Cosmos Operator is a Kubernetes Operator primarily for blockchains built with the Cosmos SDK. It also supports Penumbra and other chains which use CometBFT for consensus.

Kubernetes ("K8") makes DevOps easier. Cosmos Operator makes Kubernetes easier for use in the Cosmos Ecosystem.

K8 provides a foundation for creating highly-available, scalable, fault-tolerant applications. It provides well-known DevOps patterns and abstractions (as opposed to traditional DevOps which often requires "re-inventing the wheel").

Furthermore, the Operator Pattern allows us to mix infrastructure with business logic, thus minimizing human intervention and human error.

People who'd like to use the Operator Pattern to "configure it and forget it".

The operator pattern aims to capture the key aim of a human operator who is managing a service or set of services. Human operators who look after specific applications and services have deep knowledge of how the system ought to behave, how to deploy it, and how to react if there are problems.

People who run workloads on Kubernetes often like to use automation to take care of repeatable tasks. The operator pattern captures how you can write code to automate a task beyond what Kubernetes itself provides.

Cosmos Operator is a Kubernetes Operator for blockchains built with the Cosmos SDK. Write your own Custom Resource Definition ("CRD") as a yaml file and deploy with ease!

See the quick start guide.

CosmosFullNode is the flagship CRD. Its purpose is to deploy highly-available, fault-tolerant blockchain nodes.

The CosmosFullNode controller is like a StatefulSet for running Cosmos SDK blockchains.

A CosmosFullNode can be configured to run as an RPC node, a validator sentry, or a seed node. All configurations can be used as persistent peers.

As of this writing, Strangelove has been running CosmosFullNode in production for over a year.

• Minimal example yaml
• Full example yaml
• Penumbra example yaml

These CRDs are part of the operator and serve to support CosmosFullNodes.

• ScheduledVolumeSnapshot
• StatefulJob

Each pod requires different config, such as peer settings in config.toml and mounted node keys. Therefore, a blanket template as found in StatefulSet did not suffice.

Additionally, CosmosFullNode gives you more control over individual pod and pvc pairs vs. a StatefulSet to help the human operator debug and recover from situations such as a corrupted PVCs.

• Tested on Google's GKE and Bare-metal with Kubeadm. Although kubernetes is portable, we cannot guarantee or provide support for AWS, Azure, or other kubernetes providers.
• Requires a recent version of kubernetes: v1.23+.
• CosmosFullNode: The chain must be built from the Cosmos SDK.
• CosmosFullNode: Validator sentries require a remote signer such as horcrux.
• CosmosFullNode: The controller requires heighliner images. If you build your own image, you will need a shell sh and set the uid:gid to 1025:1025. If running as a validator sentry, you need sleep as well.
• CosmosFullNode: May not work for all Cosmos chains. (Some chains diverge from common conventions.) Strangelove has yet to encounter a Cosmos chain that does not work with this operator.

See the contributing guide.

See the best practices guide for CosmosFullNode.

Disclaimer: Strangelove has not committed to these enhancements and cannot estimate when they will be completed.

• Scheduled upgrades. Set the upgrade height and image version, optionally setting halt height. The controller performs a rolling update with the new image version after the committed height.
• Support configuration suitable for validator sentries.
• Reliable, persistent peer support.
• Quicker p2p discovery using private peers.
• Advanced readiness probe behavior. (The CometBFT rpc status endpoint is not always reliable.)
• Automatic rollout for PVC resizing. (Currently human intervention required to restart pods after PVC resized.) Requires ExpandInUsePersistentVolumes feature gate.
• Automatic PVC resizing. The controller increases PVC size once storage reaches a configured threshold; e.g. 80% full.
• Bootstrap config using the chain registry. Query the chain registry and set config based on the registry.
• Validate p2p such as peers, seeds, etc. and filter out non-responsive peers.
• HPA support.
• Automatic upgrades. Controller monitors governance and performs upgrade without any human intervention.
• Corrupt data recovery. Detect when a PVC may have corrupted data. Restore data from a recent VolumeSnapshot.
• Safe, automatic backups. Create periodic VolumeSnapshots of PVCs while minimizing chance of data corruption during snapshot creation.

Copyright 2023 Strangelove Ventures LLC.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.