Building AWS infra with terraform
To set up the infrastructure, you need to clone the tokamak-thanos-stack
repository to your local machine.
Visit the link below to clone the repository:
The tokamak-thanos-stack
repository is structured as follows:
charts
: Helm charts for deploying the Thanos chain.terraform
: Terraform code is used to configure the AWS infrastructure to run the Thanos chain.
In this guide, we will use the Terraform code to set up the infrastructure that forms the foundation of the Thanos chain.
Configure env
Before deploying the infrastructure with Terraform, you need to set up environment variables. we manage the environment variables by creating a .envrc
file.
Go to terraform directory
cd terraform
Copy
.envrc.example
file to.envrc
.cp .envrc.example .envrc
Please fill in the values for the items listed below in the copied file.
TF_VAR_thanos_stack_name
: NameTF_VAR_aws_region
: The AWS region to use.TF_VAR_sequencer_key
: The Sequencer Private key.TF_VAR_batcher_key
: The Batcher Private key.TF_VAR_proposer_key
: The Proposer Private key.TF_VAR_challenger_key
: The Challenger Private key.TF_VAR_eks_cluster_admins
: Your IAM user ARN.TF_VAR_stack_deployments_path
: The path to the file containing the L1 contract address. You can find it here.TF_VAR_stack_l1_rpc_url
: The L1 RPC endpoint.TF_VAR_stack_l1_rpc_provider
: The L1 RPC Provider.TF_VAR_stack_l1_beacon_url
: The beacon RPC endpoint
When you've filled it all in, it should look like this:
# .envrc file
# Init variables
export TF_VAR_thanos_stack_name=thanos-stack-example
export TF_VAR_aws_region=ap-northeast-2
# Backend variables
export TF_VAR_backend_bucket_name=
export TF_CLI_ARGS_init="-backend-config='bucket=$TF_VAR_backend_bucket_name'"
export TF_CLI_ARGS_init="$TF_CLI_ARGS_init -backend-config='region=${TF_VAR_aws_region}'"
# Sequencer private keys
export TF_VAR_sequencer_key=0xYourSequencerSecretKey
export TF_VAR_batcher_key=0xYourBatcherSecretKey
export TF_VAR_proposer_key=0xYourProposerSecretKey
export TF_VAR_challenger_key=0xYourChallengerSecretKey
# VPC variables
export TF_VAR_azs='["ap-northeast-2a", "ap-northeast-2c"]'
export TF_VAR_vpc_cidr="192.168.0.0/16"
export TF_VAR_vpc_name="${TF_VAR_thanos_stack_name}/VPC"
# EKS
export TF_VAR_eks_cluster_admins='["arn:aws:iam::111111111111:user/thanos-stack"]'
# Uploading chain config files
export TF_VAR_genesis_file_path="config-files/genesis.json"
export TF_VAR_rollup_file_path="config-files/rollup.json"
export TF_VAR_prestate_file_path="config-files/prestate.json"
export TF_VAR_prestate_hash="0x03ab262ce124af0d5d328e09bf886a2b272fe960138115ad8b94fdc3034e3155"
# Thanos config
export TF_VAR_stack_deployments_path="~/tokamak-thanos/packages/tokamak/contracts-bedrock/deployments/1-deploy.json"
export TF_VAR_stack_l1_rpc_url="YourRPCEndpointURL"
export TF_VAR_stack_l1_rpc_provider="alchemy"
export TF_VAR_stack_l1_beacon_url="YourBeaconRPCEndpointURL"
Save and apply the environment variables using the following command.
$ direnv allow
direnv: loading ~/Documents/tokamak-network/tokamak-thanos-stack/terraform/.envrc
direnv: export +TF_CLI_ARGS_init +TF_VAR_aws_region +TF_VAR_azs +TF_VAR_backend_bucket_name +TF_VAR_batcher_key +TF_VAR_challenger_key +TF_VAR_eks_cluster_admins +TF_VAR_genesis_file_path +TF_VAR_prestate_file_path +TF_VAR_prestate_hash +TF_VAR_proposer_key +TF_VAR_rollup_file_path +TF_VAR_sequencer_key +TF_VAR_stack_deployments_path +TF_VAR_stack_l1_beacon_url +TF_VAR_stack_l1_rpc_provider +TF_VAR_stack_l1_rpc_url +TF_VAR_thanos_stack_name +TF_VAR_vpc_cidr +TF_VAR_vpc_name
Make backend
Before provisioning AWS resources with Terraform, you need to set up a backend storage to store the state information. The backend storage will use AWS S3.
