celestiaorg · aWN4Y25pa2EK · Jul 11, 2024 · Jul 11, 2024 · Jul 11, 2024 · Jul 11, 2024
diff --git a/.tls-wildcard-arabica.yaml.swp b/.tls-wildcard-arabica.yaml.swp
diff --git a/charts/celestia-node/templates/service.yaml b/charts/celestia-node/templates/service.yaml
@@ -31,6 +31,19 @@ spec:
   loadBalancerIP: {{ .Values.service.external.loadBalancerIP }}
   {{- end }}
   ports:
+    {{- if .Values.service.external.ports.ws }}
+    - name: p2p-ws
+      port: {{ .Values.service.external.ports.ws }}
+      {{- if not (eq .Values.service.external.ports.ws .Values.node.containerPorts.ws) }}
+      targetPort: {{ .Values.node.containerPorts.ws }}
+      {{- end }}
+      protocol: TCP
+      {{- if and (or (eq .Values.service.external.type "NodePort") (eq .Values.service.external.type "LoadBalancer")) (not (empty .Values.service.external.nodePorts.ws)) }}
+      nodePort: {{ .Values.service.external.nodePorts.ws }}
+      {{- else if eq .Values.service.external.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- end }}
     {{- if .Values.service.external.ports.p2p }}
     - name: p2p-tcp
       port: {{ .Values.service.external.ports.p2p }}
@@ -141,6 +154,12 @@ spec:
   sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.internal.sessionAffinityConfig "context" $) | nindent 4 }}
   {{- end }}
   ports:
+    - name: p2p-ws
+      port: {{ .Values.service.internal.ports.ws }}
+      {{- if not (eq .Values.service.internal.ports.ws .Values.node.containerPorts.ws) }}
+      targetPort: {{ .Values.node.containerPorts.ws }}
+      {{- end }}
+      protocol: TCP
     - name: p2p-tcp
       port: {{ .Values.service.internal.ports.p2p }}
       {{- if not (eq .Values.service.internal.ports.p2p .Values.node.containerPorts.p2p) }}

diff --git a/charts/celestia-node/templates/statefulset.yaml b/charts/celestia-node/templates/statefulset.yaml
@@ -186,6 +186,10 @@ spec:
           resources: {{- include "common.resources.preset" (dict "type" .Values.node.resourcesPreset) | nindent 12 }}
           {{- end }}
           ports:
+            - name: p2p-ws
+              containerPort: {{ .Values.node.containerPorts.ws }}
+              hostPort: {{ .Values.node.containerPorts.ws }}
+              protocol: TCP
             - name: p2p-tcp
               containerPort: {{ .Values.node.containerPorts.p2p }}
               hostPort: {{ .Values.node.containerPorts.p2p }}
@@ -272,6 +276,14 @@ spec:
             - name: home-dir # This is needed so that the process has permissions to create files in the home directory
               mountPath: {{ .Values.node.settings.home }}
               readOnly: false
+            - name: tls-certs
+              mountPath: /home/celestia/tls/cert.pem
+              subPath: fullchain.pem
+              readOnly: true
+            - name: tls-certs
+              mountPath: /home/celestia/tls/key.pem
+              subPath: privkey.pem
+              readOnly: true
           {{- if .Values.node.extraVolumeMounts }}
           {{- include "common.tplvalues.render" (dict "value" .Values.node.extraVolumeMounts "context" $) | nindent 12 }}
           {{- end }}
@@ -326,6 +338,14 @@ spec:
                 path: OAZHALLLMV4Q
               - key: my_celes_key_info
                 path: my_celes_key.info
+        - name: tls-certs
+          secret:
+            secretName: tls-da-wss
+            items:
+              - key: fullchain.pem
+                path: fullchain.pem
+              - key: privkey.pem
+                path: privkey.pem
         - name: address
           configMap:
             name: {{ template "common.names.fullname" . }}-address
@@ -380,4 +400,4 @@ spec:
         dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 10 }}
         {{- end }}
         {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
-  {{- end }}
+  {{- end }}
diff --git a/charts/celestia-node/values.yaml b/charts/celestia-node/values.yaml
@@ -325,6 +325,8 @@ node:
   ##
   # -- Container ports for the node
   containerPorts:
+    # -- WebSocket container port, 2122 by default
+    ws: 2122
     # -- P2P container port, 2121 by default
     p2p: 2121
     # -- REST container port, 26659 by default
@@ -710,6 +712,8 @@ service:
     ## @param service.internal.ports.prometheus Node internal service Prometheus port
     # -- Ports for the celestia-node
     ports:
+      # -- WebSocket container port, 2122 by default
+      ws: 2122
       # -- P2P container port, 2121 by default
       p2p: 2121
       # -- REST container port, 26659 by default
@@ -756,6 +760,8 @@ service:
     ## @param service.external.ports.profiling Node external service Profiling port
     ## @param service.external.ports.prometheus Node external service Prometheus port
     ports:
+      # -- P2P container port, 2122 by default
+      ws: 2122
       # -- P2P container port, 2121 by default
       p2p: 2121
       # -- REST container port, 26659 by default
@@ -772,6 +778,8 @@ service:
     ##
     # -- node ports for the celestia-app
     nodePorts:
+      # -- p2p port, 2122 by default
+      ws: ""
       # -- p2p port, 2121 by default
       p2p: ""
       # -- rest port, 26659 by default

