mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-25 12:57:18 +00:00
5eb5f6afa9
* second pass at faucet, no rate limiting yet * Add authentication support, step 1. This stuff needs to be refactored and tested * move deposit input to keystore pkg, add proof of possession and withdrawal addr * checkpoint on progress with cluster private key manager * checkpoint w/ bootnode config * checkpoint * resolve todo * encrypt the secrets * add note about querying testnet * workspace * checkpoitn * remove limits * update * checkpoint * checkpoint * remove jwt stuff * fix build * lint * lint * remove init * remove jwt * update * checkpoint
1.3 KiB
1.3 KiB
Cluster private key management tool
This is a primative tool for managing and delegating validator private key assigments within the kubernetes cluster.
Design
When a validator pod is initializing within the cluster, it requests a private key for a deposited validator. Since pods are epheremal, scale up/down quickly, there needs to be some service to manage private key allocations, validator deposits, and re-allocations of previously in-use private keys from terminated pods.
Workflow for bootstraping a validator pod
- Request a private key from the pk manager.
- If an unallocated private key exists (from previously terminated pod), assign to the requesting pod.
- If all available private keys are in use, generate a new private key, and make the deposit on behalf of this newly generated private key.
- Write the assignment to some persistent datastore and fulfill the request.
- The validator uses this private key to act as a deposited validator in the system.
Server
The server manages the private key database, allocates new private keys, makes validator deposits, and fulfills requests from pods for private key allocation.
Client
The client makes the private key request with a given pod name and generates a keystore with the server response.