Go to
backend
directory$ cd terraform/backend
Command
terraform init
$ terraform init ...... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Command
terraform plan
to verify if the backend creation is set up correctly.$ terraform plan ...... Plan: 4 to add, 0 to change, 0 to destroy. Changes to Outputs: + backend_bucket_name = (known after apply)
Command
terraform apply
to create the backend.$ terraform apply ...... Apply complete! Resources: 4 added, 0 changed, 0 destroyed. Outputs: backend_bucket_name = "thanos-stack-example-thanos-stack-tfstate-avfalb9c" direnv: error /Users/austin/Documents/tokamak-network/tokamak-thanos-stack/terraform/.envrc is blocked. Run `direnv allow` to approve its content
<aside> 💡
The error can be ignored because it occurred after the backend was created and the
TF_VAR_backend_bucket_name
value in the environment file was automatically filled in.</aside>
Go back
terraform
directory and apply the environment variables$ cd .. $ direnv allow direnv: loading ~/Documents/tokamak-network/tokamak-thanos-stack/terraform/.envrc direnv: export +TF_CLI_ARGS_init +TF_VAR_aws_region +TF_VAR_azs +TF_VAR_backend_bucket_name +TF_VAR_batcher_key +TF_VAR_challenger_key +TF_VAR_eks_cluster_admins +TF_VAR_genesis_file_path +TF_VAR_prestate_file_path +TF_VAR_prestate_hash +TF_VAR_proposer_key +TF_VAR_rollup_file_path +TF_VAR_sequencer_key +TF_VAR_stack_deployments_path +TF_VAR_stack_l1_beacon_url +TF_VAR_stack_l1_rpc_provider +TF_VAR_stack_l1_rpc_url +TF_VAR_thanos_stack_name +TF_VAR_vpc_cidr +TF_VAR_vpc_name
Set up Thanos stack infrastructure
In this phase, we will set up the infrastructure needed to run the apps required for operating the Thanos chain, and to do so, we will create the following resources:
vpc
: VPC is a networking service provided by AWS.secretsmanager
: The Secrets Manager stores the private keys used by operator nodes.chain-config
: Storage for genesis file and rollup file. used AWS S3EFS
: EFS is a cloud-based file system service. It is used for the file system storage of Thanos stack services.EKS
: EKS is a managed Kubernetes service. It is used to deploy and manage applications in the Thanos stack.kubernetes
: This module is for deploying controllers to use AWS services in Kubernetes. It deploys controllers for load balancers, coredns, and secrets.
Bring genesis and rollup files
Before building the infrastructure, make sure to have the genesis and rollup files created during step 2.
Go to
thanos-stack
directory$ cd terraform/thanos-stack
Copy generate and rollup files to
config-files
directory.$ cp tokamak-thanos/build/genesis.json . $ cp tokamak-thanos/build/rollup.json .
Building infrastructure
Go to
thanos-stack
directory$ cd terraform/thanos-stack
Command
terraform init
$ terraform init ...... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Command
terraform plan
to verify if the thanos-stack infra creation is set up correctly.$ terraform plan ...... Plan: 79 to add, 0 to change, 0 to destroy. Changes to Outputs: + aws_secretsmanager_id = (known after apply) + efs_id = (known after apply) + genesis_file_url = (known after apply) + prestate_file_url = (known after apply) + private_subnet_ids = [ + (known after apply), + (known after apply), ] + public_subnet_ids = [ + (known after apply), + (known after apply), ] + rollup_file_url = (known after apply) + vpc_id = (known after apply)
Command
terraform apply
to create the thanos-stack infra. The process will take around 15 to 20 minutes to complete.$ terraform apply ...... Apply complete! Resources: 79 added, 0 changed, 0 destroyed. Outputs: aws_secretsmanager_id = "arn:aws:secretsmanager:ap-northeast-2:992382494724:secret:guide/secrets-wyxACb" efs_id = "fs-016a9cecb8d4fd7fb" genesis_file_url = "<https://guide-eb5tpdll.s3.ap-northeast-2.amazonaws.com/thanos-stack/genesis.json>" prestate_file_url = "<https://guide-eb5tpdll.s3.ap-northeast-2.amazonaws.com/thanos-stack/0x03ab262ce124af0d5d328e09bf886a2b272fe960138115ad8b94fdc3034e3155.json>" private_subnet_ids = [ "subnet-0392e0a4580bc69ce", "subnet-09aaf04937a5d493c", ] public_subnet_ids = [ "subnet-0b196fec4038dbd17", "subnet-09b558afb248f9644", ] rollup_file_url = "<https://guide-eb5tpdll.s3.ap-northeast-2.amazonaws.com/thanos-stack/rollup.json>" vpc_id = "vpc-0977f0febdd925ef5"
Once the infrastructure setup is complete, you’ll see that the
thanos-stack-values.yaml
file has been created. This file will be used in the next step to deploy the Thanos chain.$ ls ... thanos-stack-values.yaml ...
To interact with EKS, register the EKS kubeconfig with kubectl.
$ aws eks update-kubeconfig --region $TF_VAR_aws_region --name $TF_VAR_thanos_stack_name Added new context arn:aws:eks:ap-northeast-2:111111111111:cluster/thanos-stack-example to /Users/austin/.kube/config
With the infrastructure setup complete, proceed to the next phase
Last updated