/URI to store failed L1 transaction inputs (e.g. gs://bucket/path)" - type = string - nullable = false - default = "" -} - -variable "PROVER_PROOF_STORE" { - description = "Optional GCS/S3/file URI to store proof inputs and outputs (e.g. gs://bucket/path, s3://bucket/path, file:///path)" - type = string - nullable = false - default = "" -} - -variable "PROVER_BROKER_DEBUG_REPLAY_ENABLED" { - description = "Enable debug replay mode for the prover broker to replay proving jobs from stored inputs" - type = bool - default = false -} - -variable "RPC_REPLICAS" { - description = "The number of RPC replicas" - type = string - default = 1 -} - -variable "FULL_NODE_REPLICAS" { - description = "The number of full node replicas" - type = string - default = 1 -} - -variable "P2P_TX_POOL_DELETE_TXS_AFTER_REORG" { - description = "Whether to delete transactions from the P2P transaction pool after a reorg" - type = bool - default = false -} - -variable "PROVER_AGENTS_PER_PROVER" { - description = "Number of prover agents per prover" - type = string - default = 1 -} - -variable "BLOB_ALLOW_EMPTY_SOURCES" { - description = "Whether to allow starting without any consensus client URLs" - type = bool - default = false -} - -variable "BLOB_FILE_STORE_UPLOAD_URL" { - description = "URL for uploading blobs (e.g., gs://bucket/path/, s3://bucket/path/)" - type = string - nullable = true - default = null -} - -variable "BLOB_FILE_STORE_URLS" { - description = "Comma-separated URLs for reading blobs from filestore. Set to ',' to disable." - type = string - default = "" -} - -variable "TX_FILE_STORE_ENABLED" { - description = "Whether to enable uploading transactions to file storage" - type = bool - default = false -} - -variable "TX_FILE_STORE_URL" { - description = "URL for uploading transactions (e.g., s3://bucket/path/, gs://bucket/path/)" - type = string - nullable = true - default = null -} - -variable "TX_COLLECTION_FILE_STORE_URLS" { - description = "Comma-separated URLs for reading transactions from file storage" - type = string - default = "" -} - -variable "PROVER_AGENT_POLL_INTERVAL_MS" { - description = "Interval in milliseconds between prover agent polls" - type = number - default = 1000 -} - -variable "PROVER_AGENT_INCLUDE_METRICS" { - description = "Metrics whitelist in the prover agent" - type = string - default = null -} - -variable "FULL_NODE_INCLUDE_METRICS" { - description = "Metrics whitelist in the full node" - type = string - default = null -} - -variable "FISHERMAN_REPLICAS" { - description = "Number of dedicated fisherman node replicas (separate from the rpc-node)" - type = number - default = 0 -} - -variable "P2P_GOSSIPSUB_D" { - description = "The P2P Gossipsub D parameter" - type = string - default = "8" -} - -variable "P2P_GOSSIPSUB_DLO" { - description = "The P2P Gossipsub D parameter" - type = string - default = "4" -} - -variable "P2P_GOSSIPSUB_DHI" { - description = "The P2P Gossipsub D parameter" - type = string - default = "12" -} - -variable "P2P_DROP_TX_CHANCE" { - description = "The chance (0-1) of dropping an incoming transaction in the P2P layer (for testing)" - type = number - default = 0 -} - -variable "WS_NUM_HISTORIC_CHECKPOINTS" { - description = "Number of historic checkpoints for world state" - type = string - nullable = true - default = null -} - -# Controls whether nodes announce public IPs for P2P (true for GKE; set false for kind/local) -variable "P2P_PUBLIC_IP" { - description = "Announce public IP for P2P (set false in kind/local to use pod IPs)" - type = bool - default = true -} - -# Controls whether to expose P2P via NodePort instead of hostPort. Recommended true for KIND/local. -variable "P2P_NODEPORT_ENABLED" { - description = "Enable NodePort for P2P service (true for KIND/local, false for GKE by default)" - type = bool - default = false -} - -variable "DEBUG_FORCE_TX_PROOF_VERIFICATION" { - description = "Whether to force tx proof verification. Only has an effect if real proving is turned off" - type = bool - default = false -} - -variable "WAIT_FOR_PROVER_DEPLOY" { - description = "Whether to wait for the prover helm installation. You might want to turn this off if a large number of prover agents should start" - type = bool - default = true -} From 09563fbbf6319b4fa9b0955c14b49a6b7e2fd6d2 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 29 Apr 2026 16:42:23 +0000 Subject: [PATCH 05/34] quoting fixes --- spartan/environments/network-defaults.yml | 8 +- spartan/environments/networks/devnet.yml | 8 +- spartan/environments/networks/next-net.yml | 6 +- spartan/environments/networks/testnet.yml | 156 +++++++++++---------- 4 files changed, 93 insertions(+), 85 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index 0e37d6c914b3..57849b26aaf8 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -302,9 +302,11 @@ _deploy_defaults: # RPC ingress RPC_INGRESS_ENABLED: "false" - # Empty JSON arrays for the ingress lists; per-network YAMLs set real values. - RPC_INGRESS_HOSTS: "[]" - RPC_INGRESS_SSL_CERT_NAMES: "[]" + # Real YAML lists (var.deploy is type=any in Terraform); per-network YAMLs + # set actual hostnames / cert names. yq's *+ deep-merge concatenates with the + # empty defaults, so per-network values pass through unchanged. + RPC_INGRESS_HOSTS: [] + RPC_INGRESS_SSL_CERT_NAMES: [] RPC_REPLICAS: "1" FISHERMAN_REPLICAS: "0" FISHERMAN_MNEMONIC_START_INDEX: "1" diff --git a/spartan/environments/networks/devnet.yml b/spartan/environments/networks/devnet.yml index 4b2bf3ee82da..25f62ccbc227 100644 --- a/spartan/environments/networks/devnet.yml +++ b/spartan/environments/networks/devnet.yml @@ -19,9 +19,11 @@ deploy: USE_NETWORK_CONFIG: ${USE_NETWORK_CONFIG:-false} PROVER_RESOURCE_PROFILE: dev RPC_INGRESS_ENABLED: "true" - RPC_INGRESS_HOSTS: '["$NAMESPACE.aztec-labs.com"]' - RPC_INGRESS_STATIC_IP_NAME: $NAMESPACE-rpc-ip - RPC_INGRESS_SSL_CERT_NAMES: '["$NAMESPACE-rpc-cert"]' + RPC_INGRESS_HOSTS: + - "${NAMESPACE}.aztec-labs.com" + RPC_INGRESS_STATIC_IP_NAME: "${NAMESPACE}-rpc-ip" + RPC_INGRESS_SSL_CERT_NAMES: + - "${NAMESPACE}-rpc-cert" DEPLOY_INTERNAL_BOOTNODE: "false" # Mnemonic-index bases (loader adds MNEMONIC_INDEX_OFFSET via apply_derived). VALIDATOR_MNEMONIC_START_INDEX: "1" diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml index 45f7bbab0d68..2c0b0026c4c4 100644 --- a/spartan/environments/networks/next-net.yml +++ b/spartan/environments/networks/next-net.yml @@ -13,9 +13,11 @@ deploy: TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-next-net/txs}' CREATE_ROLLUP_CONTRACTS: 'true' RPC_INGRESS_ENABLED: 'true' - RPC_INGRESS_HOSTS: '''["nextnet.aztec-labs.com"]''' + RPC_INGRESS_HOSTS: + - 'nextnet.aztec-labs.com' RPC_INGRESS_STATIC_IP_NAME: 'nextnet-rpc-ip' - RPC_INGRESS_SSL_CERT_NAMES: '''["nextnet-rpc-cert"]''' + RPC_INGRESS_SSL_CERT_NAMES: + - 'nextnet-rpc-cert' VALIDATOR_RESOURCE_PROFILE: 'prod-spot' env: diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml index 774bbabff0a9..1172b42582a6 100644 --- a/spartan/environments/networks/testnet.yml +++ b/spartan/environments/networks/testnet.yml @@ -2,83 +2,85 @@ network: testnet deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-public' - NAMESPACE: '${NAMESPACE:-testnet}' - NETWORK: 'testnet' - ETHEREUM_CHAIN_ID: '11155111' - VERIFY_CONTRACTS: 'true' - CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' - USE_NETWORK_CONFIG: '${USE_NETWORK_CONFIG:-true}' - SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-testnet}' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-testnet/blobs}' - TX_FILE_STORE_ENABLED: 'true' - TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs}' - RPC_INGRESS_ENABLED: 'true' - RPC_INGRESS_HOSTS: '''["rpc.testnet.aztec-labs.com"]''' - RPC_INGRESS_STATIC_IP_NAME: 'testnet-rpc-ip' - RPC_INGRESS_SSL_CERT_NAMES: '''["testnet-rpc-cert"]''' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' - PROVER_RESOURCE_PROFILE: 'prod' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-public" + NAMESPACE: "${NAMESPACE:-testnet}" + NETWORK: "testnet" + ETHEREUM_CHAIN_ID: "11155111" + VERIFY_CONTRACTS: "true" + CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" + USE_NETWORK_CONFIG: "${USE_NETWORK_CONFIG:-true}" + SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-testnet}" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-testnet/blobs}" + TX_FILE_STORE_ENABLED: "true" + TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs}" + RPC_INGRESS_ENABLED: "true" + RPC_INGRESS_HOSTS: + - "rpc.testnet.aztec-labs.com" + RPC_INGRESS_STATIC_IP_NAME: "testnet-rpc-ip" + RPC_INGRESS_SSL_CERT_NAMES: + - "testnet-rpc-cert" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + PROVER_RESOURCE_PROFILE: "prod" env: - REAL_VERIFIER: 'true' - AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: '48' - AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: '48' - AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: '10' - AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: '400' - AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: '10' - AZTEC_SLOT_DURATION: '72' - AZTEC_EPOCH_DURATION: '32' - AZTEC_TARGET_COMMITTEE_SIZE: '48' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - AZTEC_PROOF_SUBMISSION_EPOCHS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '199000e18' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '2' - AZTEC_SLASHING_QUORUM: '33' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' - AZTEC_SLASHING_LIFETIME_IN_ROUNDS: '5' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '2' + REAL_VERIFIER: "true" + AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: "48" + AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: "48" + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: "10" + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: "400" + AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: "10" + AZTEC_SLOT_DURATION: "72" + AZTEC_EPOCH_DURATION: "32" + AZTEC_TARGET_COMMITTEE_SIZE: "48" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + AZTEC_PROOF_SUBMISSION_EPOCHS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "199000e18" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "2" + AZTEC_SLASHING_QUORUM: "33" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "2" + AZTEC_SLASHING_LIFETIME_IN_ROUNDS: "5" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "2" AZTEC_SLASHING_VETOER: '\"0xdfe19Da6a717b7088621d8bBB66be59F2d78e924\"' - AZTEC_MANA_TARGET: '75000000' - AZTEC_PROVING_COST_PER_MANA: '25000000' - AZTEC_SLASH_AMOUNT_SMALL: '100000e18' - AZTEC_SLASH_AMOUNT_MEDIUM: '100000e18' - AZTEC_SLASH_AMOUNT_LARGE: '100000e18' - AZTEC_ACTIVATION_THRESHOLD: '200000e18' - AZTEC_EJECTION_THRESHOLD: '100000e18' - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '100' - AZTEC_GOVERNANCE_PROPOSER_QUORUM: '60' - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - BLOB_FILE_STORE_URLS: ',' - TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'false' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '72' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PENDING' - BOT_SWAPS_REPLICAS: '0' - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' - SEQ_MAX_TX_PER_CHECKPOINT: '72' - DEPLOY_ARCHIVAL_NODE: 'true' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '64' - VALIDATOR_PUBLISHERS_PER_REPLICA: '8' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - VALIDATOR_HA_REPLICAS: '1' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/testnet/failed-proofs' - L1_TX_FAILED_STORE: 'gs://aztec-develop/testnet/failed-l1-txs' - PROVER_REPLICAS: '4' + AZTEC_MANA_TARGET: "75000000" + AZTEC_PROVING_COST_PER_MANA: "25000000" + AZTEC_SLASH_AMOUNT_SMALL: "100000e18" + AZTEC_SLASH_AMOUNT_MEDIUM: "100000e18" + AZTEC_SLASH_AMOUNT_LARGE: "100000e18" + AZTEC_ACTIVATION_THRESHOLD: "200000e18" + AZTEC_EJECTION_THRESHOLD: "100000e18" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "100" + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "60" + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + BLOB_FILE_STORE_URLS: "," + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" + R2_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + R2_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + DEPLOY_INTERNAL_BOOTNODE: "false" + BOT_TRANSFERS_REPLICAS: "1" + BOT_TRANSFERS_TX_INTERVAL_SECONDS: "72" + BOT_TRANSFERS_FOLLOW_CHAIN: "PENDING" + BOT_SWAPS_REPLICAS: "0" + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: "true" + SEQ_MAX_TX_PER_CHECKPOINT: "72" + DEPLOY_ARCHIVAL_NODE: "true" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "64" + VALIDATOR_PUBLISHERS_PER_REPLICA: "8" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + VALIDATOR_HA_REPLICAS: "1" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/testnet/failed-proofs" + L1_TX_FAILED_STORE: "gs://aztec-develop/testnet/failed-l1-txs" + PROVER_REPLICAS: "4" From bb531786f169b67ced3742c18864f920fd6a720a Mon Sep 17 00:00:00 2001 From: spypsy Date: Thu, 30 Apr 2026 09:54:05 +0000 Subject: [PATCH 06/34] fix(spartan): wrap loader release values for wrapper charts The previous commit's `inline_values = [yamlencode(var.releases[each.key])]` pass-through was wrong for two reasons that surfaced as 30-min helm-release timeouts on next-net (rpc / validators / prover never became Ready): 1. Subchart aliasing. aztec-validator and aztec-bot wrap aztec-node as a subchart aliased `validator` / `bot`. Values must be nested under that key for the env ConfigMap (.Values.env -> *-env-from-values) to render. The loader emits release blocks at the top level, so passing them through verbatim landed env on the wrapper chart instead of the aztec-node subchart -- pods came up with NO env vars from the loader pipeline, crashlooped, and helm timed out waiting for Ready. 2. validators-* / validator name mismatch. main.tf creates helm release keys `validators` / `validators-ha-N` (plural + HA index), but the loader emits a single `validator` (singular) block matching the YAML's `_release_defaults.validator`. `var.releases.validators` was always absent, so validator pods got nothing. Fix: introduce `local.release_values_from_loader` that maps each helm release name to its properly-wrapped values, then yamlencode that. - validators* -> { validator = var.releases["validator"] } - bot_* -> { bot = var.releases["bot_*"] } - prover -> direct (loader output already nests node/broker/agent) - rpc, archive, blob_sink, full_node, fisherman, p2p_bootstrap -> direct (single aztec-node chart, top-level .Values.env is correct) Verified via `helm template`: -env-from-values ConfigMap now renders for validator/prover/bot/rpc with all expected env keys (e.g. AZTEC_SLOT_DURATION, FUNDING_PRIVATE_KEY, ...), and pod envFrom correctly references it. --- spartan/terraform/deploy-aztec-infra/main.tf | 51 +++++++++++++++++--- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 1a2c480b23d3..317c1ad0c2f7 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -75,6 +75,46 @@ locals { l1_consensus_urls = try(local.d.L1_CONSENSUS_HOST_URLS, []) l1_consensus_keys = try(local.d.L1_CONSENSUS_HOST_API_KEYS, []) l1_consensus_headers = try(local.d.L1_CONSENSUS_HOST_API_KEY_HEADERS, []) + + # --------------------------------------------------------------------------- + # Per-release helm values from the YAML loader. + # + # `var.releases` is the loader's tfvars output, keyed by the YAML's release + # block name (validator, prover, rpc, bot_transfers, ...). Wrapper charts + # (aztec-validator, aztec-bot) alias aztec-node as a subchart, so values + # must be nested under that alias key (`validator:` / `bot:`) for the env + # ConfigMap to land in the subchart's `.Values.env`. + # + # validators* helm release names (validators, validators-ha-1, ...) all + # share the loader's single `validator` block as their env baseline; the + # HA-specific overrides are layered on via custom_settings later. + # + # Each key maps to the OBJECT to yamlencode (or {} to skip). + # --------------------------------------------------------------------------- + # try() avoids Terraform's strict-type checks on conditionals (var.releases + # entries have heterogeneous shapes: rpc has env/replicaCount, prover has + # node/broker/agent, etc.). + release_values_from_loader = merge( + # Validator helm releases (validators, validators-ha-N) -> wrap loader's + # `validator` block under `validator:`. + { + for k in keys(local.helm_releases) : + k => { validator = try(var.releases["validator"], null) } + if startswith(k, "validators") + }, + # Bot helm releases -> wrap matching loader block under `bot:`. + { + for k in ["bot_transfers", "bot_swaps", "bot_cross_chain"] : + k => { bot = try(var.releases[k], null) } + }, + # aztec-node releases (no subchart aliasing) and aztec-prover-stack + # (subchart structure is already in the loader output as node/broker/agent) + # are passed through verbatim. + { + for k in ["rpc", "archive", "blob_sink", "full_node", "fisherman", "p2p_bootstrap", "prover"] : + k => try(var.releases[k], null) + }, + ) } provider "kubernetes" { @@ -707,12 +747,11 @@ resource "helm_release" "releases" { [for v in each.value.values : file("./values/${v}")], [local.common_inline_values], lookup(each.value, "inline_values", []), - # Per-release Helm values passed directly from the YAML loader via - # terraform.tfvars.json's `releases.` map. The loader emits - # values that already match the chart's expected shape (validator.env.*, etc.), - # so this is a direct pass-through with no per-key mapping. The `set` - # blocks below (custom_settings) layer deploy-time computed values on top. - contains(keys(var.releases), each.key) ? [yamlencode(var.releases[each.key])] : [] + # Per-release Helm values from the YAML loader. See `local.release_values_from_loader` + # for the wrapping/lookup rules (handles wrapper charts and validators-*<->validator + # name mismatch). null/missing means "no loader values for this release". + try(local.release_values_from_loader[each.key], null) != null ? + [yamlencode(local.release_values_from_loader[each.key])] : [] ) # Common settings From ad21fc7701f7baf802b1d7fae9d1d29ed39e1a7e Mon Sep 17 00:00:00 2001 From: spypsy Date: Thu, 30 Apr 2026 09:55:14 +0000 Subject: [PATCH 07/34] ci(deploy-network): only alert on next branch Gate the Slack/ClaudeBox failure notification on `steps.checkout-ref.outputs.ref == 'refs/heads/next'` so ad-hoc deploys from feature branches (and release tags) don't page the team. --- .github/workflows/deploy-network.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-network.yml b/.github/workflows/deploy-network.yml index ec9fc479f5a4..bfc5d496e61d 100644 --- a/.github/workflows/deploy-network.yml +++ b/.github/workflows/deploy-network.yml @@ -217,7 +217,9 @@ jobs: } >> "$GITHUB_STEP_SUMMARY" - name: Notify Slack and dispatch ClaudeBox on failure - if: failure() + # Only alert on the canonical `next` branch -- avoids paging on + # ad-hoc deploys from feature branches or release tags. + if: failure() && steps.checkout-ref.outputs.ref == 'refs/heads/next' env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} From 8c5b2d3c31c0a857763ef5c7f9ad2d9e1fadcc5f Mon Sep 17 00:00:00 2001 From: spypsy Date: Thu, 30 Apr 2026 11:23:56 +0000 Subject: [PATCH 08/34] fix(spartan): restore .Values.node.env loop in pod template Commit 14ff0fcb1f's `_pod-template.yaml` simplification dropped the `{{- range $key, $value := .Values.node.env }}` loop in favour of the new generic `-env-from-values` ConfigMap built from `.Values.env`. That broke every per-release deploy-time-computed env var that flows through Terraform `set` blocks under `.node.env.*`: - validators: PUBLISHER_KEY_INDEX_START (per-replica HA offset), VALIDATOR_HA_REPLICA_INDEX, VALIDATOR_HA_SIGNING_ENABLED, VALIDATOR_HA_DATABASE_URL, VALIDATOR_HA_POOL_MAX, VALIDATOR_HA_OLD_DUTIES_MAX_AGE_H - prover: PUBLISHER_KEY_INDEX_START These can't live in the shared `env-from-values` ConfigMap because their values differ across `validators-ha-N` releases that share the same chart -- we'd collide on the ConfigMap name. next-net pods crashed in setup-attester-keystore.sh with `PUBLISHER_KEY_INDEX_START: unbound variable`, helm waited 30 minutes for Ready, then the deploy timed out. Restore the inline `node.env` loop. The new `env-from-values` ConfigMap (for shared/baseline env from the YAML loader) coexists with it -- both are envFrom-mounted, plus this loop is inline `env` so per-release values still work. --- spartan/aztec-node/templates/_pod-template.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spartan/aztec-node/templates/_pod-template.yaml b/spartan/aztec-node/templates/_pod-template.yaml index 6b687c6be81a..1a49f141441e 100644 --- a/spartan/aztec-node/templates/_pod-template.yaml +++ b/spartan/aztec-node/templates/_pod-template.yaml @@ -206,6 +206,18 @@ spec: - name: PROVER_ID value: {{ .Values.node.coinbase | quote }} {{- end }} + {{- /* + Per-release env vars set via Terraform `set` blocks (deploy-time + computed values: PUBLISHER_KEY_INDEX_START, VALIDATOR_HA_*, etc.) + flow through .Values.node.env. These are inline (not via the env + ConfigMap) so per-release computed values can differ across + validators-* / validators-ha-N releases without colliding on a + shared ConfigMap name. + */}} + {{- range $key, $value := .Values.node.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} ports: - containerPort: {{ .Values.service.rpc.port }} name: rpc From 0199444872eb9b569e25f51996402b51db4ab1bf Mon Sep 17 00:00:00 2001 From: spypsy Date: Thu, 30 Apr 2026 13:11:10 +0000 Subject: [PATCH 09/34] fix(spartan): route common env to subchart alias in wrapper charts The previous commit put deploy-time env vars (REGISTRY_CONTRACT_ADDRESS, L1_CHAIN_ID, ETHEREUM_HOSTS, OTEL endpoints, ...) in a single `common_inline_values = yamlencode({env = ...})` that was used for every helm release. For aztec-node charts (rpc, archive, ...) this correctly maps to .Values.env -> env-from-values ConfigMap. For wrapper charts it does NOT: - aztec-validator aliases aztec-node as `validator`, so env must be at `validator.env.*` to reach the subchart's .Values.env. - aztec-prover-stack aliases aztec-node three times (node/broker/agent), so env must be at `node.env.*`, `broker.env.*`, `agent.env.*`. - aztec-bot aliases aztec-node as `bot`. Result on next-net: validators crashed with "L1 registry address is required to start Aztec Node" because REGISTRY_CONTRACT_ADDRESS was in the wrapper's .Values.env (which nothing reads) rather than .Values.validator.env. Fix: factor common_env_block as a plain map, then generate per-chart-type inline values: common_inline_values -> { env: ... } (aztec-node charts) common_inline_values_validator -> { validator: { env } } (aztec-validator) common_inline_values_prover -> { node/broker/agent: { env } } (prover-stack) common_inline_values_bot -> { bot: { env } } (aztec-bot) Selected per release key in the helm_release values concat. Verified with `helm template config-net-validator aztec-validator` that REGISTRY_CONTRACT_ADDRESS and ETHEREUM_HOSTS now appear in the env-from-values ConfigMap data section. --- spartan/terraform/deploy-aztec-infra/main.tf | 87 +++++++++++++------- 1 file changed, 58 insertions(+), 29 deletions(-) diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 317c1ad0c2f7..a680db487fab 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -214,35 +214,54 @@ locals { # Deploy-time-computed env vars (joined lists, computed paths, secrets, # values that come from the L1 deploy step). Per-network YAML values for the # same keys take precedence -- this is just the deploy-time fallback. - common_inline_values = yamlencode({ - env = merge( - { - USE_GCLOUD_LOGGING = "true" - L1_CHAIN_ID = local.d.L1_CHAIN_ID - REGISTRY_CONTRACT_ADDRESS = local.d.REGISTRY_CONTRACT_ADDRESS - FEE_ASSET_HANDLER_CONTRACT_ADDRESS = local.d.FEE_ASSET_HANDLER_CONTRACT_ADDRESS - SPONSORED_FPC = tostring(local.d.SPONSORED_FPC) - TEST_ACCOUNTS = tostring(local.d.TEST_ACCOUNTS) - LOG_JSON = "1" - }, - local.network != "" ? { NETWORK = local.network } : {}, - length(local.l1_rpc_urls) > 0 ? { ETHEREUM_HOSTS = join(",", local.l1_rpc_urls) } : {}, - length(local.l1_consensus_urls) > 0 ? { - L1_CONSENSUS_HOST_URLS = join(",", local.l1_consensus_urls) - } : {}, - length(local.l1_consensus_keys) > 0 ? { - L1_CONSENSUS_HOST_API_KEYS = join(",", local.l1_consensus_keys) - } : {}, - length(local.l1_consensus_headers) > 0 ? { - L1_CONSENSUS_HOST_API_KEY_HEADERS = join(",", local.l1_consensus_headers) - } : {}, - local.otel_endpoint != "" ? { - OTEL_EXPORTER_OTLP_METRICS_ENDPOINT = "${local.otel_endpoint}/v1/metrics" - OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = "${local.otel_endpoint}/v1/traces" - OTEL_EXPORTER_OTLP_LOGS_ENDPOINT = "${local.otel_endpoint}/v1/logs" - } : {} - ) + # + # Factored into a plain map so it can be nested under the right chart key: + # - aztec-node charts (rpc, archive, p2p_bootstrap, ...): { env: ... } + # - aztec-validator (subchart alias `validator`): { validator: { env: ... } } + # - aztec-prover-stack (subchart alias `node`): { node: { env: ... } } + # - aztec-bot (subchart alias `bot`): { bot: { env: ... } } + common_env_block = merge( + { + USE_GCLOUD_LOGGING = "true" + L1_CHAIN_ID = local.d.L1_CHAIN_ID + REGISTRY_CONTRACT_ADDRESS = local.d.REGISTRY_CONTRACT_ADDRESS + FEE_ASSET_HANDLER_CONTRACT_ADDRESS = local.d.FEE_ASSET_HANDLER_CONTRACT_ADDRESS + SPONSORED_FPC = tostring(local.d.SPONSORED_FPC) + TEST_ACCOUNTS = tostring(local.d.TEST_ACCOUNTS) + LOG_JSON = "1" + }, + local.network != "" ? { NETWORK = local.network } : {}, + length(local.l1_rpc_urls) > 0 ? { ETHEREUM_HOSTS = join(",", local.l1_rpc_urls) } : {}, + length(local.l1_consensus_urls) > 0 ? { + L1_CONSENSUS_HOST_URLS = join(",", local.l1_consensus_urls) + } : {}, + length(local.l1_consensus_keys) > 0 ? { + L1_CONSENSUS_HOST_API_KEYS = join(",", local.l1_consensus_keys) + } : {}, + length(local.l1_consensus_headers) > 0 ? { + L1_CONSENSUS_HOST_API_KEY_HEADERS = join(",", local.l1_consensus_headers) + } : {}, + local.otel_endpoint != "" ? { + OTEL_EXPORTER_OTLP_METRICS_ENDPOINT = "${local.otel_endpoint}/v1/metrics" + OTEL_EXPORTER_OTLP_TRACES_ENDPOINT = "${local.otel_endpoint}/v1/traces" + OTEL_EXPORTER_OTLP_LOGS_ENDPOINT = "${local.otel_endpoint}/v1/logs" + } : {} + ) + + # Per-chart-type inline values that carry common_env_block to the right Helm key. + # aztec-node releases (rpc, archive, blob_sink, full_node, fisherman, p2p_bootstrap): + # top-level `env:` lands in .Values.env → env-from-values ConfigMap. + common_inline_values = yamlencode({ env = local.common_env_block }) + # aztec-validator: env must be under `validator.env` to reach the subchart's .Values.env. + common_inline_values_validator = yamlencode({ validator = { env = local.common_env_block } }) + # aztec-prover-stack: env must be under each sub-component's env. + common_inline_values_prover = yamlencode({ + node = { env = local.common_env_block } + broker = { env = local.common_env_block } + agent = { env = local.common_env_block } }) + # aztec-bot: env must be under `bot.env` to reach the subchart's .Values.env. + common_inline_values_bot = yamlencode({ bot = { env = local.common_env_block } }) common_list_settings = {} @@ -743,9 +762,19 @@ resource "helm_release" "releases" { wait = each.value.wait wait_for_jobs = true + # Pick the right common_inline_values variant for this chart type. + # Wrapper charts (aztec-validator, aztec-bot, aztec-prover-stack) alias + # aztec-node as a subchart; env vars must be nested under the alias key + # or they're lost (they land on the wrapper's .Values.env which no + # template consumes). values = concat( [for v in each.value.values : file("./values/${v}")], - [local.common_inline_values], + [ + startswith(each.key, "validators") ? local.common_inline_values_validator : + each.key == "prover" ? local.common_inline_values_prover : + startswith(each.key, "bot_") ? local.common_inline_values_bot : + local.common_inline_values + ], lookup(each.value, "inline_values", []), # Per-release Helm values from the YAML loader. See `local.release_values_from_loader` # for the wrapping/lookup rules (handles wrapper charts and validators-*<->validator From 56f757278694c5e3f03085c26da59e5f055d78da Mon Sep 17 00:00:00 2001 From: spypsy Date: Thu, 30 Apr 2026 13:36:16 +0000 Subject: [PATCH 10/34] fix(spartan): rename R2_ACCESS_KEY_ID -> AWS_ACCESS_KEY_ID throughout The blob/tx filestore client uses the AWS SDK which reads AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY by default. All YAML network files and network-defaults.yml stored credentials as R2_ACCESS_KEY_ID / R2_SECRET_ACCESS_KEY, which was renamed to AWS_* only via an explicit Terraform set block for rpc/full_node/blob_sink -- validators and other charts never got the rename and crashed with CredentialsProviderError at startup. Rename everywhere to AWS_* so no rename mapping is needed: - All spartan/environments/networks/*.yml and network-defaults.yml - load_network_config.sh secret_name_for mapping (key name changes; GCP secret names r2-access-key-id / r2-secret-access-key stay the same) - main.tf local.d.R2_* references updated to local.d.AWS_* --- spartan/environments/network-defaults.yml | 4 ++-- spartan/environments/networks/devnet.yml | 4 ++-- spartan/environments/networks/kind-minimal.yml | 4 ++-- spartan/environments/networks/kind-provers.yml | 4 ++-- spartan/environments/networks/mainnet.yml | 4 ++-- spartan/environments/networks/mbps-net.yml | 4 ++-- spartan/environments/networks/next-net.yml | 4 ++-- spartan/environments/networks/scenario.local.yml | 4 ++-- spartan/environments/networks/staging-ignition.yml | 4 ++-- spartan/environments/networks/staging-public.yml | 4 ++-- spartan/environments/networks/testnet.yml | 4 ++-- spartan/scripts/load_network_config.sh | 4 ++-- spartan/terraform/deploy-aztec-infra/main.tf | 12 ++++++------ 13 files changed, 30 insertions(+), 30 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index 57849b26aaf8..1b84ab9ff0d2 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -327,8 +327,8 @@ _deploy_defaults: PROVER_FAILED_PROOF_STORE: "" # Optional secrets (overridden by per-network YAML or GCP secrets). - R2_ACCESS_KEY_ID: "" - R2_SECRET_ACCESS_KEY: "" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" OTEL_COLLECTOR_ENDPOINT: "" # RPC ingress optional fields (per-network YAML overrides when used). diff --git a/spartan/environments/networks/devnet.yml b/spartan/environments/networks/devnet.yml index 25f62ccbc227..3fd70b0cfe0c 100644 --- a/spartan/environments/networks/devnet.yml +++ b/spartan/environments/networks/devnet.yml @@ -50,8 +50,8 @@ env: LABS_INFRA_MNEMONIC: REPLACE_WITH_GCP_SECRET ROLLUP_DEPLOYMENT_PRIVATE_KEY: REPLACE_WITH_GCP_SECRET OTEL_COLLECTOR_ENDPOINT: REPLACE_WITH_GCP_SECRET - R2_ACCESS_KEY_ID: REPLACE_WITH_GCP_SECRET - R2_SECRET_ACCESS_KEY: REPLACE_WITH_GCP_SECRET + AWS_ACCESS_KEY_ID: REPLACE_WITH_GCP_SECRET + AWS_SECRET_ACCESS_KEY: REPLACE_WITH_GCP_SECRET # Devnet-specific overrides on top of network-defaults.yml's networks.devnet.env baseline. AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" diff --git a/spartan/environments/networks/kind-minimal.yml b/spartan/environments/networks/kind-minimal.yml index a073cb680d5f..29211a7a9265 100644 --- a/spartan/environments/networks/kind-minimal.yml +++ b/spartan/environments/networks/kind-minimal.yml @@ -41,8 +41,8 @@ env: AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "20" AZTEC_GOVERNANCE_VOTING_DURATION: "300" - R2_ACCESS_KEY_ID: "" - R2_SECRET_ACCESS_KEY: "" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" OTEL_COLLECTOR_ENDPOINT: "http://metrics-opentelemetry-collector.metrics:4318" diff --git a/spartan/environments/networks/kind-provers.yml b/spartan/environments/networks/kind-provers.yml index 63bb539de07a..9d082165dee4 100644 --- a/spartan/environments/networks/kind-provers.yml +++ b/spartan/environments/networks/kind-provers.yml @@ -23,8 +23,8 @@ env: AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' AZTEC_GOVERNANCE_VOTING_DURATION: '300' - R2_ACCESS_KEY_ID: '' - R2_SECRET_ACCESS_KEY: '' + AWS_ACCESS_KEY_ID: '' + AWS_SECRET_ACCESS_KEY: '' OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' VALIDATOR_REPLICAS: '4' VALIDATORS_PER_NODE: '12 # We allocate 0.5 per validator, so 4 * 0.5 * 12 = 24 cores total' diff --git a/spartan/environments/networks/mainnet.yml b/spartan/environments/networks/mainnet.yml index 6395e693e5f0..f4ff183bc9ac 100644 --- a/spartan/environments/networks/mainnet.yml +++ b/spartan/environments/networks/mainnet.yml @@ -41,5 +41,5 @@ env: ROLLUP_DEPLOYMENT_PRIVATE_KEY: '' BLOB_FILE_STORE_URLS: ',' TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' diff --git a/spartan/environments/networks/mbps-net.yml b/spartan/environments/networks/mbps-net.yml index 86ea0b17fe98..f2b26adb3dbb 100644 --- a/spartan/environments/networks/mbps-net.yml +++ b/spartan/environments/networks/mbps-net.yml @@ -22,8 +22,8 @@ env: OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' DEPLOY_INTERNAL_BOOTNODE: 'true' - R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/next-net/failed-proofs' TEST_ACCOUNTS: 'true' SPONSORED_FPC: 'true' diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml index 2c0b0026c4c4..f33116d7d6a2 100644 --- a/spartan/environments/networks/next-net.yml +++ b/spartan/environments/networks/next-net.yml @@ -33,8 +33,8 @@ env: DEPLOY_INTERNAL_BOOTNODE: 'true' BLOB_FILE_STORE_URLS: ',' TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/next-net/failed-proofs' L1_TX_FAILED_STORE: 'gs://aztec-develop/next-net/failed-l1-txs' TEST_ACCOUNTS: 'true' diff --git a/spartan/environments/networks/scenario.local.yml b/spartan/environments/networks/scenario.local.yml index db880c0631b7..46c6267579d1 100644 --- a/spartan/environments/networks/scenario.local.yml +++ b/spartan/environments/networks/scenario.local.yml @@ -23,8 +23,8 @@ env: AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' SPONSORED_FPC: 'true' - R2_ACCESS_KEY_ID: '' - R2_SECRET_ACCESS_KEY: '' + AWS_ACCESS_KEY_ID: '' + AWS_SECRET_ACCESS_KEY: '' AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' diff --git a/spartan/environments/networks/staging-ignition.yml b/spartan/environments/networks/staging-ignition.yml index d3ee477aa2b9..77f6897054a3 100644 --- a/spartan/environments/networks/staging-ignition.yml +++ b/spartan/environments/networks/staging-ignition.yml @@ -28,8 +28,8 @@ env: OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' BLOB_FILE_STORE_URLS: ',' - R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' BOT_TRANSFERS_REPLICAS: '0' BOT_SWAPS_REPLICAS: '0' DEPLOY_INTERNAL_BOOTNODE: 'false' diff --git a/spartan/environments/networks/staging-public.yml b/spartan/environments/networks/staging-public.yml index 27913c2e244e..3400ab59e89e 100644 --- a/spartan/environments/networks/staging-public.yml +++ b/spartan/environments/networks/staging-public.yml @@ -26,8 +26,8 @@ env: DEPLOY_INTERNAL_BOOTNODE: 'true' BLOB_FILE_STORE_URLS: ',' TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - R2_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - R2_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' + AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' TEST_ACCOUNTS: 'false' SPONSORED_FPC: 'false' AZTEC_MANA_TARGET: '75000000' diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml