Kubernetes Deployment

Guide for deploying NCN Network on Kubernetes for production scale.

Prerequisites

Kubernetes cluster (1.25+)
kubectl configured
Helm 3.x installed
Container registry access

Architecture on Kubernetes

┌─────────────────────────────────────────────────────────────────────────────┐
│                         Kubernetes Cluster                                   │
│                                                                             │
│   ┌───────────────────────────────────────────────────────────────────┐     │
│   │                         Ingress                                    │     │
│   │                    (nginx/traefik)                                │     │
│   └───────────────────────────────┬───────────────────────────────────┘     │
│                                   │                                         │
│   ┌───────────────────────────────▼───────────────────────────────────┐     │
│   │                     Gateway Service                                │     │
│   │   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐            │     │
│   │   │ Gateway Pod │   │ Gateway Pod │   │ Gateway Pod │            │     │
│   │   │  (replica)  │   │  (replica)  │   │  (replica)  │            │     │
│   │   └─────────────┘   └─────────────┘   └─────────────┘            │     │
│   └───────────────────────────────────────────────────────────────────┘     │
│                                                                             │
│   ┌───────────────────────────────────────────────────────────────────┐     │
│   │                    Registry StatefulSet                            │     │
│   │   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐            │     │
│   │   │Registry Pod │   │Registry Pod │   │Registry Pod │            │     │
│   │   │    + PVC    │   │    + PVC    │   │    + PVC    │            │     │
│   │   └─────────────┘   └─────────────┘   └─────────────┘            │     │
│   └───────────────────────────────────────────────────────────────────┘     │
│                                                                             │
│   ┌───────────────────────────────────────────────────────────────────┐     │
│   │                     Compute DaemonSet/Deployment                   │     │
│   │   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐            │     │
│   │   │Compute Pod  │   │Compute Pod  │   │Compute Pod  │            │     │
│   │   │   (GPU)     │   │   (GPU)     │   │   (CPU)     │            │     │
│   │   └─────────────┘   └─────────────┘   └─────────────┘            │     │
│   └───────────────────────────────────────────────────────────────────┘     │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

Namespace Setup

# namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: ncn-network
  labels:
    name: ncn-network

kubectl apply -f namespace.yaml

Secrets

# secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: ncn-secrets
  namespace: ncn-network
type: Opaque
stringData:
  gateway-private-key: "0x..."
  compute-private-key: "0x..."
  validator-private-key: "0x..."

kubectl apply -f secrets.yaml

ConfigMaps

# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: ncn-config
  namespace: ncn-network
data:
  RPC_URL: "https://testnet-rpc-1.forknet.io"
  CHAIN_ID: "828"
  CONTRACT_ADDRESS: "0x4361115359E5C0a25c9b2f8Bb71184F010b768ea"
  RUST_LOG: "info"
  REQUIRE_PAYMENT: "true"
  SANDBOX_MODE: "strict"

kubectl apply -f configmap.yaml

P2P Registry StatefulSet

# registry-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: ncn-registry
  namespace: ncn-network
spec:
  serviceName: ncn-registry
  replicas: 3
  selector:
    matchLabels:
      app: ncn-registry
  template:
    metadata:
      labels:
        app: ncn-registry
    spec:
      containers:
      - name: registry
        image: your-registry/ncn-registry:latest
        ports:
        - containerPort: 50050
          name: grpc
        - containerPort: 8828
          name: p2p
        env:
        - name: GRPC_LISTEN_ADDR
          value: "0.0.0.0:50050"
        - name: P2P_LISTEN_ADDR
          value: "/ip4/0.0.0.0/tcp/8828"
        - name: VALIDATOR_PRIVATE_KEY
          valueFrom:
            secretKeyRef:
              name: ncn-secrets
              key: validator-private-key
        envFrom:
        - configMapRef:
            name: ncn-config
        volumeMounts:
        - name: data
          mountPath: /data
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "4Gi"
            cpu: "2000m"
        livenessProbe:
          tcpSocket:
            port: 50050
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          tcpSocket:
            port: 50050
          initialDelaySeconds: 5
          periodSeconds: 5
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
  name: ncn-registry
  namespace: ncn-network
spec:
  selector:
    app: ncn-registry
  ports:
  - port: 50050
    name: grpc
  - port: 8828
    name: p2p
  clusterIP: None  # Headless service for StatefulSet

Gateway Deployment

# gateway-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ncn-gateway
  namespace: ncn-network
spec:
  replicas: 3
  selector:
    matchLabels:
      app: ncn-gateway
  template:
    metadata:
      labels:
        app: ncn-gateway
    spec:
      containers:
      - name: gateway
        image: your-registry/ncn-gateway:latest
        ports:
        - containerPort: 50051
          name: grpc
        - containerPort: 8080
          name: http
        - containerPort: 9000
          name: websocket
        env:
        - name: GRPC_ADDR
          value: "0.0.0.0:50051"
        - name: HTTP_ADDR
          value: "0.0.0.0:8080"
        - name: WS_ADDR
          value: "0.0.0.0:9000"
        - name: REGISTRY_GRPC_ADDR
          value: "http://ncn-registry:50050"
        - name: GATEWAY_WALLET_PRIVATE_KEY
          valueFrom:
            secretKeyRef:
              name: ncn-secrets
              key: gateway-private-key
        envFrom:
        - configMapRef:
            name: ncn-config
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "4Gi"
            cpu: "2000m"
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
  name: ncn-gateway
  namespace: ncn-network
spec:
  selector:
    app: ncn-gateway
  ports:
  - port: 50051
    name: grpc
  - port: 8080
    name: http
  - port: 9000
    name: websocket

