Usage
- At least three nodes in the Kubernetes cluster with 16 CPU/32 GB RAM configuration.
- 850 GB of Persistent Storage per execution node.
- 300 GB of Persistent Storage per consensus node.
- Helm 3.5+ - This is the earliest version of Helm tested. Charts may work with earlier versions but it is untested.
- Kubernetes 1.22+ - This is the earliest version of Kubernetes tested. Charts may work with earlier versions but it is untested.
- PV provisioner support in the underlying infrastructure
If you already have Prometheus installed in your cluster, you can skip this step.
Every chart we support contains the ability to enable monitoring and alerting out of the box. A combination of Prometheus + Grafana + Alertmanager is used for monitoring.
Add the
prometheus-community helm repository and check that you have access to the chart:helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
Install Prometheus + Grafana + Alertmanager:
helm upgrade --install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
--set='grafana.sidecar.dashboards.enabled=true' \
--set='grafana.sidecar.dashboards.searchNamespace=true' \
--set='prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues=false' \
--set='prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false' \
--set='prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false' \
--set='prometheus.prometheusSpec.probeSelectorNilUsesHelmValues=false' \
--create-namespace \
--namespace monitoring \
--version 43.2.0 \
-f prom.yaml
prom.yaml:prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: "{REPLCAE_ME_WITH_STORAGE_CLASS_NAME}"
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 100Gi
grafana:
persistence:
enabled: true
type: pvc
storageClassName: "{REPLCAE_ME_WITH_STORAGE_CLASS_NAME}"
accessModes: ["ReadWriteOnce"]
size: 10Gi
finalizers:
- kubernetes.io/pvc-protection
For GKE/EKS installations:
helm upgrade --install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
--set='kubeControllerManager.enabled=false' \
--set='kubeEtcd.enabled=false' \
--set='kubeScheduler.enabled=false' \
--set='kubeProxy.enabled=false' \
--set='defaultRules.rules.etcd=false' \
--set='defaultRules.rules.kubernetesSystem=false' \
--set='defaultRules.rules.kubeScheduler=false' \
--set='grafana.sidecar.dashboards.enabled=true' \
--set='grafana.sidecar.dashboards.searchNamespace=true' \
--set='prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues=false' \
--set='prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false' \
--set='prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false' \
--set='prometheus.prometheusSpec.probeSelectorNilUsesHelmValues=false' \
--create-namespace \
--namespace monitoring \
--version 43.2.0 \
-f prom.yaml
prom.yaml:prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: "gp2"
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 100Gi
grafana:
persistence:
enabled: true
type: pvc
storageClassName: "gp2"
accessModes: ["ReadWriteOnce"]
size: 10Gi
finalizers:
- kubernetes.io/pvc-protection
helm upgrade --install grafana-stakewise-dashboards stakewise/grafana-stakewise-dashboards \
--namespace monitoring
ETH1 nodes are used by the validators to propose new ETH2 blocks. As such, running validator and beacon nodes also entail having a reliable connection to the ETH1 chain.
ETH1 nodes must be deployed first. Currently, GoEthereum, Erigon, Besu, and NetherMind are supported.