index 1172b42582a6..57897914d786 100644 --- a/spartan/environments/networks/testnet.yml +++ b/spartan/environments/networks/testnet.yml @@ -64,8 +64,8 @@ env: ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" BLOB_FILE_STORE_URLS: "," TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" - R2_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" - R2_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" DEPLOY_INTERNAL_BOOTNODE: "false" BOT_TRANSFERS_REPLICAS: "1" BOT_TRANSFERS_TX_INTERVAL_SECONDS: "72" diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index 1f2327117ab7..faa6185a7d86 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -153,8 +153,8 @@ def secret_name_for(env_var, env, deploy): "ETHERSCAN_API_KEY": "etherscan-api-key", "LABS_INFRA_MNEMONIC": mnemonic_secret, "STORE_SNAPSHOT_URL": "r2-account-id", - "R2_ACCESS_KEY_ID": "r2-access-key-id", - "R2_SECRET_ACCESS_KEY": "r2-secret-access-key", + "AWS_ACCESS_KEY_ID": "r2-access-key-id", + "AWS_SECRET_ACCESS_KEY": "r2-secret-access-key", } return mapping.get(env_var) diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index a680db487fab..892b05cc1a56 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -534,8 +534,8 @@ locals { "service.p2p.port" = local.p2p_port_rpc "ingress.rpc.enabled" = local.rpc_ingress_enabled # Deploy-time secrets (not in YAML). - "node.env.AWS_ACCESS_KEY_ID" = try(local.d.R2_ACCESS_KEY_ID, "") - "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.R2_SECRET_ACCESS_KEY, "") + "node.env.AWS_ACCESS_KEY_ID" = try(local.d.AWS_ACCESS_KEY_ID, "") + "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.AWS_SECRET_ACCESS_KEY, "") } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -599,8 +599,8 @@ locals { "service.p2p.announcePort" = local.p2p_port_full_node "service.p2p.port" = local.p2p_port_full_node # Deploy-time secrets (not in YAML). - "node.env.AWS_ACCESS_KEY_ID" = try(local.d.R2_ACCESS_KEY_ID, "") - "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.R2_SECRET_ACCESS_KEY, "") + "node.env.AWS_ACCESS_KEY_ID" = try(local.d.AWS_ACCESS_KEY_ID, "") + "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.AWS_SECRET_ACCESS_KEY, "") }, try(local.d.FULL_NODE_INCLUDE_METRICS, "") != "" ? { "env.OTEL_INCLUDE_METRICS" = local.d.FULL_NODE_INCLUDE_METRICS } : {}) @@ -656,8 +656,8 @@ locals { "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled # Deploy-time secrets / computed (not in YAML). "node.env.BLOB_FILE_STORE_UPLOAD_URL" = local.blob_file_store_upload_url - "node.env.AWS_ACCESS_KEY_ID" = try(local.d.R2_ACCESS_KEY_ID, "") - "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.R2_SECRET_ACCESS_KEY, "") + "node.env.AWS_ACCESS_KEY_ID" = try(local.d.AWS_ACCESS_KEY_ID, "") + "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.AWS_SECRET_ACCESS_KEY, "") } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" From 8c54e9ab124fc02f8b0de4f471702f25d1c48202 Mon Sep 17 00:00:00 2001 From: spypsy Date: Thu, 30 Apr 2026 13:57:46 +0000 Subject: [PATCH 11/34] fix(spartan): remove AWS credential set blocks that override with empty string node.env.AWS_ACCESS_KEY_ID and node.env.AWS_SECRET_ACCESS_KEY were being set via Terraform custom_settings for rpc, full_node, and blob_sink as: try(local.d.AWS_ACCESS_KEY_ID, "") `local.d` is var.deploy; the AWS credentials live in var.env (the `env:` YAML block), not `deploy:`. So try() always returned "", and the explicit `set` block emitted an inline env: entry on the pod that overrides envFrom. Kubernetes inline env takes precedence over envFrom, so the credentials from the env-from-values ConfigMap (resolved from GCP secrets by the loader) were silently clobbered with empty strings, causing CredentialsProviderError. The fix: remove the three set blocks. Credentials now flow entirely via the YAML loader's env: block -> env-from-values ConfigMap -> pod envFrom. --- spartan/terraform/deploy-aztec-infra/main.tf | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 892b05cc1a56..49e7a963dc54 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -533,9 +533,6 @@ locals { "service.p2p.announcePort" = local.p2p_port_rpc "service.p2p.port" = local.p2p_port_rpc "ingress.rpc.enabled" = local.rpc_ingress_enabled - # Deploy-time secrets (not in YAML). - "node.env.AWS_ACCESS_KEY_ID" = try(local.d.AWS_ACCESS_KEY_ID, "") - "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.AWS_SECRET_ACCESS_KEY, "") } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" @@ -598,9 +595,6 @@ locals { "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "service.p2p.announcePort" = local.p2p_port_full_node "service.p2p.port" = local.p2p_port_full_node - # Deploy-time secrets (not in YAML). - "node.env.AWS_ACCESS_KEY_ID" = try(local.d.AWS_ACCESS_KEY_ID, "") - "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.AWS_SECRET_ACCESS_KEY, "") }, try(local.d.FULL_NODE_INCLUDE_METRICS, "") != "" ? { "env.OTEL_INCLUDE_METRICS" = local.d.FULL_NODE_INCLUDE_METRICS } : {}) @@ -654,10 +648,8 @@ locals { custom_settings = { "nodeType" = "blob-sink" "service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled - # Deploy-time secrets / computed (not in YAML). + # Deploy-time computed (not in YAML): the upload URL depends on R2 account ID + bucket dir. "node.env.BLOB_FILE_STORE_UPLOAD_URL" = local.blob_file_store_upload_url - "node.env.AWS_ACCESS_KEY_ID" = try(local.d.AWS_ACCESS_KEY_ID, "") - "node.env.AWS_SECRET_ACCESS_KEY" = try(local.d.AWS_SECRET_ACCESS_KEY, "") } boot_node_host_path = "node.env.BOOT_NODE_HOST" bootstrap_nodes_path = "node.env.BOOTSTRAP_NODES" From 97713f4d0b647db834884b816092d02466b916b3 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 5 May 2026 08:12:58 +0000 Subject: [PATCH 12/34] HA var fix --- spartan/scripts/deploy_network.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index bf5bb0fde36d..2ca2becec5ce 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -492,12 +492,28 @@ DEPLOY_OVERRIDES=$(jq -n \ # Promote env-side construction outputs (R2-derived URLs from # load_network_config.sh's resolve_secrets) into deploy: -- main.tf gates # helm releases on these (e.g. blob_sink only if BLOB_FILE_STORE_UPLOAD_URL). +# +# Replica / HA counts must match too: `variables.tf` / main.tf read these only +# from `var.deploy`, while many network YAMLs set them under `env:` (pods). +# If we skip this merge, Terraform deploys the wrong topology (e.g. HA=0, +# no bots) while pods still see VALIDATOR_HA_REPLICAS=1 in ConfigMaps — same +# image as next-net but missing validators-ha-*, postgres, and bot releases. echo "${LOADER_JSON}" | jq \ --argjson overrides "${DEPLOY_OVERRIDES}" \ '.deploy = (.deploy + $overrides) | .deploy.BLOB_FILE_STORE_UPLOAD_URL = (.env.BLOB_FILE_STORE_UPLOAD_URL // "") | .deploy.STORE_SNAPSHOT_URL = (.env.STORE_SNAPSHOT_URL // "") - | .deploy.TX_FILE_STORE_URL = (.env.TX_FILE_STORE_URL // "")' \ + | .deploy.TX_FILE_STORE_URL = (.env.TX_FILE_STORE_URL // "") + | .deploy.VALIDATOR_REPLICAS = (.env.VALIDATOR_REPLICAS // .deploy.VALIDATOR_REPLICAS) + | .deploy.VALIDATOR_HA_REPLICAS = (.env.VALIDATOR_HA_REPLICAS // .deploy.VALIDATOR_HA_REPLICAS) + | .deploy.VALIDATOR_HA_REPLICA_COUNT = (.env.VALIDATOR_HA_REPLICA_COUNT // .deploy.VALIDATOR_HA_REPLICA_COUNT) + | .deploy.PROVER_REPLICAS = (.env.PROVER_REPLICAS // .deploy.PROVER_REPLICAS) + | .deploy.RPC_REPLICAS = (.env.RPC_REPLICAS // .deploy.RPC_REPLICAS) + | .deploy.FISHERMAN_REPLICAS = (.env.FISHERMAN_REPLICAS // .deploy.FISHERMAN_REPLICAS) + | .deploy.FULL_NODE_REPLICAS = (.env.FULL_NODE_REPLICAS // .deploy.FULL_NODE_REPLICAS) + | .deploy.BOT_TRANSFERS_REPLICAS = (.env.BOT_TRANSFERS_REPLICAS // .deploy.BOT_TRANSFERS_REPLICAS) + | .deploy.BOT_SWAPS_REPLICAS = (.env.BOT_SWAPS_REPLICAS // .deploy.BOT_SWAPS_REPLICAS) + | .deploy.BOT_CROSS_CHAIN_REPLICAS = (.env.BOT_CROSS_CHAIN_REPLICAS // .deploy.BOT_CROSS_CHAIN_REPLICAS)' \ > "${DEPLOY_AZTEC_INFRA_DIR}/terraform.tfvars.json" k8s_denoise "tf_run "${DEPLOY_AZTEC_INFRA_DIR}" "${DESTROY_AZTEC_INFRA}" "${CREATE_AZTEC_INFRA}"" From def8213a9347681425b9393e219851e4f518f32d Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 5 May 2026 10:12:14 +0000 Subject: [PATCH 13/34] blob_sink 1 replica --- spartan/environments/network-defaults.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index 1b84ab9ff0d2..d410fbd9e612 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -386,7 +386,7 @@ _release_defaults: SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" VALIDATORS_PER_NODE: "1" blob_sink: - replicaCount: 0 + replicaCount: 1 env: {} bot_transfers: replicaCount: 0 From 223668d2a0211ac2261fb1056cce542b0397fcb2 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 5 May 2026 12:46:38 +0000 Subject: [PATCH 14/34] fix P2P_ENABLEd --- spartan/aztec-bot/values.yaml | 27 ++++++++++++++------------ spartan/aztec-node/values.yaml | 3 ++- spartan/aztec-prover-stack/values.yaml | 6 ++++++ 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/spartan/aztec-bot/values.yaml b/spartan/aztec-bot/values.yaml index 57e2f2d1ce9a..c49e92ef002e 100644 --- a/spartan/aztec-bot/values.yaml +++ b/spartan/aztec-bot/values.yaml @@ -1,28 +1,28 @@ global: - aztecRollupVersion: "canonical" - aztecNetwork: "" + aztecRollupVersion: 'canonical' + aztecNetwork: '' customAztecNetwork: enabled: false bot: - mnemonic: "test test test test test test test test test test test junk" + mnemonic: 'test test test test test test test test test test test junk' mnemonicStartIndex: 3000 txIntervalSeconds: 1 privateTransfersPerTx: 0 publicTransfersPerTx: 1 # Do not wait for transactions - followChain: "NONE" - pxeSyncChainTip: "checkpointed" + followChain: 'NONE' + pxeSyncChainTip: 'checkpointed' botNoStart: false - feePaymentMethod: "fee_juice" - botMode: "transfer" + feePaymentMethod: 'fee_juice' + botMode: 'transfer' maxErrors: 3 stopIfUnhealthy: true - nodeUrl: "" + nodeUrl: '' testAccounts: false - botPrivateKey: "0xcafe" - daGasLimit: "" - l2GasLimit: "" + botPrivateKey: '0xcafe' + daGasLimit: '' + l2GasLimit: '' persistence: enabled: false @@ -74,7 +74,7 @@ bot: exit 0 envFrom: - configMapRef: - name: "{{ .Release.Name }}-env" + name: '{{ .Release.Name }}-env' node: configMap: @@ -97,6 +97,9 @@ bot: hostNetwork: false + env: + P2P_ENABLED: 'false' + service: p2p: enabled: false diff --git a/spartan/aztec-node/values.yaml b/spartan/aztec-node/values.yaml index 7ccc19f8dc15..6a07f978ce68 100644 --- a/spartan/aztec-node/values.yaml +++ b/spartan/aztec-node/values.yaml @@ -53,7 +53,8 @@ hostNetwork: false # env var names, e.g. PROVER_REAL_PROOFS, LOG_LEVEL, SLASH_PRUNE_PENALTY. # This is the single source of truth for runtime config; populated by # spartan/scripts/load_network_config.sh from per-network YAMLs. -env: {} +env: + P2P_ENABLED: "true" # -- Number of replicas replicaCount: 1 diff --git a/spartan/aztec-prover-stack/values.yaml b/spartan/aztec-prover-stack/values.yaml index 89380d45e8f2..635eb1ecbe25 100644 --- a/spartan/aztec-prover-stack/values.yaml +++ b/spartan/aztec-prover-stack/values.yaml @@ -63,6 +63,9 @@ broker: statefulSet: enabled: true + env: + P2P_ENABLED: "false" + node: env: OTEL_SERVICE_NAME: "prover-broker" @@ -91,6 +94,9 @@ agent: statefulSet: enabled: false + env: + P2P_ENABLED: "false" + node: env: OTEL_SERVICE_NAME: "prover-agent" From 19ffccde393f7978b92f616b16ae8206d3c524a3 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 6 May 2026 08:35:28 +0000 Subject: [PATCH 15/34] fix bot startCmd --- spartan/aztec-bot/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/spartan/aztec-bot/values.yaml b/spartan/aztec-bot/values.yaml index c49e92ef002e..d63fbfa07786 100644 --- a/spartan/aztec-bot/values.yaml +++ b/spartan/aztec-bot/values.yaml @@ -93,7 +93,6 @@ bot: startCmd: - --bot - - --pxe hostNetwork: false From ec149cc322fa91c931c77bce1c366e7eba4d5546 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 6 May 2026 13:25:36 +0000 Subject: [PATCH 16/34] fix bots, remove more camelCase vars --- .github/workflows/deploy-next-net.yml | 2 +- .../aztec-bot/templates/env.configmap.yaml | 27 ++---- spartan/aztec-bot/values.yaml | 29 +++--- spartan/environments/networks/next-net.yml | 2 - spartan/terraform/deploy-aztec-infra/main.tf | 90 +++++++++++-------- .../values/bot-amm-swaps.yaml | 16 ++-- .../values/bot-cross-chain.yaml | 16 ++-- .../values/bot-token-transfer.yaml | 18 ++-- .../end-to-end/src/spartan/utils/bot.ts | 10 +-- 9 files changed, 113 insertions(+), 97 deletions(-) diff --git a/.github/workflows/deploy-next-net.yml b/.github/workflows/deploy-next-net.yml index 60a7329b4ade..8f892a785e16 100644 --- a/.github/workflows/deploy-next-net.yml +++ b/.github/workflows/deploy-next-net.yml @@ -10,7 +10,7 @@ on: workflow_dispatch: inputs: image_tag: - description: 'Docker image tag (e.g., 2.3.4, 3.0.0-nightly.20251004-amd64, or leave empty for latest nightly)' + description: "Docker image tag (e.g., 2.3.4, 3.0.0-nightly.20251004-amd64, or leave empty for latest nightly)" required: false type: string diff --git a/spartan/aztec-bot/templates/env.configmap.yaml b/spartan/aztec-bot/templates/env.configmap.yaml index 92780250772a..01238702839d 100644 --- a/spartan/aztec-bot/templates/env.configmap.yaml +++ b/spartan/aztec-bot/templates/env.configmap.yaml @@ -1,3 +1,8 @@ +{{- /* + Init containers reference {{ .Release.Name }}-env; keys match runtime env (BOT_*, PXE_*, AZTEC_*). + Same map is passed to the aztec-node subchart as bot.env → env-from-values ConfigMap. +*/}} +{{- if .Values.bot.env }} apiVersion: v1 kind: ConfigMap metadata: @@ -5,21 +10,7 @@ metadata: labels: {{- include "chart.labels" . | nindent 4 }} data: - BOT_TX_INTERVAL_SECONDS: {{ .Values.bot.txIntervalSeconds | quote }} - BOT_PRIVATE_TRANSFERS_PER_TX: {{ .Values.bot.privateTransfersPerTx | quote }} - BOT_PUBLIC_TRANSFERS_PER_TX: {{ .Values.bot.publicTransfersPerTx | quote }} - BOT_FOLLOW_CHAIN: {{ .Values.bot.followChain | quote }} - PXE_SYNC_CHAIN_TIP: {{ .Values.bot.pxeSyncChainTip | quote }} - BOT_NO_START: {{ .Values.bot.botNoStart | quote }} - BOT_FEE_PAYMENT_METHOD: {{ .Values.bot.feePaymentMethod | quote }} - BOT_MODE: {{ .Values.bot.botMode | quote }} - BOT_MAX_CONSECUTIVE_ERRORS: {{ .Values.bot.maxErrors | quote }} - BOT_STOP_WHEN_UNHEALTHY: {{ .Values.bot.stopIfUnhealthy | quote }} - AZTEC_NODE_URL: {{ .Values.bot.nodeUrl | quote }} - TEST_ACCOUNTS: {{ .Values.bot.testAccounts | quote }} - {{- if .Values.bot.daGasLimit }} - BOT_DA_GAS_LIMIT: {{ .Values.bot.daGasLimit | quote }} - {{- end }} - {{- if .Values.bot.l2GasLimit }} - BOT_L2_GAS_LIMIT: {{ .Values.bot.l2GasLimit | quote }} - {{- end }} +{{- range $key, $value := .Values.bot.env }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- end }} diff --git a/spartan/aztec-bot/values.yaml b/spartan/aztec-bot/values.yaml index d63fbfa07786..a3b12a608f64 100644 --- a/spartan/aztec-bot/values.yaml +++ b/spartan/aztec-bot/values.yaml @@ -7,22 +7,21 @@ global: bot: mnemonic: 'test test test test test test test test test test test junk' mnemonicStartIndex: 3000 - txIntervalSeconds: 1 - privateTransfersPerTx: 0 - publicTransfersPerTx: 1 - # Do not wait for transactions - followChain: 'NONE' - pxeSyncChainTip: 'checkpointed' - botNoStart: false - feePaymentMethod: 'fee_juice' - botMode: 'transfer' - maxErrors: 3 - stopIfUnhealthy: true - nodeUrl: '' - testAccounts: false botPrivateKey: '0xcafe' - daGasLimit: '' - l2GasLimit: '' + + env: + BOT_TX_INTERVAL_SECONDS: '1' + BOT_PRIVATE_TRANSFERS_PER_TX: '0' + BOT_PUBLIC_TRANSFERS_PER_TX: '1' + BOT_FOLLOW_CHAIN: 'NONE' + PXE_SYNC_CHAIN_TIP: 'checkpointed' + BOT_NO_START: 'false' + BOT_FEE_PAYMENT_METHOD: 'fee_juice' + BOT_MODE: 'transfer' + BOT_MAX_CONSECUTIVE_ERRORS: '3' + BOT_STOP_WHEN_UNHEALTHY: 'true' + AZTEC_NODE_URL: '' + TEST_ACCOUNTS: 'false' persistence: enabled: false diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml index f33116d7d6a2..9c095ab43709 100644 --- a/spartan/environments/networks/next-net.yml +++ b/spartan/environments/networks/next-net.yml @@ -65,6 +65,4 @@ env: AZTEC_SLOT_DURATION: '72' AZTEC_EPOCH_DURATION: '32' AZTEC_TARGET_COMMITTEE_SIZE: '48' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' AZTEC_PROOF_SUBMISSION_EPOCHS: '1' diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 49e7a963dc54..2ce24266633c 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -76,6 +76,18 @@ locals { l1_consensus_keys = try(local.d.L1_CONSENSUS_HOST_API_KEYS, []) l1_consensus_headers = try(local.d.L1_CONSENSUS_HOST_API_KEY_HEADERS, []) + # Network YAMLs set bot tuning under env: (next-net, staging-public, …). + # Prefer var.env over var.deploy defaults — avoids env→deploy duplication in deploy_network.sh. + bot_transfers_tx_interval_seconds = lookup(var.env, "BOT_TRANSFERS_TX_INTERVAL_SECONDS", try(local.d.BOT_TRANSFERS_TX_INTERVAL_SECONDS, "")) + bot_transfers_follow_chain = lookup(var.env, "BOT_TRANSFERS_FOLLOW_CHAIN", try(local.d.BOT_TRANSFERS_FOLLOW_CHAIN, "")) + bot_transfers_pxe_sync_chain_tip = lookup(var.env, "BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP", try(local.d.BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP, "")) + bot_swaps_tx_interval_seconds = lookup(var.env, "BOT_SWAPS_TX_INTERVAL_SECONDS", try(local.d.BOT_SWAPS_TX_INTERVAL_SECONDS, "")) + bot_swaps_follow_chain = lookup(var.env, "BOT_SWAPS_FOLLOW_CHAIN", try(local.d.BOT_SWAPS_FOLLOW_CHAIN, "")) + bot_swaps_pxe_sync_chain_tip = lookup(var.env, "BOT_SWAPS_PXE_SYNC_CHAIN_TIP", try(local.d.BOT_SWAPS_PXE_SYNC_CHAIN_TIP, "")) + bot_cross_chain_tx_interval_seconds = lookup(var.env, "BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS", try(local.d.BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS, "")) + bot_cross_chain_follow_chain = lookup(var.env, "BOT_CROSS_CHAIN_FOLLOW_CHAIN", try(local.d.BOT_CROSS_CHAIN_FOLLOW_CHAIN, "")) + bot_cross_chain_pxe_sync_chain_tip = lookup(var.env, "BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP", try(local.d.BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP, "")) + # --------------------------------------------------------------------------- # Per-release helm values from the YAML loader. # @@ -665,18 +677,20 @@ locals { "bot-token-transfer.yaml", "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", ] - custom_settings = { - "bot.replicaCount" = local.bot_transfers_replicas - "bot.txIntervalSeconds" = local.d.BOT_TRANSFERS_TX_INTERVAL_SECONDS - "bot.followChain" = local.d.BOT_TRANSFERS_FOLLOW_CHAIN - "bot.pxeSyncChainTip" = local.d.BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP - "bot.botPrivateKey" = try(local.d.BOT_TRANSFERS_L2_PRIVATE_KEY, "0xcafe01") - "bot.nodeUrl" = local.internal_rpc_url - "bot.mnemonic" = local.d.BOT_MNEMONIC - "bot.mnemonicStartIndex" = local.d.BOT_TRANSFERS_MNEMONIC_START_INDEX - "bot.daGasLimit" = try(local.d.BOT_DA_GAS_LIMIT, "") - "bot.l2GasLimit" = try(local.d.BOT_L2_GAS_LIMIT, "") - } + custom_settings = merge( + { + "bot.replicaCount" = local.bot_transfers_replicas + "bot.env.BOT_TX_INTERVAL_SECONDS" = local.bot_transfers_tx_interval_seconds + "bot.env.BOT_FOLLOW_CHAIN" = local.bot_transfers_follow_chain + "bot.env.PXE_SYNC_CHAIN_TIP" = local.bot_transfers_pxe_sync_chain_tip + "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url + "bot.botPrivateKey" = try(local.d.BOT_TRANSFERS_L2_PRIVATE_KEY, "0xcafe01") + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_TRANSFERS_MNEMONIC_START_INDEX + }, + try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, + try(local.d.BOT_L2_GAS_LIMIT, "") != "" ? { "bot.env.BOT_L2_GAS_LIMIT" = local.d.BOT_L2_GAS_LIMIT } : {}, + ) boot_node_host_path = "" bootstrap_nodes_path = "" wait = false @@ -691,18 +705,20 @@ locals { "bot-amm-swaps.yaml", "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", ] - custom_settings = { - "bot.replicaCount" = local.bot_swaps_replicas - "bot.txIntervalSeconds" = local.d.BOT_SWAPS_TX_INTERVAL_SECONDS - "bot.followChain" = local.d.BOT_SWAPS_FOLLOW_CHAIN - "bot.pxeSyncChainTip" = local.d.BOT_SWAPS_PXE_SYNC_CHAIN_TIP - "bot.botPrivateKey" = try(local.d.BOT_SWAPS_L2_PRIVATE_KEY, "0xcafe02") - "bot.nodeUrl" = local.internal_rpc_url - "bot.mnemonic" = local.d.BOT_MNEMONIC - "bot.mnemonicStartIndex" = local.d.BOT_SWAPS_MNEMONIC_START_INDEX - "bot.daGasLimit" = try(local.d.BOT_DA_GAS_LIMIT, "") - "bot.l2GasLimit" = try(local.d.BOT_L2_GAS_LIMIT, "") - } + custom_settings = merge( + { + "bot.replicaCount" = local.bot_swaps_replicas + "bot.env.BOT_TX_INTERVAL_SECONDS" = local.bot_swaps_tx_interval_seconds + "bot.env.BOT_FOLLOW_CHAIN" = local.bot_swaps_follow_chain + "bot.env.PXE_SYNC_CHAIN_TIP" = local.bot_swaps_pxe_sync_chain_tip + "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url + "bot.botPrivateKey" = try(local.d.BOT_SWAPS_L2_PRIVATE_KEY, "0xcafe02") + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_SWAPS_MNEMONIC_START_INDEX + }, + try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, + try(local.d.BOT_L2_GAS_LIMIT, "") != "" ? { "bot.env.BOT_L2_GAS_LIMIT" = local.d.BOT_L2_GAS_LIMIT } : {}, + ) boot_node_host_path = "" bootstrap_nodes_path = "" wait = false @@ -717,18 +733,20 @@ locals { "bot-cross-chain.yaml", "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", ] - custom_settings = { - "bot.replicaCount" = local.bot_cross_chain_replicas - "bot.txIntervalSeconds" = local.d.BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS - "bot.followChain" = local.d.BOT_CROSS_CHAIN_FOLLOW_CHAIN - "bot.pxeSyncChainTip" = local.d.BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP - "bot.botPrivateKey" = try(local.d.BOT_CROSS_CHAIN_L2_PRIVATE_KEY, "0xcafe03") - "bot.nodeUrl" = local.internal_rpc_url - "bot.mnemonic" = local.d.BOT_MNEMONIC - "bot.mnemonicStartIndex" = local.d.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX - "bot.daGasLimit" = try(local.d.BOT_DA_GAS_LIMIT, "") - "bot.l2GasLimit" = try(local.d.BOT_L2_GAS_LIMIT, "") - } + custom_settings = merge( + { + "bot.replicaCount" = local.bot_cross_chain_replicas + "bot.env.BOT_TX_INTERVAL_SECONDS" = local.bot_cross_chain_tx_interval_seconds + "bot.env.BOT_FOLLOW_CHAIN" = local.bot_cross_chain_follow_chain + "bot.env.PXE_SYNC_CHAIN_TIP" = local.bot_cross_chain_pxe_sync_chain_tip + "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url + "bot.botPrivateKey" = try(local.d.BOT_CROSS_CHAIN_L2_PRIVATE_KEY, "0xcafe03") + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX + }, + try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, + try(local.d.BOT_L2_GAS_LIMIT, "") != "" ? { "bot.env.BOT_L2_GAS_LIMIT" = local.d.BOT_L2_GAS_LIMIT } : {}, + ) boot_node_host_path = "" bootstrap_nodes_path = "" wait = false diff --git a/spartan/terraform/deploy-aztec-infra/values/bot-amm-swaps.yaml b/spartan/terraform/deploy-aztec-infra/values/bot-amm-swaps.yaml index 04339e33cb63..046df0d54e07 100644 --- a/spartan/terraform/deploy-aztec-infra/values/bot-amm-swaps.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/bot-amm-swaps.yaml @@ -1,13 +1,17 @@ bot: replicaCount: 1 - txIntervalSeconds: 10 - botMode: "amm" - followChain: "PROPOSED" - feePaymentMethod: "fee_juice" - maxErrors: 3 - stopIfUnhealthy: true botPrivateKey: "0xcafe02" + env: + BOT_MODE: "amm" + BOT_TX_INTERVAL_SECONDS: "10" + BOT_PRIVATE_TRANSFERS_PER_TX: "0" + BOT_PUBLIC_TRANSFERS_PER_TX: "1" + BOT_FOLLOW_CHAIN: "PROPOSED" + BOT_FEE_PAYMENT_METHOD: "fee_juice" + BOT_MAX_CONSECUTIVE_ERRORS: "3" + BOT_STOP_WHEN_UNHEALTHY: "true" + persistence: enabled: true statefulSet: diff --git a/spartan/terraform/deploy-aztec-infra/values/bot-cross-chain.yaml b/spartan/terraform/deploy-aztec-infra/values/bot-cross-chain.yaml index 591a6a6291f7..b174d76f837a 100644 --- a/spartan/terraform/deploy-aztec-infra/values/bot-cross-chain.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/bot-cross-chain.yaml @@ -1,13 +1,17 @@ bot: replicaCount: 1 - botMode: "crosschain" - txIntervalSeconds: 10 - followChain: "PROPOSED" - feePaymentMethod: "fee_juice" - maxErrors: 3 - stopIfUnhealthy: true botPrivateKey: "0xcafe03" + env: + BOT_MODE: "crosschain" + BOT_TX_INTERVAL_SECONDS: "10" + BOT_PRIVATE_TRANSFERS_PER_TX: "0" + BOT_PUBLIC_TRANSFERS_PER_TX: "1" + BOT_FOLLOW_CHAIN: "PROPOSED" + BOT_FEE_PAYMENT_METHOD: "fee_juice" + BOT_MAX_CONSECUTIVE_ERRORS: "3" + BOT_STOP_WHEN_UNHEALTHY: "true" + persistence: enabled: true statefulSet: diff --git a/spartan/terraform/deploy-aztec-infra/values/bot-token-transfer.yaml b/spartan/terraform/deploy-aztec-infra/values/bot-token-transfer.yaml index 28d94d9dfd3d..43b4d2562040 100644 --- a/spartan/terraform/deploy-aztec-infra/values/bot-token-transfer.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/bot-token-transfer.yaml @@ -1,15 +1,17 @@ bot: replicaCount: 1 - botMode: "transfer" - txIntervalSeconds: 10 - privateTransfersPerTx: 0 - publicTransfersPerTx: 1 - followChain: "NONE" - feePaymentMethod: "fee_juice" - maxErrors: 3 - stopIfUnhealthy: true botPrivateKey: "0xcafe01" + env: + BOT_MODE: "transfer" + BOT_TX_INTERVAL_SECONDS: "10" + BOT_PRIVATE_TRANSFERS_PER_TX: "0" + BOT_PUBLIC_TRANSFERS_PER_TX: "1" + BOT_FOLLOW_CHAIN: "NONE" + BOT_FEE_PAYMENT_METHOD: "fee_juice" + BOT_MAX_CONSECUTIVE_ERRORS: "3" + BOT_STOP_WHEN_UNHEALTHY: "true" + persistence: enabled: true statefulSet: diff --git a/yarn-project/end-to-end/src/spartan/utils/bot.ts b/yarn-project/end-to-end/src/spartan/utils/bot.ts index abd275cd80a6..3819123dd8e5 100644 --- a/yarn-project/end-to-end/src/spartan/utils/bot.ts +++ b/yarn-project/end-to-end/src/spartan/utils/bot.ts @@ -67,13 +67,13 @@ export async function installTransferBot({ const values: Record = { 'bot.replicaCount': replicas, - 'bot.txIntervalSeconds': txIntervalSeconds, - 'bot.followChain': followChain, - 'bot.pxeSyncChainTip': pxeSyncChainTip, + 'bot.env.BOT_TX_INTERVAL_SECONDS': txIntervalSeconds, + 'bot.env.BOT_FOLLOW_CHAIN': followChain, + 'bot.env.PXE_SYNC_CHAIN_TIP': pxeSyncChainTip, 'bot.botPrivateKey': botPrivateKey, - 'bot.nodeUrl': resolvedNodeUrl, + 'bot.env.AZTEC_NODE_URL': resolvedNodeUrl, 'bot.mnemonic': mnemonic, - 'bot.feePaymentMethod': 'fee_juice', + 'bot.env.BOT_FEE_PAYMENT_METHOD': 'fee_juice', 'aztec.slotDuration': aztecSlotDuration, // Ensure bot can reach its own PXE started in-process (default rpc.port is 8080) // Note: since aztec-bot depends on aztec-node with alias `bot`, env vars go under `bot.node.env`. From 682f4c1e98f93ee9b621e82fa271e8ed0fddf5e5 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 6 May 2026 14:23:59 +0000 Subject: [PATCH 17/34] undo unecessary changes --- .github/workflows/deploy-next-net.yml | 2 +- .../workflows/ensure-funded-environment.yml | 36 +++++++++--------- spartan/aztec-bot/Chart.lock | 6 --- spartan/aztec-bot/values.yaml | 38 +++++++++---------- 4 files changed, 37 insertions(+), 45 deletions(-) delete mode 100644 spartan/aztec-bot/Chart.lock diff --git a/.github/workflows/deploy-next-net.yml b/.github/workflows/deploy-next-net.yml index 8f892a785e16..60a7329b4ade 100644 --- a/.github/workflows/deploy-next-net.yml +++ b/.github/workflows/deploy-next-net.yml @@ -10,7 +10,7 @@ on: workflow_dispatch: inputs: image_tag: - description: "Docker image tag (e.g., 2.3.4, 3.0.0-nightly.20251004-amd64, or leave empty for latest nightly)" + description: 'Docker image tag (e.g., 2.3.4, 3.0.0-nightly.20251004-amd64, or leave empty for latest nightly)' required: false type: string diff --git a/.github/workflows/ensure-funded-environment.yml b/.github/workflows/ensure-funded-environment.yml index e9364041d53a..98d12bd9b885 100644 --- a/.github/workflows/ensure-funded-environment.yml +++ b/.github/workflows/ensure-funded-environment.yml @@ -6,48 +6,48 @@ on: workflow_call: inputs: environment: - description: "Environment to fund (e.g., staging-public, next-net, staging-ignition, testnet)" + description: 'Environment to fund (e.g., staging-public, next-net, staging-ignition, testnet)' required: true type: string low_watermark: - description: "Minimum ETH balance (default: 0.5)" + description: 'Minimum ETH balance (default: 0.5)' required: false type: string - default: "0.5" + default: '0.5' high_watermark: - description: "Target ETH balance when funding (default: 1.0)" + description: 'Target ETH balance when funding (default: 1.0)' required: false type: string - default: "1.0" + default: '1.0' namespace: - description: "Kubernetes namespace override (e.g., v4-devnet-1). Sets NAMESPACE before sourcing env file." + description: 'Kubernetes namespace override (e.g., v4-devnet-1). Sets NAMESPACE before sourcing env file.' required: false type: string workflow_dispatch: inputs: environment: - description: "Environment to fund" + description: 'Environment to fund' required: true type: choice options: - - staging-public - - next-net - - staging-ignition - - testnet - - devnet - - tps-scenario + - staging-public + - next-net + - staging-ignition + - testnet + - devnet + - tps-scenario low_watermark: - description: "Minimum ETH balance" + description: 'Minimum ETH balance' required: false type: string - default: "0.5" + default: '0.5' high_watermark: - description: "Target ETH balance when funding" + description: 'Target ETH balance when funding' required: false type: string - default: "1.0" + default: '1.0' namespace: - description: "Kubernetes namespace override (e.g., v4-devnet-1)" + description: 'Kubernetes namespace override (e.g., v4-devnet-1)' required: false type: string diff --git a/spartan/aztec-bot/Chart.lock b/spartan/aztec-bot/Chart.lock deleted file mode 100644 index ed13677d6589..000000000000 --- a/spartan/aztec-bot/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: aztec-node - repository: "" - version: 0.1.0 -digest: sha256:a8afaf5383b8e820d533af5bbf78c08b88a4f7ec6c39f482f56ae6e4a9cdfcd1 -generated: "2026-04-23T09:57:04.219240849Z" diff --git a/spartan/aztec-bot/values.yaml b/spartan/aztec-bot/values.yaml index a3b12a608f64..2c726068302b 100644 --- a/spartan/aztec-bot/values.yaml +++ b/spartan/aztec-bot/values.yaml @@ -1,27 +1,28 @@ global: - aztecRollupVersion: 'canonical' - aztecNetwork: '' + aztecRollupVersion: "canonical" + aztecNetwork: "" customAztecNetwork: enabled: false bot: - mnemonic: 'test test test test test test test test test test test junk' + mnemonic: "test test test test test test test test test test test junk" mnemonicStartIndex: 3000 - botPrivateKey: '0xcafe' + botPrivateKey: "0xcafe" env: - BOT_TX_INTERVAL_SECONDS: '1' - BOT_PRIVATE_TRANSFERS_PER_TX: '0' - BOT_PUBLIC_TRANSFERS_PER_TX: '1' - BOT_FOLLOW_CHAIN: 'NONE' - PXE_SYNC_CHAIN_TIP: 'checkpointed' - BOT_NO_START: 'false' - BOT_FEE_PAYMENT_METHOD: 'fee_juice' - BOT_MODE: 'transfer' - BOT_MAX_CONSECUTIVE_ERRORS: '3' - BOT_STOP_WHEN_UNHEALTHY: 'true' - AZTEC_NODE_URL: '' - TEST_ACCOUNTS: 'false' + BOT_TX_INTERVAL_SECONDS: "1" + BOT_PRIVATE_TRANSFERS_PER_TX: "0" + BOT_PUBLIC_TRANSFERS_PER_TX: "1" + BOT_FOLLOW_CHAIN: "NONE" + PXE_SYNC_CHAIN_TIP: "checkpointed" + BOT_NO_START: "false" + BOT_FEE_PAYMENT_METHOD: "fee_juice" + BOT_MODE: "transfer" + BOT_MAX_CONSECUTIVE_ERRORS: "3" + BOT_STOP_WHEN_UNHEALTHY: "true" + AZTEC_NODE_URL: "" + TEST_ACCOUNTS: "false" + P2P_ENABLED: "false" persistence: enabled: false @@ -73,7 +74,7 @@ bot: exit 0 envFrom: - configMapRef: - name: '{{ .Release.Name }}-env' + name: "{{ .Release.Name }}-env" node: configMap: @@ -95,9 +96,6 @@ bot: hostNetwork: false - env: - P2P_ENABLED: 'false' - service: p2p: enabled: false From f7127da87768b1f491186be43e9256aa86417f33 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 09:39:34 +0000 Subject: [PATCH 18/34] fix noir-project bootstrap --- noir-projects/noir-contracts/bootstrap.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/noir-projects/noir-contracts/bootstrap.sh b/noir-projects/noir-contracts/bootstrap.sh index 4aa985da55e0..5cf30927ae65 100755 --- a/noir-projects/noir-contracts/bootstrap.sh +++ b/noir-projects/noir-contracts/bootstrap.sh @@ -103,7 +103,8 @@ function stamp_aztec_version { semver check "$REF_NAME" 2>/dev/null && version="${REF_NAME#v}" local tmp=$(mktemp) jq --arg v "$version" '.aztec_version = $v' "$json_path" > "$tmp" - mv "$tmp" "$json_path" + cat "$tmp" > "$json_path" + rm "$tmp" } export -f stamp_aztec_version From 0a87a03cb1db03aae3119a08036564d43340a8e7 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 10:15:21 +0000 Subject: [PATCH 19/34] remove --archiver from infra --- spartan/aztec-node/README.md | 4 +--- spartan/aztec-node/values.yaml | 1 - spartan/aztec-prover-stack/values.yaml | 1 - spartan/aztec-validator/values.yaml | 1 - spartan/terraform/deploy-aztec-infra/values/archive.yaml | 1 - spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml | 1 - spartan/terraform/deploy-aztec-infra/values/full-node.yaml | 1 - spartan/terraform/deploy-aztec-infra/values/rpc.yaml | 1 - yarn-project/aztec/src/cli/aztec_start_options.ts | 6 +----- 9 files changed, 2 insertions(+), 15 deletions(-) diff --git a/spartan/aztec-node/README.md b/spartan/aztec-node/README.md index 93c7413f46b3..de7015386fb3 100644 --- a/spartan/aztec-node/README.md +++ b/spartan/aztec-node/README.md @@ -40,7 +40,6 @@ node: startCmd: - --node - - --archiver startupProbe: # -- Period seconds @@ -91,7 +90,6 @@ node: startCmd: - --node - - --archiver - --sequencer startupProbe: @@ -144,7 +142,7 @@ service: | node.l1ConsensusUrls | [] | L1 consensus host URLs (comma-separated list) | | node.l1ConsensusHostApiKeys | [] | API keys for L1 consensus hosts | | node.l1ConsensusHostApiKeyHeaders | [] | API key headers for L1 consensus hosts | -| node.startCmd | ["--node", "--archiver"] | Startup command for the node | +| node.startCmd | ["--node"] | Startup command for the node | | node.remoteUrl.archiver | - | Remote URL for archiver | | node.remoteUrl.proverBroker | - | Remote URL for prover broker | | node.remoteUrl.proverCoordinationNodes | [] | Remote URLs for prover coordination nodes | diff --git a/spartan/aztec-node/values.yaml b/spartan/aztec-node/values.yaml index 6a07f978ce68..d5c80d5c974d 100644 --- a/spartan/aztec-node/values.yaml +++ b/spartan/aztec-node/values.yaml @@ -86,7 +86,6 @@ node: startCmd: - --node - - --archiver image: repository: "" diff --git a/spartan/aztec-prover-stack/values.yaml b/spartan/aztec-prover-stack/values.yaml index 635eb1ecbe25..35e17ad7f45f 100644 --- a/spartan/aztec-prover-stack/values.yaml +++ b/spartan/aztec-prover-stack/values.yaml @@ -39,7 +39,6 @@ node: startCmd: - --prover-node - - --archiver configMap: envEnabled: true diff --git a/spartan/aztec-validator/values.yaml b/spartan/aztec-validator/values.yaml index e47d12d0cb67..46fa3ce2d784 100644 --- a/spartan/aztec-validator/values.yaml +++ b/spartan/aztec-validator/values.yaml @@ -40,7 +40,6 @@ validator: startCmd: - --node - - --archiver - --sequencer web3signerUrl: "" diff --git a/spartan/terraform/deploy-aztec-infra/values/archive.yaml b/spartan/terraform/deploy-aztec-infra/values/archive.yaml index de1f5bea69a5..b759553d65de 100644 --- a/spartan/terraform/deploy-aztec-infra/values/archive.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/archive.yaml @@ -3,4 +3,3 @@ env: node: startCmd: - --node - - --archiver diff --git a/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml b/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml index 539107524b83..72302f5f3835 100644 --- a/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/blob-sink.yaml @@ -17,4 +17,3 @@ node: startCmd: - --node - - --archiver diff --git a/spartan/terraform/deploy-aztec-infra/values/full-node.yaml b/spartan/terraform/deploy-aztec-infra/values/full-node.yaml index 4f8d6bfe4f12..bba0ed0487da 100644 --- a/spartan/terraform/deploy-aztec-infra/values/full-node.