Compute Node Deployment

# compute-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ncn-compute
  namespace: ncn-network
spec:
  replicas: 5
  selector:
    matchLabels:
      app: ncn-compute
  template:
    metadata:
      labels:
        app: ncn-compute
    spec:
      containers:
      - name: compute
        image: your-registry/ncn-compute:latest
        env:
        - name: GATEWAY_ADDR
          value: "http://ncn-gateway:50051"
        - name: MODEL_PATH
          value: "/models"
        - name: COMPUTE_NODE_PRIVATE_KEY
          valueFrom:
            secretKeyRef:
              name: ncn-secrets
              key: compute-private-key
        envFrom:
        - configMapRef:
            name: ncn-config
        volumeMounts:
        - name: models
          mountPath: /models
        resources:
          requests:
            memory: "8Gi"
            cpu: "2000m"
            nvidia.com/gpu: 1  # For GPU nodes
          limits:
            memory: "16Gi"
            cpu: "4000m"
            nvidia.com/gpu: 1
        securityContext:
          privileged: true  # Required for sandbox
      volumes:
      - name: models
        persistentVolumeClaim:
          claimName: ncn-models
      nodeSelector:
        gpu: "true"  # Schedule on GPU nodes
      tolerations:
      - key: nvidia.com/gpu
        operator: Exists
        effect: NoSchedule

Ingress

# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ncn-ingress
  namespace: ncn-network
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - api.ncn-network.io
    secretName: ncn-tls
  rules:
  - host: api.ncn-network.io
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ncn-gateway
            port:
              number: 8080
      - path: /grpc
        pathType: Prefix
        backend:
          service:
            name: ncn-gateway
            port:
              number: 50051

Horizontal Pod Autoscaler

# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: ncn-gateway-hpa
  namespace: ncn-network
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: ncn-gateway
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80

Deploy All Resources

# Apply all manifests
kubectl apply -f namespace.yaml
kubectl apply -f secrets.yaml
kubectl apply -f configmap.yaml
kubectl apply -f registry-statefulset.yaml
kubectl apply -f gateway-deployment.yaml
kubectl apply -f compute-deployment.yaml
kubectl apply -f ingress.yaml
kubectl apply -f hpa.yaml

# Check status
kubectl get pods -n ncn-network
kubectl get services -n ncn-network
kubectl get ingress -n ncn-network

Monitoring

Prometheus ServiceMonitor

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: ncn-gateway
  namespace: ncn-network
spec:
  selector:
    matchLabels:
      app: ncn-gateway
  endpoints:
  - port: http
    path: /metrics
    interval: 30s

Helm Chart (Alternative)

If a Helm chart is available:

# Add repository
helm repo add ncn https://charts.ncn-network.io
helm repo update

# Install
helm install ncn-network ncn/ncn-network \
  --namespace ncn-network \
  --create-namespace \
  --values values.yaml

Troubleshooting

View Logs

kubectl logs -f deployment/ncn-gateway -n ncn-network
kubectl logs -f statefulset/ncn-registry -n ncn-network

Exec into Pod

kubectl exec -it deployment/ncn-gateway -n ncn-network -- /bin/bash

Check Events

kubectl get events -n ncn-network --sort-by='.lastTimestamp'

Next Steps

Production Deployment - Production hardening
Monitoring - Set up monitoring

PreviousManual Deployment NextProduction Deployment

Last updated 1 month ago

hashtagPrerequisites

hashtagArchitecture on Kubernetes

hashtagNamespace Setup

hashtagSecrets

hashtagConfigMaps

hashtagP2P Registry StatefulSet

hashtagGateway Deployment

hashtagCompute Node Deployment

hashtagIngress

hashtagHorizontal Pod Autoscaler

hashtagDeploy All Resources

hashtagMonitoring

hashtagPrometheus ServiceMonitor

hashtagHelm Chart (Alternative)

hashtagTroubleshooting

hashtagView Logs

hashtagExec into Pod

hashtagCheck Events

hashtagNext Steps

Prerequisites

Architecture on Kubernetes

Namespace Setup

Secrets

ConfigMaps

P2P Registry StatefulSet

Gateway Deployment

Compute Node Deployment

Ingress

Horizontal Pod Autoscaler

Deploy All Resources

Monitoring

Prometheus ServiceMonitor

Helm Chart (Alternative)

Troubleshooting

View Logs

Exec into Pod

Check Events

Next Steps