this is my 'working' (more like work in progress) kubernets cluster
- ansible for machine installs
- cluster-init for cluster install
- flux - controls what is running
- kube infra
- cosmos nodes - running RPC and validators
We are currently running LUNC's and Kujira's price feeder.
please note.
This repo contains secrets, API tokens, and other sensitive things.
we put our validator key shards in this github, as we run the horcrux signers in the cluster itself.
they are encrypted via GPG2 and we use sops, so i'm fairly confident.. but you'll notice no mainnet servers in here ;-)
I mention this as if this screws up you could tombstone, or some hacker could come in and steal them, and we are still improving the overall security footprint of this install. buyer beware, no warranties, your risk etc etc.
- relaying
- making horcrux more automated
- state-syncing vs hard-coded snapshots
- auto-upgrades via cosmovisor
- more testing
- make prometheus discover the cosmos stuff
- price oracles
this relies heavily on:
- Strangelove's cosmos-operator, horcrux, and heighlinger
- Polkachu's ansible setup and snapshots/backups they provide
- kujira price oracle
- removed rook-ceph and switched to openEBS LVMs, resulting in much faster performance. Our aim is to migrate to TopoLVM
- add prometheus monitoring to cosmos stuff
- 20+ chains are running
- ansible machine installs
- added some monitoring (nothing cosmos specific)
- adding 2nd repo
working ok, manual manual machine installs: - didn't survive 40% machine failure at once - exposed kubeconfig
mainly manual - result bricked by cilium
I don't claim to be an expert in any of this. I put this out in the hopes that others will use it, and ideally improve on it.