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/full-node.yaml @@ -17,4 +17,3 @@ node: startCmd: - --node - - --archiver diff --git a/spartan/terraform/deploy-aztec-infra/values/rpc.yaml b/spartan/terraform/deploy-aztec-infra/values/rpc.yaml index 2500fc78f2bb..d3c5da13d796 100644 --- a/spartan/terraform/deploy-aztec-infra/values/rpc.yaml +++ b/spartan/terraform/deploy-aztec-infra/values/rpc.yaml @@ -18,4 +18,3 @@ node: startCmd: - --node - - --archiver diff --git a/yarn-project/aztec/src/cli/aztec_start_options.ts b/yarn-project/aztec/src/cli/aztec_start_options.ts index dec92e996fd7..7ec9ca5c9443 100644 --- a/yarn-project/aztec/src/cli/aztec_start_options.ts +++ b/yarn-project/aztec/src/cli/aztec_start_options.ts @@ -268,11 +268,7 @@ export const aztecStartOptions: { [key: string]: AztecStartOption[] } = { defaultValue: undefined, env: undefined, }, - ...getOptions( - 'proverBroker', - // filter out archiver options from prover node options as they're passed separately in --archiver - proverBrokerConfigMappings, - ), + ...getOptions('proverBroker', proverBrokerConfigMappings), ], 'PROVER AGENT': [ { From cdd6459924376b26b5f45a79d89bd369ab083ff0 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 14:28:08 +0000 Subject: [PATCH 20/34] fix env / deploy shapes --- spartan/environments/network-defaults.yml | 24 +-- spartan/environments/networks/alpha-net.yml | 121 +++++++------- .../environments/networks/block-capacity.yml | 72 ++++---- .../networks/five-tps-long-epoch.yml | 104 ++++++------ .../networks/five-tps-short-epoch.yml | 104 ++++++------ .../environments/networks/kind-provers.yml | 72 ++++---- spartan/environments/networks/mainnet.yml | 78 ++++----- spartan/environments/networks/mbps-net.yml | 123 +++++++------- .../environments/networks/mbps-pipeline.yml | 119 +++++++------ .../environments/networks/next-net-clone.yml | 112 +++++++------ spartan/environments/networks/next-net.yml | 134 ++++++++------- .../environments/networks/next-scenario.yml | 86 +++++----- .../networks/prove-n-tps-fake.yml | 80 ++++----- .../networks/prove-n-tps-real.yml | 76 ++++----- .../networks/staging-ignition.yml | 76 ++++----- .../environments/networks/staging-public.yml | 131 ++++++++------- .../environments/networks/staging.local.yml | 24 +-- .../networks/ten-tps-long-epoch.yml | 106 ++++++------ .../networks/ten-tps-short-epoch.yml | 106 ++++++------ spartan/environments/networks/testnet.yml | 157 +++++++++--------- .../environments/networks/tps-scenario.yml | 125 +++++++------- spartan/scripts/load_network_config.sh | 22 --- spartan/terraform/deploy-aztec-infra/main.tf | 51 ++---- 23 files changed, 1050 insertions(+), 1053 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index d410fbd9e612..a226848330fd 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -290,15 +290,6 @@ _deploy_defaults: BOT_TRANSFERS_REPLICAS: "0" BOT_SWAPS_REPLICAS: "0" BOT_CROSS_CHAIN_REPLICAS: "0" - BOT_TRANSFERS_TX_INTERVAL_SECONDS: "60" - BOT_SWAPS_TX_INTERVAL_SECONDS: "60" - BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: "10" - BOT_TRANSFERS_FOLLOW_CHAIN: "NONE" - BOT_SWAPS_FOLLOW_CHAIN: "NONE" - BOT_CROSS_CHAIN_FOLLOW_CHAIN: "PENDING" - BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP: "checkpointed" - BOT_SWAPS_PXE_SYNC_CHAIN_TIP: "checkpointed" - BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP: "checkpointed" # RPC ingress RPC_INGRESS_ENABLED: "false" @@ -390,13 +381,22 @@ _release_defaults: env: {} bot_transfers: replicaCount: 0 - env: {} + env: + BOT_TX_INTERVAL_SECONDS: "60" + BOT_FOLLOW_CHAIN: "NONE" + PXE_SYNC_CHAIN_TIP: "checkpointed" bot_swaps: replicaCount: 0 - env: {} + env: + BOT_TX_INTERVAL_SECONDS: "60" + BOT_FOLLOW_CHAIN: "NONE" + PXE_SYNC_CHAIN_TIP: "checkpointed" bot_cross_chain: replicaCount: 0 - env: {} + env: + BOT_TX_INTERVAL_SECONDS: "10" + BOT_FOLLOW_CHAIN: "PENDING" + PXE_SYNC_CHAIN_TIP: "checkpointed" #=============================================================================== # NETWORK PRESETS diff --git a/spartan/environments/networks/alpha-net.yml b/spartan/environments/networks/alpha-net.yml index 90380859e7cc..b90319b3ce53 100644 --- a/spartan/environments/networks/alpha-net.yml +++ b/spartan/environments/networks/alpha-net.yml @@ -1,64 +1,63 @@ deploy: - NAMESPACE: '${NAMESPACE:-alpha-net}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - DESTROY_NAMESPACE: 'true' - DESTROY_ETH_DEVNET: 'true' - CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' - ETHEREUM_CHAIN_ID: '1337' - CHAOS_MESH_SCENARIOS_FILE: 'network-requirements.yaml' - CREATE_ROLLUP_CONTRACTS: 'true' - VERIFY_CONTRACTS: 'false' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' - RPC_INGRESS_ENABLED: 'false' - FULL_NODE_RESOURCE_PROFILE: '2-core-spot' - PROVER_RESOURCE_PROFILE: 'hi-tps' - RUN_TESTS: 'false' + NAMESPACE: "${NAMESPACE:-alpha-net}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + DESTROY_NAMESPACE: "true" + DESTROY_ETH_DEVNET: "true" + CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + ETHEREUM_CHAIN_ID: "1337" + CHAOS_MESH_SCENARIOS_FILE: "network-requirements.yaml" + CREATE_ROLLUP_CONTRACTS: "true" + VERIFY_CONTRACTS: "false" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "2-core-dedicated" + RPC_INGRESS_ENABLED: "false" + FULL_NODE_RESOURCE_PROFILE: "2-core-spot" + PROVER_RESOURCE_PROFILE: "hi-tps" + RUN_TESTS: "false" + VALIDATOR_REPLICAS: "12" + VALIDATORS_PER_NODE: "4" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "12" + FULL_NODE_REPLICAS: "500" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "128" env: - AZTEC_EPOCH_DURATION: '8' - AZTEC_SLOT_DURATION: '72' - AZTEC_PROOF_SUBMISSION_EPOCHS: '2' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - P2P_PUBLIC_IP: 'false' - AZTEC_MANA_TARGET: '2147483647' - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_BLOCK_DURATION_MS: '6000' - SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT: '5' - REDEPLOY_ROLLUP_CONTRACTS: 'true' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '12' - VALIDATORS_PER_NODE: '4' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '12' - FULL_NODE_REPLICAS: '500' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '128' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PROVER_TEST_DELAY_TYPE: 'fixed' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '5' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - SPONSORED_FPC: 'true' - SEQ_MAX_TX_PER_CHECKPOINT: '72' - SEQ_MIN_TX_PER_BLOCK: '1' - SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER: '1' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' - LOG_LEVEL: 'info' + AZTEC_EPOCH_DURATION: "8" + AZTEC_SLOT_DURATION: "72" + AZTEC_PROOF_SUBMISSION_EPOCHS: "2" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + AZTEC_MANA_TARGET: "2147483647" + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: "true" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_BLOCK_DURATION_MS: "6000" + SEQ_SKIP_CHECKPOINT_PUBLISH_PERCENT: "5" + REDEPLOY_ROLLUP_CONTRACTS: "true" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "fixed" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "5" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "0" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + SPONSORED_FPC: "true" + SEQ_MAX_TX_PER_CHECKPOINT: "72" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER: "1" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + FULL_NODE_INCLUDE_METRICS: "aztec.p2p.gossip.agg_" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/block-capacity.yml b/spartan/environments/networks/block-capacity.yml index 4e40532cd371..08f28e78c8ee 100644 --- a/spartan/environments/networks/block-capacity.yml +++ b/spartan/environments/networks/block-capacity.yml @@ -1,40 +1,40 @@ deploy: - NAMESPACE: '${NAMESPACE:-block-capacity}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - CREATE_ETH_DEVNET: 'true' - DESTROY_NAMESPACE: 'true' - DESTROY_AZTEC_INFRA: 'true' - CREATE_ROLLUP_CONTRACTS: 'true' - ETHEREUM_CHAIN_ID: '1337' - VALIDATOR_RESOURCE_PROFILE: 'prod-hi-tps' - RPC_INGRESS_ENABLED: 'false' - PROVER_RESOURCE_PROFILE: 'dev' + NAMESPACE: "${NAMESPACE:-block-capacity}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + CREATE_ETH_DEVNET: "true" + DESTROY_NAMESPACE: "true" + DESTROY_AZTEC_INFRA: "true" + CREATE_ROLLUP_CONTRACTS: "true" + ETHEREUM_CHAIN_ID: "1337" + VALIDATOR_RESOURCE_PROFILE: "prod-hi-tps" + RPC_INGRESS_ENABLED: "false" + PROVER_RESOURCE_PROFILE: "dev" + VALIDATOR_REPLICAS: "1" + VALIDATORS_PER_NODE: "48" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "1" + PROVER_REPLICAS: "10" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" env: - AZTEC_EPOCH_DURATION: '8' - AZTEC_SLOT_DURATION: '72' - AZTEC_PROOF_SUBMISSION_EPOCHS: '4' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - REDEPLOY_ROLLUP_CONTRACTS: 'true' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '1' - VALIDATORS_PER_NODE: '48' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '1' - PROVER_REPLICAS: '10' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PUBLISHERS_PER_PROVER: '1' - PROVER_TEST_DELAY_TYPE: 'realistic' - DEBUG_FORCE_TX_PROOF_VERIFICATION: 'true' + AZTEC_EPOCH_DURATION: "8" + AZTEC_SLOT_DURATION: "72" + AZTEC_PROOF_SUBMISSION_EPOCHS: "4" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + REDEPLOY_ROLLUP_CONTRACTS: "true" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "realistic" + DEBUG_FORCE_TX_PROOF_VERIFICATION: "true" # 1000 tps - SEQ_MAX_TX_PER_BLOCK: '72000' - SEQ_MIN_TX_PER_BLOCK: '0' - SEQ_ENFORCE_TIME_TABLE: 'true' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - LOG_LEVEL: 'debug; info: json-rpc, simulator' + SEQ_MAX_TX_PER_BLOCK: "72000" + SEQ_MIN_TX_PER_BLOCK: "0" + SEQ_ENFORCE_TIME_TABLE: "true" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + LOG_LEVEL: "debug; info: json-rpc, simulator" diff --git a/spartan/environments/networks/five-tps-long-epoch.yml b/spartan/environments/networks/five-tps-long-epoch.yml index 00a9c54f2980..b1bde212d012 100644 --- a/spartan/environments/networks/five-tps-long-epoch.yml +++ b/spartan/environments/networks/five-tps-long-epoch.yml @@ -1,55 +1,55 @@ deploy: - NAMESPACE: '${NAMESPACE:-five-tps}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - DESTROY_NAMESPACE: 'true' - DESTROY_ETH_DEVNET: 'true' - CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' - ETHEREUM_CHAIN_ID: '1337' - CREATE_ROLLUP_CONTRACTS: 'true' - VERIFY_CONTRACTS: 'false' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' - RPC_INGRESS_ENABLED: 'false' - FULL_NODE_RESOURCE_PROFILE: '2-core-spot' - PROVER_RESOURCE_PROFILE: 'hi-tps' - RUN_TESTS: 'false' + NAMESPACE: "${NAMESPACE:-five-tps}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + DESTROY_NAMESPACE: "true" + DESTROY_ETH_DEVNET: "true" + CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + ETHEREUM_CHAIN_ID: "1337" + CREATE_ROLLUP_CONTRACTS: "true" + VERIFY_CONTRACTS: "false" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "2-core-dedicated" + RPC_INGRESS_ENABLED: "false" + FULL_NODE_RESOURCE_PROFILE: "2-core-spot" + PROVER_RESOURCE_PROFILE: "hi-tps" + RUN_TESTS: "false" + VALIDATOR_REPLICAS: "12" + VALIDATORS_PER_NODE: "4" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "12" + FULL_NODE_REPLICAS: "500" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "64" env: - AZTEC_EPOCH_DURATION: '32' - AZTEC_SLOT_DURATION: '36' - AZTEC_PROOF_SUBMISSION_EPOCHS: '2' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - AZTEC_MANA_TARGET: '2147483647' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '12' - VALIDATORS_PER_NODE: '4' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '12' - FULL_NODE_REPLICAS: '500' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '64' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PROVER_TEST_DELAY_TYPE: 'fixed' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '20' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - SEQ_MAX_TX_PER_CHECKPOINT: '180' - SEQ_MIN_TX_PER_BLOCK: '1' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' - LOG_LEVEL: 'info' + AZTEC_EPOCH_DURATION: "32" + AZTEC_SLOT_DURATION: "36" + AZTEC_PROOF_SUBMISSION_EPOCHS: "2" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + AZTEC_MANA_TARGET: "2147483647" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "fixed" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "20" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "0" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + SEQ_MAX_TX_PER_CHECKPOINT: "180" + SEQ_MIN_TX_PER_BLOCK: "1" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + FULL_NODE_INCLUDE_METRICS: "aztec.p2p.gossip.agg_" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/five-tps-short-epoch.yml b/spartan/environments/networks/five-tps-short-epoch.yml index deb2a1eb3145..626bc55d03d3 100644 --- a/spartan/environments/networks/five-tps-short-epoch.yml +++ b/spartan/environments/networks/five-tps-short-epoch.yml @@ -1,55 +1,55 @@ deploy: - NAMESPACE: '${NAMESPACE:-five-tps}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - DESTROY_NAMESPACE: 'true' - DESTROY_ETH_DEVNET: 'true' - CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' - ETHEREUM_CHAIN_ID: '1337' - CREATE_ROLLUP_CONTRACTS: 'true' - VERIFY_CONTRACTS: 'false' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' - RPC_INGRESS_ENABLED: 'false' - FULL_NODE_RESOURCE_PROFILE: '2-core-spot' - PROVER_RESOURCE_PROFILE: 'hi-tps' - RUN_TESTS: 'false' + NAMESPACE: "${NAMESPACE:-five-tps}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + DESTROY_NAMESPACE: "true" + DESTROY_ETH_DEVNET: "true" + CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + ETHEREUM_CHAIN_ID: "1337" + CREATE_ROLLUP_CONTRACTS: "true" + VERIFY_CONTRACTS: "false" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "2-core-dedicated" + RPC_INGRESS_ENABLED: "false" + FULL_NODE_RESOURCE_PROFILE: "2-core-spot" + PROVER_RESOURCE_PROFILE: "hi-tps" + RUN_TESTS: "false" + VALIDATOR_REPLICAS: "12" + VALIDATORS_PER_NODE: "4" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "12" + FULL_NODE_REPLICAS: "500" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "64" env: - AZTEC_EPOCH_DURATION: '8' - AZTEC_SLOT_DURATION: '36' - AZTEC_PROOF_SUBMISSION_EPOCHS: '10' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - AZTEC_MANA_TARGET: '2147483647' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '12' - VALIDATORS_PER_NODE: '4' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '12' - FULL_NODE_REPLICAS: '500' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '64' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PROVER_TEST_DELAY_TYPE: 'fixed' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '5' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - SEQ_MAX_TX_PER_CHECKPOINT: '180' - SEQ_MIN_TX_PER_BLOCK: '1' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' - LOG_LEVEL: 'info' + AZTEC_EPOCH_DURATION: "8" + AZTEC_SLOT_DURATION: "36" + AZTEC_PROOF_SUBMISSION_EPOCHS: "10" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + AZTEC_MANA_TARGET: "2147483647" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "fixed" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "5" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "0" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + SEQ_MAX_TX_PER_CHECKPOINT: "180" + SEQ_MIN_TX_PER_BLOCK: "1" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + FULL_NODE_INCLUDE_METRICS: "aztec.p2p.gossip.agg_" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/kind-provers.yml b/spartan/environments/networks/kind-provers.yml index f9b08ce27584..25f959d98c5f 100644 --- a/spartan/environments/networks/kind-provers.yml +++ b/spartan/environments/networks/kind-provers.yml @@ -1,39 +1,39 @@ deploy: - NAMESPACE: '${NAMESPACE:-kind}' - CLUSTER: 'kind' - CREATE_ETH_DEVNET: 'true' - CREATE_ROLLUP_CONTRACTS: 'true' - CREATE_AZTEC_INFRA: 'true' - RUN_TESTS: 'false' - PROVER_RESOURCE_PROFILE: 'kind-provers' - -env: - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - L1_ACCOUNT_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - SENTINEL_ENABLED: 'false' - AZTEC_SLOT_DURATION: '36' - AZTEC_EPOCH_DURATION: '32' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '17' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' - AZTEC_GOVERNANCE_VOTING_DURATION: '300' - AWS_ACCESS_KEY_ID: '' - AWS_SECRET_ACCESS_KEY: '' - OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' - VALIDATOR_REPLICAS: '4' + NAMESPACE: "${NAMESPACE:-kind}" + CLUSTER: "kind" + CREATE_ETH_DEVNET: "true" + CREATE_ROLLUP_CONTRACTS: "true" + CREATE_AZTEC_INFRA: "true" + RUN_TESTS: "false" + PROVER_RESOURCE_PROFILE: "kind-provers" # We allocate 0.5 per validator, so 4 * 0.5 * 12 = 24 cores total - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" # 16 * 16 = 128 cores total - PROVER_REPLICAS: '8' - PROVER_AGENTS_PER_PROVER: '1' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PUBLISHERS_PER_PROVER: '1' - RPC_REPLICAS: '2' + PROVER_REPLICAS: "8" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" + RPC_REPLICAS: "2" + +env: + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + L1_ACCOUNT_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + SENTINEL_ENABLED: "false" + AZTEC_SLOT_DURATION: "36" + AZTEC_EPOCH_DURATION: "32" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "17" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "2" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "11" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "20" + AZTEC_GOVERNANCE_VOTING_DURATION: "300" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + OTEL_COLLECTOR_ENDPOINT: "http://metrics-opentelemetry-collector.metrics:4318" + PROVER_AGENTS_PER_PROVER: "1" diff --git a/spartan/environments/networks/mainnet.yml b/spartan/environments/networks/mainnet.yml index f4ff183bc9ac..078e8d0db858 100644 --- a/spartan/environments/networks/mainnet.yml +++ b/spartan/environments/networks/mainnet.yml @@ -2,44 +2,44 @@ network: mainnet deploy: - NETWORK: '${NETWORK:-mainnet}' - L1_NETWORK: '${L1_NETWORK:-mainnet}' - ETHEREUM_CHAIN_ID: '${ETHEREUM_CHAIN_ID:-1}' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-public' - NAMESPACE: '${NAMESPACE:-mainnet}' - CREATE_ROLLUP_CONTRACTS: 'false' - VERIFY_CONTRACTS: 'false' - RPC_RESOURCE_PROFILE: 'mainnet' - BLOB_SINK_RESOURCE_PROFILE: 'mainnet' - PROVER_RESOURCE_PROFILE: 'mainnet' - USE_NETWORK_CONFIG: 'true' - SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-mainnet}' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-mainnet/blobs}' - TX_FILE_STORE_ENABLED: 'true' - TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-mainnet/txs}' + NETWORK: "${NETWORK:-mainnet}" + L1_NETWORK: "${L1_NETWORK:-mainnet}" + ETHEREUM_CHAIN_ID: "${ETHEREUM_CHAIN_ID:-1}" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-public" + NAMESPACE: "${NAMESPACE:-mainnet}" + CREATE_ROLLUP_CONTRACTS: "false" + VERIFY_CONTRACTS: "false" + RPC_RESOURCE_PROFILE: "mainnet" + BLOB_SINK_RESOURCE_PROFILE: "mainnet" + PROVER_RESOURCE_PROFILE: "mainnet" + USE_NETWORK_CONFIG: "true" + SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-mainnet}" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-mainnet/blobs}" + TX_FILE_STORE_ENABLED: "true" + TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-mainnet/txs}" + DEPLOY_INTERNAL_BOOTNODE: "false" + VALIDATOR_REPLICAS: "0" + RPC_REPLICAS: "1" + PROVER_REPLICAS: "4" + FISHERMAN_REPLICAS: "1" + FISHERMAN_MNEMONIC_START_INDEX: "1" + PROVER_NODE_DISABLE_PROOF_PUBLISH: "true" env: - DEPLOY_INTERNAL_BOOTNODE: 'false' - VALIDATOR_REPLICAS: '0' - RPC_REPLICAS: '1' - PROVER_REPLICAS: '4' - FISHERMAN_REPLICAS: '1' - FISHERMAN_MNEMONIC_START_INDEX: '1' - PROVER_NODE_DISABLE_PROOF_PUBLISH: 'true' - LOG_LEVEL: 'info' - FISHERMAN_LOG_LEVEL: 'info' - PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/mainnet/failed-proofs' - L1_TX_FAILED_STORE: 'gs://aztec-develop/mainnet/failed-l1-txs' - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: '' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: '' - BLOB_FILE_STORE_URLS: ',' - TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' + LOG_LEVEL: "info" + FISHERMAN_LOG_LEVEL: "info" + PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/mainnet/failed-proofs" + L1_TX_FAILED_STORE: "gs://aztec-develop/mainnet/failed-l1-txs" + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "" + BLOB_FILE_STORE_URLS: "," + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" diff --git a/spartan/environments/networks/mbps-net.yml b/spartan/environments/networks/mbps-net.yml index f2b26adb3dbb..624bdfe684bc 100644 --- a/spartan/environments/networks/mbps-net.yml +++ b/spartan/environments/networks/mbps-net.yml @@ -1,60 +1,69 @@ deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-private' - NETWORK: 'next-net' - NAMESPACE: 'mbps-net' - DESTROY_NAMESPACE: 'true' - ETHEREUM_CHAIN_ID: '11155111' - VERIFY_CONTRACTS: 'false' - STORE_SNAPSHOT_URL: '' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-next-net/blobs}' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-private" + NETWORK: "next-net" + NAMESPACE: "mbps-net" + DESTROY_NAMESPACE: "true" + ETHEREUM_CHAIN_ID: "11155111" + VERIFY_CONTRACTS: "false" + STORE_SNAPSHOT_URL: "" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-next-net/blobs}" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + DEPLOY_INTERNAL_BOOTNODE: "true" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + BOT_TRANSFERS_REPLICAS: "1" + BOT_SWAPS_REPLICAS: "1" + BOT_CROSS_CHAIN_REPLICAS: "1" + VALIDATOR_HA_REPLICAS: "1" env: - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'true' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/next-net/failed-proofs' - TEST_ACCOUNTS: 'true' - SPONSORED_FPC: 'true' - SEQ_MIN_TX_PER_BLOCK: '0' - SEQ_MAX_TX_PER_BLOCK: '8' - AZTEC_EPOCH_DURATION: '8' - REAL_VERIFIER: 'false' - PROVER_REAL_PROOFS: 'false' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_BLOCK_DURATION_MS: '6000' - LOG_LEVEL: 'verbose' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '4' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PROPOSED' - BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP: 'proposed' - BOT_SWAPS_REPLICAS: '1' - BOT_SWAPS_TX_INTERVAL_SECONDS: '4' - BOT_SWAPS_FOLLOW_CHAIN: 'PROPOSED' - BOT_SWAPS_PXE_SYNC_CHAIN_TIP: 'proposed' - BOT_CROSS_CHAIN_REPLICAS: '1' - BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: '8' - BOT_CROSS_CHAIN_FOLLOW_CHAIN: 'PROPOSED' - BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP: 'proposed' - REDEPLOY_ROLLUP_CONTRACTS: 'true' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - VALIDATOR_HA_REPLICAS: '1' + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/next-net/failed-proofs" + TEST_ACCOUNTS: "true" + SPONSORED_FPC: "true" + SEQ_MIN_TX_PER_BLOCK: "0" + SEQ_MAX_TX_PER_BLOCK: "8" + AZTEC_EPOCH_DURATION: "8" + REAL_VERIFIER: "false" + PROVER_REAL_PROOFS: "false" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_BLOCK_DURATION_MS: "6000" + LOG_LEVEL: "verbose" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + REDEPLOY_ROLLUP_CONTRACTS: "true" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + +bot_transfers: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" + +bot_swaps: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" + +bot_cross_chain: + env: + BOT_TX_INTERVAL_SECONDS: "8" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" diff --git a/spartan/environments/networks/mbps-pipeline.yml b/spartan/environments/networks/mbps-pipeline.yml index 37831075acff..76822c66b89f 100644 --- a/spartan/environments/networks/mbps-pipeline.yml +++ b/spartan/environments/networks/mbps-pipeline.yml @@ -1,58 +1,67 @@ deploy: - CREATE_ETH_DEVNET: 'true' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-private' - NETWORK: 'next-net' - NAMESPACE: 'mbps-pipe' - DESTROY_NAMESPACE: 'true' - ETHEREUM_CHAIN_ID: '1337' - CREATE_ROLLUP_CONTRACTS: 'true' - VERIFY_CONTRACTS: 'false' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + CREATE_ETH_DEVNET: "true" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-private" + NETWORK: "next-net" + NAMESPACE: "mbps-pipe" + DESTROY_NAMESPACE: "true" + ETHEREUM_CHAIN_ID: "1337" + CREATE_ROLLUP_CONTRACTS: "true" + VERIFY_CONTRACTS: "false" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + DEPLOY_INTERNAL_BOOTNODE: "true" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + BOT_TRANSFERS_REPLICAS: "1" + BOT_SWAPS_REPLICAS: "1" + BOT_CROSS_CHAIN_REPLICAS: "1" + VALIDATOR_HA_REPLICAS: "1" env: - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'true' - TEST_ACCOUNTS: 'true' - SPONSORED_FPC: 'true' - SEQ_MIN_TX_PER_BLOCK: '0' - SEQ_MAX_TX_PER_BLOCK: '8' - AZTEC_EPOCH_DURATION: '8' - REAL_VERIFIER: 'false' - PROVER_REAL_PROOFS: 'false' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_BLOCK_DURATION_MS: '5500' - SEQ_MAX_TX_PER_CHECKPOINT: '96' - SEQ_ENABLE_PROPOSER_PIPELINING: 'true' - SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER: '1' - LOG_LEVEL: 'verbose' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - AZTEC_INBOX_LAG: '2' - AZTEC_TARGET_COMMITTEE_SIZE: '24' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '4' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PROPOSED' - BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP: 'proposed' - BOT_SWAPS_REPLICAS: '1' - BOT_SWAPS_TX_INTERVAL_SECONDS: '4' - BOT_SWAPS_FOLLOW_CHAIN: 'PROPOSED' - BOT_SWAPS_PXE_SYNC_CHAIN_TIP: 'proposed' - BOT_CROSS_CHAIN_REPLICAS: '1' - BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: '8' - BOT_CROSS_CHAIN_FOLLOW_CHAIN: 'PROPOSED' - BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP: 'proposed' - REDEPLOY_ROLLUP_CONTRACTS: 'true' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - OTEL_COLLECT_INTERVAL_MS: '10000' - OTEL_EXPORT_TIMEOUT_MS: '5000' - VALIDATOR_HA_REPLICAS: '1' + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + TEST_ACCOUNTS: "true" + SPONSORED_FPC: "true" + SEQ_MIN_TX_PER_BLOCK: "0" + SEQ_MAX_TX_PER_BLOCK: "8" + AZTEC_EPOCH_DURATION: "8" + REAL_VERIFIER: "false" + PROVER_REAL_PROOFS: "false" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_BLOCK_DURATION_MS: "5500" + SEQ_MAX_TX_PER_CHECKPOINT: "96" + SEQ_ENABLE_PROPOSER_PIPELINING: "true" + SEQ_PER_BLOCK_ALLOCATION_MULTIPLIER: "1" + LOG_LEVEL: "verbose" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + AZTEC_INBOX_LAG: "2" + AZTEC_TARGET_COMMITTEE_SIZE: "24" + REDEPLOY_ROLLUP_CONTRACTS: "true" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + +bot_transfers: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" + +bot_swaps: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" + +bot_cross_chain: + env: + BOT_TX_INTERVAL_SECONDS: "8" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" + OTEL_COLLECT_INTERVAL_MS: "10000" + OTEL_EXPORT_TIMEOUT_MS: "5000" diff --git a/spartan/environments/networks/next-net-clone.yml b/spartan/environments/networks/next-net-clone.yml index a724c7b9006e..b1ae71d174e5 100644 --- a/spartan/environments/networks/next-net-clone.yml +++ b/spartan/environments/networks/next-net-clone.yml @@ -1,56 +1,62 @@ deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-private' - NETWORK: 'next-net' - NAMESPACE: '${NAMESPACE:-next-net-clone}' - DESTROY_NAMESPACE: 'true' - ETHEREUM_CHAIN_ID: '11155111' - VERIFY_CONTRACTS: 'false' - STORE_SNAPSHOT_URL: '' - CREATE_ROLLUP_CONTRACTS: 'true' - RPC_INGRESS_ENABLED: 'false' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-private" + NETWORK: "next-net" + NAMESPACE: "${NAMESPACE:-next-net-clone}" + DESTROY_NAMESPACE: "true" + ETHEREUM_CHAIN_ID: "11155111" + VERIFY_CONTRACTS: "false" + STORE_SNAPSHOT_URL: "" + CREATE_ROLLUP_CONTRACTS: "true" + RPC_INGRESS_ENABLED: "false" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + DEPLOY_INTERNAL_BOOTNODE: "true" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + BOT_TRANSFERS_REPLICAS: "1" + BOT_SWAPS_REPLICAS: "1" + VALIDATOR_HA_REPLICAS: "1" env: - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'true' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - TEST_ACCOUNTS: 'true' - SPONSORED_FPC: 'true' - SEQ_ENABLE_PROPOSER_PIPELINING: 'true' - SEQ_MIN_TX_PER_BLOCK: '1' - SEQ_MAX_TX_PER_CHECKPOINT: '12' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_BLOCK_DURATION_MS: '5500' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - AZTEC_INBOX_LAG: '2' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '250' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PENDING' - BOT_SWAPS_REPLICAS: '1' - BOT_SWAPS_FOLLOW_CHAIN: 'PENDING' - BOT_SWAPS_TX_INTERVAL_SECONDS: '350' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - VALIDATOR_HA_REPLICAS: '1' - REAL_VERIFIER: 'true' - AZTEC_SLOT_DURATION: '72' - AZTEC_EPOCH_DURATION: '32' - AZTEC_TARGET_COMMITTEE_SIZE: '48' - AZTEC_PROOF_SUBMISSION_EPOCHS: '1' + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + TEST_ACCOUNTS: "true" + SPONSORED_FPC: "true" + SEQ_ENABLE_PROPOSER_PIPELINING: "true" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_MAX_TX_PER_CHECKPOINT: "12" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_BLOCK_DURATION_MS: "5500" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + AZTEC_INBOX_LAG: "2" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + REAL_VERIFIER: "true" + AZTEC_SLOT_DURATION: "72" + AZTEC_EPOCH_DURATION: "32" + AZTEC_TARGET_COMMITTEE_SIZE: "48" + AZTEC_PROOF_SUBMISSION_EPOCHS: "1" + +bot_transfers: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PENDING" + +bot_swaps: + env: + BOT_TX_INTERVAL_SECONDS: "350" + BOT_FOLLOW_CHAIN: "PENDING" diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml index 8845a67a7627..3a6c625c3309 100644 --- a/spartan/environments/networks/next-net.yml +++ b/spartan/environments/networks/next-net.yml @@ -1,69 +1,75 @@ deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-private' - NETWORK: 'next-net' - NAMESPACE: '${NAMESPACE:-next-net}' - DESTROY_NAMESPACE: 'true' - ETHEREUM_CHAIN_ID: '11155111' - VERIFY_CONTRACTS: 'false' - STORE_SNAPSHOT_URL: '' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-next-net/blobs}' - TX_FILE_STORE_ENABLED: 'true' - TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-next-net/txs}' - CREATE_ROLLUP_CONTRACTS: 'true' - RPC_INGRESS_ENABLED: 'true' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-private" + NETWORK: "next-net" + NAMESPACE: "${NAMESPACE:-next-net}" + DESTROY_NAMESPACE: "true" + ETHEREUM_CHAIN_ID: "11155111" + VERIFY_CONTRACTS: "false" + STORE_SNAPSHOT_URL: "" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-next-net/blobs}" + TX_FILE_STORE_ENABLED: "true" + TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-next-net/txs}" + CREATE_ROLLUP_CONTRACTS: "true" + RPC_INGRESS_ENABLED: "true" RPC_INGRESS_HOSTS: - - 'nextnet.aztec-labs.com' - RPC_INGRESS_STATIC_IP_NAME: 'nextnet-rpc-ip' + - "nextnet.aztec-labs.com" + RPC_INGRESS_STATIC_IP_NAME: "nextnet-rpc-ip" RPC_INGRESS_SSL_CERT_NAMES: - - 'nextnet-rpc-cert' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + - "nextnet-rpc-cert" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + DEPLOY_INTERNAL_BOOTNODE: "true" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + BOT_TRANSFERS_REPLICAS: "1" + BOT_SWAPS_REPLICAS: "1" + VALIDATOR_HA_REPLICAS: "1" env: - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'true' - BLOB_FILE_STORE_URLS: ',' - TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/next-net/failed-proofs' - L1_TX_FAILED_STORE: 'gs://aztec-develop/next-net/failed-l1-txs' - TEST_ACCOUNTS: 'true' - SPONSORED_FPC: 'true' - LOG_LEVEL: 'debug' - SEQ_ENABLE_PROPOSER_PIPELINING: 'true' - SEQ_MIN_TX_PER_BLOCK: '1' - SEQ_MAX_TX_PER_CHECKPOINT: '12' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_BLOCK_DURATION_MS: '5500' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - AZTEC_INBOX_LAG: '2' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '250' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PENDING' - BOT_SWAPS_REPLICAS: '1' - BOT_SWAPS_FOLLOW_CHAIN: 'PENDING' - BOT_SWAPS_TX_INTERVAL_SECONDS: '350' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - VALIDATOR_HA_REPLICAS: '1' - REAL_VERIFIER: 'true' - AZTEC_SLOT_DURATION: '72' - AZTEC_EPOCH_DURATION: '32' - AZTEC_TARGET_COMMITTEE_SIZE: '48' - AZTEC_PROOF_SUBMISSION_EPOCHS: '1' + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + BLOB_FILE_STORE_URLS: "," + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/next-net/failed-proofs" + L1_TX_FAILED_STORE: "gs://aztec-develop/next-net/failed-l1-txs" + TEST_ACCOUNTS: "true" + SPONSORED_FPC: "true" + LOG_LEVEL: "debug" + SEQ_ENABLE_PROPOSER_PIPELINING: "true" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_MAX_TX_PER_CHECKPOINT: "12" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_BLOCK_DURATION_MS: "5500" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + AZTEC_INBOX_LAG: "2" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + REAL_VERIFIER: "true" + AZTEC_SLOT_DURATION: "72" + AZTEC_EPOCH_DURATION: "32" + AZTEC_TARGET_COMMITTEE_SIZE: "48" + AZTEC_PROOF_SUBMISSION_EPOCHS: "1" + +bot_transfers: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PENDING" + +bot_swaps: + env: + BOT_TX_INTERVAL_SECONDS: "350" + BOT_FOLLOW_CHAIN: "PENDING" diff --git a/spartan/environments/networks/next-scenario.yml b/spartan/environments/networks/next-scenario.yml index 4790b747d61d..3cbff6b53108 100644 --- a/spartan/environments/networks/next-scenario.yml +++ b/spartan/environments/networks/next-scenario.yml @@ -1,46 +1,46 @@ deploy: - NAMESPACE: '${NAMESPACE:-scenario}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - DESTROY_NAMESPACE: 'true' - DESTROY_ETH_DEVNET: 'true' - CREATE_ETH_DEVNET: 'true' - ETHEREUM_CHAIN_ID: '1337' - CREATE_ROLLUP_CONTRACTS: 'true' - DESTROY_AZTEC_INFRA: 'true' - VERIFY_CONTRACTS: 'false' - USE_LOAD_BALANCERS: 'true' - RUN_TESTS: 'true' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + NAMESPACE: "${NAMESPACE:-scenario}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + DESTROY_NAMESPACE: "true" + DESTROY_ETH_DEVNET: "true" + CREATE_ETH_DEVNET: "true" + ETHEREUM_CHAIN_ID: "1337" + CREATE_ROLLUP_CONTRACTS: "true" + DESTROY_AZTEC_INFRA: "true" + VERIFY_CONTRACTS: "false" + USE_LOAD_BALANCERS: "true" + RUN_TESTS: "true" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + VALIDATOR_HA_REPLICAS: "1" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "2" + PUBLISHERS_PER_PROVER: "1" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "8" env: - AZTEC_EPOCH_DURATION: '32' - AZTEC_SLOT_DURATION: '36' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - RPC_REPLICAS: '2' - PUBLISHERS_PER_PROVER: '1' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '8' - PROVER_AGENTS_PER_PROVER: '1' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '17' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - SPONSORED_FPC: 'true' - AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' - AZTEC_GOVERNANCE_VOTING_DURATION: '300' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - SEQ_MIN_TX_PER_BLOCK: '0' - VALIDATOR_HA_REPLICAS: '1' + AZTEC_EPOCH_DURATION: "32" + AZTEC_SLOT_DURATION: "36" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + PROVER_AGENTS_PER_PROVER: "1" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "17" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "2" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + SPONSORED_FPC: "true" + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "11" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "20" + AZTEC_GOVERNANCE_VOTING_DURATION: "300" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + SEQ_MIN_TX_PER_BLOCK: "0" diff --git a/spartan/environments/networks/prove-n-tps-fake.yml b/spartan/environments/networks/prove-n-tps-fake.yml index 9eadb38a3909..f6449795801f 100644 --- a/spartan/environments/networks/prove-n-tps-fake.yml +++ b/spartan/environments/networks/prove-n-tps-fake.yml @@ -1,44 +1,44 @@ deploy: - NAMESPACE: '${NAMESPACE:-prove-n-tps-fake}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - CREATE_ETH_DEVNET: 'true' - DESTROY_NAMESPACE: 'true' - DESTROY_AZTEC_INFRA: 'true' - CREATE_ROLLUP_CONTRACTS: 'true' - ETHEREUM_CHAIN_ID: '1337' - RPC_INGRESS_ENABLED: 'false' - PROVER_RESOURCE_PROFILE: 'hi-tps' + NAMESPACE: "${NAMESPACE:-prove-n-tps-fake}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + CREATE_ETH_DEVNET: "true" + DESTROY_NAMESPACE: "true" + DESTROY_AZTEC_INFRA: "true" + CREATE_ROLLUP_CONTRACTS: "true" + ETHEREUM_CHAIN_ID: "1337" + RPC_INGRESS_ENABLED: "false" + PROVER_RESOURCE_PROFILE: "hi-tps" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "1" + PROVER_REPLICAS: "10" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" env: - AZTEC_EPOCH_DURATION: '32' - AZTEC_SLOT_DURATION: '72' - AZTEC_PROOF_SUBMISSION_EPOCHS: '1' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + AZTEC_EPOCH_DURATION: "32" + AZTEC_SLOT_DURATION: "72" + AZTEC_PROOF_SUBMISSION_EPOCHS: "1" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" # 1B mana - AZTEC_MANA_TARGET: '1000000000' - SPONSORED_FPC: 'true' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '1' - PROVER_REPLICAS: '10' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PUBLISHERS_PER_PROVER: '1' - PROVER_TEST_DELAY_TYPE: 'realistic' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - SEQ_MAX_TX_PER_CHECKPOINT: '80' - SEQ_BLOCK_DURATION_MS: '6000' - SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '36' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_MIN_TX_PER_BLOCK: '1' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - LOG_LEVEL: 'info' + AZTEC_MANA_TARGET: "1000000000" + SPONSORED_FPC: "true" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "realistic" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + SEQ_MAX_TX_PER_CHECKPOINT: "80" + SEQ_BLOCK_DURATION_MS: "6000" + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: "36" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_MIN_TX_PER_BLOCK: "1" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/prove-n-tps-real.yml b/spartan/environments/networks/prove-n-tps-real.yml index 81fbaa50325b..12dc76855f37 100644 --- a/spartan/environments/networks/prove-n-tps-real.yml +++ b/spartan/environments/networks/prove-n-tps-real.yml @@ -1,42 +1,42 @@ deploy: - NAMESPACE: '${NAMESPACE:-prove-n-tps-real}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - CREATE_ETH_DEVNET: 'true' - DESTROY_NAMESPACE: 'true' - DESTROY_AZTEC_INFRA: 'true' - CREATE_ROLLUP_CONTRACTS: 'true' - ETHEREUM_CHAIN_ID: '1337' - RPC_INGRESS_ENABLED: 'false' - PROVER_RESOURCE_PROFILE: 'prod-hi-tps' + NAMESPACE: "${NAMESPACE:-prove-n-tps-real}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + CREATE_ETH_DEVNET: "true" + DESTROY_NAMESPACE: "true" + DESTROY_AZTEC_INFRA: "true" + CREATE_ROLLUP_CONTRACTS: "true" + ETHEREUM_CHAIN_ID: "1337" + RPC_INGRESS_ENABLED: "false" + PROVER_RESOURCE_PROFILE: "prod-hi-tps" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "1" + PROVER_REPLICAS: "4" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" env: - AZTEC_EPOCH_DURATION: '32' - AZTEC_SLOT_DURATION: '72' - AZTEC_PROOF_SUBMISSION_EPOCHS: '1' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + AZTEC_EPOCH_DURATION: "32" + AZTEC_SLOT_DURATION: "72" + AZTEC_PROOF_SUBMISSION_EPOCHS: "1" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" # 1B mana - AZTEC_MANA_TARGET: '1000000000' - SPONSORED_FPC: 'true' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'true' - RPC_REPLICAS: '1' - PROVER_REPLICAS: '4' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PUBLISHERS_PER_PROVER: '1' - SEQ_MAX_TX_PER_CHECKPOINT: '72' - SEQ_MIN_TX_PER_BLOCK: '1' - SEQ_BLOCK_DURATION_MS: '6000' - SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '36' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - LOG_LEVEL: 'info' + AZTEC_MANA_TARGET: "1000000000" + SPONSORED_FPC: "true" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "true" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + SEQ_MAX_TX_PER_CHECKPOINT: "72" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_BLOCK_DURATION_MS: "6000" + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: "36" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/staging-ignition.yml b/spartan/environments/networks/staging-ignition.yml index 77f6897054a3..d1ac14cab736 100644 --- a/spartan/environments/networks/staging-ignition.yml +++ b/spartan/environments/networks/staging-ignition.yml @@ -1,41 +1,41 @@ deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-private' - NAMESPACE: '${NAMESPACE:-staging-ignition}' - NETWORK: 'staging-ignition' - ETHEREUM_CHAIN_ID: '11155111' - LABS_INFRA_MNEMONIC_SECRET_NAME: 'sepolia-labs-staging-ignition-mnemonic' - VERIFY_CONTRACTS: 'true' - SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-staging-ignition}' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-staging-ignition/blobs}' - CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' - USE_NETWORK_CONFIG: 'true' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-private" + NAMESPACE: "${NAMESPACE:-staging-ignition}" + NETWORK: "staging-ignition" + ETHEREUM_CHAIN_ID: "11155111" + LABS_INFRA_MNEMONIC_SECRET_NAME: "sepolia-labs-staging-ignition-mnemonic" + VERIFY_CONTRACTS: "true" + SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-staging-ignition}" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-staging-ignition/blobs}" + CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" + USE_NETWORK_CONFIG: "true" + DEPLOY_INTERNAL_BOOTNODE: "false" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + BOT_TRANSFERS_REPLICAS: "0" + BOT_SWAPS_REPLICAS: "0" env: - TRANSACTIONS_DISABLED: 'true' - TEST_ACCOUNTS: 'false' - SPONSORED_FPC: 'false' - SEQ_MIN_TX_PER_BLOCK: '0' - SEQ_MAX_TX_PER_BLOCK: '0' - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - BLOB_FILE_STORE_URLS: ',' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - BOT_TRANSFERS_REPLICAS: '0' - BOT_SWAPS_REPLICAS: '0' - DEPLOY_INTERNAL_BOOTNODE: 'false' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + TRANSACTIONS_DISABLED: "true" + TEST_ACCOUNTS: "false" + SPONSORED_FPC: "false" + SEQ_MIN_TX_PER_BLOCK: "0" + SEQ_MAX_TX_PER_BLOCK: "0" + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + BLOB_FILE_STORE_URLS: "," + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" diff --git a/spartan/environments/networks/staging-public.yml b/spartan/environments/networks/staging-public.yml index a17d4c3a0ce9..c1fa3e55c133 100644 --- a/spartan/environments/networks/staging-public.yml +++ b/spartan/environments/networks/staging-public.yml @@ -1,65 +1,74 @@ deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-private' - NETWORK: 'staging-public' - NAMESPACE: '${NAMESPACE:-staging-public}' - ETHEREUM_CHAIN_ID: '11155111' - VERIFY_CONTRACTS: 'true' - SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-staging-public}' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-staging-public/blobs}' - TX_FILE_STORE_ENABLED: 'true' - TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-staging-public/txs}' - CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-private" + NETWORK: "staging-public" + NAMESPACE: "${NAMESPACE:-staging-public}" + ETHEREUM_CHAIN_ID: "11155111" + VERIFY_CONTRACTS: "true" + SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-staging-public}" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-staging-public/blobs}" + TX_FILE_STORE_ENABLED: "true" + TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-staging-public/txs}" + CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + DEPLOY_INTERNAL_BOOTNODE: "true" + VALIDATOR_REPLICAS: "2" + VALIDATORS_PER_NODE: "64" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + VALIDATOR_HA_REPLICAS: "1" + VALIDATOR_HA_REPLICA_COUNT: "4" + PROVER_REPLICAS: "4" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + BOT_TRANSFERS_REPLICAS: "1" + BOT_SWAPS_REPLICAS: "1" + BOT_CROSS_CHAIN_REPLICAS: "1" env: - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'true' - BLOB_FILE_STORE_URLS: ',' - TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - TEST_ACCOUNTS: 'false' - SPONSORED_FPC: 'false' - AZTEC_MANA_TARGET: '75000000' - AZTEC_PROVING_COST_PER_MANA: '25000000' - SEQ_MAX_L2_BLOCK_GAS: '150000000' - SEQ_MIN_TX_PER_BLOCK: '1' + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + BLOB_FILE_STORE_URLS: "," + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + TEST_ACCOUNTS: "false" + SPONSORED_FPC: "false" + AZTEC_MANA_TARGET: "75000000" + AZTEC_PROVING_COST_PER_MANA: "25000000" + SEQ_MAX_L2_BLOCK_GAS: "150000000" + SEQ_MIN_TX_PER_BLOCK: "1" # 0.1 TPS - SEQ_MAX_TX_PER_CHECKPOINT: '7' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - SEQ_BLOCK_DURATION_MS: '6000' - SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '36' - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' - VALIDATOR_REPLICAS: '2' - VALIDATORS_PER_NODE: '64' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - VALIDATOR_HA_REPLICAS: '1' - VALIDATOR_HA_REPLICA_COUNT: '4' - PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/staging-public/failed-proofs' - L1_TX_FAILED_STORE: 'gs://aztec-develop/staging-public/failed-l1-txs' - PROVER_REPLICAS: '4' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - BOT_DA_GAS_LIMIT: '100000' - BOT_L2_GAS_LIMIT: '6540000' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '250' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PROPOSED' - BOT_SWAPS_REPLICAS: '1' - BOT_SWAPS_FOLLOW_CHAIN: 'PROPOSED' - BOT_SWAPS_TX_INTERVAL_SECONDS: '350' - BOT_CROSS_CHAIN_REPLICAS: '1' - BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS: '250' - BOT_CROSS_CHAIN_FOLLOW_CHAIN: 'PROPOSED' - LOG_LEVEL: 'debug; info: simulator, json-rpc' + SEQ_MAX_TX_PER_CHECKPOINT: "7" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + SEQ_BLOCK_DURATION_MS: "6000" + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: "36" + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: "true" + PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/staging-public/failed-proofs" + L1_TX_FAILED_STORE: "gs://aztec-develop/staging-public/failed-l1-txs" + BOT_DA_GAS_LIMIT: "100000" + BOT_L2_GAS_LIMIT: "6540000" + LOG_LEVEL: "debug; info: simulator, json-rpc" + +bot_transfers: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PROPOSED" + +bot_swaps: + env: + BOT_TX_INTERVAL_SECONDS: "350" + BOT_FOLLOW_CHAIN: "PROPOSED" + +bot_cross_chain: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PROPOSED" diff --git a/spartan/environments/networks/staging.local.yml b/spartan/environments/networks/staging.local.yml index 020d58a59dd1..65081a0805bd 100644 --- a/spartan/environments/networks/staging.local.yml +++ b/spartan/environments/networks/staging.local.yml @@ -1,15 +1,15 @@ deploy: - NAMESPACE: '${NAMESPACE:-staging}' - CLUSTER: 'kind' - CREATE_ETH_DEVNET: 'false' - ETHEREUM_CHAIN_ID: '1337' + NAMESPACE: "${NAMESPACE:-staging}" + CLUSTER: "kind" + CREATE_ETH_DEVNET: "false" + ETHEREUM_CHAIN_ID: "1337" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" env: - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" diff --git a/spartan/environments/networks/ten-tps-long-epoch.yml b/spartan/environments/networks/ten-tps-long-epoch.yml index 50d7fae02edd..c0e8d8e89a2f 100644 --- a/spartan/environments/networks/ten-tps-long-epoch.yml +++ b/spartan/environments/networks/ten-tps-long-epoch.yml @@ -1,56 +1,56 @@ deploy: - NAMESPACE: '${NAMESPACE:-ten-tps}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - DESTROY_NAMESPACE: 'true' - DESTROY_ETH_DEVNET: 'true' - CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' - ETHEREUM_CHAIN_ID: '1337' - CREATE_ROLLUP_CONTRACTS: 'true' - VERIFY_CONTRACTS: 'false' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' - RPC_INGRESS_ENABLED: 'false' - FULL_NODE_RESOURCE_PROFILE: '2-core-spot' - PROVER_RESOURCE_PROFILE: 'hi-tps' - RUN_TESTS: 'false' + NAMESPACE: "${NAMESPACE:-ten-tps}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + DESTROY_NAMESPACE: "true" + DESTROY_ETH_DEVNET: "true" + CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + ETHEREUM_CHAIN_ID: "1337" + CREATE_ROLLUP_CONTRACTS: "true" + VERIFY_CONTRACTS: "false" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "2-core-dedicated" + RPC_INGRESS_ENABLED: "false" + FULL_NODE_RESOURCE_PROFILE: "2-core-spot" + PROVER_RESOURCE_PROFILE: "hi-tps" + RUN_TESTS: "false" + VALIDATOR_REPLICAS: "12" + VALIDATORS_PER_NODE: "4" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "12" + FULL_NODE_REPLICAS: "500" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "128" env: - AZTEC_EPOCH_DURATION: '32' - AZTEC_SLOT_DURATION: '36' - AZTEC_PROOF_SUBMISSION_EPOCHS: '2' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - AZTEC_MANA_TARGET: '2147483647' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - SPONSORED_FPC: 'true' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '12' - VALIDATORS_PER_NODE: '4' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '12' - FULL_NODE_REPLICAS: '500' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '128' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PROVER_TEST_DELAY_TYPE: 'fixed' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '20' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - SEQ_MAX_TX_PER_CHECKPOINT: '360' - SEQ_MIN_TX_PER_BLOCK: '1' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' - LOG_LEVEL: 'info' + AZTEC_EPOCH_DURATION: "32" + AZTEC_SLOT_DURATION: "36" + AZTEC_PROOF_SUBMISSION_EPOCHS: "2" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + AZTEC_MANA_TARGET: "2147483647" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + SPONSORED_FPC: "true" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "fixed" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "20" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "0" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + SEQ_MAX_TX_PER_CHECKPOINT: "360" + SEQ_MIN_TX_PER_BLOCK: "1" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + FULL_NODE_INCLUDE_METRICS: "aztec.p2p.gossip.agg_" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/ten-tps-short-epoch.yml b/spartan/environments/networks/ten-tps-short-epoch.yml index e5758233620c..b2ce8a7998c3 100644 --- a/spartan/environments/networks/ten-tps-short-epoch.yml +++ b/spartan/environments/networks/ten-tps-short-epoch.yml @@ -1,56 +1,56 @@ deploy: - NAMESPACE: '${NAMESPACE:-ten-tps}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - DESTROY_NAMESPACE: 'true' - DESTROY_ETH_DEVNET: 'true' - CREATE_ETH_DEVNET: '${CREATE_ETH_DEVNET:-true}' - ETHEREUM_CHAIN_ID: '1337' - CREATE_ROLLUP_CONTRACTS: 'true' - VERIFY_CONTRACTS: 'false' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' - RPC_INGRESS_ENABLED: 'false' - FULL_NODE_RESOURCE_PROFILE: '2-core-spot' - PROVER_RESOURCE_PROFILE: 'hi-tps' - RUN_TESTS: 'false' + NAMESPACE: "${NAMESPACE:-ten-tps}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + DESTROY_NAMESPACE: "true" + DESTROY_ETH_DEVNET: "true" + CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + ETHEREUM_CHAIN_ID: "1337" + CREATE_ROLLUP_CONTRACTS: "true" + VERIFY_CONTRACTS: "false" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "2-core-dedicated" + RPC_INGRESS_ENABLED: "false" + FULL_NODE_RESOURCE_PROFILE: "2-core-spot" + PROVER_RESOURCE_PROFILE: "hi-tps" + RUN_TESTS: "false" + VALIDATOR_REPLICAS: "12" + VALIDATORS_PER_NODE: "4" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "12" + FULL_NODE_REPLICAS: "500" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "128" env: - AZTEC_EPOCH_DURATION: '8' - AZTEC_SLOT_DURATION: '36' - AZTEC_PROOF_SUBMISSION_EPOCHS: '2' - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - AZTEC_MANA_TARGET: '2147483647' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - SPONSORED_FPC: 'true' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - VALIDATOR_REPLICAS: '12' - VALIDATORS_PER_NODE: '4' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '12' - FULL_NODE_REPLICAS: '500' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '128' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - PROVER_TEST_DELAY_TYPE: 'fixed' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '5' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' - SEQ_MAX_TX_PER_CHECKPOINT: '360' - SEQ_MIN_TX_PER_BLOCK: '1' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' - LOG_LEVEL: 'info' + AZTEC_EPOCH_DURATION: "8" + AZTEC_SLOT_DURATION: "36" + AZTEC_PROOF_SUBMISSION_EPOCHS: "2" + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + AZTEC_MANA_TARGET: "2147483647" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + SPONSORED_FPC: "true" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "fixed" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "5" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "0" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" + SEQ_MAX_TX_PER_CHECKPOINT: "360" + SEQ_MIN_TX_PER_BLOCK: "1" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + FULL_NODE_INCLUDE_METRICS: "aztec.p2p.gossip.agg_" + LOG_LEVEL: "info" diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml index 45939f601070..62b7dc918e95 100644 --- a/spartan/environments/networks/testnet.yml +++ b/spartan/environments/networks/testnet.yml @@ -2,85 +2,88 @@ network: testnet deploy: - CREATE_ETH_DEVNET: 'false' - GCP_REGION: 'us-west1-a' - CLUSTER: 'aztec-gke-public' - NAMESPACE: '${NAMESPACE:-testnet}' - NETWORK: 'testnet' - ETHEREUM_CHAIN_ID: '11155111' - VERIFY_CONTRACTS: 'true' - CREATE_ROLLUP_CONTRACTS: '${CREATE_ROLLUP_CONTRACTS:-false}' - USE_NETWORK_CONFIG: '${USE_NETWORK_CONFIG:-true}' - SNAPSHOT_BUCKET_DIRECTORY: '${SNAPSHOT_BUCKET_DIRECTORY:-testnet}' - BLOB_BUCKET_DIRECTORY: '${BLOB_BUCKET_DIRECTORY:-testnet/blobs}' - TX_FILE_STORE_ENABLED: 'true' - TX_FILE_STORE_BUCKET_DIRECTORY: '${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs}' - RPC_INGRESS_ENABLED: 'true' + CREATE_ETH_DEVNET: "false" + GCP_REGION: "us-west1-a" + CLUSTER: "aztec-gke-public" + NAMESPACE: "${NAMESPACE:-testnet}" + NETWORK: "testnet" + ETHEREUM_CHAIN_ID: "11155111" + VERIFY_CONTRACTS: "true" + CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" + USE_NETWORK_CONFIG: "${USE_NETWORK_CONFIG:-true}" + SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-testnet}" + BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-testnet/blobs}" + TX_FILE_STORE_ENABLED: "true" + TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs}" + RPC_INGRESS_ENABLED: "true" RPC_INGRESS_HOSTS: - - 'rpc.testnet.aztec-labs.com' - RPC_INGRESS_STATIC_IP_NAME: 'testnet-rpc-ip' + - "rpc.testnet.aztec-labs.com" + RPC_INGRESS_STATIC_IP_NAME: "testnet-rpc-ip" RPC_INGRESS_SSL_CERT_NAMES: - - 'testnet-rpc-cert' - VALIDATOR_RESOURCE_PROFILE: 'prod-spot' - PROVER_RESOURCE_PROFILE: 'prod' + - "testnet-rpc-cert" + VALIDATOR_RESOURCE_PROFILE: "prod-spot" + PROVER_RESOURCE_PROFILE: "prod" + DEPLOY_INTERNAL_BOOTNODE: "false" + DEPLOY_ARCHIVAL_NODE: "true" + VALIDATOR_REPLICAS: "4" + VALIDATORS_PER_NODE: "64" + VALIDATOR_PUBLISHERS_PER_REPLICA: "8" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + VALIDATOR_HA_REPLICAS: "1" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "4" + BOT_TRANSFERS_REPLICAS: "1" + BOT_SWAPS_REPLICAS: "0" env: - REAL_VERIFIER: 'true' - AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: '48' - AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: '48' - AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: '10' - AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: '400' - AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: '10' - AZTEC_SLOT_DURATION: '72' - AZTEC_EPOCH_DURATION: '32' - AZTEC_TARGET_COMMITTEE_SIZE: '48' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - AZTEC_PROOF_SUBMISSION_EPOCHS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '199000e18' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '2' - AZTEC_SLASHING_QUORUM: '33' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '2' - AZTEC_SLASHING_LIFETIME_IN_ROUNDS: '5' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '2' + REAL_VERIFIER: "true" + AZTEC_ENTRY_QUEUE_BOOTSTRAP_VALIDATOR_SET_SIZE: "48" + AZTEC_ENTRY_QUEUE_BOOTSTRAP_FLUSH_SIZE: "48" + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: "10" + AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: "400" + AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: "10" + AZTEC_SLOT_DURATION: "72" + AZTEC_EPOCH_DURATION: "32" + AZTEC_TARGET_COMMITTEE_SIZE: "48" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + AZTEC_PROOF_SUBMISSION_EPOCHS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "199000e18" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "2" + AZTEC_SLASHING_QUORUM: "33" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "2" + AZTEC_SLASHING_LIFETIME_IN_ROUNDS: "5" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "2" AZTEC_SLASHING_VETOER: '\"0xdfe19Da6a717b7088621d8bBB66be59F2d78e924\"' - AZTEC_MANA_TARGET: '75000000' - AZTEC_PROVING_COST_PER_MANA: '25000000' - AZTEC_SLASH_AMOUNT_SMALL: '100000e18' - AZTEC_SLASH_AMOUNT_MEDIUM: '100000e18' - AZTEC_SLASH_AMOUNT_LARGE: '100000e18' - AZTEC_ACTIVATION_THRESHOLD: '200000e18' - AZTEC_EJECTION_THRESHOLD: '100000e18' - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '100' - AZTEC_GOVERNANCE_PROPOSER_QUORUM: '60' - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - BLOB_FILE_STORE_URLS: ',' - TX_COLLECTION_FILE_STORE_URLS: 'https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}' - AWS_ACCESS_KEY_ID: 'REPLACE_WITH_GCP_SECRET' - AWS_SECRET_ACCESS_KEY: 'REPLACE_WITH_GCP_SECRET' - DEPLOY_INTERNAL_BOOTNODE: 'false' - BOT_TRANSFERS_REPLICAS: '1' - BOT_TRANSFERS_TX_INTERVAL_SECONDS: '72' - BOT_TRANSFERS_FOLLOW_CHAIN: 'PENDING' - BOT_SWAPS_REPLICAS: '0' - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: 'true' - SEQ_MAX_TX_PER_CHECKPOINT: '72' - DEPLOY_ARCHIVAL_NODE: 'true' - VALIDATOR_REPLICAS: '4' - VALIDATORS_PER_NODE: '64' - VALIDATOR_PUBLISHERS_PER_REPLICA: '8' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - VALIDATOR_HA_REPLICAS: '1' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_FAILED_PROOF_STORE: 'gs://aztec-develop/testnet/failed-proofs' - L1_TX_FAILED_STORE: 'gs://aztec-develop/testnet/failed-l1-txs' - PROVER_REPLICAS: '4' + AZTEC_MANA_TARGET: "75000000" + AZTEC_PROVING_COST_PER_MANA: "25000000" + AZTEC_SLASH_AMOUNT_SMALL: "100000e18" + AZTEC_SLASH_AMOUNT_MEDIUM: "100000e18" + AZTEC_SLASH_AMOUNT_LARGE: "100000e18" + AZTEC_ACTIVATION_THRESHOLD: "200000e18" + AZTEC_EJECTION_THRESHOLD: "100000e18" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "100" + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "60" + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + BLOB_FILE_STORE_URLS: "," + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" + AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" + AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + P2P_TX_POOL_DELETE_TXS_AFTER_REORG: "true" + SEQ_MAX_TX_PER_CHECKPOINT: "72" + PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/testnet/failed-proofs" + L1_TX_FAILED_STORE: "gs://aztec-develop/testnet/failed-l1-txs" + +bot_transfers: + env: + BOT_TX_INTERVAL_SECONDS: "72" + BOT_FOLLOW_CHAIN: "PENDING" diff --git a/spartan/environments/networks/tps-scenario.yml b/spartan/environments/networks/tps-scenario.yml index 2b726049da81..f0760fd0ebbe 100644 --- a/spartan/environments/networks/tps-scenario.yml +++ b/spartan/environments/networks/tps-scenario.yml @@ -1,67 +1,66 @@ deploy: - NAMESPACE: '${NAMESPACE:-tps-scenario}' - CLUSTER: 'aztec-gke-private' - GCP_REGION: 'us-west1-a' - CREATE_ETH_DEVNET: 'false' - L1_NETWORK: 'sepolia' - ETHEREUM_CHAIN_ID: '11155111' - LABS_INFRA_MNEMONIC_SECRET_NAME: 'sepolia-labs-tps-scenario-mnemonic' - VERIFY_CONTRACTS: 'true' - CREATE_ROLLUP_CONTRACTS: 'true' - DESTROY_NAMESPACE: 'true' - DESTROY_AZTEC_INFRA: 'true' - VALIDATOR_RESOURCE_PROFILE: '2-core-dedicated' - RPC_INGRESS_ENABLED: 'false' - FULL_NODE_RESOURCE_PROFILE: '2-core-spot' - PROVER_RESOURCE_PROFILE: 'hi-tps' - WAIT_FOR_PROVER_DEPLOY: 'false' - RUN_TESTS: 'false' + NAMESPACE: "${NAMESPACE:-tps-scenario}" + CLUSTER: "aztec-gke-private" + GCP_REGION: "us-west1-a" + CREATE_ETH_DEVNET: "false" + L1_NETWORK: "sepolia" + ETHEREUM_CHAIN_ID: "11155111" + LABS_INFRA_MNEMONIC_SECRET_NAME: "sepolia-labs-tps-scenario-mnemonic" + VERIFY_CONTRACTS: "true" + CREATE_ROLLUP_CONTRACTS: "true" + DESTROY_NAMESPACE: "true" + DESTROY_AZTEC_INFRA: "true" + VALIDATOR_RESOURCE_PROFILE: "2-core-dedicated" + RPC_INGRESS_ENABLED: "false" + FULL_NODE_RESOURCE_PROFILE: "2-core-spot" + PROVER_RESOURCE_PROFILE: "hi-tps" + WAIT_FOR_PROVER_DEPLOY: "false" + RUN_TESTS: "false" + VALIDATOR_REPLICAS: "12" + VALIDATORS_PER_NODE: "4" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + RPC_REPLICAS: "10" + FULL_NODE_REPLICAS: "500" + PUBLISHERS_PER_PROVER: "2" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PROVER_REPLICAS: "20" env: - AZTEC_EPOCH_DURATION: '8' - AZTEC_SLOT_DURATION: '72' - AZTEC_PROOF_SUBMISSION_EPOCHS: '2' - AZTEC_LAG_IN_EPOCHS: '1' - SPONSORED_FPC: 'true' - ETHEREUM_RPC_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_URLS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEYS: 'REPLACE_WITH_GCP_SECRET' - ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: 'REPLACE_WITH_GCP_SECRET' - FUNDING_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - LABS_INFRA_MNEMONIC: 'REPLACE_WITH_GCP_SECRET' - ROLLUP_DEPLOYMENT_PRIVATE_KEY: 'REPLACE_WITH_GCP_SECRET' - OTEL_COLLECTOR_ENDPOINT: 'REPLACE_WITH_GCP_SECRET' - ETHERSCAN_API_KEY: 'REPLACE_WITH_GCP_SECRET' - AZTEC_MANA_TARGET: '2147483647' - VALIDATOR_REPLICAS: '12' - VALIDATORS_PER_NODE: '4' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - REAL_VERIFIER: 'false' - RPC_REPLICAS: '10' - FULL_NODE_REPLICAS: '500' - PUBLISHERS_PER_PROVER: '2' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PROVER_REPLICAS: '20' - PROVER_AGENT_POLL_INTERVAL_MS: '10000' - P2P_PUBLIC_IP: 'false' - PROVER_TEST_DELAY_TYPE: 'fixed' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_QUORUM: '5' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '0' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_LOCAL_EJECTION_THRESHOLD: '90000000000000000000' + AZTEC_EPOCH_DURATION: "8" + AZTEC_SLOT_DURATION: "72" + AZTEC_PROOF_SUBMISSION_EPOCHS: "2" + AZTEC_LAG_IN_EPOCHS: "1" + SPONSORED_FPC: "true" + ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: "REPLACE_WITH_GCP_SECRET" + FUNDING_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + LABS_INFRA_MNEMONIC: "REPLACE_WITH_GCP_SECRET" + ROLLUP_DEPLOYMENT_PRIVATE_KEY: "REPLACE_WITH_GCP_SECRET" + OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" + ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" + AZTEC_MANA_TARGET: "2147483647" + REAL_VERIFIER: "false" + PROVER_AGENT_POLL_INTERVAL_MS: "10000" + PROVER_TEST_DELAY_TYPE: "fixed" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_QUORUM: "5" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "0" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_LOCAL_EJECTION_THRESHOLD: "90000000000000000000" # approx 0.2 TPS - SEQ_MAX_TX_PER_CHECKPOINT: '15' - SEQ_MIN_TX_PER_BLOCK: '1' - SEQ_BUILD_CHECKPOINT_IF_EMPTY: 'true' - VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: '0' - PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: '0' - DEBUG_P2P_INSTRUMENT_MESSAGES: 'true' - P2P_DROP_TX_CHANCE: '0.2' - PROVER_TEST_VERIFICATION_DELAY_MS: '250' - PROVER_AGENT_INCLUDE_METRICS: 'aztec.circuit' - FULL_NODE_INCLUDE_METRICS: 'aztec.p2p.gossip.agg_' - LOG_LEVEL: 'info' + SEQ_MAX_TX_PER_CHECKPOINT: "15" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_BUILD_CHECKPOINT_IF_EMPTY: "true" + VALIDATOR_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + VALIDATOR_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_BUMP_PERCENTAGE: "0" + PROVER_L1_PRIORITY_FEE_RETRY_BUMP_PERCENTAGE: "0" + DEBUG_P2P_INSTRUMENT_MESSAGES: "true" + P2P_DROP_TX_CHANCE: "0.2" + PROVER_TEST_VERIFICATION_DELAY_MS: "250" + PROVER_AGENT_INCLUDE_METRICS: "aztec.circuit" + FULL_NODE_INCLUDE_METRICS: "aztec.p2p.gossip.agg_" + LOG_LEVEL: "info" diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index f85bfaded57f..faa6185a7d86 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -81,28 +81,6 @@ data = json.load(sys.stdin) env = data.setdefault("env", {}) deploy = data.setdefault("deploy", {}) -# Keep deploy-time topology inputs aligned with pod env when older network YAMLs -# still declare them under env:. Terraform reads these from deploy:. -for key in [ - "VALIDATOR_REPLICAS", - "VALIDATOR_HA_REPLICAS", - "VALIDATOR_HA_REPLICA_COUNT", - "VALIDATORS_PER_NODE", - "VALIDATOR_PUBLISHERS_PER_REPLICA", - "VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", - "PROVER_REPLICAS", - "PUBLISHERS_PER_PROVER", - "PROVER_PUBLISHER_MNEMONIC_START_INDEX", - "RPC_REPLICAS", - "FISHERMAN_REPLICAS", - "FULL_NODE_REPLICAS", - "BOT_TRANSFERS_REPLICAS", - "BOT_SWAPS_REPLICAS", - "BOT_CROSS_CHAIN_REPLICAS", -]: - if key in env: - deploy[key] = env[key] - # devnet: namespace pattern v-devnet- picks a non-conflicting # mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 # do not collide on nonces. diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 0cedbfcd76c8..34a8d78ec08e 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -76,18 +76,6 @@ locals { l1_consensus_keys = try(local.d.L1_CONSENSUS_HOST_API_KEYS, []) l1_consensus_headers = try(local.d.L1_CONSENSUS_HOST_API_KEY_HEADERS, []) - # Network YAMLs set bot tuning under env: (next-net, staging-public, …). - # Prefer var.env over var.deploy defaults — avoids env→deploy duplication in deploy_network.sh. - bot_transfers_tx_interval_seconds = lookup(var.env, "BOT_TRANSFERS_TX_INTERVAL_SECONDS", try(local.d.BOT_TRANSFERS_TX_INTERVAL_SECONDS, "")) - bot_transfers_follow_chain = lookup(var.env, "BOT_TRANSFERS_FOLLOW_CHAIN", try(local.d.BOT_TRANSFERS_FOLLOW_CHAIN, "")) - bot_transfers_pxe_sync_chain_tip = lookup(var.env, "BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP", try(local.d.BOT_TRANSFERS_PXE_SYNC_CHAIN_TIP, "")) - bot_swaps_tx_interval_seconds = lookup(var.env, "BOT_SWAPS_TX_INTERVAL_SECONDS", try(local.d.BOT_SWAPS_TX_INTERVAL_SECONDS, "")) - bot_swaps_follow_chain = lookup(var.env, "BOT_SWAPS_FOLLOW_CHAIN", try(local.d.BOT_SWAPS_FOLLOW_CHAIN, "")) - bot_swaps_pxe_sync_chain_tip = lookup(var.env, "BOT_SWAPS_PXE_SYNC_CHAIN_TIP", try(local.d.BOT_SWAPS_PXE_SYNC_CHAIN_TIP, "")) - bot_cross_chain_tx_interval_seconds = lookup(var.env, "BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS", try(local.d.BOT_CROSS_CHAIN_TX_INTERVAL_SECONDS, "")) - bot_cross_chain_follow_chain = lookup(var.env, "BOT_CROSS_CHAIN_FOLLOW_CHAIN", try(local.d.BOT_CROSS_CHAIN_FOLLOW_CHAIN, "")) - bot_cross_chain_pxe_sync_chain_tip = lookup(var.env, "BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP", try(local.d.BOT_CROSS_CHAIN_PXE_SYNC_CHAIN_TIP, "")) - # --------------------------------------------------------------------------- # Per-release helm values from the YAML loader. # @@ -660,14 +648,11 @@ locals { ] custom_settings = merge( { - "bot.replicaCount" = local.bot_transfers_replicas - "bot.env.BOT_TX_INTERVAL_SECONDS" = local.bot_transfers_tx_interval_seconds - "bot.env.BOT_FOLLOW_CHAIN" = local.bot_transfers_follow_chain - "bot.env.PXE_SYNC_CHAIN_TIP" = local.bot_transfers_pxe_sync_chain_tip - "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url - "bot.botPrivateKey" = try(local.d.BOT_TRANSFERS_L2_PRIVATE_KEY, "0xcafe01") - "bot.mnemonic" = local.d.BOT_MNEMONIC - "bot.mnemonicStartIndex" = local.d.BOT_TRANSFERS_MNEMONIC_START_INDEX + "bot.replicaCount" = local.bot_transfers_replicas + "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url + "bot.botPrivateKey" = try(local.d.BOT_TRANSFERS_L2_PRIVATE_KEY, "0xcafe01") + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_TRANSFERS_MNEMONIC_START_INDEX }, try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, try(local.d.BOT_L2_GAS_LIMIT, "") != "" ? { "bot.env.BOT_L2_GAS_LIMIT" = local.d.BOT_L2_GAS_LIMIT } : {}, @@ -688,14 +673,11 @@ locals { ] custom_settings = merge( { - "bot.replicaCount" = local.bot_swaps_replicas - "bot.env.BOT_TX_INTERVAL_SECONDS" = local.bot_swaps_tx_interval_seconds - "bot.env.BOT_FOLLOW_CHAIN" = local.bot_swaps_follow_chain - "bot.env.PXE_SYNC_CHAIN_TIP" = local.bot_swaps_pxe_sync_chain_tip - "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url - "bot.botPrivateKey" = try(local.d.BOT_SWAPS_L2_PRIVATE_KEY, "0xcafe02") - "bot.mnemonic" = local.d.BOT_MNEMONIC - "bot.mnemonicStartIndex" = local.d.BOT_SWAPS_MNEMONIC_START_INDEX + "bot.replicaCount" = local.bot_swaps_replicas + "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url + "bot.botPrivateKey" = try(local.d.BOT_SWAPS_L2_PRIVATE_KEY, "0xcafe02") + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_SWAPS_MNEMONIC_START_INDEX }, try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, try(local.d.BOT_L2_GAS_LIMIT, "") != "" ? { "bot.env.BOT_L2_GAS_LIMIT" = local.d.BOT_L2_GAS_LIMIT } : {}, @@ -716,14 +698,11 @@ locals { ] custom_settings = merge( { - "bot.replicaCount" = local.bot_cross_chain_replicas - "bot.env.BOT_TX_INTERVAL_SECONDS" = local.bot_cross_chain_tx_interval_seconds - "bot.env.BOT_FOLLOW_CHAIN" = local.bot_cross_chain_follow_chain - "bot.env.PXE_SYNC_CHAIN_TIP" = local.bot_cross_chain_pxe_sync_chain_tip - "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url - "bot.botPrivateKey" = try(local.d.BOT_CROSS_CHAIN_L2_PRIVATE_KEY, "0xcafe03") - "bot.mnemonic" = local.d.BOT_MNEMONIC - "bot.mnemonicStartIndex" = local.d.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX + "bot.replicaCount" = local.bot_cross_chain_replicas + "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url + "bot.botPrivateKey" = try(local.d.BOT_CROSS_CHAIN_L2_PRIVATE_KEY, "0xcafe03") + "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonicStartIndex" = local.d.