Add StakeWise Helm repository:
helm repo add stakewise https://charts.stakewise.io
helm repo update
Clients supported Gnosis Chain: Nethermind
Before deployment, you need to generate a JSON Web Token (JWT). Authentication is used to secure the communication between the beacon node and execution client. You can generate a JWT using a command line tool, for example:
export JWT=`openssl rand -hex 32`
Depending on what client you would like to use, run one of the following commands:
# GoEthereum
helm upgrade --install geth stakewise/geth \
--set='global.replicaCount=3' \
--set='global.network=mainnet' \
--set='global.metrics.enabled=true' \
--set='global.metrics.serviceMonitor.enabled=true' \
--set='global.metrics.prometheusRule.enabled=true' \
--set='JWTSecret=${JWT}' \
--create-namespace \
--namespace chain
# Erigon
helm upgrade --install erigon stakewise/erigon \
--set='global.replicaCount=3' \
--set='global.network=mainnet' \
--set='global.metrics.enabled=true' \
--set='global.metrics.serviceMonitor.enabled=true' \
--set='global.metrics.prometheusRule.enabled=true' \
--set='JWTSecret=${JWT}' \
--create-namespace \
--namespace chain
# Besu
helm upgrade --install besu stakewise/besu \
--set='replicaCount=3' \
--set='network=mainnet' \
--set='metrics.serviceMonitor.enabled=true' \
--set='metrics.prometheusRule.enabled=true' \
--create-namespace \
--namespace chain
# Nethermind
helm upgrade --install nethermind stakewise/nethermind \
--set='global.replicaCount=3' \
--set='global.network=mainnet' \
--set='global.metrics.enabled=true' \
--set='global.metrics.serviceMonitor.enabled=true' \
--set='global.metrics.prometheusRule.enabled=true' \
--set='JWTSecret=${JWT}' \
--create-namespace \
--namespace chain
An ETH2 beacon node is responsible for running a full Proof-Of-Stake blockchain, known as a beacon chain, which uses distributed consensus to agree on blocks in the network. Validators connect to the beacon nodes to receive block attestation/proposal assignments.
Historically, an execution client alone has been enough to run a full Ethereum node. However, when The Merge happens, EL clients will not be able to track the Ethereum chain on its own. Instead, it will need to be coupled to another piece of software called a “consensus client”. In this configuration, the execution client will be responsible for transaction handling, transaction gossip, state management, and the Ethereum Virtual Machine (EVM). However, EL clients will no longer be responsible for block building, block gossiping, or handling consensus logic, and these will be in the remit of the consensus client.
Add StakeWise Helm repository:
helm repo add stakewise https://charts.stakewise.io
helm repo update
When deploying ETH2 nodes, make sure that your ETH1 nodes are fully synced. It's possible to choose what ETH2 client to use. Currently, Prysm, Lighthouse, and Teku are supported. Choose one or two clients to install and deploy:
Note that Nimbus is only compatible with Lighthouse validator client
Consensus charts do not have a replicaCount parameter, instead you need to specify a list of execution endpoints, a separate statefulset will be created for each endpoint
# Prysm
helm upgrade --install prysm stakewise/prysm \
--set='global.network=mainnet' \
--set='global.JWTSecret=${JWT}' \
--set='global.executionEndpoints[0]=http://nethermind-0.chain:8545' \
--set='global.executionEndpoints[1]=http://nethermind-1.chain:8545' \
--set='global.executionEndpoints[2]=http://nethermind-2.chain:8545' \
--set='global.metrics.enabled=true' \
--set='global.metrics.serviceMonitor.enabled=true' \
--set='global.metrics.prometheusRule.enabled=true' \
--create-namespace \
--namespace chain
# Lighthouse
helm upgrade --install lighthouse stakewise/lighthouse \
--set='global.network=mainnet' \
--set='global.JWTSecret=${JWT}' \
--set='global.executionEndpoints[0]=http://geth-0.chain:8551' \
--set='global.executionEndpoints[1]=http://geth-1.chain:8551' \
--set='global.executionEndpoints[2]=http://geth-2.chain:8551' \
--set='global.metrics.enabled=true' \
--set='global.metrics.serviceMonitor.enabled=true' \
--set='global.metrics.prometheusRule.enabled=true' \
--create-namespace \
--namespace chain
# Teku
helm upgrade --install teku stakewise/teku \
--set='global.network=mainnet' \
--set='global.JWTSecret=${JWT}' \
--set='global.executionEndpoints[0]=http://erigon-0.chain:8551' \
--set='global.executionEndpoints[1]=http://erigon-1.chain:8551' \
--set='global.executionEndpoints[2]=http://erigon-2.chain:8551' \
--set='global.metrics.enabled=true' \
--set='global.metrics.serviceMonitor.enabled=true' \
--set='global.metrics.prometheusRule.enabled=true' \
--create-namespace \
--namespace chain
The recommended setup is to deploy two replicas of the primary ETH2 client and one replica of the stand-by ETH2 client. The validators will be evenly connected to all the primary replicas and will automatically switch to another primary replica in case the connection to their current one fails.