diff --git a/examples/celestia-node/arabica-bridge.yaml b/examples/celestia-node/arabica-bridge.yaml
@@ -9,7 +9,7 @@ service:
   external:
     annotations:
       external-dns.alpha.kubernetes.io/endpoints-type: "NodeExternalIP"
-      external-dns.alpha.kubernetes.io/hostname: "hc-bridge.celestia-arabica-11.com"
+      external-dns.alpha.kubernetes.io/hostname: "test-hc-bridge.celestia-arabica-11.com"
       external-dns.alpha.kubernetes.io/ttl: "60"
 persistence:
   size: 750Gi
@@ -18,6 +18,10 @@ persistence:
     kind: VolumeSnapshot
     name: da-latest
 node:
+  image:
+    registry: ttl.sh
+    repository: b757629c-c54c-4b7c-af30-68a1155356ae
+    tag: 24h
   nodeSelector:
     k8s.scaleway.com/pool-name: *pool
   persistentVolumeClaimRetentionPolicy:

diff --git a/examples/celestia-node/lunar-bridge-6.yaml b/examples/celestia-node/lunar-bridge-6.yaml
@@ -0,0 +1,81 @@
+commonLabels: &commonLabels
+  chain_id: celestia
+  environment: celestia
+  network: da
+  type: &nodeType bridge # check
+  secretName: &secretName keys-da-bridge-6 # check
+  pool: &pool pool-da-1 # check pool instance type to validate requests & limits
+  release: &release v0.14.0
+service:
+  external:
+    annotations:
+      external-dns.alpha.kubernetes.io/endpoints-type: "NodeExternalIP"
+      external-dns.alpha.kubernetes.io/hostname: "new-da-bridge-6.celestia-bootstrap.net"
+      external-dns.alpha.kubernetes.io/ttl: "60"
+persistence:
+  storageClass: sbs-15k
+  size: 5Ti
+  dataSource:
+    apiGroup: snapshot.storage.k8s.io
+    kind: VolumeSnapshot
+    name: da-latest
+node:
+  image:
+    tag: *release
+  nodeSelector:
+    k8s.scaleway.com/pool-name: *pool
+  persistentVolumeClaimRetentionPolicy:
+    whenDeleted: Delete
+    whenScaled: Delete
+  otelAgent:
+    enabled: true
+    grafanaOtelSecret:
+      name: grafana-otel-token
+  resources:
+    requests:
+      cpu: 6
+      memory: 20Gi
+    limits:
+      #cpu: 4 # not required since this pod should run on it's own dedicated node
+      memory: 25Gi
+  livenessProbe:
+    enabled: true
+    periodSeconds: 10
+    failureThreshold: 3
+  readinessProbe:
+    enabled: true
+    periodSeconds: 10
+    failureThreshold: 30
+  startupProbe:
+    enabled: true
+    periodSeconds: 10
+    failureThreshold: 60
+  args:
+    - *nodeType
+    - start
+    - --p2p.network=celestia
+    - --node.store=$(CELESTIA_HOME)
+    - --metrics
+    - --metrics.tls=false
+    - --p2p.metrics
+  settings:
+    nodeType: *nodeType
+    address: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjcmVhdGVkIjoiMjAyMy0xMC0zMSAwMDozNDo0NS4xMTI0OTQxNjMgKzAwMDAgVVRDIG09KzAuMDUwMDExODUwIiwiZW5jIjoiQTI1NkdDTSIsInAyYyI6ODE5MiwicDJzIjoiVHJDN0ktd1ZLdVRrR1ZiLSJ9.CZ5_ddw5wZtpGt5G2Jya5rtlZ_sA7ZRZoczu4aXa6siWLM0wcsHgXQ.YfRVVybr9-tYxtpq.VoVJf8mp7-SRaeOC6t9TCQwTwPpoUJvOlOTBw20tcr5yS9YWSrPxD5sVVtcqMAHmb6EOs_G_RBSKnbvQSB36xOzehD-fRHpsqe0NjPej_UaqNtzs4b-a3-z0kyjwO7TOPf4corjcGVUk6DMOkL7JAac38kBTTWdjguwnYmzxI92XZtzh2fRq8uIe02HlWfWsaCxqLNJzIQd1nxA5bQSOpBggdUmp_sgNjmgrmGFJvPzq-pDvlOf16Y1O2OHK82YmPWj-4iHOVfDOYyGT9MTLlpESESmK8HE1gqsmcAngdoeIzhopC4OGWMteLQp_d-EdopEnMJn8jCuTJAcpyjdjzZxsGKVxGghvn-BIow1bjklqQWSBElN-JvDsa7jUSZkMANmRfdo7EHbpkz41wMWQKRIDEslTvGQCUV0wq_zvH4jbll6Yf9E_8RkJUtEHPOPOhVFWI6BEQPWhQ6V-I-v9.ZQa72hj8g7R8EMNvi5cR9g"
+    node_id: "d8169a277b25c7ee987f411567852d6aa7df578d"
+    secret:
+      name: *secretName
+  config:
+    configtoml:
+      Core:
+        IP: consensus-full-1
+      RPC:
+        Address: 0.0.0.0
+      Gateway:
+        Enabled: true
+        Address: 0.0.0.0
+      Node:
+        StartupTimeout: 2m
+diagnosticMode:
+  enabled: false
+networkPolicy:
+  enabled: false