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX }, try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, try(local.d.BOT_L2_GAS_LIMIT, "") != "" ? { "bot.env.BOT_L2_GAS_LIMIT" = local.d.BOT_L2_GAS_LIMIT } : {}, From ab7ed4bb5ae1f0a2b3cc2b246b6826965d1b5ddc Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:02:14 +0000 Subject: [PATCH 21/34] migrate contract deployment --- spartan/scripts/deploy_network.sh | 98 +++---- spartan/scripts/deploy_network_with_env.sh | 33 ++- .../terraform/deploy-rollup-contracts/main.tf | 89 ++---- .../deploy-rollup-contracts/outputs.tf | 7 +- .../deploy-rollup-contracts/variables.tf | 272 ++---------------- 5 files changed, 116 insertions(+), 383 deletions(-) diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index d4612c8a2aac..d2807f1d6ebb 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -4,8 +4,9 @@ # # Usage: deploy_network.sh # : bare YAML name (resolved to spartan/environments/networks/.yml) -# or absolute path. Used to re-invoke load_network_config.sh for -# the structured deploy/env/releases JSON written to +# or absolute path. Used to invoke load_network_config.sh for the +# structured deploy/env/releases JSON written to +# deploy-rollup-contracts/terraform.tfvars.json and # deploy-aztec-infra/terraform.tfvars.json. # # Assumes env was already sourced by deploy_network_with_env.sh (or the caller). @@ -30,18 +31,6 @@ k8s_denoise() { "${SCRIPT_DIR}/k8s_enriched_denoise" "${NAMESPACE}" "$1" } -tf_str() { - local value="${1:-}" - local default_value="${2:-null}" - if [[ -n "$value" ]]; then - value="${value//\\/\\\\}" # escape backslashes first - value="${value//\"/\\\"}" # then escape double quotes - echo "\"${value}\"" - else - echo "$default_value" - fi -} - # We want to separate out these logs. export DENOISE=1 ######################## @@ -263,6 +252,18 @@ else L1_CONSENSUS_HOST_API_KEY_HEADERS_JSON="${ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS:-[]}" fi +# ------------------------------- +# Load YAML config (tfvars JSON) +# ------------------------------- +# Load the structured {deploy, env, releases} tfvars JSON once here so both +# the rollup-contracts and aztec-infra modules can use it without a second +# round of YAML merging and GCP secret fetches. +if [[ -n "${NETWORK_TFVARS_JSON:-}" && -f "${NETWORK_TFVARS_JSON}" ]]; then + LOADER_JSON=$(cat "${NETWORK_TFVARS_JSON}") +else + LOADER_JSON=$("${SCRIPT_DIR}/load_network_config.sh" "${NETWORK_YAML}" --format=tfvars) +fi + # ------------------------------- # Deploy rollup contracts # ------------------------------- @@ -289,50 +290,29 @@ else ETHERSCAN_API_KEY_TF=null fi -cat > "${DEPLOY_ROLLUP_CONTRACTS_DIR}/terraform.tfvars" << EOF -K8S_CLUSTER_CONTEXT = "${K8S_CLUSTER_CONTEXT}" -NAMESPACE = "${NAMESPACE}" -AZTEC_DOCKER_IMAGE = "${AZTEC_DOCKER_IMAGE}" -L1_RPC_URLS = "${CSV_RPC_URLS}" -PRIVATE_KEY = "${ROLLUP_DEPLOYMENT_PRIVATE_KEY}" -L1_CHAIN_ID = "${ETHEREUM_CHAIN_ID}" -VALIDATORS = "${VALIDATOR_ADDRESSES}" -SPONSORED_FPC = ${SPONSORED_FPC} -TEST_ACCOUNTS = ${TEST_ACCOUNTS} -REAL_VERIFIER = ${REAL_VERIFIER} -AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET = ${AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET:-null} -AZTEC_LAG_IN_EPOCHS_FOR_RANDAO = ${AZTEC_LAG_IN_EPOCHS_FOR_RANDAO:-null} -AZTEC_SLOT_DURATION = ${AZTEC_SLOT_DURATION:-null} -AZTEC_EPOCH_DURATION = ${AZTEC_EPOCH_DURATION:-null} -AZTEC_TARGET_COMMITTEE_SIZE = ${AZTEC_TARGET_COMMITTEE_SIZE:-null} -AZTEC_INBOX_LAG = ${AZTEC_INBOX_LAG:-null} -AZTEC_PROOF_SUBMISSION_EPOCHS = ${AZTEC_PROOF_SUBMISSION_EPOCHS:-null} -AZTEC_ACTIVATION_THRESHOLD = ${AZTEC_ACTIVATION_THRESHOLD:-null} -AZTEC_EJECTION_THRESHOLD = ${AZTEC_EJECTION_THRESHOLD:-null} -AZTEC_LOCAL_EJECTION_THRESHOLD = ${AZTEC_LOCAL_EJECTION_THRESHOLD:-null} -AZTEC_SLASHING_QUORUM = ${AZTEC_SLASHING_QUORUM:-null} -AZTEC_SLASHING_ROUND_SIZE = ${AZTEC_SLASHING_ROUND_SIZE:-null} -AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS = ${AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS:-null} -AZTEC_SLASHING_LIFETIME_IN_ROUNDS = ${AZTEC_SLASHING_LIFETIME_IN_ROUNDS:-null} -AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS = ${AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS:-null} -AZTEC_SLASHING_VETOER = ${AZTEC_SLASHING_VETOER:-null} -AZTEC_SLASHING_OFFSET_IN_ROUNDS = ${AZTEC_SLASHING_OFFSET_IN_ROUNDS:-null} -AZTEC_SLASH_AMOUNT_SMALL = ${AZTEC_SLASH_AMOUNT_SMALL:-null} -AZTEC_SLASH_AMOUNT_MEDIUM = ${AZTEC_SLASH_AMOUNT_MEDIUM:-null} -AZTEC_SLASH_AMOUNT_LARGE = ${AZTEC_SLASH_AMOUNT_LARGE:-null} -AZTEC_SLASHER_ENABLED = ${AZTEC_SLASHER_ENABLED:-null} -AZTEC_GOVERNANCE_PROPOSER_QUORUM = ${AZTEC_GOVERNANCE_PROPOSER_QUORUM:-null} -AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE = ${AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE:-null} -AZTEC_GOVERNANCE_VOTING_DURATION = ${AZTEC_GOVERNANCE_VOTING_DURATION:-null} -AZTEC_MANA_TARGET = ${AZTEC_MANA_TARGET:-null} -AZTEC_PROVING_COST_PER_MANA = ${AZTEC_PROVING_COST_PER_MANA:-null} -AZTEC_EXIT_DELAY_SECONDS = ${AZTEC_EXIT_DELAY_SECONDS:-null} -ETHERSCAN_API_KEY = ${ETHERSCAN_API_KEY_TF} -NETWORK = $(tf_str "${NETWORK:-}") -JOB_NAME = "deploy-rollup-contracts" -JOB_BACKOFF_LIMIT = 3 -JOB_TTL_SECONDS_AFTER_FINISHED = 3600 -EOF +rm -f "${DEPLOY_ROLLUP_CONTRACTS_DIR}/terraform.tfvars" +echo "${LOADER_JSON}" | jq \ + --arg k8s_context "${K8S_CLUSTER_CONTEXT}" \ + --arg l1_rpc_urls "${CSV_RPC_URLS}" \ + --arg private_key "${ROLLUP_DEPLOYMENT_PRIVATE_KEY}" \ + --arg validators "${VALIDATOR_ADDRESSES}" \ + --arg verify "${VERIFY_CONTRACTS:-false}" \ + --argjson etherscan "${ETHERSCAN_API_KEY_TF}" \ + '{ + deploy: (.deploy + { + K8S_CLUSTER_CONTEXT: $k8s_context, + L1_RPC_URLS: $l1_rpc_urls, + PRIVATE_KEY: $private_key, + VALIDATORS: $validators, + VERIFY_CONTRACTS: $verify, + ETHERSCAN_API_KEY: $etherscan, + JOB_NAME: "deploy-rollup-contracts", + JOB_BACKOFF_LIMIT: "3", + JOB_TTL_SECONDS_AFTER_FINISHED: "3600" + }), + env: .env + }' \ + > "${DEPLOY_ROLLUP_CONTRACTS_DIR}/terraform.tfvars.json" # Check terraform state for existing contract addresses # This avoids redeploying contracts when the k8s job has been cleaned up by TTL @@ -413,7 +393,7 @@ fi # but a leftover HCL file can shadow the JSON one. rm -f "${DEPLOY_AZTEC_INFRA_DIR}/terraform.tfvars" -LOADER_JSON=$("${SCRIPT_DIR}/load_network_config.sh" "${NETWORK_YAML}" --format=tfvars) +# LOADER_JSON was loaded before the rollup-contracts step; reuse it here. DEPLOY_OVERRIDES=$(jq -n \ --arg namespace "${NAMESPACE}" \ diff --git a/spartan/scripts/deploy_network_with_env.sh b/spartan/scripts/deploy_network_with_env.sh index 4f632240cdbd..96914c8fb5d6 100755 --- a/spartan/scripts/deploy_network_with_env.sh +++ b/spartan/scripts/deploy_network_with_env.sh @@ -6,12 +6,14 @@ # or absolute path to a YAML file. # # Steps: -# 1. Loads basic env from YAML (CLUSTER, NAMESPACE, ...). +# 1. Loads basic env from YAML (CLUSTER, NAMESPACE, ...) without secrets. # 2. Performs GCP auth (skipped on kind). -# 3. Loads full env (with GCP secrets resolved). +# 3. Runs the loader once with --format=tfvars (resolves GCP secrets), sources +# shell env from its deploy+env blocks, and caches the JSON for step 5. # 4. Optionally provisions network-frontend (RPC ingress IP + SSL cert + DNS). -# 5. Calls deploy_network.sh, which renders Terraform tfvars and runs the -# eth-devnet / rollup-contracts / aztec-infra modules. +# 5. Calls deploy_network.sh, which overlays deploy-time values and runs the +# eth-devnet / rollup-contracts / aztec-infra Terraform modules. +# deploy_network.sh reads NETWORK_TFVARS_JSON instead of re-running the loader. # # For kind tests (test_kind.sh) and direct calls that have already populated # the environment, deploy_network.sh can be invoked directly. @@ -24,7 +26,6 @@ scripts_dir=$spartan/scripts # Source the required scripts source "$scripts_dir/source_env_basic.sh" -source "$scripts_dir/source_network_env.sh" source "$scripts_dir/gcp_auth.sh" # Main execution @@ -35,14 +36,30 @@ fi env_file="$1" -# First pass: source environment for basic variables like CLUSTER (skip GCP secret processing) +# First pass: source basic variables (CLUSTER, NAMESPACE, ...) without secret resolution. +# Needed before gcp_auth so we know whether we're on kind. source_env_basic "$env_file" # Perform GCP auth (needs CLUSTER and other basic vars) gcp_auth -# Second pass: source environment with GCP secret processing -source_network_env "$env_file" +# Single loader run that resolves GCP secrets, produces the structured +# {deploy, env, releases} tfvars JSON, and sources shell env from it. +# The cached file is passed to deploy_network.sh via NETWORK_TFVARS_JSON +# so the loader is not invoked again there. +echo "Loading network environment from: $env_file" +_NETWORK_TFVARS_TMP=$(mktemp /tmp/network_tfvars.XXXXXX.json) +trap 'rm -f "$_NETWORK_TFVARS_TMP"' EXIT +"$spartan/scripts/load_network_config.sh" "$env_file" --format=tfvars > "$_NETWORK_TFVARS_TMP" +set -a +# shellcheck disable=SC1090 +source <(jq -r ' + ((.deploy // {}) | to_entries[] | select(.value != null) | "export \(.key)=\(.value | tostring | @sh)"), + ((.env // {}) | to_entries[] | select(.value != null) | "export \(.key)=\(.value | tostring | @sh)") +' "$_NETWORK_TFVARS_TMP") +set +a +echo "Loaded network config $(basename "$env_file")" +export NETWORK_TFVARS_JSON="$_NETWORK_TFVARS_TMP" # Optional: provision per-network IP + managed cert (+ DNS record in the delegated # rpc.aztec-labs.com zone) via the network-frontend terraform module. The module's diff --git a/spartan/terraform/deploy-rollup-contracts/main.tf b/spartan/terraform/deploy-rollup-contracts/main.tf index 660d1632ed79..c1d55671d1dd 100644 --- a/spartan/terraform/deploy-rollup-contracts/main.tf +++ b/spartan/terraform/deploy-rollup-contracts/main.tf @@ -14,61 +14,34 @@ terraform { provider "kubernetes" { alias = "cluster" config_path = "~/.kube/config" - config_context = var.K8S_CLUSTER_CONTEXT + config_context = var.deploy.K8S_CLUSTER_CONTEXT } locals { - # Build the command arguments for deploy-l1-contracts + d = var.deploy + deploy_args = concat( ["deploy-l1-contracts"], - ["--l1-rpc-urls", var.L1_RPC_URLS], - ["--private-key", var.PRIVATE_KEY], - ["--l1-chain-id", tostring(var.L1_CHAIN_ID)], - ["--validators", var.VALIDATORS], + ["--l1-rpc-urls", local.d.L1_RPC_URLS], + ["--private-key", local.d.PRIVATE_KEY], + ["--l1-chain-id", tostring(tonumber(try(local.d.ETHEREUM_CHAIN_ID, "31337")))], + ["--validators", local.d.VALIDATORS], ["--json"], # Always output JSON for easier parsing - var.SPONSORED_FPC ? ["--sponsored-fpc"] : [], - var.TEST_ACCOUNTS ? ["--test-accounts"] : [], - var.REAL_VERIFIER ? ["--real-verifier"] : [], - var.VERIFY_CONTRACTS ? ["--verify-contracts"] : [] + tobool(local.d.SPONSORED_FPC) ? ["--sponsored-fpc"] : [], + tobool(local.d.TEST_ACCOUNTS) ? ["--test-accounts"] : [], + tobool(local.d.REAL_VERIFIER) ? ["--real-verifier"] : [], + tobool(try(local.d.VERIFY_CONTRACTS, "false")) ? ["--verify-contracts"] : [] ) + # Environment variables for the container (omit keys with null values). + # Merge all env vars from the YAML loader plus NETWORK from the deploy block + # (NETWORK lives under deploy: in network YAMLs, not env:). + env_vars = { for k, v in merge( + var.env, + { NETWORK = try(local.d.NETWORK, null) } + ) : k => v if v != null } - - # Environment variables for the container (omit keys with null values) - env_vars = { for k, v in { - NETWORK = var.NETWORK - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET = var.AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO = var.AZTEC_LAG_IN_EPOCHS_FOR_RANDAO - AZTEC_SLOT_DURATION = var.AZTEC_SLOT_DURATION - AZTEC_EPOCH_DURATION = var.AZTEC_EPOCH_DURATION - AZTEC_TARGET_COMMITTEE_SIZE = var.AZTEC_TARGET_COMMITTEE_SIZE - AZTEC_INBOX_LAG = var.AZTEC_INBOX_LAG - AZTEC_PROOF_SUBMISSION_EPOCHS = var.AZTEC_PROOF_SUBMISSION_EPOCHS - AZTEC_ACTIVATION_THRESHOLD = var.AZTEC_ACTIVATION_THRESHOLD - AZTEC_EJECTION_THRESHOLD = var.AZTEC_EJECTION_THRESHOLD - AZTEC_LOCAL_EJECTION_THRESHOLD = var.AZTEC_LOCAL_EJECTION_THRESHOLD - AZTEC_SLASHING_QUORUM = var.AZTEC_SLASHING_QUORUM - AZTEC_SLASHING_ROUND_SIZE = var.AZTEC_SLASHING_ROUND_SIZE - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS = var.AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS - AZTEC_SLASHING_LIFETIME_IN_ROUNDS = var.AZTEC_SLASHING_LIFETIME_IN_ROUNDS - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS = var.AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS - AZTEC_SLASHING_VETOER = var.AZTEC_SLASHING_VETOER - AZTEC_SLASHING_OFFSET_IN_ROUNDS = var.AZTEC_SLASHING_OFFSET_IN_ROUNDS - AZTEC_SLASH_AMOUNT_SMALL = var.AZTEC_SLASH_AMOUNT_SMALL - AZTEC_SLASH_AMOUNT_MEDIUM = var.AZTEC_SLASH_AMOUNT_MEDIUM - AZTEC_SLASH_AMOUNT_LARGE = var.AZTEC_SLASH_AMOUNT_LARGE - AZTEC_SLASHER_ENABLED = var.AZTEC_SLASHER_ENABLED - AZTEC_GOVERNANCE_PROPOSER_QUORUM = var.AZTEC_GOVERNANCE_PROPOSER_QUORUM - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE = var.AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE - AZTEC_GOVERNANCE_VOTING_DURATION = var.AZTEC_GOVERNANCE_VOTING_DURATION - AZTEC_MANA_TARGET = var.AZTEC_MANA_TARGET - AZTEC_PROVING_COST_PER_MANA = var.AZTEC_PROVING_COST_PER_MANA - AZTEC_EXIT_DELAY_SECONDS = var.AZTEC_EXIT_DELAY_SECONDS - LOG_LEVEL = "debug" - } : k => v if v != null } - - # Generate a unique job name with timestamp to avoid conflicts - job_name = "${var.JOB_NAME}-${formatdate("YYYY-MM-DD-hhmm", timestamp())}" + job_name = "${try(local.d.JOB_NAME, "deploy-rollup-contracts")}-${formatdate("YYYY-MM-DD-hhmm", timestamp())}" } @@ -78,22 +51,22 @@ resource "kubernetes_job_v1" "deploy_rollup_contracts" { metadata { name = local.job_name - namespace = var.NAMESPACE + namespace = local.d.NAMESPACE labels = { app = "deploy-rollup-contracts" - version = split(":", var.AZTEC_DOCKER_IMAGE)[1] + version = split(":", local.d.AZTEC_DOCKER_IMAGE)[1] } } spec { - backoff_limit = var.JOB_BACKOFF_LIMIT - ttl_seconds_after_finished = var.JOB_TTL_SECONDS_AFTER_FINISHED + backoff_limit = tonumber(try(local.d.JOB_BACKOFF_LIMIT, "3")) + ttl_seconds_after_finished = tonumber(try(local.d.JOB_TTL_SECONDS_AFTER_FINISHED, "3600")) template { metadata { labels = { app = "deploy-rollup-contracts" - version = split(":", var.AZTEC_DOCKER_IMAGE)[1] + version = split(":", local.d.AZTEC_DOCKER_IMAGE)[1] } } @@ -102,8 +75,8 @@ resource "kubernetes_job_v1" "deploy_rollup_contracts" { container { name = "deploy-rollup-contracts" - image = var.AZTEC_DOCKER_IMAGE - image_pull_policy = can(regex("^kind-", var.K8S_CLUSTER_CONTEXT)) ? "IfNotPresent" : "Always" + image = local.d.AZTEC_DOCKER_IMAGE + image_pull_policy = can(regex("^kind-", local.d.K8S_CLUSTER_CONTEXT)) ? "IfNotPresent" : "Always" command = ["/bin/sh"] args = concat( [ @@ -125,7 +98,7 @@ resource "kubernetes_job_v1" "deploy_rollup_contracts" { env { name = "ETHERSCAN_API_KEY" - value = var.ETHERSCAN_API_KEY + value = try(local.d.ETHERSCAN_API_KEY, null) } # Resource limits @@ -175,7 +148,7 @@ data "external" "contract_addresses" { # Get the most recent successfully completed pod for the job # Filter by Succeeded phase and sort by creation timestamp to get the latest - POD_NAME=$(kubectl get pods -n ${var.NAMESPACE} \ + POD_NAME=$(kubectl get pods -n ${local.d.NAMESPACE} \ -l job-name=${kubernetes_job_v1.deploy_rollup_contracts.metadata[0].name} \ --field-selector=status.phase=Succeeded \ --sort-by=.metadata.creationTimestamp \ @@ -187,7 +160,7 @@ data "external" "contract_addresses" { fi # Extract logs from the pod - LOGS=$(kubectl logs $POD_NAME -n ${var.NAMESPACE} 2>/dev/null || echo "{}") + LOGS=$(kubectl logs $POD_NAME -n ${local.d.NAMESPACE} 2>/dev/null || echo "{}") # Consider only logs BEFORE the verification JSON markers (if present) BEFORE=$(echo "$LOGS" | sed -n '1,/\[VERIFICATION_JSON_BEGIN\]/p' | sed '$d' || true) @@ -208,7 +181,7 @@ data "external" "verification_json" { # Get the most recent successfully completed pod for the job # Filter by Succeeded phase and sort by creation timestamp to get the latest - POD_NAME=$(kubectl get pods -n ${var.NAMESPACE} \ + POD_NAME=$(kubectl get pods -n ${local.d.NAMESPACE} \ -l job-name=${kubernetes_job_v1.deploy_rollup_contracts.metadata[0].name} \ --field-selector=status.phase=Succeeded \ --sort-by=.metadata.creationTimestamp \ @@ -219,7 +192,7 @@ data "external" "verification_json" { exit 0 fi - LOGS=$(kubectl logs $POD_NAME -n ${var.NAMESPACE} 2>/dev/null || echo "") + LOGS=$(kubectl logs $POD_NAME -n ${local.d.NAMESPACE} 2>/dev/null || echo "") CONTENT=$(echo "$LOGS" | sed -n '/\[VERIFICATION_JSON_BEGIN\]/,/\[VERIFICATION_JSON_END\]/p' | sed '1d;$d') diff --git a/spartan/terraform/deploy-rollup-contracts/outputs.tf b/spartan/terraform/deploy-rollup-contracts/outputs.tf index 04409846bcd5..76ebd4bcf4b8 100644 --- a/spartan/terraform/deploy-rollup-contracts/outputs.tf +++ b/spartan/terraform/deploy-rollup-contracts/outputs.tf @@ -101,16 +101,13 @@ output "zk_passport_verifier_address" { output "docker_image_used" { description = "Docker image that was used for the deployment" - value = var.AZTEC_DOCKER_IMAGE + value = var.deploy.AZTEC_DOCKER_IMAGE } output "deployment_command" { description = "The full command that was executed" sensitive = true - value = concat( - ["node", "--no-warnings", "/usr/src/yarn-project/aztec/dest/bin/index.js"], - local.deploy_args - ) + value = concat(["node", "--no-warnings", "/usr/src/yarn-project/aztec/dest/bin/index.js"], local.deploy_args) } output "deployment_successful" { diff --git a/spartan/terraform/deploy-rollup-contracts/variables.tf b/spartan/terraform/deploy-rollup-contracts/variables.tf index 8ff087663ab2..848a4b3fe1af 100644 --- a/spartan/terraform/deploy-rollup-contracts/variables.tf +++ b/spartan/terraform/deploy-rollup-contracts/variables.tf @@ -1,255 +1,21 @@ -variable "K8S_CLUSTER_CONTEXT" { - description = "Kubernetes cluster context" - type = string -} - -variable "NAMESPACE" { - description = "Kubernetes namespace to deploy the job" - type = string -} - -variable "AZTEC_DOCKER_IMAGE" { - description = "Aztec Docker image with tag" - type = string -} - -variable "ETHERSCAN_API_KEY" { - description = "Etherscan API key" - type = string - sensitive = true - nullable = true - default = null -} - -# Deploy L1 contracts configuration -variable "L1_RPC_URLS" { - description = "Comma-separated list of L1 RPC URLs" - type = string - sensitive = true -} - -variable "PRIVATE_KEY" { - description = "Private key for deployment" - type = string - sensitive = true -} - -variable "L1_CHAIN_ID" { - description = "L1 chain ID" - type = number - default = 31337 -} - -variable "VALIDATORS" { - description = "Comma-separated list of validators" - type = string -} - -variable "SPONSORED_FPC" { - description = "Enable sponsored FPC" - type = bool -} - -variable "TEST_ACCOUNTS" { - description = "Enable test accounts" - type = bool -} - -variable "REAL_VERIFIER" { - description = "Deploy real verifier" - type = bool -} - -# Environment variables for the deployment -variable "AZTEC_SLOT_DURATION" { - description = "Aztec slot duration" - type = string - nullable = true -} - -variable "AZTEC_EPOCH_DURATION" { - description = "Aztec epoch duration" - type = string - nullable = true -} - -variable "AZTEC_TARGET_COMMITTEE_SIZE" { - description = "Aztec target committee size" - type = string - nullable = true -} - -variable "AZTEC_PROOF_SUBMISSION_EPOCHS" { - description = "Aztec proof submission epochs" - type = string - nullable = true -} - -variable "AZTEC_INBOX_LAG" { - description = "Checkpoints to lag in inbox (prevents sequencer DOS attacks)" - type = string - nullable = true -} - -variable "AZTEC_ACTIVATION_THRESHOLD" { - description = "Aztec activation threshold" - type = string - nullable = true -} - -variable "AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET" { - description = "Aztec lag in epochs for the validator set size" - type = string - nullable = true -} - -variable "AZTEC_LAG_IN_EPOCHS_FOR_RANDAO" { - description = "Aztec lag in epochs for the randao values" - type = string - nullable = true -} - -variable "AZTEC_EJECTION_THRESHOLD" { - description = "Aztec ejection threshold" - type = string - nullable = true -} - -variable "AZTEC_LOCAL_EJECTION_THRESHOLD" { - description = "Aztec local ejection threshold" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_QUORUM" { - description = "Aztec slashing quorum" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_ROUND_SIZE" { - description = "Aztec slashing round size" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS" { - description = "Aztec slashing round size in epochs" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_LIFETIME_IN_ROUNDS" { - description = "Aztec slashing lifetime in rounds" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS" { - description = "Aztec slashing execution delay in rounds" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_VETOER" { - description = "Aztec slashing vetoer address" - type = string - nullable = true -} - -variable "AZTEC_SLASHING_OFFSET_IN_ROUNDS" { - description = "Aztec slashing offset in rounds" - type = string - nullable = true -} - -variable "AZTEC_SLASH_AMOUNT_SMALL" { - description = "Small slashing amount for light offenses" - type = string - nullable = true -} - -variable "AZTEC_SLASH_AMOUNT_MEDIUM" { - description = "Medium slashing amount for moderate offenses" - type = string - nullable = true -} - -variable "AZTEC_SLASH_AMOUNT_LARGE" { - description = "Large slashing amount for severe offenses" - type = string - nullable = true -} - -variable "AZTEC_SLASHER_ENABLED" { - description = "Whether to deploy a slasher proposer" - type = string - nullable = true -} - -variable "AZTEC_GOVERNANCE_PROPOSER_QUORUM" { - description = "Aztec governance proposer quorum" - type = string - nullable = true -} - -variable "AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE" { - description = "Aztec governance proposer round size" - type = string - nullable = true -} - -variable "AZTEC_GOVERNANCE_VOTING_DURATION" { - description = "Aztec governance voting duration in seconds" - type = string - nullable = true -} - -variable "AZTEC_MANA_TARGET" { - description = "Aztec mana target" - type = string - nullable = true -} - -variable "AZTEC_PROVING_COST_PER_MANA" { - description = "Aztec proving cost per mana" - type = string - nullable = true -} - -variable "AZTEC_EXIT_DELAY_SECONDS" { - description = "Aztec exit delay seconds" - type = string - nullable = true -} - -variable "JOB_NAME" { - description = "Name for the Kubernetes job" - type = string - default = "deploy-rollup-contracts" -} - -variable "JOB_BACKOFF_LIMIT" { - description = "Number of retries for failed job" - type = number - default = 3 -} - -variable "JOB_TTL_SECONDS_AFTER_FINISHED" { - description = "TTL in seconds for job cleanup after completion" - type = number - default = 3600 -} - -variable "NETWORK" { - description = "One of the existing network names to use default config for" - type = string - nullable = true -} - -variable "VERIFY_CONTRACTS" { - description = "Verify contracts on Etherscan" - type = bool - default = false +# Inputs for the deploy-rollup-contracts Terraform module. +# +# All configuration flows through two structured inputs populated by +# spartan/scripts/deploy_network.sh from the YAML loader output plus +# deploy-time-computed values (private key, validator addresses, L1 RPC URLs, +# Etherscan key, etc.). +# +# main.tf reads these as var.deploy. and var.env. -- never as +# individual legacy var. variables. + +variable "deploy" { + description = "Deploy-time config (cluster context, namespace, image, L1 endpoints, private key, validator addresses, job settings, ...). Loaded from per-network YAML deploy: block and merged with script-computed values by deploy_network.sh." + type = any +} + +variable "env" { + description = "Network env vars (AZTEC_* overrides, NETWORK, ...) loaded from per-network YAML env: block." + type = map(string) + default = {} } From 4bff2cc0ac72c22adb25a396229e53eb0288e5b6 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:11:01 +0000 Subject: [PATCH 22/34] better wrapping for bot & validator --- spartan/environments/network-defaults.yml | 38 +++++----- .../environments/networks/kind-minimal.yml | 69 ++++++++++--------- spartan/environments/networks/mbps-net.yml | 27 ++++---- .../environments/networks/mbps-pipeline.yml | 31 +++++---- .../environments/networks/next-net-clone.yml | 14 ++-- spartan/environments/networks/next-net.yml | 14 ++-- .../environments/networks/staging-public.yml | 21 +++--- spartan/environments/networks/testnet.yml | 7 +- spartan/terraform/deploy-aztec-infra/main.tf | 41 +++++------ 9 files changed, 136 insertions(+), 126 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index a226848330fd..6865932661d0 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -341,8 +341,9 @@ _deploy_defaults: _release_defaults: validator: - replicaCount: 0 - env: {} + validator: # subchart alias in aztec-validator (mirrors prover.{node,broker,agent} convention) + replicaCount: 0 + env: {} prover: node: replicaCount: 1 @@ -380,23 +381,26 @@ _release_defaults: replicaCount: 1 env: {} bot_transfers: - replicaCount: 0 - env: - BOT_TX_INTERVAL_SECONDS: "60" - BOT_FOLLOW_CHAIN: "NONE" - PXE_SYNC_CHAIN_TIP: "checkpointed" + bot: # subchart alias in aztec-bot + replicaCount: 0 + env: + BOT_TX_INTERVAL_SECONDS: "60" + BOT_FOLLOW_CHAIN: "NONE" + PXE_SYNC_CHAIN_TIP: "checkpointed" bot_swaps: - replicaCount: 0 - env: - BOT_TX_INTERVAL_SECONDS: "60" - BOT_FOLLOW_CHAIN: "NONE" - PXE_SYNC_CHAIN_TIP: "checkpointed" + bot: + replicaCount: 0 + env: + BOT_TX_INTERVAL_SECONDS: "60" + BOT_FOLLOW_CHAIN: "NONE" + PXE_SYNC_CHAIN_TIP: "checkpointed" bot_cross_chain: - replicaCount: 0 - env: - BOT_TX_INTERVAL_SECONDS: "10" - BOT_FOLLOW_CHAIN: "PENDING" - PXE_SYNC_CHAIN_TIP: "checkpointed" + bot: + replicaCount: 0 + env: + BOT_TX_INTERVAL_SECONDS: "10" + BOT_FOLLOW_CHAIN: "PENDING" + PXE_SYNC_CHAIN_TIP: "checkpointed" #=============================================================================== # NETWORK PRESETS diff --git a/spartan/environments/networks/kind-minimal.yml b/spartan/environments/networks/kind-minimal.yml index f3ddc3a4cb45..7d0fea596884 100644 --- a/spartan/environments/networks/kind-minimal.yml +++ b/spartan/environments/networks/kind-minimal.yml @@ -13,38 +13,38 @@ deploy: env: # Mnemonics / keys - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - L1_ACCOUNT_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - REAL_VERIFIER: 'false' - PROVER_REAL_PROOFS: 'false' - SENTINEL_ENABLED: 'false' - LOG_LEVEL: 'info' + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + L1_ACCOUNT_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + REAL_VERIFIER: "false" + PROVER_REAL_PROOFS: "false" + SENTINEL_ENABLED: "false" + LOG_LEVEL: "info" # Fast epoch timing for quick iteration - AZTEC_SLOT_DURATION: '24' - AZTEC_EPOCH_DURATION: '4' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '1' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '1' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_ACTIVATION_THRESHOLD: '100000000000000000000' - AZTEC_EJECTION_THRESHOLD: '50000000000000000000' - AZTEC_LOCAL_EJECTION_THRESHOLD: '95000000000000000000' - AZTEC_SLASH_AMOUNT_SMALL: '5000000000000000000' - AZTEC_SLASH_AMOUNT_MEDIUM: '10000000000000000000' - AZTEC_SLASH_AMOUNT_LARGE: '15000000000000000000' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' + AZTEC_SLOT_DURATION: "24" + AZTEC_EPOCH_DURATION: "4" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "1" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "1" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_ACTIVATION_THRESHOLD: "100000000000000000000" + AZTEC_EJECTION_THRESHOLD: "50000000000000000000" + AZTEC_LOCAL_EJECTION_THRESHOLD: "95000000000000000000" + AZTEC_SLASH_AMOUNT_SMALL: "5000000000000000000" + AZTEC_SLASH_AMOUNT_MEDIUM: "10000000000000000000" + AZTEC_SLASH_AMOUNT_LARGE: "15000000000000000000" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" # Governance settings (required for upgrade test) - AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' - AZTEC_GOVERNANCE_VOTING_DURATION: '300' + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "11" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "20" + AZTEC_GOVERNANCE_VOTING_DURATION: "300" - AWS_ACCESS_KEY_ID: '' - AWS_SECRET_ACCESS_KEY: '' + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" - OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' + OTEL_COLLECTOR_ENDPOINT: "http://metrics-opentelemetry-collector.metrics:4318" # Image: AZTEC_DOCKER_IMAGE may be pre-set by CI; loader resolves ${VAR} placeholders shared: @@ -54,23 +54,24 @@ shared: # Validators - minimal setup for upgrade test validator: - replicaCount: 4 - env: - VALIDATORS_PER_NODE: '12' - VALIDATOR_PUBLISHERS_PER_REPLICA: '4' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' + validator: + replicaCount: 4 + env: + VALIDATORS_PER_NODE: "12" + VALIDATOR_PUBLISHERS_PER_REPLICA: "4" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" # Provers - minimal for faster testing prover: node: replicaCount: 1 env: - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' - PUBLISHERS_PER_PROVER: '1' + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" + PUBLISHERS_PER_PROVER: "1" agent: replicaCount: 1 env: - PROVER_AGENTS_PER_PROVER: '1' + PROVER_AGENTS_PER_PROVER: "1" rpc: replicaCount: 1 diff --git a/spartan/environments/networks/mbps-net.yml b/spartan/environments/networks/mbps-net.yml index 624bdfe684bc..ab787d7bb29a 100644 --- a/spartan/environments/networks/mbps-net.yml +++ b/spartan/environments/networks/mbps-net.yml @@ -51,19 +51,22 @@ env: DEBUG_P2P_INSTRUMENT_MESSAGES: "true" bot_transfers: - env: - BOT_TX_INTERVAL_SECONDS: "4" - BOT_FOLLOW_CHAIN: "PROPOSED" - PXE_SYNC_CHAIN_TIP: "proposed" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" bot_swaps: - env: - BOT_TX_INTERVAL_SECONDS: "4" - BOT_FOLLOW_CHAIN: "PROPOSED" - PXE_SYNC_CHAIN_TIP: "proposed" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" bot_cross_chain: - env: - BOT_TX_INTERVAL_SECONDS: "8" - BOT_FOLLOW_CHAIN: "PROPOSED" - PXE_SYNC_CHAIN_TIP: "proposed" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "8" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" diff --git a/spartan/environments/networks/mbps-pipeline.yml b/spartan/environments/networks/mbps-pipeline.yml index 76822c66b89f..9e1003cd52df 100644 --- a/spartan/environments/networks/mbps-pipeline.yml +++ b/spartan/environments/networks/mbps-pipeline.yml @@ -47,21 +47,24 @@ env: DEBUG_P2P_INSTRUMENT_MESSAGES: "true" bot_transfers: - env: - BOT_TX_INTERVAL_SECONDS: "4" - BOT_FOLLOW_CHAIN: "PROPOSED" - PXE_SYNC_CHAIN_TIP: "proposed" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" bot_swaps: - env: - BOT_TX_INTERVAL_SECONDS: "4" - BOT_FOLLOW_CHAIN: "PROPOSED" - PXE_SYNC_CHAIN_TIP: "proposed" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "4" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" bot_cross_chain: - env: - BOT_TX_INTERVAL_SECONDS: "8" - BOT_FOLLOW_CHAIN: "PROPOSED" - PXE_SYNC_CHAIN_TIP: "proposed" - OTEL_COLLECT_INTERVAL_MS: "10000" - OTEL_EXPORT_TIMEOUT_MS: "5000" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "8" + BOT_FOLLOW_CHAIN: "PROPOSED" + PXE_SYNC_CHAIN_TIP: "proposed" + OTEL_COLLECT_INTERVAL_MS: "10000" + OTEL_EXPORT_TIMEOUT_MS: "5000" diff --git a/spartan/environments/networks/next-net-clone.yml b/spartan/environments/networks/next-net-clone.yml index b1ae71d174e5..91d8e857f716 100644 --- a/spartan/environments/networks/next-net-clone.yml +++ b/spartan/environments/networks/next-net-clone.yml @@ -52,11 +52,13 @@ env: AZTEC_PROOF_SUBMISSION_EPOCHS: "1" bot_transfers: - env: - BOT_TX_INTERVAL_SECONDS: "250" - BOT_FOLLOW_CHAIN: "PENDING" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PENDING" bot_swaps: - env: - BOT_TX_INTERVAL_SECONDS: "350" - BOT_FOLLOW_CHAIN: "PENDING" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "350" + BOT_FOLLOW_CHAIN: "PENDING" diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml index 3a6c625c3309..ffef4effb8ab 100644 --- a/spartan/environments/networks/next-net.yml +++ b/spartan/environments/networks/next-net.yml @@ -65,11 +65,13 @@ env: AZTEC_PROOF_SUBMISSION_EPOCHS: "1" bot_transfers: - env: - BOT_TX_INTERVAL_SECONDS: "250" - BOT_FOLLOW_CHAIN: "PENDING" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PENDING" bot_swaps: - env: - BOT_TX_INTERVAL_SECONDS: "350" - BOT_FOLLOW_CHAIN: "PENDING" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "350" + BOT_FOLLOW_CHAIN: "PENDING" diff --git a/spartan/environments/networks/staging-public.yml b/spartan/environments/networks/staging-public.yml index c1fa3e55c133..87b4de375a3d 100644 --- a/spartan/environments/networks/staging-public.yml +++ b/spartan/environments/networks/staging-public.yml @@ -59,16 +59,19 @@ env: LOG_LEVEL: "debug; info: simulator, json-rpc" bot_transfers: - env: - BOT_TX_INTERVAL_SECONDS: "250" - BOT_FOLLOW_CHAIN: "PROPOSED" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PROPOSED" bot_swaps: - env: - BOT_TX_INTERVAL_SECONDS: "350" - BOT_FOLLOW_CHAIN: "PROPOSED" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "350" + BOT_FOLLOW_CHAIN: "PROPOSED" bot_cross_chain: - env: - BOT_TX_INTERVAL_SECONDS: "250" - BOT_FOLLOW_CHAIN: "PROPOSED" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "250" + BOT_FOLLOW_CHAIN: "PROPOSED" diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml index 62b7dc918e95..415532a9f56f 100644 --- a/spartan/environments/networks/testnet.yml +++ b/spartan/environments/networks/testnet.yml @@ -84,6 +84,7 @@ env: L1_TX_FAILED_STORE: "gs://aztec-develop/testnet/failed-l1-txs" bot_transfers: - env: - BOT_TX_INTERVAL_SECONDS: "72" - BOT_FOLLOW_CHAIN: "PENDING" + bot: + env: + BOT_TX_INTERVAL_SECONDS: "72" + BOT_FOLLOW_CHAIN: "PENDING" diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 34a8d78ec08e..81f26a568bda 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -80,38 +80,30 @@ locals { # Per-release helm values from the YAML loader. # # `var.releases` is the loader's tfvars output, keyed by the YAML's release - # block name (validator, prover, rpc, bot_transfers, ...). Wrapper charts - # (aztec-validator, aztec-bot) alias aztec-node as a subchart, so values - # must be nested under that alias key (`validator:` / `bot:`) for the env - # ConfigMap to land in the subchart's `.Values.env`. + # block name (validator, prover, rpc, bot_transfers, ...). The YAML blocks + # already nest values under the correct subchart alias key so every entry + # is passed through verbatim: + # - validator: { validator: { replicaCount, env } } (aztec-validator alias) + # - bot_*: { bot: { replicaCount, env } } (aztec-bot alias) + # - prover: { node, broker, agent } (aztec-prover-stack aliases) + # - rpc/archive/...: { replicaCount, env } (plain aztec-node, no aliasing) # - # validators* helm release names (validators, validators-ha-1, ...) all - # share the loader's single `validator` block as their env baseline; the - # HA-specific overrides are layered on via custom_settings later. + # validators* helm releases (validators, validators-ha-1, ...) all share the + # loader's single `validator` block as their env baseline; HA-specific + # overrides are layered on via custom_settings later. # - # Each key maps to the OBJECT to yamlencode (or {} to skip). + # Each key maps to the OBJECT to yamlencode (or null to skip). # --------------------------------------------------------------------------- - # try() avoids Terraform's strict-type checks on conditionals (var.releases - # entries have heterogeneous shapes: rpc has env/replicaCount, prover has - # node/broker/agent, etc.). release_values_from_loader = merge( - # Validator helm releases (validators, validators-ha-N) -> wrap loader's - # `validator` block under `validator:`. + # validators* releases all share the loader's `validator` block. { for k in keys(local.helm_releases) : - k => { validator = try(var.releases["validator"], null) } + k => try(var.releases["validator"], null) if startswith(k, "validators") }, - # Bot helm releases -> wrap matching loader block under `bot:`. + # All other named releases: pass through verbatim. { - for k in ["bot_transfers", "bot_swaps", "bot_cross_chain"] : - k => { bot = try(var.releases[k], null) } - }, - # aztec-node releases (no subchart aliasing) and aztec-prover-stack - # (subchart structure is already in the loader output as node/broker/agent) - # are passed through verbatim. - { - for k in ["rpc", "archive", "blob_sink", "full_node", "fisherman", "p2p_bootstrap", "prover"] : + for k in ["bot_transfers", "bot_swaps", "bot_cross_chain", "rpc", "archive", "blob_sink", "full_node", "fisherman", "p2p_bootstrap", "prover"] : k => try(var.releases[k], null) }, ) @@ -747,8 +739,7 @@ resource "helm_release" "releases" { ], lookup(each.value, "inline_values", []), # Per-release Helm values from the YAML loader. See `local.release_values_from_loader` - # for the wrapping/lookup rules (handles wrapper charts and validators-*<->validator - # name mismatch). null/missing means "no loader values for this release". + # for the lookup rules (validators-* fan-out). null/missing means "no loader values for this release". try(local.release_values_from_loader[each.key], null) != null ? [yamlencode(local.release_values_from_loader[each.key])] : [] ) From 9bb4fe34ba654c71c8542fa0b1af088bf02077e3 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:14:30 +0000 Subject: [PATCH 23/34] fix r2 env values sourcing --- spartan/scripts/deploy_network.sh | 8 +------- spartan/terraform/deploy-aztec-infra/main.tf | 4 ++-- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index d2807f1d6ebb..2801ccaf6821 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -458,15 +458,9 @@ DEPLOY_OVERRIDES=$(jq -n \ PROVER_REAL_PROOFS: $prover_real_proofs, }') -# Promote env-side construction outputs (R2-derived URLs from -# load_network_config.sh's resolve_secrets) into deploy: -- main.tf gates -# helm releases on these (e.g. blob_sink only if BLOB_FILE_STORE_UPLOAD_URL). echo "${LOADER_JSON}" | jq \ --argjson overrides "${DEPLOY_OVERRIDES}" \ - '.deploy = (.deploy + $overrides) - | .deploy.BLOB_FILE_STORE_UPLOAD_URL = (.env.BLOB_FILE_STORE_UPLOAD_URL // "") - | .deploy.STORE_SNAPSHOT_URL = (.env.STORE_SNAPSHOT_URL // "") - | .deploy.TX_FILE_STORE_URL = (.env.TX_FILE_STORE_URL // "")' \ + '.deploy = (.deploy + $overrides)' \ > "${DEPLOY_AZTEC_INFRA_DIR}/terraform.tfvars.json" k8s_denoise "tf_run "${DEPLOY_AZTEC_INFRA_DIR}" "${DESTROY_AZTEC_INFRA}" "${CREATE_AZTEC_INFRA}"" diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 81f26a568bda..df36ae1a6d3f 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -61,8 +61,8 @@ locals { # Optional strings: "" means "not set" for legacy callers; null when the key # may be entirely absent. network = try(local.d.NETWORK, "") - store_snapshot_url = try(local.d.STORE_SNAPSHOT_URL, "") - blob_file_store_upload_url = try(local.d.BLOB_FILE_STORE_UPLOAD_URL, "") + store_snapshot_url = try(var.env.STORE_SNAPSHOT_URL, "") + blob_file_store_upload_url = try(var.env.BLOB_FILE_STORE_UPLOAD_URL, "") prover_agent_image_str = try(local.d.PROVER_AGENT_DOCKER_IMAGE, "") validator_ha_image_str = try(local.d.VALIDATOR_HA_DOCKER_IMAGE, "") otel_endpoint = try(local.d.OTEL_COLLECTOR_ENDPOINT, "") From 3e8bb62b60db20fca8d45a5fec6701453a0b0ed1 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:17:08 +0000 Subject: [PATCH 24/34] remove default duplicates --- spartan/environments/network-defaults.yml | 1 + spartan/environments/networks/testnet.yml | 24 ----------------------- 2 files changed, 1 insertion(+), 24 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index 6865932661d0..a615428c2cd2 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -464,6 +464,7 @@ networks: AZTEC_ACTIVATION_THRESHOLD: 200000e18 AZTEC_EJECTION_THRESHOLD: 100000e18 AZTEC_LOCAL_EJECTION_THRESHOLD: 199000e18 + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: 2 AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: 2 AZTEC_SLASHING_VETOER: "0xdfe19Da6a717b7088621d8bBB66be59F2d78e924" AZTEC_SLASHING_QUORUM: 33 diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml index 415532a9f56f..49a20b8c1e5b 100644 --- a/spartan/environments/networks/testnet.yml +++ b/spartan/environments/networks/testnet.yml @@ -43,28 +43,6 @@ env: AZTEC_ENTRY_QUEUE_FLUSH_SIZE_MIN: "10" AZTEC_ENTRY_QUEUE_FLUSH_SIZE_QUOTIENT: "400" AZTEC_ENTRY_QUEUE_MAX_FLUSH_SIZE: "10" - AZTEC_SLOT_DURATION: "72" - AZTEC_EPOCH_DURATION: "32" - AZTEC_TARGET_COMMITTEE_SIZE: "48" - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" - AZTEC_PROOF_SUBMISSION_EPOCHS: "1" - AZTEC_LOCAL_EJECTION_THRESHOLD: "199000e18" - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "2" - AZTEC_SLASHING_QUORUM: "33" - AZTEC_SLASHING_OFFSET_IN_ROUNDS: "2" - AZTEC_SLASHING_LIFETIME_IN_ROUNDS: "5" - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "2" - AZTEC_SLASHING_VETOER: '\"0xdfe19Da6a717b7088621d8bBB66be59F2d78e924\"' - AZTEC_MANA_TARGET: "75000000" - AZTEC_PROVING_COST_PER_MANA: "25000000" - AZTEC_SLASH_AMOUNT_SMALL: "100000e18" - AZTEC_SLASH_AMOUNT_MEDIUM: "100000e18" - AZTEC_SLASH_AMOUNT_LARGE: "100000e18" - AZTEC_ACTIVATION_THRESHOLD: "200000e18" - AZTEC_EJECTION_THRESHOLD: "100000e18" - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "100" - AZTEC_GOVERNANCE_PROPOSER_QUORUM: "60" ETHEREUM_RPC_URLS: "REPLACE_WITH_GCP_SECRET" ETHEREUM_CONSENSUS_HOST_URLS: "REPLACE_WITH_GCP_SECRET" ETHEREUM_CONSENSUS_HOST_API_KEYS: "REPLACE_WITH_GCP_SECRET" @@ -78,8 +56,6 @@ env: TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" - P2P_TX_POOL_DELETE_TXS_AFTER_REORG: "true" - SEQ_MAX_TX_PER_CHECKPOINT: "72" PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/testnet/failed-proofs" L1_TX_FAILED_STORE: "gs://aztec-develop/testnet/failed-l1-txs" From 3cedb1a1b6924b32f4031669661b315ea96f1313 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:25:13 +0000 Subject: [PATCH 25/34] chore(spartan): tidy loader, drop placeholder defaults - Merge source_env_basic.sh into source_network_env.sh; old path is a shim. - Remove BOOTSTRAP_NODES="asdf" placeholder from broker/agent defaults. - Drop unused empty-string defaults from _deploy_defaults. - Fail loudly if mnemonic *_START_INDEX is set under env: instead of deploy:. --- spartan/environments/network-defaults.yml | 27 +++++-------- spartan/scripts/load_network_config.sh | 9 +++++ spartan/scripts/source_env_basic.sh | 41 +++----------------- spartan/scripts/source_network_env.sh | 47 +++++++++++++---------- 4 files changed, 49 insertions(+), 75 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index a615428c2cd2..a5224e891682 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -310,22 +310,17 @@ _deploy_defaults: P2P_GOSSIPSUB_DHI: "12" P2P_DROP_TX_CHANCE: "0" - # Filestore - BLOB_ALLOW_EMPTY_SOURCES: "false" - BLOB_FILE_STORE_URLS: "" + # Filestore: TX_FILE_STORE_ENABLED is read by per-network YAMLs to gate + # filestore-related features; everything else here is set per-network. TX_FILE_STORE_ENABLED: "false" - TX_COLLECTION_FILE_STORE_URLS: "" - PROVER_FAILED_PROOF_STORE: "" - # Optional secrets (overridden by per-network YAML or GCP secrets). - AWS_ACCESS_KEY_ID: "" - AWS_SECRET_ACCESS_KEY: "" - OTEL_COLLECTOR_ENDPOINT: "" - - # RPC ingress optional fields (per-network YAML overrides when used). + # RPC ingress: only RPC_INGRESS_STATIC_IP_NAME needs a default. main.tf + # references it directly in the rpc release's ingress block, which terraform + # validates eagerly even when local.rpc_ingress_enabled is false. The other + # ingress / cloud-armor / session-affinity / OTEL / R2 secret fields are + # read via try(local.d.X, "") in main.tf or only consumed at runtime, so an + # empty default would just be redundant. RPC_INGRESS_STATIC_IP_NAME: "" - RPC_CLOUD_ARMOR_POLICY_NAME: "" - RPC_INGRESS_SESSION_AFFINITY: "" # Logging / debug LOG_LEVEL: "info" @@ -350,14 +345,10 @@ _release_defaults: env: {} broker: replicaCount: 1 - env: - # Broker doesn't actually use bootstrap nodes; the chart requires the var to - # be set so its env block validates. Placeholder retained from legacy config. - BOOTSTRAP_NODES: "asdf" + env: {} agent: replicaCount: 4 env: - BOOTSTRAP_NODES: "asdf" CRS_PATH: "/usr/src/crs" rpc: replicaCount: 1 diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index faa6185a7d86..0b9ddd2a8400 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -99,7 +99,16 @@ env["MNEMONIC_INDEX_OFFSET"] = str(offset) # Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These # live under deploy: because they configure the deploy script (terraform.tfvars # generation), not pod env. Defaults match deploy_network.sh fallbacks. +# Fail loudly if a per-network YAML accidentally puts these under env: -- the +# shift would silently not apply and concurrent devnets would collide on L1 +# nonces. def shift(key, default_base): + if key in env: + sys.stderr.write( + f"load_network_config: {key} found under env: -- it must live under deploy:\n" + f" Move it to the deploy: block so MNEMONIC_INDEX_OFFSET is applied.\n" + ) + sys.exit(1) base = int(deploy.get(key, default_base)) deploy[key] = str(base + offset) diff --git a/spartan/scripts/source_env_basic.sh b/spartan/scripts/source_env_basic.sh index 61d6bc30853b..65346e911a6a 100755 --- a/spartan/scripts/source_env_basic.sh +++ b/spartan/scripts/source_env_basic.sh @@ -1,41 +1,10 @@ #!/usr/bin/env bash -# Source basic environment variables from a per-network YAML. -# -# Usage: -# source_env_basic -# -# Skips GCP secret resolution (this is the "basic" pass; secrets are fetched -# in source_network_env.sh). +# Backward-compatible shim: both source_env_basic and source_network_env now +# live in source_network_env.sh. Kept so existing callers (bootstrap.sh, GHA, +# test_kind.sh, ...) that source this path continue to work. -spartan=$(git rev-parse --show-toplevel)/spartan +source "$(dirname "${BASH_SOURCE[0]}")/source_network_env.sh" -function resolve_yaml_file_path { - local input="$1" - if [[ "$input" = /* ]]; then - echo "$input" - else - echo "$spartan/environments/networks/$input.yml" - fi -} - -function source_env_basic { - local name="$1" - local yaml_file - yaml_file=$(resolve_yaml_file_path "$name") - - if [[ ! -f "$yaml_file" ]]; then - echo "Network YAML not found: $yaml_file" >&2 - exit 1 - fi - - echo "Loading basic environment from YAML: $yaml_file" - set -a - # shellcheck disable=SC1090 - source <("$spartan/scripts/load_network_config.sh" "$name" --format=env --skip-secrets) - set +a -} - -# If script is run directly with an argument, source the env file -if [[ "${BASH_SOURCE[0]}" == "${0}" ]] && [[ -n "$1" ]]; then +if [[ "${BASH_SOURCE[0]}" == "${0}" ]] && [[ -n "${1:-}" ]]; then source_env_basic "$1" fi diff --git a/spartan/scripts/source_network_env.sh b/spartan/scripts/source_network_env.sh index be6e305251f4..fbc023c17b00 100755 --- a/spartan/scripts/source_network_env.sh +++ b/spartan/scripts/source_network_env.sh @@ -1,35 +1,40 @@ #!/usr/bin/env bash -# Source full environment (including GCP secrets) from a per-network YAML. +# Source environment variables from a per-network YAML. # # Usage: -# source_network_env +# source_network_env # full pass (resolves GCP secrets) +# source_env_basic # skips GCP secret resolution +# +# Both functions delegate to load_network_config.sh; --skip-secrets is the only +# difference. load_network_config.sh validates the YAML path and skips secrets +# automatically when gcloud is not on PATH, so callers don't need to. spartan=$(git rev-parse --show-toplevel)/spartan -function source_network_env { +# Internal: source `export KEY=VALUE` lines emitted by the loader. +function _source_loader_env { local name="$1" - local yaml_file - if [[ "$name" = /* ]]; then - yaml_file="$name" - else - yaml_file="$spartan/environments/networks/$name.yml" - fi - - if [[ ! -f "$yaml_file" ]]; then - echo "Network YAML not found: $yaml_file" >&2 - exit 1 - fi - - echo "Loading network environment from YAML: $yaml_file" - # The YAML loader handles GCP secret resolution internally if gcloud is on PATH. + shift set -a # shellcheck disable=SC1090 - source <("$spartan/scripts/load_network_config.sh" "$name" --format=env) + source <("$spartan/scripts/load_network_config.sh" "$name" --format=env "$@") set +a - echo "Successfully loaded YAML config $(basename "$yaml_file")" } -# If script is run directly with an argument, source the env file -if [[ "${BASH_SOURCE[0]}" == "${0}" ]] && [[ -n "$1" ]]; then +function source_network_env { + local name="$1" + echo "Loading network environment from YAML: $name" + _source_loader_env "$name" + echo "Successfully loaded YAML config $name" +} + +function source_env_basic { + local name="$1" + echo "Loading basic environment from YAML: $name" + _source_loader_env "$name" --skip-secrets +} + +# When invoked directly, default to the full (secret-resolving) pass. +if [[ "${BASH_SOURCE[0]}" == "${0}" ]] && [[ -n "${1:-}" ]]; then source_network_env "$1" fi From 0f40316959ad58d2cf9080f174e8bc7d7a410082 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:36:22 +0000 Subject: [PATCH 26/34] python files instead of inline scripts --- spartan/scripts/apply_derived.py | 58 +++++++ spartan/scripts/expand_placeholders.py | 31 ++++ spartan/scripts/load_network_config.sh | 221 +------------------------ spartan/scripts/resolve_secrets.py | 145 ++++++++++++++++ 4 files changed, 241 insertions(+), 214 deletions(-) create mode 100755 spartan/scripts/apply_derived.py create mode 100755 spartan/scripts/expand_placeholders.py create mode 100755 spartan/scripts/resolve_secrets.py diff --git a/spartan/scripts/apply_derived.py b/spartan/scripts/apply_derived.py new file mode 100755 index 000000000000..7ef3b151820a --- /dev/null +++ b/spartan/scripts/apply_derived.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python3 +"""Apply derived computations after merging network config. + +Replicates bash logic that previously lived inside .env files (e.g. devnet.env's +MNEMONIC_INDEX_OFFSET computed from NAMESPACE regex). + +Reads JSON on stdin, writes JSON on stdout. +""" +import json +import re +import sys + + +def main(): + data = json.load(sys.stdin) + env = data.setdefault("env", {}) + deploy = data.setdefault("deploy", {}) + + # devnet: namespace pattern v-devnet- picks a non-conflicting + # mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 + # do not collide on nonces. + namespace = str(deploy.get("NAMESPACE", "") or env.get("NAMESPACE", "")) + m = re.match(r"^v(\d+)-devnet-(\d+)$", namespace) + if m: + major = int(m.group(1)) + iteration = int(m.group(2)) + offset = major * 100000 + (iteration - 1) * 10000 + elif "MNEMONIC_INDEX_OFFSET" in env: + offset = int(env["MNEMONIC_INDEX_OFFSET"]) + else: + offset = 0 + env["MNEMONIC_INDEX_OFFSET"] = str(offset) + + # Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These + # live under deploy: because they configure the deploy script (terraform.tfvars + # generation), not pod env. Defaults match deploy_network.sh fallbacks. + # Fail loudly if a per-network YAML accidentally puts these under env: -- the + # shift would silently not apply and concurrent devnets would collide on L1 + # nonces. + def shift(key, default_base): + if key in env: + sys.stderr.write( + f"load_network_config: {key} found under env: -- it must live under deploy:\n" + f" Move it to the deploy: block so MNEMONIC_INDEX_OFFSET is applied.\n" + ) + sys.exit(1) + base = int(deploy.get(key, default_base)) + deploy[key] = str(base + offset) + + shift("VALIDATOR_MNEMONIC_START_INDEX", 1) + shift("VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", 5000) + shift("PROVER_PUBLISHER_MNEMONIC_START_INDEX", 8000) + + json.dump(data, sys.stdout, indent=2) + + +if __name__ == "__main__": + main() diff --git a/spartan/scripts/expand_placeholders.py b/spartan/scripts/expand_placeholders.py new file mode 100755 index 000000000000..25517282dde7 --- /dev/null +++ b/spartan/scripts/expand_placeholders.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +"""Expand ${VAR} and ${VAR:-default} placeholders in string values. + +Reads JSON on stdin, writes JSON on stdout. Used by load_network_config.sh +to substitute current shell environment into merged YAML values. +""" +import json +import os +import re +import sys + +PATTERN = re.compile(r"\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}") + + +def expand(value): + if isinstance(value, str): + return PATTERN.sub(lambda m: os.environ.get(m.group(1), m.group(2) or ""), value) + if isinstance(value, dict): + return {k: expand(v) for k, v in value.items()} + if isinstance(value, list): + return [expand(v) for v in value] + return value + + +def main(): + data = json.load(sys.stdin) + json.dump(expand(data), sys.stdout, indent=2) + + +if __name__ == "__main__": + main() diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index 0b9ddd2a8400..34b9e58894c4 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -27,6 +27,7 @@ set -euo pipefail spartan="$(git rev-parse --show-toplevel)/spartan" defaults_yaml="$spartan/environments/network-defaults.yml" +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" resolve_yaml_path() { local input="$1" @@ -43,220 +44,12 @@ merge_to_json() { yq eval-all --output-format=json '. as $item ireduce ({}; . *+ $item)' "$@" } -# Expand ${VAR} and ${VAR:-default} placeholders in string values. -# Reads JSON on stdin, writes JSON on stdout. -expand_placeholders() { - python3 -c ' -import json -import os -import re -import sys - -PATTERN = re.compile(r"\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}") - -def expand(value): - if isinstance(value, str): - return PATTERN.sub(lambda m: os.environ.get(m.group(1), m.group(2) or ""), value) - if isinstance(value, dict): - return {k: expand(v) for k, v in value.items()} - if isinstance(value, list): - return [expand(v) for v in value] - return value - -data = json.load(sys.stdin) -json.dump(expand(data), sys.stdout, indent=2) -' -} - -# Apply derived computations after merging. These replicate bash logic that -# previously lived inside .env files (e.g. devnet.env's MNEMONIC_INDEX_OFFSET -# computed from NAMESPACE regex). Reads JSON on stdin, writes JSON on stdout. -apply_derived() { - python3 -c ' -import json -import re -import sys - -data = json.load(sys.stdin) -env = data.setdefault("env", {}) -deploy = data.setdefault("deploy", {}) - -# devnet: namespace pattern v-devnet- picks a non-conflicting -# mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 -# do not collide on nonces. -namespace = str(deploy.get("NAMESPACE", "") or env.get("NAMESPACE", "")) -m = re.match(r"^v(\d+)-devnet-(\d+)$", namespace) -if m: - major = int(m.group(1)) - iteration = int(m.group(2)) - offset = major * 100000 + (iteration - 1) * 10000 -elif "MNEMONIC_INDEX_OFFSET" in env: - offset = int(env["MNEMONIC_INDEX_OFFSET"]) -else: - offset = 0 -env["MNEMONIC_INDEX_OFFSET"] = str(offset) - -# Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These -# live under deploy: because they configure the deploy script (terraform.tfvars -# generation), not pod env. Defaults match deploy_network.sh fallbacks. -# Fail loudly if a per-network YAML accidentally puts these under env: -- the -# shift would silently not apply and concurrent devnets would collide on L1 -# nonces. -def shift(key, default_base): - if key in env: - sys.stderr.write( - f"load_network_config: {key} found under env: -- it must live under deploy:\n" - f" Move it to the deploy: block so MNEMONIC_INDEX_OFFSET is applied.\n" - ) - sys.exit(1) - base = int(deploy.get(key, default_base)) - deploy[key] = str(base + offset) - -shift("VALIDATOR_MNEMONIC_START_INDEX", 1) -shift("VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", 5000) -shift("PROVER_PUBLISHER_MNEMONIC_START_INDEX", 8000) - -json.dump(data, sys.stdout, indent=2) -' -} - -# Resolve REPLACE_WITH_GCP_SECRET placeholders by calling gcloud. -# Reads JSON on stdin, writes JSON on stdout. -# Mask commands and any diagnostic output go to stderr (must NOT pollute the -# JSON stdout or downstream jq pipelines fail with "parse error"). -# Skipped if `gcloud` is not on PATH or no placeholders exist. -resolve_secrets() { - python3 -c ' -import json -import os -import shutil -import subprocess -import sys - -PLACEHOLDER = "REPLACE_WITH_GCP_SECRET" - -# JSON-array secrets are unwrapped before masking so each element is masked -# individually (matching setup_gcp_secrets.sh behavior). Otherwise GHA may -# refuse to mask the raw `["url1","url2"]` form. -JSON_ARRAY_SECRETS = { - "ETHEREUM_RPC_URLS", - "ETHEREUM_CONSENSUS_HOST_URLS", - "ETHEREUM_CONSENSUS_HOST_API_KEYS", - "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS", -} - -# Same secret name mapping as the (legacy) setup_gcp_secrets.sh, kept in sync. -def secret_name_for(env_var, env, deploy): - l1_network = env.get("L1_NETWORK") or deploy.get("L1_NETWORK") or "sepolia" - network = env.get("NETWORK") or deploy.get("NETWORK") or "" - custom_mnemonic = deploy.get("LABS_INFRA_MNEMONIC_SECRET_NAME") or env.get("LABS_INFRA_MNEMONIC_SECRET_NAME") - mnemonic_secret = custom_mnemonic if custom_mnemonic else f"{l1_network}-labs-{network}-mnemonic" - mapping = { - "ETHEREUM_RPC_URLS": f"{l1_network}-rpc-urls", - "ETHEREUM_CONSENSUS_HOST_URLS": f"{l1_network}-consensus-host-urls", - "ETHEREUM_CONSENSUS_HOST_API_KEYS": f"{l1_network}-consensus-host-api-keys", - "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS": f"{l1_network}-consensus-host-api-key-headers", - "FUNDING_PRIVATE_KEY": f"{l1_network}-funding-private-key", - "ROLLUP_DEPLOYMENT_PRIVATE_KEY": f"{l1_network}-labs-rollup-private-key", - "OTEL_COLLECTOR_ENDPOINT": "otel-collector-url", - "ETHERSCAN_API_KEY": "etherscan-api-key", - "LABS_INFRA_MNEMONIC": mnemonic_secret, - "STORE_SNAPSHOT_URL": "r2-account-id", - "AWS_ACCESS_KEY_ID": "r2-access-key-id", - "AWS_SECRET_ACCESS_KEY": "r2-secret-access-key", - } - return mapping.get(env_var) - -def emit_mask(value): - """Emit ::add-mask:: workflow command(s) on stderr (never stdout).""" - if not value: - return - # Split JSON-array values into elements before masking. - if value.startswith("[") and value.endswith("]"): - try: - for element in json.loads(value): - if element: - sys.stderr.write(f"::add-mask::{element}\n") - return - except json.JSONDecodeError: - pass - sys.stderr.write(f"::add-mask::{value}\n") - -_secret_cache = {} - -def fetch(secret_name, project_id): - if not project_id: - sys.stderr.write(f"resolve_secrets: GCP_PROJECT_ID not set; cannot fetch {secret_name}\n") - return None - if secret_name in _secret_cache: - return _secret_cache[secret_name] - try: - result = subprocess.run( - ["gcloud", "secrets", "versions", "access", "latest", - "--secret", secret_name, "--project", project_id], - capture_output=True, text=True, check=True, - ) - value = result.stdout.strip() - emit_mask(value) - _secret_cache[secret_name] = value - return value - except subprocess.CalledProcessError as e: - sys.stderr.write(f"resolve_secrets: failed to read {secret_name}: {e.stderr}\n") - _secret_cache[secret_name] = None - return None - -data = json.load(sys.stdin) -env = data.get("env", {}) -deploy = data.get("deploy", {}) -project_id = deploy.get("GCP_PROJECT_ID") or os.environ.get("GCP_PROJECT_ID", "") - -if not shutil.which("gcloud"): - json.dump(data, sys.stdout, indent=2) - sys.exit(0) - -# Resolve REPLACE_WITH_GCP_SECRET placeholders in env: block. -for key, val in list(env.items()): - if not isinstance(val, str) or PLACEHOLDER not in val: - continue - secret_name = secret_name_for(key, env, deploy) - if not secret_name: - sys.stderr.write(f"resolve_secrets: no secret mapping for {key}; leaving as placeholder\n") - continue - fetched = fetch(secret_name, project_id) - if fetched is None: - continue - env[key] = fetched if val == PLACEHOLDER else val.replace(PLACEHOLDER, fetched) - -# Construct R2-backed URLs from r2-account-id + bucket directory inputs. -# Mirrors setup_gcp_secrets.sh: each *_BUCKET_DIRECTORY var (in deploy: or env:) -# becomes a fully-formed S3-compatible URL. -def get_input(name): - return deploy.get(name) or env.get(name) or "" - -snapshot_dir = get_input("SNAPSHOT_BUCKET_DIRECTORY") -blob_dir = get_input("BLOB_BUCKET_DIRECTORY") -tx_dir = get_input("TX_FILE_STORE_BUCKET_DIRECTORY") - -if snapshot_dir or blob_dir or tx_dir: - r2 = fetch("r2-account-id", project_id) - if r2: - if snapshot_dir: - env["STORE_SNAPSHOT_URL"] = ( - f"s3://testnet-bucket/{snapshot_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" - f"&publicBaseUrl=https://aztec-labs-snapshots.com" - ) - if blob_dir: - env["BLOB_FILE_STORE_UPLOAD_URL"] = ( - f"s3://testnet-bucket/{blob_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" - ) - if tx_dir: - env["TX_FILE_STORE_URL"] = ( - f"s3://testnet-bucket/{tx_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" - ) - -json.dump(data, sys.stdout, indent=2) -' -} +# JSON tree transforms live in sibling .py files; each reads JSON on stdin and +# writes JSON on stdout. See expand_placeholders.py, apply_derived.py, +# resolve_secrets.py for details. +expand_placeholders() { python3 "$script_dir/expand_placeholders.py"; } +apply_derived() { python3 "$script_dir/apply_derived.py"; } +resolve_secrets() { python3 "$script_dir/resolve_secrets.py"; } # Strip leading underscore-prefixed keys (anchors-only keys like _defaults, _shared_image) # from a JSON object. Operates at the top level only. diff --git a/spartan/scripts/resolve_secrets.py b/spartan/scripts/resolve_secrets.py new file mode 100755 index 000000000000..f1090e329159 --- /dev/null +++ b/spartan/scripts/resolve_secrets.py @@ -0,0 +1,145 @@ +#!/usr/bin/env python3 +"""Resolve REPLACE_WITH_GCP_SECRET placeholders by calling gcloud. + +Reads JSON on stdin, writes JSON on stdout. Mask commands and any diagnostic +output go to stderr (must NOT pollute the JSON stdout or downstream jq pipelines +fail with "parse error"). Skipped if `gcloud` is not on PATH. +""" +import json +import os +import shutil +import subprocess +import sys + +PLACEHOLDER = "REPLACE_WITH_GCP_SECRET" + +# JSON-array secrets are unwrapped before masking so each element is masked +# individually (matching setup_gcp_secrets.sh behavior). Otherwise GHA may +# refuse to mask the raw `["url1","url2"]` form. +JSON_ARRAY_SECRETS = { + "ETHEREUM_RPC_URLS", + "ETHEREUM_CONSENSUS_HOST_URLS", + "ETHEREUM_CONSENSUS_HOST_API_KEYS", + "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS", +} + + +# Same secret name mapping as the (legacy) setup_gcp_secrets.sh, kept in sync. +def secret_name_for(env_var, env, deploy): + l1_network = env.get("L1_NETWORK") or deploy.get("L1_NETWORK") or "sepolia" + network = env.get("NETWORK") or deploy.get("NETWORK") or "" + custom_mnemonic = deploy.get("LABS_INFRA_MNEMONIC_SECRET_NAME") or env.get("LABS_INFRA_MNEMONIC_SECRET_NAME") + mnemonic_secret = custom_mnemonic if custom_mnemonic else f"{l1_network}-labs-{network}-mnemonic" + mapping = { + "ETHEREUM_RPC_URLS": f"{l1_network}-rpc-urls", + "ETHEREUM_CONSENSUS_HOST_URLS": f"{l1_network}-consensus-host-urls", + "ETHEREUM_CONSENSUS_HOST_API_KEYS": f"{l1_network}-consensus-host-api-keys", + "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS": f"{l1_network}-consensus-host-api-key-headers", + "FUNDING_PRIVATE_KEY": f"{l1_network}-funding-private-key", + "ROLLUP_DEPLOYMENT_PRIVATE_KEY": f"{l1_network}-labs-rollup-private-key", + "OTEL_COLLECTOR_ENDPOINT": "otel-collector-url", + "ETHERSCAN_API_KEY": "etherscan-api-key", + "LABS_INFRA_MNEMONIC": mnemonic_secret, + "STORE_SNAPSHOT_URL": "r2-account-id", + "AWS_ACCESS_KEY_ID": "r2-access-key-id", + "AWS_SECRET_ACCESS_KEY": "r2-secret-access-key", + } + return mapping.get(env_var) + + +def emit_mask(value): + """Emit ::add-mask:: workflow command(s) on stderr (never stdout).""" + if not value: + return + # Split JSON-array values into elements before masking. + if value.startswith("[") and value.endswith("]"): + try: + for element in json.loads(value): + if element: + sys.stderr.write(f"::add-mask::{element}\n") + return + except json.JSONDecodeError: + pass + sys.stderr.write(f"::add-mask::{value}\n") + + +_secret_cache = {} + + +def fetch(secret_name, project_id): + if not project_id: + sys.stderr.write(f"resolve_secrets: GCP_PROJECT_ID not set; cannot fetch {secret_name}\n") + return None + if secret_name in _secret_cache: + return _secret_cache[secret_name] + try: + result = subprocess.run( + ["gcloud", "secrets", "versions", "access", "latest", + "--secret", secret_name, "--project", project_id], + capture_output=True, text=True, check=True, + ) + value = result.stdout.strip() + emit_mask(value) + _secret_cache[secret_name] = value + return value + except subprocess.CalledProcessError as e: + sys.stderr.write(f"resolve_secrets: failed to read {secret_name}: {e.stderr}\n") + _secret_cache[secret_name] = None + return None + + +def main(): + data = json.load(sys.stdin) + env = data.get("env", {}) + deploy = data.get("deploy", {}) + project_id = deploy.get("GCP_PROJECT_ID") or os.environ.get("GCP_PROJECT_ID", "") + + if not shutil.which("gcloud"): + json.dump(data, sys.stdout, indent=2) + return + + # Resolve REPLACE_WITH_GCP_SECRET placeholders in env: block. + for key, val in list(env.items()): + if not isinstance(val, str) or PLACEHOLDER not in val: + continue + secret_name = secret_name_for(key, env, deploy) + if not secret_name: + sys.stderr.write(f"resolve_secrets: no secret mapping for {key}; leaving as placeholder\n") + continue + fetched = fetch(secret_name, project_id) + if fetched is None: + continue + env[key] = fetched if val == PLACEHOLDER else val.replace(PLACEHOLDER, fetched) + + # Construct R2-backed URLs from r2-account-id + bucket directory inputs. + # Mirrors setup_gcp_secrets.sh: each *_BUCKET_DIRECTORY var (in deploy: or env:) + # becomes a fully-formed S3-compatible URL. + def get_input(name): + return deploy.get(name) or env.get(name) or "" + + snapshot_dir = get_input("SNAPSHOT_BUCKET_DIRECTORY") + blob_dir = get_input("BLOB_BUCKET_DIRECTORY") + tx_dir = get_input("TX_FILE_STORE_BUCKET_DIRECTORY") + + if snapshot_dir or blob_dir or tx_dir: + r2 = fetch("r2-account-id", project_id) + if r2: + if snapshot_dir: + env["STORE_SNAPSHOT_URL"] = ( + f"s3://testnet-bucket/{snapshot_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" + f"&publicBaseUrl=https://aztec-labs-snapshots.com" + ) + if blob_dir: + env["BLOB_FILE_STORE_UPLOAD_URL"] = ( + f"s3://testnet-bucket/{blob_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" + ) + if tx_dir: + env["TX_FILE_STORE_URL"] = ( + f"s3://testnet-bucket/{tx_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" + ) + + json.dump(data, sys.stdout, indent=2) + + +if __name__ == "__main__": + main() From 1dcd998c12b84f95dab149171de1da919eeb7a94 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 15:49:26 +0000 Subject: [PATCH 27/34] fix docker image for deploy contracts job --- spartan/scripts/deploy_network.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index 2801ccaf6821..7c2ffb6643cf 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -290,9 +290,14 @@ else ETHERSCAN_API_KEY_TF=null fi +# Destroy-only runs may omit AZTEC_DOCKER_IMAGE, but Terraform still evaluates +# the current resource config before destroying state. +ROLLUP_CONTRACTS_DOCKER_IMAGE="${AZTEC_DOCKER_IMAGE:-aztecprotocol/aztec:latest}" + rm -f "${DEPLOY_ROLLUP_CONTRACTS_DIR}/terraform.tfvars" echo "${LOADER_JSON}" | jq \ --arg k8s_context "${K8S_CLUSTER_CONTEXT}" \ + --arg image "${ROLLUP_CONTRACTS_DOCKER_IMAGE}" \ --arg l1_rpc_urls "${CSV_RPC_URLS}" \ --arg private_key "${ROLLUP_DEPLOYMENT_PRIVATE_KEY}" \ --arg validators "${VALIDATOR_ADDRESSES}" \ @@ -301,6 +306,7 @@ echo "${LOADER_JSON}" | jq \ '{ deploy: (.deploy + { K8S_CLUSTER_CONTEXT: $k8s_context, + AZTEC_DOCKER_IMAGE: $image, L1_RPC_URLS: $l1_rpc_urls, PRIVATE_KEY: $private_key, VALIDATORS: $validators, From b10ff730e6a9fe33b0cee86b28736dd80ce801bd Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 16:29:57 +0000 Subject: [PATCH 28/34] refactor(spartan): derive resource profiles and p2p flags in Terraform Remove ~30 lines of bash pre-computation from deploy_network.sh: - Drop the 8 *_RESOURCE_PROFILE cascade vars (kept RESOURCE_PROFILE for eth-devnet) - Drop the P2P_NODEPORT_ENABLED/P2P_PUBLIC_IP if/else block - Drop PROVER_REAL_PROOFS (was never consumed by Terraform) - Collapse 4 mnemonic alias args (VALIDATOR/PROVER/BOT/FISHERMAN_MNEMONIC) down to a single LABS_INFRA_MNEMONIC passed through DEPLOY_OVERRIDES In main.tf, derive the removed values from existing context: - p2p_nodeport_enabled / p2p_public_ip from local.is_kind - Per-release resource profiles via try(local.d.X, is_kind ? "dev" : "prod"), so per-network YAML overrides (e.g. testnet prod-spot) still take effect - All mnemonic references now use local.d.LABS_INFRA_MNEMONIC directly --- spartan/environments/network-defaults.yml | 3 + spartan/scripts/deploy_network.sh | 56 ++---------------- spartan/terraform/deploy-aztec-infra/main.tf | 61 ++++++++++++-------- 3 files changed, 46 insertions(+), 74 deletions(-) diff --git a/spartan/environments/network-defaults.yml b/spartan/environments/network-defaults.yml index a5224e891682..23cca919f573 100644 --- a/spartan/environments/network-defaults.yml +++ b/spartan/environments/network-defaults.yml @@ -371,6 +371,9 @@ _release_defaults: blob_sink: replicaCount: 1 env: {} + p2p_bootstrap: + replicaCount: 1 + env: {} bot_transfers: bot: # subchart alias in aztec-bot replicaCount: 0 diff --git a/spartan/scripts/deploy_network.sh b/spartan/scripts/deploy_network.sh index 7c2ffb6643cf..69f1970ac918 100755 --- a/spartan/scripts/deploy_network.sh +++ b/spartan/scripts/deploy_network.sh @@ -52,23 +52,13 @@ declare -A STAGE_TIMINGS NAMESPACE=${NAMESPACE:?NAMESPACE is required (set in YAML deploy: block or env)} BASE_STATE_PATH="${CLUSTER}/${NAMESPACE}" -# RESOURCE_PROFILE depends on the cluster (kind -> dev, otherwise prod). Each -# release-specific profile cascades from RESOURCE_PROFILE unless overridden. +# RESOURCE_PROFILE: kind -> dev, otherwise prod. Used by the eth-devnet module only; +# per-release profiles are derived from is_kind in deploy-aztec-infra/main.tf. RESOURCE_PROFILE=${RESOURCE_PROFILE:-$([[ "${CLUSTER}" == "kind" ]] && echo "dev" || echo "prod")} -BOT_RESOURCE_PROFILE=${BOT_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -RPC_RESOURCE_PROFILE=${RPC_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -FULL_NODE_RESOURCE_PROFILE=${FULL_NODE_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -P2P_BOOTSTRAP_RESOURCE_PROFILE=${P2P_BOOTSTRAP_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -VALIDATOR_RESOURCE_PROFILE=${VALIDATOR_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -PROVER_RESOURCE_PROFILE=${PROVER_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -ARCHIVE_RESOURCE_PROFILE=${ARCHIVE_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} -BLOB_SINK_RESOURCE_PROFILE=${BLOB_SINK_RESOURCE_PROFILE:-${RESOURCE_PROFILE}} # When unset, derive from default mnemonic index 0. ROLLUP_DEPLOYMENT_PRIVATE_KEY=${ROLLUP_DEPLOYMENT_PRIVATE_KEY:-$(cast wallet private-key --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index 0)} -# PROVER_REAL_PROOFS mirrors REAL_VERIFIER (deploy-script flag). -PROVER_REAL_PROOFS=${REAL_VERIFIER} # Max node count: max of primary (VALIDATOR_REPLICAS) and HA pod counts # Determines how many attester keys and addresses to generate @@ -377,20 +367,11 @@ AZTEC_INFRA_START=$(date +%s) DEPLOY_AZTEC_INFRA_DIR="${SCRIPT_DIR}/../terraform/deploy-aztec-infra" "${SCRIPT_DIR}/override_terraform_backend.sh" "${DEPLOY_AZTEC_INFRA_DIR}" "${CLUSTER}" "${BASE_STATE_PATH}/deploy-aztec-infra" -# Gate NodePort based on cluster (true for kind, false for GKE) -if [[ "${CLUSTER}" == "kind" ]]; then - P2P_NODEPORT_ENABLED=true - P2P_PUBLIC_IP=false -else - P2P_NODEPORT_ENABLED=false - P2P_PUBLIC_IP=${P2P_PUBLIC_IP:-true} -fi # Build deploy-aztec-infra/terraform.tfvars.json from the YAML loader's # structured {deploy, env, releases} output plus deploy-time-computed values -# overlaid on the deploy block (cluster context, image overrides, contract -# addresses from the rollup-contracts step, admin API key hash, mnemonic -# plumbing, P2P cluster gating, L1 endpoints, R2-derived URLs). +# overlaid on the deploy block (cluster context, image, contract addresses, +# admin API key hash, mnemonic, L1 endpoints). # # main.tf reads everything via var.deploy. / var.env / var.releases -- # no individual `variable "X"` declarations remain in variables.tf. @@ -412,20 +393,9 @@ DEPLOY_OVERRIDES=$(jq -n \ --arg registry "${REGISTRY_ADDRESS}" \ --arg fee_handler "${FEE_ASSET_HANDLER_ADDRESS}" \ --arg l1_chain_id "${ETHEREUM_CHAIN_ID}" \ - --arg validator_mnemonic "${LABS_INFRA_MNEMONIC}" \ - --arg p2p_nodeport_enabled "${P2P_NODEPORT_ENABLED}" \ - --arg p2p_public_ip "${P2P_PUBLIC_IP}" \ + --arg mnemonic "${LABS_INFRA_MNEMONIC}" \ --arg gcp_project "${GCP_PROJECT_ID}" \ --arg gcp_region "${GCP_REGION}" \ - --arg validator_resource "${VALIDATOR_RESOURCE_PROFILE}" \ - --arg prover_resource "${PROVER_RESOURCE_PROFILE}" \ - --arg rpc_resource "${RPC_RESOURCE_PROFILE}" \ - --arg full_node_resource "${FULL_NODE_RESOURCE_PROFILE}" \ - --arg p2p_bootstrap_resource "${P2P_BOOTSTRAP_RESOURCE_PROFILE}" \ - --arg archive_resource "${ARCHIVE_RESOURCE_PROFILE}" \ - --arg blob_sink_resource "${BLOB_SINK_RESOURCE_PROFILE}" \ - --arg bot_resource "${BOT_RESOURCE_PROFILE}" \ - --arg prover_real_proofs "${PROVER_REAL_PROOFS}" \ --argjson l1_rpc_urls "${L1_RPC_URLS_JSON}" \ --argjson l1_consensus_urls "${L1_CONSENSUS_HOST_URLS_JSON}" \ --argjson l1_consensus_keys "${L1_CONSENSUS_HOST_API_KEYS_JSON:-null}" \ @@ -447,21 +417,7 @@ DEPLOY_OVERRIDES=$(jq -n \ L1_CONSENSUS_HOST_URLS: $l1_consensus_urls, L1_CONSENSUS_HOST_API_KEYS: $l1_consensus_keys, L1_CONSENSUS_HOST_API_KEY_HEADERS: $l1_consensus_headers, - VALIDATOR_MNEMONIC: $validator_mnemonic, - PROVER_MNEMONIC: $validator_mnemonic, - BOT_MNEMONIC: $validator_mnemonic, - FISHERMAN_MNEMONIC: $validator_mnemonic, - P2P_NODEPORT_ENABLED: $p2p_nodeport_enabled, - P2P_PUBLIC_IP: $p2p_public_ip, - VALIDATOR_RESOURCE_PROFILE: $validator_resource, - PROVER_RESOURCE_PROFILE: $prover_resource, - RPC_RESOURCE_PROFILE: $rpc_resource, - FULL_NODE_RESOURCE_PROFILE: $full_node_resource, - P2P_BOOTSTRAP_RESOURCE_PROFILE: $p2p_bootstrap_resource, - ARCHIVE_RESOURCE_PROFILE: $archive_resource, - BLOB_SINK_RESOURCE_PROFILE: $blob_sink_resource, - BOT_RESOURCE_PROFILE: $bot_resource, - PROVER_REAL_PROOFS: $prover_real_proofs, + LABS_INFRA_MNEMONIC: $mnemonic, }') echo "${LOADER_JSON}" | jq \ diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index df36ae1a6d3f..2bb6eb8502a4 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -35,14 +35,14 @@ locals { validator_ha_replica_cnt = try(tonumber(local.d.VALIDATOR_HA_REPLICA_COUNT), null) validators_per_node = tonumber(local.d.VALIDATORS_PER_NODE) validator_pubs_per_replica = tonumber(local.d.VALIDATOR_PUBLISHERS_PER_REPLICA) - validator_mnemonic_idx = tonumber(local.d.VALIDATOR_MNEMONIC_START_INDEX) + validator_mnemonic_idx = tonumber(local.d.LABS_INFRA_MNEMONIC_START_INDEX) validator_pub_mnemonic_idx = tonumber(local.d.