[node] Add docs on node key set up #343 (#344)

* add node keys * update README.md * fix
paritytech · May 17, 2024 · 8f17629 · 8f17629
1 parent e0d4d37
commit 8f17629
Show file tree

Hide file tree

Showing 4 changed files with 98 additions and 2 deletions.
diff --git a/charts/node/README.md b/charts/node/README.md
@@ -110,6 +110,50 @@ node:
       vaultKey: nodekey
 ```
 
+### Setting Up Node Key for Bootnodes and Validators
+
+For both bootnodes and validators (refer to [paritytech/polkadot-sdk#3852](https://github.com/paritytech/polkadot-sdk/pull/3852)), it is necessary to set up a network key.
+
+#### Steps to Set Up a Node Key
+
+1. **Generate a Custom Node Key**
+
+   You can generate a custom node key using the following command:
+   ```sh
+   polkadot key generate-node-key
+   ```
+
+2. **Add the Generated Node Key**
+
+   To add the generated node key, use the following configuration:
+
+   ```yaml
+   node:
+     customNodeKey: "<your-generated-node-key>"
+   ```
+
+3. **Point to an Existing Node Key K8s Secret**
+
+   If you have an existing Kubernetes secret for the node key, point to it using:
+
+   ```yaml
+   node:
+     existingSecrets:
+       nodeKey: "<your-existing-node-key-secret>"
+   ```
+4. **Retrieve Node Key from vault**
+
+   see [Optional Vault Integration](#optional-vault-integration)
+
+5. **Automatically Generate and Persist Node Key**
+
+   Alternatively, you can set the following to automatically generate a node key on startup and store it to the volume:
+
+   ```yaml
+   node:
+     persistGeneratedNodeKey: true
+   ```
+
 ## Upgrade
 ### From v5.5.x to v5.5.2
 - Fix Bug from v5.5.0: `--pruning` is alias for `--state-pruning` not `--blocks-pruning`.

diff --git a/charts/node/README.md.gotmpl b/charts/node/README.md.gotmpl
@@ -106,6 +106,51 @@ node:
       vaultKey: nodekey
 ```
 
+
+### Setting Up Node Key for Bootnodes and Validators
+
+For both bootnodes and validators (refer to [paritytech/polkadot-sdk#3852](https://github.com/paritytech/polkadot-sdk/pull/3852)), it is necessary to set up a network key.
+
+#### Steps to Set Up a Node Key
+
+1. **Generate a Custom Node Key**
+
+   You can generate a custom node key using the following command:
+   ```sh
+   polkadot key generate-node-key
+   ```
+
+2. **Add the Generated Node Key**
+
+   To add the generated node key, use the following configuration:
+
+   ```yaml
+   node:
+     customNodeKey: "<your-generated-node-key>"
+   ```
+
+3. **Point to an Existing Node Key K8s Secret**
+
+   If you have an existing Kubernetes secret for the node key, point to it using:
+
+   ```yaml
+   node:
+     existingSecrets:
+       nodeKey: "<your-existing-node-key-secret>"
+   ```
+4. **Retrieve Node Key from vault**
+
+   see [Optional Vault Integration](#optional-vault-integration)
+
+5. **Automatically Generate and Persist Node Key**
+
+   Alternatively, you can set the following to automatically generate a node key on startup and store it to the volume:
+
+   ```yaml
+   node:
+     persistGeneratedNodeKey: true
+   ```
+
 ## Upgrade
 ### From v5.5.x to v5.5.2
 - Fix Bug from v5.5.0: `--pruning` is alias for `--state-pruning` not `--blocks-pruning`.

diff --git a/charts/node/examples/local-rococo/parachain.yaml b/charts/node/examples/local-rococo/parachain.yaml
@@ -14,13 +14,14 @@ node:
   chainKeystore:
     storageClass: ""
   keys:
-    # This is Alice seed
+    # This is Alice seed. To generate new seed run: docker run --rm parity/polkadot:latest key generate
     - seed: "bottom drive obey lake curtain smoke basket hold race lonely fit walk"
       type: aura
       scheme: sr25519
       # ${HOSTNAME##*-} will be evaluated as the pod index, pod-0: //Alice, pod-1: //Bob
       extraDerivation: '$([ "${HOSTNAME##*-}" = "0" ] && echo "//Alice" || echo "//Bob")'
   customNodeKey:
+   # To generate new key run: docker run --rm -t parity/polkadot:latest key generate-node-key
    # 12D3KooWL5Av1ZZSKkaittmxXBmZpzP7zgiB1AAnWHEw7MxzqnFp
    - bdf71a910354e231095366230621eaefb5f99465045f1501478fd3d9b5deef98
    # 12D3KooWAxFonTS177T81CTDeH6mfvJQWYEJeVQ1gPrnULjNY8Cn

diff --git a/charts/node/examples/local-rococo/validators-alice-bob.yaml b/charts/node/examples/local-rococo/validators-alice-bob.yaml
@@ -15,7 +15,7 @@ node:
   chainKeystore:
     storageClass: ""
   keys:
-      # This is Alice seed
+      # This is Alice seed. To generate new seed run: docker run --rm parity/polkadot:latest key generate
     - seed: "bottom drive obey lake curtain smoke basket hold race lonely fit walk"
       type: gran
       scheme: ed25519
@@ -45,6 +45,12 @@ node:
       type: beef
       scheme: ecdsa
       extraDerivation: '$([ "${HOSTNAME##*-}" = "0" ] && echo "//Alice" || echo "//Bob")'
+  customNodeKey:
+   # To generate new key run: docker run --rm -t parity/polkadot:latest key generate-node-key
+   # 12D3KooWJ8ZqNMsxW9JHf8ZfXLW9a5LmJwaro83fB3tBzeq137XJ
+   - 2f355a92b3f2823975e8d59a022bd4927aca4b016359b7fc358cbea08b5293fc
+   # 12D3KooWCNqZFCPPtUGHhsUKzKWi1zTPwFFiobfCKdVYD4urrZEv
+   - 8b70f3e85bd5d80ebef8cffa8564f52e7d418b07b3cfb222712f30414dc67728
   flags:
     - "--allow-private-ipv4"
     - "--discover-local"