If happens that there is an issue with the primary client, the validators can migrate to the stand-by client and won't need to wait for it to sync the chain.
Installing and configuring PostgreSQL is beyond the scope of this guide, and we hope that operators will be able to choose and implement the correct reliable solution on their own. PostgreSQL is used to store the validators' keys in encrypted form, as well as to store the slashing history of the web3signer database.
After the database is deployed, two databases and two users must be created:
web3signer- which stores web3signer's dataweb3signer_keys- which stores validator keys generated via stakewise-cli
Once you've successfully deployed the database and your proposal got approved by the DAO (the snapshot vote got executed), sync the validator keys using the StakeWise CLI
Run the following command to sync new validator keys to the DB:
./stakewise-cli sync-db
Please choose the network name (mainnet, goerli, harbour_mainnet, harbour_goerli, gnosis) [mainnet]: goerli
Enter your operator wallet address: 0x777...
Enter the database connection string, ex. 'postgresql://username:pass@hostname/dbname': postgresql://example:example@localhost/web3signer_keys
Enter your mnemonic separated by spaces (" "):
Syncing key pairs [------------------------------------] 1/1
Synced 1 key pairs, apply changes to the database? [Y/n]: Y
The database contains 1 validator keys.
Please upgrade the 'web3signer-validators' helm chart with 'validatorsCount' set to 1
Set 'DECRYPTION_KEY' env to '<decryption key>'
Web3Signer is an open-source signing service developed under the Apache 2.0 license and written in Java.
Web3Signer is capable of signing on multiple platforms using private keys stored in an external vault, or encrypted on a disk.
Add StakeWise Helm repository:
helm repo add stakewise https://charts.stakewise.io
helm repo update
Deploy Web3Signer:
helm upgrade --install web3signer stakewise/web3signer \
--set='replicaCount=3' \
--set='network=mainnet' \
--set='dbUrl=jdbc:postgresql://cloudsqlproxy.default/web3signer' \
--set='dbUsername=username' \
--set='dbPassword=password' \
--set='dbKeystoreUrl=postgresql://example:[email protected]/web3signer_keys' \
--set='decryptionKey=<decryption key from the CLI' \
--create-namespace \
--namespace validators
Recommendations
The database storage and disk subsystem of the worker nodes must have sufficient margin of IOPS for normal operation. For example in AWS, it is recommended to use disks of 100G and larger, not for disk space but for better performance.
Validators are responsible for storing data, processing transactions, and adding new blocks to the blockchain. This will keep Ethereum secure for everyone and earn new ETH in the process.
Before deploying the validators make sure you have deployed Web3Signer and synchronized validator keys in the steps above.
Make sure you have the right number of validators running and restart them so that they will synchronize the latest changes from the Web3Signer.
Add the StakeWise helm repository:
helm repo add stakewise https://charts.stakewise.io
helm repo update
Deploy the chart, after specifying all neded values:
helm upgrade --install validators stakewise/validators \
--set='network=mainnet' \
--set='type=lighthouse' \
--set='validatorsCount=8' \
--set='beaconChainRpcEndpoints[0]=http://lighthouse-0.chain:5052' \
--set='beaconChainRpcEndpoints[1]=http://lighthouse-1.chain:5052' \
--set='beaconChainRpcEndpoints[2]=http://lighthouse-2.chain:5052' \
--set='web3signerEndpoint=http://web3signer:6174' \
--set='dbKeystoreUrl=postgresql://example:[email protected]/web3signer_keys' \
--set='graffiti=StakeWise' \
--set='metrics.enabled=true' \
--set='metrics.serviceMonitor.enabled=true' \
--set='metrics.prometheusRule.enabled=true' \
--create-namespace \
--namespace validators
Once you're 100% ready for attestation/proposals assignments to the validators, commit your operator:
- Click on
Connect to Web3button and connect your wallet. The address must match the one used during DAO proposal generation. - Call
commitOperatorfunction.
Congratulations on becoming StakeWise Node Operator🎉. Your validators will get assignments, and you would be able to claim your operator rewards from Farms Page.
Last modified 8mo ago