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX) prover_replicas = tonumber(local.d.PROVER_REPLICAS) prover_pub_mnemonic_idx = tonumber(local.d.PROVER_PUBLISHER_MNEMONIC_START_INDEX) prover_pubs_per_prover = tonumber(local.d.PUBLISHERS_PER_PROVER) rpc_replicas = tonumber(local.d.RPC_REPLICAS) fisherman_replicas = tonumber(local.d.FISHERMAN_REPLICAS) - fisherman_mnemonic_idx = tonumber(local.d.FISHERMAN_MNEMONIC_START_INDEX) + fisherman_mnemonic_idx = tonumber(local.d.LABS_INFRA_MNEMONIC_START_INDEX) full_node_replicas = tonumber(local.d.FULL_NODE_REPLICAS) bot_transfers_replicas = tonumber(local.d.BOT_TRANSFERS_REPLICAS) bot_swaps_replicas = tonumber(local.d.BOT_SWAPS_REPLICAS) @@ -55,8 +55,8 @@ locals { deploy_archival_node = tobool(local.d.DEPLOY_ARCHIVAL_NODE) prover_no_proof_pub = tobool(local.d.PROVER_NODE_DISABLE_PROOF_PUBLISH) wait_for_prover = try(tobool(local.d.WAIT_FOR_PROVER_DEPLOY), true) - p2p_nodeport_enabled = tobool(local.d.P2P_NODEPORT_ENABLED) - p2p_public_ip = tobool(local.d.P2P_PUBLIC_IP) + p2p_nodeport_enabled = local.is_kind + p2p_public_ip = !local.is_kind # Optional strings: "" means "not set" for legacy callers; null when the key # may be entirely absent. @@ -132,7 +132,7 @@ module "web3signer" { RELEASE_NAME = local.d.RELEASE_PREFIX AZTEC_DOCKER_IMAGE = local.d.AZTEC_DOCKER_IMAGE CHAIN_ID = local.d.L1_CHAIN_ID - MNEMONIC = local.d.VALIDATOR_MNEMONIC + MNEMONIC = local.d.LABS_INFRA_MNEMONIC ADDRESS_CONFIGMAP_NAME = "${local.d.RELEASE_PREFIX}-attester-addresses" ATTESTERS_PER_NODE = local.validators_per_node NODE_COUNT = local.max_validator_nodes @@ -190,6 +190,19 @@ locals { # Detect local kind context (e.g., "kind-kind") to gate Service types is_kind = can(regex("^kind", local.d.K8S_CLUSTER_CONTEXT)) + # Resource profiles: per-network YAML's deploy: block takes precedence; fall back to + # kind->dev, GKE->prod. This mirrors the old bash cascade without requiring the shell + # to pre-compute and inject each profile separately. + resource_profile_default = local.is_kind ? "dev" : "prod" + validator_resource_profile = try(local.d.VALIDATOR_RESOURCE_PROFILE, local.resource_profile_default) + prover_resource_profile = try(local.d.PROVER_RESOURCE_PROFILE, local.resource_profile_default) + rpc_resource_profile = try(local.d.RPC_RESOURCE_PROFILE, local.resource_profile_default) + full_node_resource_profile = try(local.d.FULL_NODE_RESOURCE_PROFILE, local.resource_profile_default) + p2p_bootstrap_resource_profile = try(local.d.P2P_BOOTSTRAP_RESOURCE_PROFILE, local.resource_profile_default) + archive_resource_profile = try(local.d.ARCHIVE_RESOURCE_PROFILE, local.resource_profile_default) + blob_sink_resource_profile = try(local.d.BLOB_SINK_RESOURCE_PROFILE, local.resource_profile_default) + bot_resource_profile = try(local.d.BOT_RESOURCE_PROFILE, local.resource_profile_default) + internal_boot_node_url = local.deploy_internal_boot ? "http://${local.d.RELEASE_PREFIX}-p2p-bootstrap-node.${local.d.NAMESPACE}.svc.cluster.local:8080" : "" internal_rpc_url = "http://${local.d.RELEASE_PREFIX}-rpc-aztec-node.${local.d.NAMESPACE}.svc.cluster.local:8080" @@ -279,7 +292,7 @@ locals { values = [ "common.yaml", "validator.yaml", - "validator-resources-${local.d.VALIDATOR_RESOURCE_PROFILE}.yaml" + "validator-resources-${local.validator_resource_profile}.yaml" ] inline_values = [yamlencode({ validator = { @@ -314,13 +327,13 @@ locals { # K8s shape / cluster decisions (not pod env). "validator.service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "validator.web3signerUrl" = "http://${local.d.RELEASE_PREFIX}-signer-web3signer.${local.d.NAMESPACE}.svc.cluster.local:9000/" - "validator.mnemonic" = local.d.VALIDATOR_MNEMONIC + "validator.mnemonic" = local.d.LABS_INFRA_MNEMONIC "validator.mnemonicStartIndex" = local.validator_mnemonic_idx "validator.validatorsPerNode" = local.validators_per_node "validator.publishersPerReplica" = local.validator_pubs_per_replica "validator.publisherMnemonicStartIndex" = local.validator_pub_mnemonic_idx "validator.node.secret.envEnabled" = true - "validator.node.secret.mnemonic" = local.d.VALIDATOR_MNEMONIC + "validator.node.secret.mnemonic" = local.d.LABS_INFRA_MNEMONIC "validator.node.secret.mnemonicIndex" = local.validator_mnemonic_idx "validator.node.adminApiKeyHash" = local.d.ADMIN_API_KEY_HASH # Renames: chart-side var name differs from pod env name. @@ -386,7 +399,7 @@ locals { values = [ "common.yaml", "p2p-bootstrap.yaml", - "p2p-bootstrap-resources-${local.d.P2P_BOOTSTRAP_RESOURCE_PROFILE}.yaml" + "p2p-bootstrap-resources-${local.p2p_bootstrap_resource_profile}.yaml" ] inline_values = [yamlencode({ service = { @@ -412,7 +425,7 @@ locals { values = [ "common.yaml", "prover.yaml", - "prover-resources-${local.d.PROVER_RESOURCE_PROFILE}.yaml" + "prover-resources-${local.prover_resource_profile}.yaml" ] inline_values = concat([yamlencode({ node = { @@ -433,10 +446,10 @@ locals { custom_settings = merge( { # Chart-shape / k8s shape. - "node.mnemonic" = local.d.PROVER_MNEMONIC + "node.mnemonic" = local.d.LABS_INFRA_MNEMONIC "node.mnemonicStartIndex" = local.prover_pub_mnemonic_idx "node.node.secret.envEnabled" = true - "node.node.secret.mnemonic" = local.d.PROVER_MNEMONIC + "node.node.secret.mnemonic" = local.d.LABS_INFRA_MNEMONIC "node.node.secret.mnemonicIndex" = local.prover_pub_mnemonic_idx "node.service.p2p.nodePortEnabled" = local.p2p_nodeport_enabled "node.service.p2p.announcePort" = local.p2p_port_prover @@ -467,7 +480,7 @@ locals { values = [ "common.yaml", "rpc.yaml", - "rpc-resources-${local.d.RPC_RESOURCE_PROFILE}.yaml" + "rpc-resources-${local.rpc_resource_profile}.yaml" ] inline_values = concat(local.rpc_ingress_enabled ? [yamlencode({ service = { @@ -521,7 +534,7 @@ locals { values = [ "common.yaml", "rpc.yaml", - "rpc-resources-${local.d.RPC_RESOURCE_PROFILE}.yaml" + "rpc-resources-${local.rpc_resource_profile}.yaml" ] inline_values = [yamlencode({ service = { @@ -537,7 +550,7 @@ locals { "service.p2p.announcePort" = local.p2p_port_fisherman "service.p2p.port" = local.p2p_port_fisherman "node.secret.envEnabled" = true - "node.secret.mnemonic" = local.d.FISHERMAN_MNEMONIC + "node.secret.mnemonic" = local.d.LABS_INFRA_MNEMONIC "node.secret.mnemonicIndex" = local.fisherman_mnemonic_idx "node.preStartScript" = "source /scripts/get-private-key.sh" # Rename: chart-side var name differs from pod env name. @@ -554,7 +567,7 @@ locals { values = [ "common.yaml", "full-node.yaml", - "full-node-resources-${local.d.FULL_NODE_RESOURCE_PROFILE}.yaml" + "full-node-resources-${local.full_node_resource_profile}.yaml" ] inline_values = [yamlencode({ service = { @@ -583,7 +596,7 @@ locals { values = [ "common.yaml", "archive.yaml", - "archive-resources-${local.d.ARCHIVE_RESOURCE_PROFILE}.yaml" + "archive-resources-${local.archive_resource_profile}.yaml" ] inline_values = [yamlencode({ service = { @@ -610,7 +623,7 @@ locals { values = [ "common.yaml", "blob-sink.yaml", - "blob-sink-resources-${local.d.BLOB_SINK_RESOURCE_PROFILE}.yaml" + "blob-sink-resources-${local.blob_sink_resource_profile}.yaml" ] inline_values = [yamlencode({ service = { @@ -636,14 +649,14 @@ locals { values = [ "common.yaml", "bot-token-transfer.yaml", - "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", + "bot-resources-${local.bot_resource_profile}.yaml", ] custom_settings = merge( { "bot.replicaCount" = local.bot_transfers_replicas "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url "bot.botPrivateKey" = try(local.d.BOT_TRANSFERS_L2_PRIVATE_KEY, "0xcafe01") - "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonic" = local.d.LABS_INFRA_MNEMONIC "bot.mnemonicStartIndex" = local.d.BOT_TRANSFERS_MNEMONIC_START_INDEX }, try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, @@ -661,14 +674,14 @@ locals { values = [ "common.yaml", "bot-amm-swaps.yaml", - "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", + "bot-resources-${local.bot_resource_profile}.yaml", ] custom_settings = merge( { "bot.replicaCount" = local.bot_swaps_replicas "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url "bot.botPrivateKey" = try(local.d.BOT_SWAPS_L2_PRIVATE_KEY, "0xcafe02") - "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonic" = local.d.LABS_INFRA_MNEMONIC "bot.mnemonicStartIndex" = local.d.BOT_SWAPS_MNEMONIC_START_INDEX }, try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, @@ -686,14 +699,14 @@ locals { values = [ "common.yaml", "bot-cross-chain.yaml", - "bot-resources-${local.d.BOT_RESOURCE_PROFILE}.yaml", + "bot-resources-${local.bot_resource_profile}.yaml", ] custom_settings = merge( { "bot.replicaCount" = local.bot_cross_chain_replicas "bot.env.AZTEC_NODE_URL" = local.internal_rpc_url "bot.botPrivateKey" = try(local.d.BOT_CROSS_CHAIN_L2_PRIVATE_KEY, "0xcafe03") - "bot.mnemonic" = local.d.BOT_MNEMONIC + "bot.mnemonic" = local.d.LABS_INFRA_MNEMONIC "bot.mnemonicStartIndex" = local.d.BOT_CROSS_CHAIN_MNEMONIC_START_INDEX }, try(local.d.BOT_DA_GAS_LIMIT, "") != "" ? { "bot.env.BOT_DA_GAS_LIMIT" = local.d.BOT_DA_GAS_LIMIT } : {}, From 129f859cd41176885316783c19fa6ac3fbb7adfa Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 16:34:10 +0000 Subject: [PATCH 29/34] fix(spartan): genesis flags must prefer var.env over var.deploy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SPONSORED_FPC, TEST_ACCOUNTS, and REAL_VERIFIER live under env: in network YAMLs (so pods get them), but deploy-rollup-contracts/main.tf was reading them from var.deploy — falling back to _deploy_defaults (all false/true) instead of the per-network value. Result: contracts deployed without --test-accounts/--sponsored-fpc but validators running with TEST_ACCOUNTS=true/SPONSORED_FPC=true computed a different genesis archive root, putting the network in standby. Fix: prefer var.env for these three flags (env wins, deploy is fallback). --- spartan/terraform/deploy-rollup-contracts/main.tf | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/spartan/terraform/deploy-rollup-contracts/main.tf b/spartan/terraform/deploy-rollup-contracts/main.tf index c1d55671d1dd..3fda4d84c1ef 100644 --- a/spartan/terraform/deploy-rollup-contracts/main.tf +++ b/spartan/terraform/deploy-rollup-contracts/main.tf @@ -20,6 +20,13 @@ provider "kubernetes" { locals { d = var.deploy + # For genesis-affecting flags, var.env (pod runtime baseline) wins over var.deploy + # (deployment defaults) because network YAMLs often define them under env: so that + # both the contract deployment and pod runtime use the same value. + sponsored_fpc = try(tobool(var.env["SPONSORED_FPC"]), tobool(local.d.SPONSORED_FPC)) + test_accounts = try(tobool(var.env["TEST_ACCOUNTS"]), tobool(local.d.TEST_ACCOUNTS)) + real_verifier = try(tobool(var.env["REAL_VERIFIER"]), tobool(local.d.REAL_VERIFIER)) + deploy_args = concat( ["deploy-l1-contracts"], ["--l1-rpc-urls", local.d.L1_RPC_URLS], @@ -27,9 +34,9 @@ locals { ["--l1-chain-id", tostring(tonumber(try(local.d.ETHEREUM_CHAIN_ID, "31337")))], ["--validators", local.d.VALIDATORS], ["--json"], # Always output JSON for easier parsing - tobool(local.d.SPONSORED_FPC) ? ["--sponsored-fpc"] : [], - tobool(local.d.TEST_ACCOUNTS) ? ["--test-accounts"] : [], - tobool(local.d.REAL_VERIFIER) ? ["--real-verifier"] : [], + local.sponsored_fpc ? ["--sponsored-fpc"] : [], + local.test_accounts ? ["--test-accounts"] : [], + local.real_verifier ? ["--real-verifier"] : [], tobool(try(local.d.VERIFY_CONTRACTS, "false")) ? ["--verify-contracts"] : [] ) From 8d2ee1d0ac8132265e0044bdf50a8dd350517dc2 Mon Sep 17 00:00:00 2001 From: spypsy Date: Tue, 12 May 2026 16:47:56 +0000 Subject: [PATCH 30/34] fix(spartan): restore VALIDATOR/FISHERMAN_MNEMONIC_START_INDEX in main.tf b10ff730 accidentally renamed both keys to a non-existent LABS_INFRA_MNEMONIC_START_INDEX (confusing it with the LABS_INFRA_MNEMONIC secret env var, which has no _START_INDEX sibling). The loader still emits the original keys. --- spartan/terraform/deploy-aztec-infra/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf index 2bb6eb8502a4..886fc4ebf6bd 100644 --- a/spartan/terraform/deploy-aztec-infra/main.tf +++ b/spartan/terraform/deploy-aztec-infra/main.tf @@ -35,14 +35,14 @@ locals { validator_ha_replica_cnt = try(tonumber(local.d.VALIDATOR_HA_REPLICA_COUNT), null) validators_per_node = tonumber(local.d.VALIDATORS_PER_NODE) validator_pubs_per_replica = tonumber(local.d.VALIDATOR_PUBLISHERS_PER_REPLICA) - validator_mnemonic_idx = tonumber(local.d.LABS_INFRA_MNEMONIC_START_INDEX) + validator_mnemonic_idx = tonumber(local.d.VALIDATOR_MNEMONIC_START_INDEX) validator_pub_mnemonic_idx = tonumber(local.d.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX) prover_replicas = tonumber(local.d.PROVER_REPLICAS) prover_pub_mnemonic_idx = tonumber(local.d.PROVER_PUBLISHER_MNEMONIC_START_INDEX) prover_pubs_per_prover = tonumber(local.d.PUBLISHERS_PER_PROVER) rpc_replicas = tonumber(local.d.RPC_REPLICAS) fisherman_replicas = tonumber(local.d.FISHERMAN_REPLICAS) - fisherman_mnemonic_idx = tonumber(local.d.LABS_INFRA_MNEMONIC_START_INDEX) + fisherman_mnemonic_idx = tonumber(local.d.FISHERMAN_MNEMONIC_START_INDEX) full_node_replicas = tonumber(local.d.FULL_NODE_REPLICAS) bot_transfers_replicas = tonumber(local.d.BOT_TRANSFERS_REPLICAS) bot_swaps_replicas = tonumber(local.d.BOT_SWAPS_REPLICAS) From 76e399a8bc449f2376349f6b8bdd5af3474007ba Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 13 May 2026 15:11:10 +0000 Subject: [PATCH 31/34] update with TS script --- .github/workflows/deploy-network.yml | 1 - spartan/scripts/apply_derived.py | 58 -------- spartan/scripts/apply_derived.ts | 66 +++++++++ spartan/scripts/expand_placeholders.py | 31 ----- spartan/scripts/expand_placeholders.ts | 35 +++++ spartan/scripts/load_network_config.sh | 12 +- spartan/scripts/resolve_secrets.py | 145 -------------------- spartan/scripts/resolve_secrets.ts | 181 +++++++++++++++++++++++++ 8 files changed, 288 insertions(+), 241 deletions(-) delete mode 100755 spartan/scripts/apply_derived.py create mode 100755 spartan/scripts/apply_derived.ts delete mode 100755 spartan/scripts/expand_placeholders.py create mode 100755 spartan/scripts/expand_placeholders.ts delete mode 100755 spartan/scripts/resolve_secrets.py create mode 100755 spartan/scripts/resolve_secrets.ts diff --git a/.github/workflows/deploy-network.yml b/.github/workflows/deploy-network.yml index d27b947f4887..6d7f8277d127 100644 --- a/.github/workflows/deploy-network.yml +++ b/.github/workflows/deploy-network.yml @@ -207,7 +207,6 @@ jobs: ./scripts/install_deps.sh ./scripts/deploy_network_with_env.sh "${{ inputs.network }}" - # Source for CLUSTER (prefers YAML loader, falls back to legacy .env). source "./scripts/source_env_basic.sh" source_env_basic "${{ inputs.network }}" diff --git a/spartan/scripts/apply_derived.py b/spartan/scripts/apply_derived.py deleted file mode 100755 index 7ef3b151820a..000000000000 --- a/spartan/scripts/apply_derived.py +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env python3 -"""Apply derived computations after merging network config. - -Replicates bash logic that previously lived inside .env files (e.g. devnet.env's -MNEMONIC_INDEX_OFFSET computed from NAMESPACE regex). - -Reads JSON on stdin, writes JSON on stdout. -""" -import json -import re -import sys - - -def main(): - data = json.load(sys.stdin) - env = data.setdefault("env", {}) - deploy = data.setdefault("deploy", {}) - - # devnet: namespace pattern v-devnet- picks a non-conflicting - # mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 - # do not collide on nonces. - namespace = str(deploy.get("NAMESPACE", "") or env.get("NAMESPACE", "")) - m = re.match(r"^v(\d+)-devnet-(\d+)$", namespace) - if m: - major = int(m.group(1)) - iteration = int(m.group(2)) - offset = major * 100000 + (iteration - 1) * 10000 - elif "MNEMONIC_INDEX_OFFSET" in env: - offset = int(env["MNEMONIC_INDEX_OFFSET"]) - else: - offset = 0 - env["MNEMONIC_INDEX_OFFSET"] = str(offset) - - # Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These - # live under deploy: because they configure the deploy script (terraform.tfvars - # generation), not pod env. Defaults match deploy_network.sh fallbacks. - # Fail loudly if a per-network YAML accidentally puts these under env: -- the - # shift would silently not apply and concurrent devnets would collide on L1 - # nonces. - def shift(key, default_base): - if key in env: - sys.stderr.write( - f"load_network_config: {key} found under env: -- it must live under deploy:\n" - f" Move it to the deploy: block so MNEMONIC_INDEX_OFFSET is applied.\n" - ) - sys.exit(1) - base = int(deploy.get(key, default_base)) - deploy[key] = str(base + offset) - - shift("VALIDATOR_MNEMONIC_START_INDEX", 1) - shift("VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", 5000) - shift("PROVER_PUBLISHER_MNEMONIC_START_INDEX", 8000) - - json.dump(data, sys.stdout, indent=2) - - -if __name__ == "__main__": - main() diff --git a/spartan/scripts/apply_derived.ts b/spartan/scripts/apply_derived.ts new file mode 100755 index 000000000000..89d63de6e9bc --- /dev/null +++ b/spartan/scripts/apply_derived.ts @@ -0,0 +1,66 @@ +#!/usr/bin/env -S node --experimental-strip-types --no-warnings +/** + * Apply derived computations after merging network config. + * + * Replicates bash logic that previously lived inside .env files (e.g. devnet.env's + * MNEMONIC_INDEX_OFFSET computed from NAMESPACE regex). + * + * Reads JSON on stdin, writes JSON on stdout. + */ + +interface ConfigData { + env: Record; + deploy: Record; + [key: string]: unknown; +} + +function main(data: ConfigData) { + const env = (data.env ??= {}); + const deploy = (data.deploy ??= {}); + + // devnet: namespace pattern v-devnet- picks a non-conflicting + // mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 + // do not collide on nonces. + const namespace = String(deploy.NAMESPACE ?? env.NAMESPACE ?? ""); + const m = namespace.match(/^v(\d+)-devnet-(\d+)$/); + let offset: number; + if (m) { + const major = parseInt(m[1], 10); + const iteration = parseInt(m[2], 10); + offset = major * 100000 + (iteration - 1) * 10000; + } else if ("MNEMONIC_INDEX_OFFSET" in env) { + offset = parseInt(env.MNEMONIC_INDEX_OFFSET, 10); + } else { + offset = 0; + } + env.MNEMONIC_INDEX_OFFSET = String(offset); + + // Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These + // live under deploy: because they configure the deploy script (terraform.tfvars + // generation), not pod env. + function shift(key: string, defaultBase: number) { + if (key in env) { + process.stderr.write( + `load_network_config: ${key} found under env: -- it must live under deploy:\n` + + ` Move it to the deploy: block so MNEMONIC_INDEX_OFFSET is applied.\n`, + ); + process.exit(1); + } + const base = parseInt(deploy[key] ?? String(defaultBase), 10); + deploy[key] = String(base + offset); + } + + shift("VALIDATOR_MNEMONIC_START_INDEX", 1); + shift("VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", 5000); + shift("PROVER_PUBLISHER_MNEMONIC_START_INDEX", 8000); + + return data; +} + +let input = ""; +process.stdin.setEncoding("utf8"); +process.stdin.on("data", (chunk: string) => (input += chunk)); +process.stdin.on("end", () => { + const data = JSON.parse(input) as ConfigData; + process.stdout.write(JSON.stringify(main(data), null, 2)); +}); diff --git a/spartan/scripts/expand_placeholders.py b/spartan/scripts/expand_placeholders.py deleted file mode 100755 index 25517282dde7..000000000000 --- a/spartan/scripts/expand_placeholders.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env python3 -"""Expand ${VAR} and ${VAR:-default} placeholders in string values. - -Reads JSON on stdin, writes JSON on stdout. Used by load_network_config.sh -to substitute current shell environment into merged YAML values. -""" -import json -import os -import re -import sys - -PATTERN = re.compile(r"\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}") - - -def expand(value): - if isinstance(value, str): - return PATTERN.sub(lambda m: os.environ.get(m.group(1), m.group(2) or ""), value) - if isinstance(value, dict): - return {k: expand(v) for k, v in value.items()} - if isinstance(value, list): - return [expand(v) for v in value] - return value - - -def main(): - data = json.load(sys.stdin) - json.dump(expand(data), sys.stdout, indent=2) - - -if __name__ == "__main__": - main() diff --git a/spartan/scripts/expand_placeholders.ts b/spartan/scripts/expand_placeholders.ts new file mode 100755 index 000000000000..e086db04d8fb --- /dev/null +++ b/spartan/scripts/expand_placeholders.ts @@ -0,0 +1,35 @@ +#!/usr/bin/env -S node --experimental-strip-types --no-warnings +/** + * Expand ${VAR} and ${VAR:-default} placeholders in string values. + * + * Reads JSON on stdin, writes JSON on stdout. Used by load_network_config.sh + * to substitute current shell environment into merged YAML values. + */ + +const PATTERN = /\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}/g; + +function expand(value: unknown): unknown { + if (typeof value === "string") { + return value.replace( + PATTERN, + (_, name, fallback) => process.env[name] ?? fallback ?? "", + ); + } + if (Array.isArray(value)) { + return value.map(expand); + } + if (value !== null && typeof value === "object") { + return Object.fromEntries( + Object.entries(value).map(([k, v]) => [k, expand(v)]), + ); + } + return value; +} + +let input = ""; +process.stdin.setEncoding("utf8"); +process.stdin.on("data", (chunk: string) => (input += chunk)); +process.stdin.on("end", () => { + const data = JSON.parse(input); + process.stdout.write(JSON.stringify(expand(data), null, 2)); +}); diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index 34b9e58894c4..aa162d5a9aa3 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -44,12 +44,12 @@ merge_to_json() { yq eval-all --output-format=json '. as $item ireduce ({}; . *+ $item)' "$@" } -# JSON tree transforms live in sibling .py files; each reads JSON on stdin and -# writes JSON on stdout. See expand_placeholders.py, apply_derived.py, -# resolve_secrets.py for details. -expand_placeholders() { python3 "$script_dir/expand_placeholders.py"; } -apply_derived() { python3 "$script_dir/apply_derived.py"; } -resolve_secrets() { python3 "$script_dir/resolve_secrets.py"; } +# JSON tree transforms live in sibling .ts files; each reads JSON on stdin and +# writes JSON on stdout. See expand_placeholders.ts, apply_derived.ts, +# resolve_secrets.ts for details. +expand_placeholders() { "$script_dir/expand_placeholders.ts"; } +apply_derived() { "$script_dir/apply_derived.ts"; } +resolve_secrets() { "$script_dir/resolve_secrets.ts"; } # Strip leading underscore-prefixed keys (anchors-only keys like _defaults, _shared_image) # from a JSON object. Operates at the top level only. diff --git a/spartan/scripts/resolve_secrets.py b/spartan/scripts/resolve_secrets.py deleted file mode 100755 index f1090e329159..000000000000 --- a/spartan/scripts/resolve_secrets.py +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/env python3 -"""Resolve REPLACE_WITH_GCP_SECRET placeholders by calling gcloud. - -Reads JSON on stdin, writes JSON on stdout. Mask commands and any diagnostic -output go to stderr (must NOT pollute the JSON stdout or downstream jq pipelines -fail with "parse error"). Skipped if `gcloud` is not on PATH. -""" -import json -import os -import shutil -import subprocess -import sys - -PLACEHOLDER = "REPLACE_WITH_GCP_SECRET" - -# JSON-array secrets are unwrapped before masking so each element is masked -# individually (matching setup_gcp_secrets.sh behavior). Otherwise GHA may -# refuse to mask the raw `["url1","url2"]` form. -JSON_ARRAY_SECRETS = { - "ETHEREUM_RPC_URLS", - "ETHEREUM_CONSENSUS_HOST_URLS", - "ETHEREUM_CONSENSUS_HOST_API_KEYS", - "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS", -} - - -# Same secret name mapping as the (legacy) setup_gcp_secrets.sh, kept in sync. -def secret_name_for(env_var, env, deploy): - l1_network = env.get("L1_NETWORK") or deploy.get("L1_NETWORK") or "sepolia" - network = env.get("NETWORK") or deploy.get("NETWORK") or "" - custom_mnemonic = deploy.get("LABS_INFRA_MNEMONIC_SECRET_NAME") or env.get("LABS_INFRA_MNEMONIC_SECRET_NAME") - mnemonic_secret = custom_mnemonic if custom_mnemonic else f"{l1_network}-labs-{network}-mnemonic" - mapping = { - "ETHEREUM_RPC_URLS": f"{l1_network}-rpc-urls", - "ETHEREUM_CONSENSUS_HOST_URLS": f"{l1_network}-consensus-host-urls", - "ETHEREUM_CONSENSUS_HOST_API_KEYS": f"{l1_network}-consensus-host-api-keys", - "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS": f"{l1_network}-consensus-host-api-key-headers", - "FUNDING_PRIVATE_KEY": f"{l1_network}-funding-private-key", - "ROLLUP_DEPLOYMENT_PRIVATE_KEY": f"{l1_network}-labs-rollup-private-key", - "OTEL_COLLECTOR_ENDPOINT": "otel-collector-url", - "ETHERSCAN_API_KEY": "etherscan-api-key", - "LABS_INFRA_MNEMONIC": mnemonic_secret, - "STORE_SNAPSHOT_URL": "r2-account-id", - "AWS_ACCESS_KEY_ID": "r2-access-key-id", - "AWS_SECRET_ACCESS_KEY": "r2-secret-access-key", - } - return mapping.get(env_var) - - -def emit_mask(value): - """Emit ::add-mask:: workflow command(s) on stderr (never stdout).""" - if not value: - return - # Split JSON-array values into elements before masking. - if value.startswith("[") and value.endswith("]"): - try: - for element in json.loads(value): - if element: - sys.stderr.write(f"::add-mask::{element}\n") - return - except json.JSONDecodeError: - pass - sys.stderr.write(f"::add-mask::{value}\n") - - -_secret_cache = {} - - -def fetch(secret_name, project_id): - if not project_id: - sys.stderr.write(f"resolve_secrets: GCP_PROJECT_ID not set; cannot fetch {secret_name}\n") - return None - if secret_name in _secret_cache: - return _secret_cache[secret_name] - try: - result = subprocess.run( - ["gcloud", "secrets", "versions", "access", "latest", - "--secret", secret_name, "--project", project_id], - capture_output=True, text=True, check=True, - ) - value = result.stdout.strip() - emit_mask(value) - _secret_cache[secret_name] = value - return value - except subprocess.CalledProcessError as e: - sys.stderr.write(f"resolve_secrets: failed to read {secret_name}: {e.stderr}\n") - _secret_cache[secret_name] = None - return None - - -def main(): - data = json.load(sys.stdin) - env = data.get("env", {}) - deploy = data.get("deploy", {}) - project_id = deploy.get("GCP_PROJECT_ID") or os.environ.get("GCP_PROJECT_ID", "") - - if not shutil.which("gcloud"): - json.dump(data, sys.stdout, indent=2) - return - - # Resolve REPLACE_WITH_GCP_SECRET placeholders in env: block. - for key, val in list(env.items()): - if not isinstance(val, str) or PLACEHOLDER not in val: - continue - secret_name = secret_name_for(key, env, deploy) - if not secret_name: - sys.stderr.write(f"resolve_secrets: no secret mapping for {key}; leaving as placeholder\n") - continue - fetched = fetch(secret_name, project_id) - if fetched is None: - continue - env[key] = fetched if val == PLACEHOLDER else val.replace(PLACEHOLDER, fetched) - - # Construct R2-backed URLs from r2-account-id + bucket directory inputs. - # Mirrors setup_gcp_secrets.sh: each *_BUCKET_DIRECTORY var (in deploy: or env:) - # becomes a fully-formed S3-compatible URL. - def get_input(name): - return deploy.get(name) or env.get(name) or "" - - snapshot_dir = get_input("SNAPSHOT_BUCKET_DIRECTORY") - blob_dir = get_input("BLOB_BUCKET_DIRECTORY") - tx_dir = get_input("TX_FILE_STORE_BUCKET_DIRECTORY") - - if snapshot_dir or blob_dir or tx_dir: - r2 = fetch("r2-account-id", project_id) - if r2: - if snapshot_dir: - env["STORE_SNAPSHOT_URL"] = ( - f"s3://testnet-bucket/{snapshot_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" - f"&publicBaseUrl=https://aztec-labs-snapshots.com" - ) - if blob_dir: - env["BLOB_FILE_STORE_UPLOAD_URL"] = ( - f"s3://testnet-bucket/{blob_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" - ) - if tx_dir: - env["TX_FILE_STORE_URL"] = ( - f"s3://testnet-bucket/{tx_dir}/?endpoint=https://{r2}.r2.cloudflarestorage.com" - ) - - json.dump(data, sys.stdout, indent=2) - - -if __name__ == "__main__": - main() diff --git a/spartan/scripts/resolve_secrets.ts b/spartan/scripts/resolve_secrets.ts new file mode 100755 index 000000000000..70dc2bbe0228 --- /dev/null +++ b/spartan/scripts/resolve_secrets.ts @@ -0,0 +1,181 @@ +#!/usr/bin/env -S node --experimental-strip-types --no-warnings +/** + * Resolve REPLACE_WITH_GCP_SECRET placeholders by calling gcloud. + * + * Reads JSON on stdin, writes JSON on stdout. Mask commands and any diagnostic + * output go to stderr (must NOT pollute the JSON stdout or downstream jq pipelines + * fail with "parse error"). Skipped if `gcloud` is not on PATH. + */ + +import { execFileSync } from "node:child_process"; +import { execSync } from "node:child_process"; + +const PLACEHOLDER = "REPLACE_WITH_GCP_SECRET"; + +const JSON_ARRAY_SECRETS = new Set([ + "ETHEREUM_RPC_URLS", + "ETHEREUM_CONSENSUS_HOST_URLS", + "ETHEREUM_CONSENSUS_HOST_API_KEYS", + "ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS", +]); + +function secretNameFor( + envVar: string, + env: Record, + deploy: Record, +): string | undefined { + const l1Network = env.L1_NETWORK || deploy.L1_NETWORK || "sepolia"; + const network = env.NETWORK || deploy.NETWORK || ""; + const customMnemonic = + deploy.LABS_INFRA_MNEMONIC_SECRET_NAME || + env.LABS_INFRA_MNEMONIC_SECRET_NAME; + const mnemonicSecret = + customMnemonic || `${l1Network}-labs-${network}-mnemonic`; + + const mapping: Record = { + ETHEREUM_RPC_URLS: `${l1Network}-rpc-urls`, + ETHEREUM_CONSENSUS_HOST_URLS: `${l1Network}-consensus-host-urls`, + ETHEREUM_CONSENSUS_HOST_API_KEYS: `${l1Network}-consensus-host-api-keys`, + ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS: `${l1Network}-consensus-host-api-key-headers`, + FUNDING_PRIVATE_KEY: `${l1Network}-funding-private-key`, + ROLLUP_DEPLOYMENT_PRIVATE_KEY: `${l1Network}-labs-rollup-private-key`, + OTEL_COLLECTOR_ENDPOINT: "otel-collector-url", + ETHERSCAN_API_KEY: "etherscan-api-key", + LABS_INFRA_MNEMONIC: mnemonicSecret, + STORE_SNAPSHOT_URL: "r2-account-id", + AWS_ACCESS_KEY_ID: "r2-access-key-id", + AWS_SECRET_ACCESS_KEY: "r2-secret-access-key", + }; + + return mapping[envVar]; +} + +function emitMask(value: string) { + if (!value) return; + if (value.startsWith("[") && value.endsWith("]")) { + try { + for (const element of JSON.parse(value)) { + if (element) process.stderr.write(`::add-mask::${element}\n`); + } + return; + } catch { + // not valid JSON array, mask the whole thing + } + } + process.stderr.write(`::add-mask::${value}\n`); +} + +const secretCache = new Map(); + +function fetch(secretName: string, projectId: string): string | undefined { + if (!projectId) { + process.stderr.write( + `resolve_secrets: GCP_PROJECT_ID not set; cannot fetch ${secretName}\n`, + ); + return undefined; + } + if (secretCache.has(secretName)) { + return secretCache.get(secretName); + } + try { + const result = execFileSync( + "gcloud", + [ + "secrets", + "versions", + "access", + "latest", + "--secret", + secretName, + "--project", + projectId, + ], + { encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }, + ).trim(); + emitMask(result); + secretCache.set(secretName, result); + return result; + } catch (err: any) { + process.stderr.write( + `resolve_secrets: failed to read ${secretName}: ${err.stderr ?? err.message}\n`, + ); + secretCache.set(secretName, undefined); + return undefined; + } +} + +function hasGcloud(): boolean { + try { + execSync("which gcloud", { stdio: "pipe" }); + return true; + } catch { + return false; + } +} + +interface ConfigData { + env: Record; + deploy: Record; + [key: string]: unknown; +} + +function main(data: ConfigData) { + const env = data.env ?? {}; + const deploy = data.deploy ?? {}; + const projectId = deploy.GCP_PROJECT_ID || process.env.GCP_PROJECT_ID || ""; + + if (!hasGcloud()) { + process.stdout.write(JSON.stringify(data, null, 2)); + return; + } + + // Resolve REPLACE_WITH_GCP_SECRET placeholders in env: block. + for (const [key, val] of Object.entries(env)) { + if (typeof val !