## @section General parameters ## @param replicas Number of node instances in the StatefulSet. Each replica is an independent TON node with its own config, keys, and IP — not replication for redundancy. You need a matching nodeConfigs entry (node-N.json) and a perReplica service entry for each replica. ## replicas: 1 ## @param command [array] Override container command. Auto-detected: adds `-z /main/static` when zerostate+basestate are provided. Change only if you know what you are doing. ## command: [] ## @section Image parameters ## @param image.repository Container image repository ## @param image.tag Image tag ## @param image.pullPolicy Pull policy ## image: repository: ghcr.io/rsquad/ton-rust-node/node tag: v0.8.0 pullPolicy: IfNotPresent ## @param imagePullSecrets [array] Image pull secrets for private registries ## imagePullSecrets: [] ## @section Init container image parameters ## @param initImage.repository Init container image repository ## @param initImage.tag Init container image tag ## @param initImage.pullPolicy Init container pull policy ## initImage: repository: alpine tag: "3.21" pullPolicy: IfNotPresent ## @section Extra init containers ## @param extraInitContainers [array] Additional init containers to run before the node starts. Runs after the built-in init-bootstrap container. Useful for downloading global config, fetching external IP, etc. ## extraInitContainers: [] # Example — download global config dynamically: # extraInitContainers: # - name: download-config # image: alpine/curl:latest # command: # - sh # - -c # - | # curl -sL https://ton.org/global-config.json -o /config/global.config.json # volumeMounts: # - name: main # mountPath: /config ## @section Extra containers ## @param extraContainers [array] Additional sidecar containers to run alongside the node. Useful for monitoring agents, log shippers, etc. ## extraContainers: [] ## @section Extra volumes ## @param extraVolumes [array] Additional volumes for the pod. Use with extraVolumeMounts to mount them into containers. ## extraVolumes: [] ## @param extraVolumeMounts [array] Additional volume mounts for the main node container. ## extraVolumeMounts: [] ## @section Resource parameters ## Defaults are for a fullnode/liteserver. For validators, use 16/32 CPU and 64Gi/128Gi. ## See docs/resources.md for details. ## @param resources.requests.cpu CPU request ## @param resources.requests.memory Memory request ## @param resources.limits.cpu CPU limit ## @param resources.limits.memory Memory limit ## resources: requests: cpu: "8" memory: 32Gi limits: cpu: "16" memory: 64Gi ## @section Storage parameters ## IMPORTANT: The db volume requires up to 64k IOPS. Use NVMe/SSD with local storage. ## See README.md "Storage recommendations" for details. ## @param storage.main.size Main volume size ## @param storage.main.storageClassName Storage class for main volume ## @param storage.main.resourcePolicy Value for the `helm.sh/resource-policy` annotation. Set to `keep` to prevent PVC deletion on `helm uninstall`. Set to empty string to omit. ## @param storage.main.annotations [object] Extra annotations for the main PVC ## @param storage.db.size Database volume size (hundreds of GB for mainnet) ## @param storage.db.storageClassName Storage class for database volume ## @param storage.db.resourcePolicy Value for the `helm.sh/resource-policy` annotation on the db PVC ## @param storage.db.annotations [object] Extra annotations for the db PVC ## @param storage.logs.enabled Create a PVC for logs. Set to false if you log to stdout only. ## @param storage.logs.size Logs volume size ## @param storage.logs.storageClassName Storage class for logs volume ## @param storage.logs.resourcePolicy Value for the `helm.sh/resource-policy` annotation on the logs PVC ## @param storage.logs.annotations [object] Extra annotations for the logs PVC ## @param storage.keys.size Keys volume size ## @param storage.keys.storageClassName Storage class for keys volume ## @param storage.keys.resourcePolicy Value for the `helm.sh/resource-policy` annotation on the keys PVC ## @param storage.keys.annotations [object] Extra annotations for the keys PVC ## storage: main: size: 1Gi storageClassName: local-path resourcePolicy: keep annotations: {} db: size: 1Ti storageClassName: local-path resourcePolicy: "" annotations: {} logs: enabled: true size: 150Gi storageClassName: local-path resourcePolicy: "" annotations: {} keys: size: 1Gi storageClassName: local-path resourcePolicy: keep annotations: {} ## @section Port parameters ## @param ports.adnl ADNL port (UDP) ## @param ports.simplex [nullable] Simplex consensus port (UDP). Required for validators — the network uses simplex consensus. false/null = disabled (default), true = adnl + 1000, number = explicit port. ## @param ports.control Control port (TCP). Set to null to disable. ## @param ports.liteserver [nullable] Liteserver port (TCP). Set to enable. ## @param ports.jsonRpc [nullable] JSON-RPC port (TCP). Set to enable. ## @param ports.metrics [nullable] Metrics/probes HTTP port (TCP). Serves /metrics, /healthz, /readyz. Set to enable. ## ports: adnl: 30303 simplex: false control: 50000 liteserver: null jsonRpc: null metrics: null ## @section Service parameters ## Each port gets its own per-replica Service with independent type, annotations, and perReplica overrides. ## A Service is only created when the corresponding port is enabled (non-null in ports.*). ## See docs/networking.md for examples. ## @param services.adnl.type ADNL service type ## @param services.adnl.externalTrafficPolicy ADNL service traffic policy ## @param services.adnl.labels [object] Extra labels applied to all ADNL per-replica services ## @param services.adnl.annotations [object] Annotations applied to all ADNL per-replica services ## @param services.adnl.perReplica [array] Per-replica ADNL service overrides (list index = replica index) ## ## @param services.simplex.type Simplex service type ## @param services.simplex.externalTrafficPolicy Simplex service traffic policy ## @param services.simplex.labels [object] Extra labels for simplex services ## ## @param services.control.type Control service type ## @param services.control.labels [object] Extra labels for control services ## ## @param services.liteserver.type Liteserver service type ## @param services.liteserver.externalTrafficPolicy Liteserver service traffic policy ## @param services.liteserver.labels [object] Extra labels for liteserver services ## ## @param services.jsonRpc.type JSON-RPC service type ## @param services.jsonRpc.externalTrafficPolicy JSON-RPC service traffic policy ## @param services.jsonRpc.labels [object] Extra labels for JSON-RPC services ## services: adnl: type: LoadBalancer externalTrafficPolicy: Local labels: {} annotations: {} perReplica: [] simplex: type: LoadBalancer externalTrafficPolicy: Local labels: {} control: type: ClusterIP labels: {} liteserver: type: LoadBalancer externalTrafficPolicy: Local labels: {} jsonRpc: type: LoadBalancer externalTrafficPolicy: Local labels: {} # Example — Cilium L2 IP pool via labels: # adnl: # labels: # io.cilium/l2-announcements: "true" # perReplica: # - annotations: # metallb.universe.tf/loadBalancerIPs: "192.168.1.100" # - annotations: # metallb.universe.tf/loadBalancerIPs: "192.168.1.101" ## @section Configuration parameters ## @param nodeConfigs [object] Per-node JSON configs (one node-N.json per replica). See docs/node-config.md. ## @param existingNodeConfigsSecretName Use an existing Secret for node configs instead of inline ## nodeConfigs: {} # Example: # node-0.json: | # { "log_config_name": "/main/logs.config.yml", ... } existingNodeConfigsSecretName: "" ## @param globalConfig [default: bundled mainnet] Global TON network config (JSON string). A mainnet default is bundled in files/global.config.json. See docs/global-config.md. ## @param existingGlobalConfigMapName Use an existing ConfigMap for global config instead of inline ## globalConfig: "" existingGlobalConfigMapName: "" ## @param logsConfig [default: bundled default] Logging configuration (log4rs YAML). A default is bundled in files/logs.config.yml. See docs/logging.md. ## @param existingLogsConfigMapName Use an existing ConfigMap for logs config instead of inline ## logsConfig: "" existingLogsConfigMapName: "" ## @param basestate Base64-encoded basestate.boc. Only needed when bootstrapping a brand new network. ## @param existingBasestateConfigMapName Use an existing ConfigMap for basestate ## @param zerostate Base64-encoded zerostate.boc. Only needed when bootstrapping a brand new network. ## @param existingZerostateConfigMapName Use an existing ConfigMap for zerostate ## basestate: "" existingBasestateConfigMapName: "" zerostate: "" existingZerostateConfigMapName: "" ## @section Probe parameters ## @param probes [object] Liveness, readiness, and startup probes. Requires ports.metrics to be set (the node serves /healthz and /readyz on the metrics port). See docs/probes.md. Disabled by default. ## probes: {} # Example (requires ports.metrics to be set): # startup: # httpGet: # path: /healthz # port: metrics # failureThreshold: 60 # periodSeconds: 10 # liveness: # httpGet: # path: /healthz # port: metrics # periodSeconds: 30 # failureThreshold: 3 # readiness: # httpGet: # path: /readyz # port: metrics # periodSeconds: 10 # failureThreshold: 3 ## @section Pod metadata parameters ## @param podAnnotations [object] Additional annotations for pods. Useful for Vault agent injection, service mesh, etc. ## podAnnotations: {} ## @param podLabels [object] Additional labels for pods. Useful for cost allocation, policy enforcement, etc. ## podLabels: {} ## @section Extra environment variables ## @param extraEnv [array] Additional environment variables for the main node container. Supports Downward API, ConfigMap/Secret refs, etc. ## extraEnv: [] # Example — Kubernetes Downward API: # extraEnv: # - name: K8S_NODE_IP # valueFrom: # fieldRef: # fieldPath: status.hostIP # - name: K8S_POD_NAME # valueFrom: # fieldRef: # fieldPath: metadata.name ## @param extraEnvFrom [array] Additional envFrom sources for the main node container. Inject all keys from a Secret or ConfigMap as environment variables. ## extraEnvFrom: [] # Example — inject all keys from a Secret: # extraEnvFrom: # - secretRef: # name: my-node-secrets ## @section Vault parameters ## Secrets vault for storing private keys outside config.json. ## Passed as VAULT_URL env var. Do NOT set secrets_vault_config in config.json — the node ## ignores it when VAULT_URL is set. ## Provide either vault.url (plain text) or vault.secretName (recommended). ## See docs/vault.md for details. ## @param vault.url Vault URL (plain text). Example: `file:///keys/vault.json?master_key=` ## @param vault.secretName Name of an existing Secret containing the vault URL. Takes precedence over vault.url. ## @param vault.secretKey Key inside the Secret that holds the vault URL. ## vault: url: "" secretName: "" secretKey: "VAULT_URL" ## @section Networking parameters ## @param hostNetwork Bind pods directly to the host network. The pod gets the node's IP with zero NAT overhead. Requires one pod per node — use nodeSelector or podAntiAffinity to spread replicas. See docs/networking.md. ## hostNetwork: false ## @param dnsPolicy Pod DNS policy (only applies when hostNetwork is true). Defaults to ClusterFirstWithHostNet. Supported values: ClusterFirstWithHostNet, ClusterFirst, Default, None. ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy ## dnsPolicy: "" ## @param hostPort.adnl Expose the ADNL port on the host IP via hostPort ## @param hostPort.simplex Expose the simplex port on the host IP via hostPort ## @param hostPort.control Expose the control port on the host IP via hostPort ## @param hostPort.liteserver Expose the liteserver port on the host IP via hostPort ## @param hostPort.jsonRpc Expose the JSON-RPC port on the host IP via hostPort ## @param hostPort.metrics Expose the metrics port on the host IP via hostPort ## hostPort: adnl: false simplex: false control: false liteserver: false jsonRpc: false metrics: false # Example — expose ADNL on the host without hostNetwork. # Anti-affinity is required: two pods on the same node would compete for the same host port. # hostPort: # adnl: true # affinity: # podAntiAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # - labelSelector: # matchLabels: # app.kubernetes.io/name: node # topologyKey: kubernetes.io/hostname ## @section NetworkPolicy parameters ## Per-port ingress rules. ADNL is always allowed (public by default). ## TCP ports require explicit `.enabled: true` and support custom `allowFrom` sources. ## @param networkPolicy.enabled Create a NetworkPolicy ## @param networkPolicy.adnl.allowFrom [array] ADNL ingress sources. Default allows all traffic (0.0.0.0/0). Each entry is a raw NetworkPolicy `from` item. ## @param networkPolicy.simplex.allowFrom [array] Simplex ingress sources. Default allows all traffic (0.0.0.0/0). Each entry is a raw NetworkPolicy `from` item. ## @param networkPolicy.control.enabled Create an ingress rule for the control port ## @param networkPolicy.control.allowFrom [array] Control port ingress sources. If empty, allows all. ## @param networkPolicy.liteserver.enabled Create an ingress rule for the liteserver port ## @param networkPolicy.liteserver.allowFrom [array] Liteserver port ingress sources. If empty, allows all. ## @param networkPolicy.jsonRpc.enabled Create an ingress rule for the JSON-RPC port ## @param networkPolicy.jsonRpc.allowFrom [array] JSON-RPC port ingress sources. If empty, allows all. ## @param networkPolicy.metrics.enabled Create an ingress rule for the metrics port ## @param networkPolicy.metrics.allowFrom [array] Metrics port ingress sources. If empty, allows all. ## @param networkPolicy.extraIngress [array] Additional raw ingress rules appended to the policy. ## networkPolicy: enabled: false adnl: allowFrom: [] simplex: allowFrom: [] control: enabled: false allowFrom: [] liteserver: enabled: false allowFrom: [] jsonRpc: enabled: false allowFrom: [] metrics: enabled: false allowFrom: [] extraIngress: [] # Example — restrict control to cluster network, metrics to monitoring namespace: # networkPolicy: # enabled: true # control: # enabled: true # allowFrom: # - ipBlock: # cidr: 10.0.0.0/8 # metrics: # enabled: true # allowFrom: # - namespaceSelector: # matchLabels: # name: monitoring ## @section ServiceAccount parameters ## @param serviceAccount.enabled Create a ServiceAccount for the pods ## @param serviceAccount.name [nullable] ServiceAccount name. Defaults to the release fullname if not set. ## @param serviceAccount.annotations [object] Annotations for the ServiceAccount (e.g. for Vault or cloud IAM role binding) ## serviceAccount: enabled: false name: "" annotations: {} ## @param terminationGracePeriodSeconds Time (in seconds) given to the node process to shut down gracefully before SIGKILL. The default Kubernetes value (30s) is too short for a TON node — an unclean kill may corrupt the database and forces a cold boot. Set this to at least 300s. ## terminationGracePeriodSeconds: 300 ## @section Scheduling parameters ## @param nodeSelector [object] Node selector for pod scheduling ## nodeSelector: {} # Example: # nodeSelector: # dedicated: ton-nodes ## @param tolerations [array] Tolerations for pod scheduling ## tolerations: [] # Example: # tolerations: # - key: dedicated # value: ton # effect: NoSchedule ## @param affinity [object] Affinity rules for pod scheduling ## affinity: {} # Example: # affinity: # podAntiAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # - labelSelector: # matchLabels: # app.kubernetes.io/name: node # topologyKey: kubernetes.io/hostname ## @section PodDisruptionBudget parameters ## Useful when replicas > 1 to prevent Kubernetes from evicting all pods at once ## during voluntary disruptions (node drain, cluster upgrades, etc.). ## @param podDisruptionBudget.enabled Create a PodDisruptionBudget ## @param podDisruptionBudget.minAvailable Minimum available pods during disruption. Only one of minAvailable or maxUnavailable should be set. ## @skip podDisruptionBudget.maxUnavailable ## podDisruptionBudget: enabled: false minAvailable: 1 # maxUnavailable: 1 ## @section Debug parameters ## @param debug.sleep Replace node with sleep infinity for debugging ## @param debug.securityContext [object] Security context overrides for debugging (e.g. SYS_PTRACE) ## debug: sleep: false securityContext: {} ## @section Metrics parameters ## Prometheus integration for metrics scraping. Requires ports.metrics to be set. ## See docs/monitoring.md for setup instructions. ## @param metrics.serviceMonitor.enabled Create a ServiceMonitor for kube-prometheus-stack (recommended) ## @param metrics.serviceMonitor.namespace [nullable] Namespace for ServiceMonitor (defaults to release namespace) ## @param metrics.serviceMonitor.interval [nullable] Scrape interval (e.g. "30s"). Uses Prometheus default if null. ## @param metrics.serviceMonitor.scrapeTimeout [nullable] Scrape timeout. Uses Prometheus default if null. ## @param metrics.serviceMonitor.labels [object] Extra labels for ServiceMonitor (for Prometheus selector matching) ## @param metrics.annotations.enabled Add prometheus.io annotations to the metrics ClusterIP service (alternative to ServiceMonitor) ## metrics: serviceMonitor: enabled: false namespace: null interval: null scrapeTimeout: null labels: {} annotations: enabled: false