== "string" || !val.includes(PLACEHOLDER)) continue; + const secretName = secretNameFor(key, env, deploy); + if (!secretName) { + process.stderr.write( + `resolve_secrets: no secret mapping for ${key}; leaving as placeholder\n`, + ); + continue; + } + const fetched = fetch(secretName, projectId); + if (fetched === undefined) continue; + env[key] = + val === PLACEHOLDER ? fetched : val.replace(PLACEHOLDER, fetched); + } + + // Construct R2-backed URLs from r2-account-id + bucket directory inputs. + const getInput = (name: string) => deploy[name] || env[name] || ""; + + const snapshotDir = getInput("SNAPSHOT_BUCKET_DIRECTORY"); + const blobDir = getInput("BLOB_BUCKET_DIRECTORY"); + const txDir = getInput("TX_FILE_STORE_BUCKET_DIRECTORY"); + + if (snapshotDir || blobDir || txDir) { + const r2 = fetch("r2-account-id", projectId); + if (r2) { + if (snapshotDir) { + env.STORE_SNAPSHOT_URL = + `s3://testnet-bucket/${snapshotDir}/?endpoint=https://${r2}.r2.cloudflarestorage.com` + + `&publicBaseUrl=https://aztec-labs-snapshots.com`; + } + if (blobDir) { + env.BLOB_FILE_STORE_UPLOAD_URL = `s3://testnet-bucket/${blobDir}/?endpoint=https://${r2}.r2.cloudflarestorage.com`; + } + if (txDir) { + env.TX_FILE_STORE_URL = `s3://testnet-bucket/${txDir}/?endpoint=https://${r2}.r2.cloudflarestorage.com`; + } + } + } + + process.stdout.write(JSON.stringify(data, null, 2)); +} + +let input = ""; +process.stdin.setEncoding("utf8"); +process.stdin.on("data", (chunk: string) => (input += chunk)); +process.stdin.on("end", () => { + const data = JSON.parse(input) as ConfigData; + main(data); +}); From 9ddf18e4f7000b87f748cb4e7fa429e01d5d02fa Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 13 May 2026 16:30:44 +0000 Subject: [PATCH 32/34] refactor(spartan): replace Python config scripts with TS, env spread override model - Replace expand_placeholders.py, apply_derived.py, resolve_secrets.py with TS equivalents - Remove \${VAR:-default} placeholder syntax from all network YAMLs; values are now plain literals - Add env spread in apply_derived.ts: shell env wins for any key in deploy:/env: blocks - Add derived: YAML sections for computed values (devnet ingress/bucket paths, TX collection URLs) - apply_derived.ts is now generic -- no network-specific logic hardcoded in TS --- spartan/environments/networks/alpha-net.yml | 4 +- .../environments/networks/block-capacity.yml | 2 +- spartan/environments/networks/devnet.yml | 86 +++++++++--------- .../networks/five-tps-long-epoch.yml | 4 +- .../networks/five-tps-short-epoch.yml | 4 +- .../environments/networks/kind-minimal.yml | 5 +- .../environments/networks/kind-provers.yml | 2 +- spartan/environments/networks/mainnet.yml | 19 ++-- spartan/environments/networks/mbps-net.yml | 2 +- .../environments/networks/next-net-clone.yml | 2 +- spartan/environments/networks/next-net.yml | 11 ++- .../environments/networks/next-scenario.yml | 2 +- .../networks/prove-n-tps-fake.yml | 2 +- .../networks/prove-n-tps-real.yml | 2 +- .../environments/networks/scenario.local.yml | 54 ++++++------ .../networks/staging-ignition.yml | 8 +- .../environments/networks/staging-public.yml | 15 ++-- .../environments/networks/staging.local.yml | 2 +- .../networks/ten-tps-long-epoch.yml | 4 +- .../networks/ten-tps-short-epoch.yml | 4 +- spartan/environments/networks/testnet.yml | 17 ++-- .../environments/networks/tps-scenario.yml | 2 +- spartan/scripts/apply_derived.ts | 87 +++++++++++++++++-- spartan/scripts/expand_placeholders.ts | 35 -------- spartan/scripts/load_network_config.sh | 13 +-- 25 files changed, 218 insertions(+), 170 deletions(-) delete mode 100755 spartan/scripts/expand_placeholders.ts diff --git a/spartan/environments/networks/alpha-net.yml b/spartan/environments/networks/alpha-net.yml index b90319b3ce53..7c5d0fd015c9 100644 --- a/spartan/environments/networks/alpha-net.yml +++ b/spartan/environments/networks/alpha-net.yml @@ -1,10 +1,10 @@ deploy: - NAMESPACE: "${NAMESPACE:-alpha-net}" + NAMESPACE: "alpha-net" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" DESTROY_NAMESPACE: "true" DESTROY_ETH_DEVNET: "true" - CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + CREATE_ETH_DEVNET: "true" ETHEREUM_CHAIN_ID: "1337" CHAOS_MESH_SCENARIOS_FILE: "network-requirements.yaml" CREATE_ROLLUP_CONTRACTS: "true" diff --git a/spartan/environments/networks/block-capacity.yml b/spartan/environments/networks/block-capacity.yml index 08f28e78c8ee..4b404d030b13 100644 --- a/spartan/environments/networks/block-capacity.yml +++ b/spartan/environments/networks/block-capacity.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-block-capacity}" + NAMESPACE: "block-capacity" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" CREATE_ETH_DEVNET: "true" diff --git a/spartan/environments/networks/devnet.yml b/spartan/environments/networks/devnet.yml index 82b49509a5ff..0332c0b25d70 100644 --- a/spartan/environments/networks/devnet.yml +++ b/spartan/environments/networks/devnet.yml @@ -8,37 +8,30 @@ deploy: GCP_REGION: us-west1-a CLUSTER: aztec-gke-private NETWORK: devnet - NAMESPACE: ${NAMESPACE:-devnet} - CREATE_ETH_DEVNET: 'false' - ETHEREUM_CHAIN_ID: '11155111' + NAMESPACE: devnet + CREATE_ETH_DEVNET: "false" + ETHEREUM_CHAIN_ID: "11155111" LABS_INFRA_MNEMONIC_SECRET_NAME: sepolia-labs-devnet-mnemonic - SNAPSHOT_BUCKET_DIRECTORY: ${SNAPSHOT_BUCKET_DIRECTORY:-devnet/$NAMESPACE/snapshots} - BLOB_BUCKET_DIRECTORY: ${BLOB_BUCKET_DIRECTORY:-devnet/$NAMESPACE/blobs} - VERIFY_CONTRACTS: 'false' - CREATE_ROLLUP_CONTRACTS: ${CREATE_ROLLUP_CONTRACTS:-false} - USE_NETWORK_CONFIG: ${USE_NETWORK_CONFIG:-false} + VERIFY_CONTRACTS: "false" + CREATE_ROLLUP_CONTRACTS: "false" + USE_NETWORK_CONFIG: "false" PROVER_RESOURCE_PROFILE: dev - RPC_INGRESS_ENABLED: 'true' - RPC_INGRESS_HOSTS: - - '${NAMESPACE}.aztec-labs.com' - RPC_INGRESS_STATIC_IP_NAME: '${NAMESPACE}-rpc-ip' - RPC_INGRESS_SSL_CERT_NAMES: - - '${NAMESPACE}-rpc-cert' - DEPLOY_INTERNAL_BOOTNODE: 'false' + RPC_INGRESS_ENABLED: "true" + DEPLOY_INTERNAL_BOOTNODE: "false" # Mnemonic-index bases (loader adds MNEMONIC_INDEX_OFFSET via apply_derived). - VALIDATOR_MNEMONIC_START_INDEX: '1' - VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: '5000' - PROVER_PUBLISHER_MNEMONIC_START_INDEX: '8000' + VALIDATOR_MNEMONIC_START_INDEX: "1" + VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX: "5000" + PROVER_PUBLISHER_MNEMONIC_START_INDEX: "8000" # Counts consumed by deploy_network.sh / Terraform fan-out. - VALIDATOR_REPLICAS: '1' - VALIDATORS_PER_NODE: '1' - VALIDATOR_PUBLISHERS_PER_REPLICA: '8' - PROVER_REPLICAS: '1' - PROVER_AGENTS_PER_PROVER: '4' - PUBLISHERS_PER_PROVER: '1' - BOT_TRANSFERS_REPLICAS: '0' - BOT_SWAPS_REPLICAS: '0' - REAL_VERIFIER: 'false' + VALIDATOR_REPLICAS: "1" + VALIDATORS_PER_NODE: "1" + VALIDATOR_PUBLISHERS_PER_REPLICA: "8" + PROVER_REPLICAS: "1" + PROVER_AGENTS_PER_PROVER: "4" + PUBLISHERS_PER_PROVER: "1" + BOT_TRANSFERS_REPLICAS: "0" + BOT_SWAPS_REPLICAS: "0" + REAL_VERIFIER: "false" env: # Secrets resolved by the loader via gcloud (see scripts/load_network_config.sh). @@ -53,17 +46,28 @@ env: AWS_ACCESS_KEY_ID: REPLACE_WITH_GCP_SECRET AWS_SECRET_ACCESS_KEY: REPLACE_WITH_GCP_SECRET # Devnet-specific overrides on top of network-defaults.yml's networks.devnet.env baseline. - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '1' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '1' - AZTEC_SLOT_DURATION: '36' - AZTEC_EPOCH_DURATION: '8' - AZTEC_TARGET_COMMITTEE_SIZE: '1' - TEST_ACCOUNTS: 'false' - SPONSORED_FPC: 'false' - FLUSH_ENTRY_QUEUE: 'true' - SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: '12' - SEQ_BLOCK_DURATION_MS: '6000' - SEQ_MIN_TX_PER_BLOCK: '1' - SEQ_MAX_TX_PER_BLOCK: '32' - DEBUG_FORCE_TX_PROOF_VERIFICATION: 'true' - WS_NUM_HISTORIC_CHECKPOINTS: '300' + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "1" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "1" + AZTEC_SLOT_DURATION: "36" + AZTEC_EPOCH_DURATION: "8" + AZTEC_TARGET_COMMITTEE_SIZE: "1" + TEST_ACCOUNTS: "false" + SPONSORED_FPC: "false" + FLUSH_ENTRY_QUEUE: "true" + SEQ_L1_PUBLISHING_TIME_ALLOWANCE_IN_SLOT: "12" + SEQ_BLOCK_DURATION_MS: "6000" + SEQ_MIN_TX_PER_BLOCK: "1" + SEQ_MAX_TX_PER_BLOCK: "32" + DEBUG_FORCE_TX_PROOF_VERIFICATION: "true" + WS_NUM_HISTORIC_CHECKPOINTS: "300" + +# Values derived from other resolved keys after env spread. See scripts/apply_derived.ts. +derived: + deploy: + SNAPSHOT_BUCKET_DIRECTORY: "devnet/${NAMESPACE}/snapshots" + BLOB_BUCKET_DIRECTORY: "devnet/${NAMESPACE}/blobs" + RPC_INGRESS_HOSTS: + - "${NAMESPACE}.aztec-labs.com" + RPC_INGRESS_STATIC_IP_NAME: "${NAMESPACE}-rpc-ip" + RPC_INGRESS_SSL_CERT_NAMES: + - "${NAMESPACE}-rpc-cert" diff --git a/spartan/environments/networks/five-tps-long-epoch.yml b/spartan/environments/networks/five-tps-long-epoch.yml index b1bde212d012..943d541516f1 100644 --- a/spartan/environments/networks/five-tps-long-epoch.yml +++ b/spartan/environments/networks/five-tps-long-epoch.yml @@ -1,10 +1,10 @@ deploy: - NAMESPACE: "${NAMESPACE:-five-tps}" + NAMESPACE: "five-tps" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" DESTROY_NAMESPACE: "true" DESTROY_ETH_DEVNET: "true" - CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + CREATE_ETH_DEVNET: "true" ETHEREUM_CHAIN_ID: "1337" CREATE_ROLLUP_CONTRACTS: "true" VERIFY_CONTRACTS: "false" diff --git a/spartan/environments/networks/five-tps-short-epoch.yml b/spartan/environments/networks/five-tps-short-epoch.yml index 626bc55d03d3..83e9fde57e04 100644 --- a/spartan/environments/networks/five-tps-short-epoch.yml +++ b/spartan/environments/networks/five-tps-short-epoch.yml @@ -1,10 +1,10 @@ deploy: - NAMESPACE: "${NAMESPACE:-five-tps}" + NAMESPACE: "five-tps" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" DESTROY_NAMESPACE: "true" DESTROY_ETH_DEVNET: "true" - CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + CREATE_ETH_DEVNET: "true" ETHEREUM_CHAIN_ID: "1337" CREATE_ROLLUP_CONTRACTS: "true" VERIFY_CONTRACTS: "false" diff --git a/spartan/environments/networks/kind-minimal.yml b/spartan/environments/networks/kind-minimal.yml index 7d0fea596884..cfb1743d16b2 100644 --- a/spartan/environments/networks/kind-minimal.yml +++ b/spartan/environments/networks/kind-minimal.yml @@ -5,7 +5,7 @@ # No `network:` baseline -- KIND uses local L1 (chain id 1337), not a public preset. deploy: - NAMESPACE: ${NAMESPACE:-kind} + NAMESPACE: kind CLUSTER: kind CREATE_ETH_DEVNET: true CREATE_ROLLUP_CONTRACTS: true @@ -46,11 +46,10 @@ env: OTEL_COLLECTOR_ENDPOINT: "http://metrics-opentelemetry-collector.metrics:4318" -# Image: AZTEC_DOCKER_IMAGE may be pre-set by CI; loader resolves ${VAR} placeholders shared: image: repository: aztecprotocol/aztec - tag: ${AZTEC_DOCKER_IMAGE_TAG:-latest} + tag: latest # Validators - minimal setup for upgrade test validator: diff --git a/spartan/environments/networks/kind-provers.yml b/spartan/environments/networks/kind-provers.yml index 25f959d98c5f..a41474320fb2 100644 --- a/spartan/environments/networks/kind-provers.yml +++ b/spartan/environments/networks/kind-provers.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-kind}" + NAMESPACE: "kind" CLUSTER: "kind" CREATE_ETH_DEVNET: "true" CREATE_ROLLUP_CONTRACTS: "true" diff --git a/spartan/environments/networks/mainnet.yml b/spartan/environments/networks/mainnet.yml index 078e8d0db858..4e226a166197 100644 --- a/spartan/environments/networks/mainnet.yml +++ b/spartan/environments/networks/mainnet.yml @@ -2,22 +2,22 @@ network: mainnet deploy: - NETWORK: "${NETWORK:-mainnet}" - L1_NETWORK: "${L1_NETWORK:-mainnet}" - ETHEREUM_CHAIN_ID: "${ETHEREUM_CHAIN_ID:-1}" + NETWORK: "mainnet" + L1_NETWORK: "mainnet" + ETHEREUM_CHAIN_ID: "1" GCP_REGION: "us-west1-a" CLUSTER: "aztec-gke-public" - NAMESPACE: "${NAMESPACE:-mainnet}" + NAMESPACE: "mainnet" CREATE_ROLLUP_CONTRACTS: "false" VERIFY_CONTRACTS: "false" RPC_RESOURCE_PROFILE: "mainnet" BLOB_SINK_RESOURCE_PROFILE: "mainnet" PROVER_RESOURCE_PROFILE: "mainnet" USE_NETWORK_CONFIG: "true" - SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-mainnet}" - BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-mainnet/blobs}" + SNAPSHOT_BUCKET_DIRECTORY: "mainnet" + BLOB_BUCKET_DIRECTORY: "mainnet/blobs" TX_FILE_STORE_ENABLED: "true" - TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-mainnet/txs}" + TX_FILE_STORE_BUCKET_DIRECTORY: "mainnet/txs" DEPLOY_INTERNAL_BOOTNODE: "false" VALIDATOR_REPLICAS: "0" RPC_REPLICAS: "1" @@ -40,6 +40,9 @@ env: FUNDING_PRIVATE_KEY: "" ROLLUP_DEPLOYMENT_PRIVATE_KEY: "" BLOB_FILE_STORE_URLS: "," - TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" + +derived: + env: + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" diff --git a/spartan/environments/networks/mbps-net.yml b/spartan/environments/networks/mbps-net.yml index ab787d7bb29a..610a8832d490 100644 --- a/spartan/environments/networks/mbps-net.yml +++ b/spartan/environments/networks/mbps-net.yml @@ -8,7 +8,7 @@ deploy: ETHEREUM_CHAIN_ID: "11155111" VERIFY_CONTRACTS: "false" STORE_SNAPSHOT_URL: "" - BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-next-net/blobs}" + BLOB_BUCKET_DIRECTORY: "next-net/blobs" VALIDATOR_RESOURCE_PROFILE: "prod-spot" DEPLOY_INTERNAL_BOOTNODE: "true" VALIDATOR_REPLICAS: "4" diff --git a/spartan/environments/networks/next-net-clone.yml b/spartan/environments/networks/next-net-clone.yml index 91d8e857f716..65e17debf4a8 100644 --- a/spartan/environments/networks/next-net-clone.yml +++ b/spartan/environments/networks/next-net-clone.yml @@ -3,7 +3,7 @@ deploy: GCP_REGION: "us-west1-a" CLUSTER: "aztec-gke-private" NETWORK: "next-net" - NAMESPACE: "${NAMESPACE:-next-net-clone}" + NAMESPACE: "next-net-clone" DESTROY_NAMESPACE: "true" ETHEREUM_CHAIN_ID: "11155111" VERIFY_CONTRACTS: "false" diff --git a/spartan/environments/networks/next-net.yml b/spartan/environments/networks/next-net.yml index ffef4effb8ab..583d40e7b7d4 100644 --- a/spartan/environments/networks/next-net.yml +++ b/spartan/environments/networks/next-net.yml @@ -3,14 +3,14 @@ deploy: GCP_REGION: "us-west1-a" CLUSTER: "aztec-gke-private" NETWORK: "next-net" - NAMESPACE: "${NAMESPACE:-next-net}" + NAMESPACE: "next-net" DESTROY_NAMESPACE: "true" ETHEREUM_CHAIN_ID: "11155111" VERIFY_CONTRACTS: "false" STORE_SNAPSHOT_URL: "" - BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-next-net/blobs}" + BLOB_BUCKET_DIRECTORY: "next-net/blobs" TX_FILE_STORE_ENABLED: "true" - TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-next-net/txs}" + TX_FILE_STORE_BUCKET_DIRECTORY: "next-net/txs" CREATE_ROLLUP_CONTRACTS: "true" RPC_INGRESS_ENABLED: "true" RPC_INGRESS_HOSTS: @@ -41,7 +41,6 @@ env: OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" BLOB_FILE_STORE_URLS: "," - TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/next-net/failed-proofs" @@ -75,3 +74,7 @@ bot_swaps: env: BOT_TX_INTERVAL_SECONDS: "350" BOT_FOLLOW_CHAIN: "PENDING" + +derived: + env: + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" diff --git a/spartan/environments/networks/next-scenario.yml b/spartan/environments/networks/next-scenario.yml index 3cbff6b53108..2267ecd5582e 100644 --- a/spartan/environments/networks/next-scenario.yml +++ b/spartan/environments/networks/next-scenario.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-scenario}" + NAMESPACE: "scenario" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" DESTROY_NAMESPACE: "true" diff --git a/spartan/environments/networks/prove-n-tps-fake.yml b/spartan/environments/networks/prove-n-tps-fake.yml index f6449795801f..c1a8ba438058 100644 --- a/spartan/environments/networks/prove-n-tps-fake.yml +++ b/spartan/environments/networks/prove-n-tps-fake.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-prove-n-tps-fake}" + NAMESPACE: "prove-n-tps-fake" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" CREATE_ETH_DEVNET: "true" diff --git a/spartan/environments/networks/prove-n-tps-real.yml b/spartan/environments/networks/prove-n-tps-real.yml index 12dc76855f37..5ae34da1f486 100644 --- a/spartan/environments/networks/prove-n-tps-real.yml +++ b/spartan/environments/networks/prove-n-tps-real.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-prove-n-tps-real}" + NAMESPACE: "prove-n-tps-real" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" CREATE_ETH_DEVNET: "true" diff --git a/spartan/environments/networks/scenario.local.yml b/spartan/environments/networks/scenario.local.yml index 46c6267579d1..bcba8d860161 100644 --- a/spartan/environments/networks/scenario.local.yml +++ b/spartan/environments/networks/scenario.local.yml @@ -1,30 +1,30 @@ deploy: - NAMESPACE: '${NAMESPACE:-scenario}' - CLUSTER: 'kind' - CREATE_ETH_DEVNET: 'true' + NAMESPACE: "scenario" + CLUSTER: "kind" + CREATE_ETH_DEVNET: "true" env: - LABS_INFRA_MNEMONIC: 'test test test test test test test test test test test junk' - L1_ACCOUNT_MNEMONIC: 'test test test test test test test test test test test junk' - FUNDING_PRIVATE_KEY: '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80' - REAL_VERIFIER: 'false' - SENTINEL_ENABLED: 'true' - AZTEC_EPOCH_DURATION: '4' - AZTEC_SLOT_DURATION: '24' - AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: '2' - AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: '1' - AZTEC_SLASHING_OFFSET_IN_ROUNDS: '1' - AZTEC_ACTIVATION_THRESHOLD: '100000000000000000000' - AZTEC_EJECTION_THRESHOLD: '50000000000000000000' - AZTEC_LOCAL_EJECTION_THRESHOLD: '95000000000000000000' - AZTEC_SLASH_AMOUNT_SMALL: '5000000000000000000' - AZTEC_SLASH_AMOUNT_MEDIUM: '10000000000000000000' - AZTEC_SLASH_AMOUNT_LARGE: '15000000000000000000' - AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: '2' - AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: '2' - SPONSORED_FPC: 'true' - AWS_ACCESS_KEY_ID: '' - AWS_SECRET_ACCESS_KEY: '' - AZTEC_GOVERNANCE_PROPOSER_QUORUM: '11' - AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: '20' - OTEL_COLLECTOR_ENDPOINT: 'http://metrics-opentelemetry-collector.metrics:4318' + LABS_INFRA_MNEMONIC: "test test test test test test test test test test test junk" + L1_ACCOUNT_MNEMONIC: "test test test test test test test test test test test junk" + FUNDING_PRIVATE_KEY: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" + REAL_VERIFIER: "false" + SENTINEL_ENABLED: "true" + AZTEC_EPOCH_DURATION: "4" + AZTEC_SLOT_DURATION: "24" + AZTEC_SLASHING_ROUND_SIZE_IN_EPOCHS: "2" + AZTEC_SLASHING_EXECUTION_DELAY_IN_ROUNDS: "1" + AZTEC_SLASHING_OFFSET_IN_ROUNDS: "1" + AZTEC_ACTIVATION_THRESHOLD: "100000000000000000000" + AZTEC_EJECTION_THRESHOLD: "50000000000000000000" + AZTEC_LOCAL_EJECTION_THRESHOLD: "95000000000000000000" + AZTEC_SLASH_AMOUNT_SMALL: "5000000000000000000" + AZTEC_SLASH_AMOUNT_MEDIUM: "10000000000000000000" + AZTEC_SLASH_AMOUNT_LARGE: "15000000000000000000" + AZTEC_LAG_IN_EPOCHS_FOR_VALIDATOR_SET: "2" + AZTEC_LAG_IN_EPOCHS_FOR_RANDAO: "2" + SPONSORED_FPC: "true" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + AZTEC_GOVERNANCE_PROPOSER_QUORUM: "11" + AZTEC_GOVERNANCE_PROPOSER_ROUND_SIZE: "20" + OTEL_COLLECTOR_ENDPOINT: "http://metrics-opentelemetry-collector.metrics:4318" diff --git a/spartan/environments/networks/staging-ignition.yml b/spartan/environments/networks/staging-ignition.yml index d1ac14cab736..5bf28ce806fb 100644 --- a/spartan/environments/networks/staging-ignition.yml +++ b/spartan/environments/networks/staging-ignition.yml @@ -2,14 +2,14 @@ deploy: CREATE_ETH_DEVNET: "false" GCP_REGION: "us-west1-a" CLUSTER: "aztec-gke-private" - NAMESPACE: "${NAMESPACE:-staging-ignition}" + NAMESPACE: "staging-ignition" NETWORK: "staging-ignition" ETHEREUM_CHAIN_ID: "11155111" LABS_INFRA_MNEMONIC_SECRET_NAME: "sepolia-labs-staging-ignition-mnemonic" VERIFY_CONTRACTS: "true" - SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-staging-ignition}" - BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-staging-ignition/blobs}" - CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" + SNAPSHOT_BUCKET_DIRECTORY: "staging-ignition" + BLOB_BUCKET_DIRECTORY: "staging-ignition/blobs" + CREATE_ROLLUP_CONTRACTS: "false" USE_NETWORK_CONFIG: "true" DEPLOY_INTERNAL_BOOTNODE: "false" VALIDATOR_REPLICAS: "4" diff --git a/spartan/environments/networks/staging-public.yml b/spartan/environments/networks/staging-public.yml index 87b4de375a3d..b97b69dc3f65 100644 --- a/spartan/environments/networks/staging-public.yml +++ b/spartan/environments/networks/staging-public.yml @@ -3,14 +3,14 @@ deploy: GCP_REGION: "us-west1-a" CLUSTER: "aztec-gke-private" NETWORK: "staging-public" - NAMESPACE: "${NAMESPACE:-staging-public}" + NAMESPACE: "staging-public" ETHEREUM_CHAIN_ID: "11155111" VERIFY_CONTRACTS: "true" - SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-staging-public}" - BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-staging-public/blobs}" + SNAPSHOT_BUCKET_DIRECTORY: "staging-public" + BLOB_BUCKET_DIRECTORY: "staging-public/blobs" TX_FILE_STORE_ENABLED: "true" - TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-staging-public/txs}" - CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" + TX_FILE_STORE_BUCKET_DIRECTORY: "staging-public/txs" + CREATE_ROLLUP_CONTRACTS: "false" VALIDATOR_RESOURCE_PROFILE: "prod-spot" DEPLOY_INTERNAL_BOOTNODE: "true" VALIDATOR_REPLICAS: "2" @@ -37,7 +37,6 @@ env: OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" BLOB_FILE_STORE_URLS: "," - TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" TEST_ACCOUNTS: "false" @@ -75,3 +74,7 @@ bot_cross_chain: env: BOT_TX_INTERVAL_SECONDS: "250" BOT_FOLLOW_CHAIN: "PROPOSED" + +derived: + env: + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" diff --git a/spartan/environments/networks/staging.local.yml b/spartan/environments/networks/staging.local.yml index 65081a0805bd..f0f3c04214d7 100644 --- a/spartan/environments/networks/staging.local.yml +++ b/spartan/environments/networks/staging.local.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-staging}" + NAMESPACE: "staging" CLUSTER: "kind" CREATE_ETH_DEVNET: "false" ETHEREUM_CHAIN_ID: "1337" diff --git a/spartan/environments/networks/ten-tps-long-epoch.yml b/spartan/environments/networks/ten-tps-long-epoch.yml index c0e8d8e89a2f..79668d53104a 100644 --- a/spartan/environments/networks/ten-tps-long-epoch.yml +++ b/spartan/environments/networks/ten-tps-long-epoch.yml @@ -1,10 +1,10 @@ deploy: - NAMESPACE: "${NAMESPACE:-ten-tps}" + NAMESPACE: "ten-tps" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" DESTROY_NAMESPACE: "true" DESTROY_ETH_DEVNET: "true" - CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + CREATE_ETH_DEVNET: "true" ETHEREUM_CHAIN_ID: "1337" CREATE_ROLLUP_CONTRACTS: "true" VERIFY_CONTRACTS: "false" diff --git a/spartan/environments/networks/ten-tps-short-epoch.yml b/spartan/environments/networks/ten-tps-short-epoch.yml index b2ce8a7998c3..f4442b39db1a 100644 --- a/spartan/environments/networks/ten-tps-short-epoch.yml +++ b/spartan/environments/networks/ten-tps-short-epoch.yml @@ -1,10 +1,10 @@ deploy: - NAMESPACE: "${NAMESPACE:-ten-tps}" + NAMESPACE: "ten-tps" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" DESTROY_NAMESPACE: "true" DESTROY_ETH_DEVNET: "true" - CREATE_ETH_DEVNET: "${CREATE_ETH_DEVNET:-true}" + CREATE_ETH_DEVNET: "true" ETHEREUM_CHAIN_ID: "1337" CREATE_ROLLUP_CONTRACTS: "true" VERIFY_CONTRACTS: "false" diff --git a/spartan/environments/networks/testnet.yml b/spartan/environments/networks/testnet.yml index 49a20b8c1e5b..c2d4bb09bb43 100644 --- a/spartan/environments/networks/testnet.yml +++ b/spartan/environments/networks/testnet.yml @@ -5,16 +5,16 @@ deploy: CREATE_ETH_DEVNET: "false" GCP_REGION: "us-west1-a" CLUSTER: "aztec-gke-public" - NAMESPACE: "${NAMESPACE:-testnet}" + NAMESPACE: "testnet" NETWORK: "testnet" ETHEREUM_CHAIN_ID: "11155111" VERIFY_CONTRACTS: "true" - CREATE_ROLLUP_CONTRACTS: "${CREATE_ROLLUP_CONTRACTS:-false}" - USE_NETWORK_CONFIG: "${USE_NETWORK_CONFIG:-true}" - SNAPSHOT_BUCKET_DIRECTORY: "${SNAPSHOT_BUCKET_DIRECTORY:-testnet}" - BLOB_BUCKET_DIRECTORY: "${BLOB_BUCKET_DIRECTORY:-testnet/blobs}" + CREATE_ROLLUP_CONTRACTS: "false" + USE_NETWORK_CONFIG: "true" + SNAPSHOT_BUCKET_DIRECTORY: "testnet" + BLOB_BUCKET_DIRECTORY: "testnet/blobs" TX_FILE_STORE_ENABLED: "true" - TX_FILE_STORE_BUCKET_DIRECTORY: "${TX_FILE_STORE_BUCKET_DIRECTORY:-testnet/txs}" + TX_FILE_STORE_BUCKET_DIRECTORY: "testnet/txs" RPC_INGRESS_ENABLED: "true" RPC_INGRESS_HOSTS: - "rpc.testnet.aztec-labs.com" @@ -53,7 +53,6 @@ env: OTEL_COLLECTOR_ENDPOINT: "REPLACE_WITH_GCP_SECRET" ETHERSCAN_API_KEY: "REPLACE_WITH_GCP_SECRET" BLOB_FILE_STORE_URLS: "," - TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" AWS_ACCESS_KEY_ID: "REPLACE_WITH_GCP_SECRET" AWS_SECRET_ACCESS_KEY: "REPLACE_WITH_GCP_SECRET" PROVER_FAILED_PROOF_STORE: "gs://aztec-develop/testnet/failed-proofs" @@ -64,3 +63,7 @@ bot_transfers: env: BOT_TX_INTERVAL_SECONDS: "72" BOT_FOLLOW_CHAIN: "PENDING" + +derived: + env: + TX_COLLECTION_FILE_STORE_URLS: "https://aztec-labs-snapshots.com/${TX_FILE_STORE_BUCKET_DIRECTORY}" diff --git a/spartan/environments/networks/tps-scenario.yml b/spartan/environments/networks/tps-scenario.yml index f0760fd0ebbe..eae7b3a225db 100644 --- a/spartan/environments/networks/tps-scenario.yml +++ b/spartan/environments/networks/tps-scenario.yml @@ -1,5 +1,5 @@ deploy: - NAMESPACE: "${NAMESPACE:-tps-scenario}" + NAMESPACE: "tps-scenario" CLUSTER: "aztec-gke-private" GCP_REGION: "us-west1-a" CREATE_ETH_DEVNET: "false" diff --git a/spartan/scripts/apply_derived.ts b/spartan/scripts/apply_derived.ts index 89d63de6e9bc..44a237c65533 100755 --- a/spartan/scripts/apply_derived.ts +++ b/spartan/scripts/apply_derived.ts @@ -1,24 +1,94 @@ #!/usr/bin/env -S node --experimental-strip-types --no-warnings /** - * Apply derived computations after merging network config. + * Apply env overrides and derived computations after merging network config. * - * Replicates bash logic that previously lived inside .env files (e.g. devnet.env's - * MNEMONIC_INDEX_OFFSET computed from NAMESPACE regex). + * Pipeline: + * 1. Env spread: shell env wins for any key already present in deploy:/env: blocks. + * 2. Mnemonic index offset: computed from NAMESPACE devnet pattern. + * 3. Mnemonic start indices: shifted by offset. + * 4. Derived rules: evaluates the optional `derived:` block from the network YAML, + * expanding ${VAR} templates using resolved deploy/env values as context. + * Only fills in keys that are currently empty/unset. Stripped from output. * * Reads JSON on stdin, writes JSON on stdout. */ interface ConfigData { env: Record; - deploy: Record; + deploy: Record; + derived?: { + deploy?: Record; + env?: Record; + }; [key: string]: unknown; } +function applyEnvSpread(data: ConfigData) { + for (const blockKey of ["deploy", "env"] as const) { + const block = data[blockKey]; + if (!block) continue; + for (const key of Object.keys(block)) { + const envVal = process.env[key]; + if (envVal !== undefined) { + block[key] = envVal; + } + } + } +} + +function isEmpty(v: unknown): boolean { + return !v || (Array.isArray(v) && v.length === 0); +} + +function expandTemplate( + template: unknown, + ctx: Record, +): unknown { + if (typeof template === "string") { + return template.replace(/\$\{([^}]+)\}/g, (_, name) => ctx[name] ?? ""); + } + if (Array.isArray(template)) { + return template.map((item) => expandTemplate(item, ctx)); + } + return template; +} + +function applyDerivedRules(data: ConfigData) { + const rules = data.derived; + if (!rules) return; + + // Context: all resolved scalar values from deploy and env. + const ctx: Record = {}; + for (const [k, v] of Object.entries(data.deploy ?? {})) { + if (typeof v === "string") ctx[k] = v; + } + for (const [k, v] of Object.entries(data.env ?? {})) { + if (typeof v === "string") ctx[k] = v; + } + + for (const blockKey of ["deploy", "env"] as const) { + const blockRules = rules[blockKey]; + if (!blockRules) continue; + const block = data[blockKey] ?? {}; + for (const [key, template] of Object.entries(blockRules)) { + if (isEmpty(block[key])) { + (block as Record)[key] = expandTemplate(template, ctx); + } + } + } + + // Strip derived: from output — it's a processing directive, not a runtime value. + delete data.derived; +} + function main(data: ConfigData) { const env = (data.env ??= {}); const deploy = (data.deploy ??= {}); - // devnet: namespace pattern v-devnet- picks a non-conflicting + // Step 1: shell env wins for any key already present in deploy: or env: + applyEnvSpread(data); + + // Step 2: devnet namespace pattern v-devnet- picks a non-conflicting // mnemonic offset so concurrent devnets sharing the same mnemonic on the same L1 // do not collide on nonces. const namespace = String(deploy.NAMESPACE ?? env.NAMESPACE ?? ""); @@ -35,7 +105,7 @@ function main(data: ConfigData) { } env.MNEMONIC_INDEX_OFFSET = String(offset); - // Mnemonic start indices: shift declared base by MNEMONIC_INDEX_OFFSET. These + // Step 3: Mnemonic start indices — shift declared base by MNEMONIC_INDEX_OFFSET. These // live under deploy: because they configure the deploy script (terraform.tfvars // generation), not pod env. function shift(key: string, defaultBase: number) { @@ -46,7 +116,7 @@ function main(data: ConfigData) { ); process.exit(1); } - const base = parseInt(deploy[key] ?? String(defaultBase), 10); + const base = parseInt(String(deploy[key] ?? defaultBase), 10); deploy[key] = String(base + offset); } @@ -54,6 +124,9 @@ function main(data: ConfigData) { shift("VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX", 5000); shift("PROVER_PUBLISHER_MNEMONIC_START_INDEX", 8000); + // Step 4: evaluate derived: rules from the network YAML. + applyDerivedRules(data); + return data; } diff --git a/spartan/scripts/expand_placeholders.ts b/spartan/scripts/expand_placeholders.ts deleted file mode 100755 index e086db04d8fb..000000000000 --- a/spartan/scripts/expand_placeholders.ts +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/env -S node --experimental-strip-types --no-warnings -/** - * Expand ${VAR} and ${VAR:-default} placeholders in string values. - * - * Reads JSON on stdin, writes JSON on stdout. Used by load_network_config.sh - * to substitute current shell environment into merged YAML values. - */ - -const PATTERN = /\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}/g; - -function expand(value: unknown): unknown { - if (typeof value === "string") { - return value.replace( - PATTERN, - (_, name, fallback) => process.env[name] ?? fallback ?? "", - ); - } - if (Array.isArray(value)) { - return value.map(expand); - } - if (value !== null && typeof value === "object") { - return Object.fromEntries( - Object.entries(value).map(([k, v]) => [k, expand(v)]), - ); - } - return value; -} - -let input = ""; -process.stdin.setEncoding("utf8"); -process.stdin.on("data", (chunk: string) => (input += chunk)); -process.stdin.on("end", () => { - const data = JSON.parse(input); - process.stdout.write(JSON.stringify(expand(data), null, 2)); -}); diff --git a/spartan/scripts/load_network_config.sh b/spartan/scripts/load_network_config.sh index aa162d5a9aa3..0e38925ff35b 100755 --- a/spartan/scripts/load_network_config.sh +++ b/spartan/scripts/load_network_config.sh @@ -45,11 +45,9 @@ merge_to_json() { } # JSON tree transforms live in sibling .ts files; each reads JSON on stdin and -# writes JSON on stdout. See expand_placeholders.ts, apply_derived.ts, -# resolve_secrets.ts for details. -expand_placeholders() { "$script_dir/expand_placeholders.ts"; } -apply_derived() { "$script_dir/apply_derived.ts"; } -resolve_secrets() { "$script_dir/resolve_secrets.ts"; } +# writes JSON on stdout. See apply_derived.ts, resolve_secrets.ts for details. +apply_derived() { "$script_dir/apply_derived.ts"; } +resolve_secrets(){ "$script_dir/resolve_secrets.ts"; } # Strip leading underscore-prefixed keys (anchors-only keys like _defaults, _shared_image) # from a JSON object. Operates at the top level only. @@ -133,10 +131,7 @@ main() { # Strip top-level keys we never want to export (network selector). merged_json="$(echo "$merged_json" | jq 'del(.network)')" - # Expand ${VAR} placeholders from current shell env. - merged_json="$(echo "$merged_json" | expand_placeholders)" - - # Apply derived computations (e.g. devnet's MNEMONIC_INDEX_OFFSET from NAMESPACE). + # Apply env overrides and derived computations (env spread, devnet offsets, compositions). merged_json="$(echo "$merged_json" | apply_derived)" # Optionally fetch GCP secrets if any REPLACE_WITH_GCP_SECRET placeholders remain. From 5f760455ba76d62f15163db8e7d4dbe782bc36ef Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 13 May 2026 16:48:36 +0000 Subject: [PATCH 33/34] fix(spartan): env spread must not clobber array values with string env vars --- spartan/scripts/apply_derived.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spartan/scripts/apply_derived.ts b/spartan/scripts/apply_derived.ts index 44a237c65533..98a055ffc39a 100755 --- a/spartan/scripts/apply_derived.ts +++ b/spartan/scripts/apply_derived.ts @@ -29,7 +29,9 @@ function applyEnvSpread(data: ConfigData) { if (!block) continue; for (const key of Object.keys(block)) { const envVal = process.env[key]; - if (envVal !== undefined) { + // Only override scalar string values. Arrays/objects in deploy: are Helm-shaped + // config that should not be clobbered by a string env var representation. + if (envVal !== undefined && typeof block[key] === "string") { block[key] = envVal; } } From c7cc534de9b7bad46424f66c19c74561456a1068 Mon Sep 17 00:00:00 2001 From: spypsy Date: Wed, 13 May 2026 18:12:45 +0000 Subject: [PATCH 34/34] fix(spartan): env spread must not clobber GCP secret placeholders --- spartan/scripts/apply_derived.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/spartan/scripts/apply_derived.ts b/spartan/scripts/apply_derived.ts index 98a055ffc39a..9ace6dacbcf0 100755 --- a/spartan/scripts/apply_derived.ts +++ b/spartan/scripts/apply_derived.ts @@ -23,15 +23,22 @@ interface ConfigData { [key: string]: unknown; } +const GCP_SECRET_PLACEHOLDER = "REPLACE_WITH_GCP_SECRET"; + function applyEnvSpread(data: ConfigData) { for (const blockKey of ["deploy", "env"] as const) { const block = data[blockKey]; if (!block) continue; for (const key of Object.keys(block)) { const envVal = process.env[key]; - // Only override scalar string values. Arrays/objects in deploy: are Helm-shaped - // config that should not be clobbered by a string env var representation. - if (envVal !== undefined && typeof block[key] === "string") { + // Only override plain string values. Skip: + // - arrays/objects (Helm-shaped config, not scalar overrides) + // - GCP secret placeholders (must be resolved by resolve_secrets.ts) + if ( + envVal !== undefined && + typeof block[key] === "string" && + block[key] !== GCP_SECRET_PLACEHOLDER + ) { block[key] = envVal; } }