Deployment of Tendermint + BigchainDB cluster

- Update existing docker-containers to support tendermint integration, nginx, mongodb, bigchaindb - Add tendermint configuration files for statefulset, pvc, pv and service. - Update some READMEs.
2024-10-13 13:34:05 +00:00 · 2018-01-02 14:47:36 +01:00 · 2018-01-02 14:47:36 +01:00 · a348c72696
commit a348c72696
parent 52d0c7024a
42 changed files with 736 additions and 160 deletions
--- a/35
+++ b/35
@ -0,0 +1,35 @@
 FROM python:3.6
 LABEL maintainer "dev@bigchaindb.com"
 RUN apt-get update \
    && apt-get install -y vim \
    && pip install -U pip \
    && pip install pynacl \
    && apt-get autoremove \
    && apt-get clean
 ARG backend
 ENV PYTHONUNBUFFERED 0
 ENV BIGCHAINDB_DATABASE_PORT 27017
 ENV BIGCHAINDB_DATABASE_BACKEND $backend
 ENV BIGCHAINDB_SERVER_BIND 0.0.0.0:9984
 ENV BIGCHAINDB_WSSERVER_HOST 0.0.0.0
 ENV BIGCHAINDB_WSSERVER_SCHEME ws
 ENV BIGCHAINDB_WSSERVER_ADVERTISED_HOST 0.0.0.0
 ENV BIGCHAINDB_WSSERVER_ADVERTISED_SCHEME ws
 ENV BIGCHAINDB_START_TENDERMINT 0
 ENV TENDERMINT_PORT 46657
 RUN mkdir -p /usr/src/app
 COPY . /usr/src/app/
 WORKDIR /usr/src/app
 RUN pip install --no-cache-dir -e .[dev]
 RUN bigchaindb -y configure "$backend"
 # Build the container
 # docker build -t bigchaindb/bigchaindb:unstable-tmt . -f Dockerfile-tendermint  --build-arg backend=localmongodb
--- a/k8s/bigchaindb/bigchaindb-dep.yaml
+++ b/k8s/bigchaindb/bigchaindb-dep.yaml
@ -27,13 +27,11 @@ spec:
            configMapKeyRef:
              name: vars
              key: mongodb-backend-port
-        - name: BIGCHAINDB_DATABASE_REPLICASET
+        - name: BIGCHAINDB_DATABASE_BACKEND
          valueFrom:
            configMapKeyRef:
-              name: vars
+              name: bdb-config
-              key: mongodb-replicaset-name
+              key: bdb-db-backend
        - name: BIGCHAINDB_DATABASE_BACKEND
          value: mongodb
        - name: BIGCHAINDB_DATABASE_NAME
          valueFrom:
            configMapKeyRef:
@ -69,13 +67,6 @@ spec:
            configMapKeyRef:
              name: vars
              key: bigchaindb-wsserver-advertised-scheme
        - name: BIGCHAINDB_KEYPAIR_PUBLIC
          valueFrom:
            configMapKeyRef:
              name: bdb-config
              key: bdb-public-key
        - name: BIGCHAINDB_KEYPAIR_PRIVATE
          value: "<private key here>"
        - name: BIGCHAINDB_BACKLOG_REASSIGN_DELAY
          valueFrom:
            configMapKeyRef:
@ -111,12 +102,23 @@ spec:
            configMapKeyRef:
              name: bdb-config
              key: bdb-user
-        # The following env var is not required for the bootstrap/first node
+        - name: BIGCHAINDB_START_TENDERMINT
-        #- name: BIGCHAINDB_KEYRING
+          value: "0"
-        #   valueFrom:
+        - name: TENDERMINT_HOST
-        #     configMapKeyRef:
+          valueFrom:
-        #       name: bdb-config
+            configMapKeyRef:
-        #       key: bdb-keyring
+              name: tendermint-config
              key: tm-instance-name
        - name: TENDERMINT_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-rpc-port
        command:
        - bash
        - "-c"
        - |
          bigchaindb -l DEBUG start
        ports:
        - containerPort: "<bigchaindb-api-port from ConfigMap>"
          protocol: TCP
@ -124,6 +126,9 @@ spec:
        - containerPort: "<bigchaindb-ws-port from ConfigMap>"
          protocol: TCP
          name: bdb-ws-port
        - containerPort: "<tm-abci-port from ConfigMap>"
          protocol: TCP
          name: tm-abci-port
        volumeMounts:
        - name: bdb-certs
          mountPath: /etc/bigchaindb/ssl/
--- a/k8s/bigchaindb/bigchaindb-svc.yaml
+++ b/k8s/bigchaindb/bigchaindb-svc.yaml
@ -17,5 +17,9 @@ spec:
    targetPort: "<bigchaindb-ws-port from ConfigMap>"
    name: bdb-ws-port
    protocol: TCP
  - port: "<tm-abci-port from ConfigMap>"
    targetPort: "<tm-abci-port from ConfigMap>"
    name: tm-abci-port
    protocol: TCP
  type: ClusterIP
  clusterIP: None
--- a/k8s/configuration/config-map.yaml
+++ b/k8s/configuration/config-map.yaml
@ -88,9 +88,6 @@ data:
  bigchaindb-ws-port: "9985"
  bigchaindb-ws-interface: "0.0.0.0"
  # mongodb-replicaset-name is the MongoDB replica set name
  mongodb-replicaset-name: "bigchain-rs"
  # bigchaindb-database-name is the database collection used by BigchainDB with
  # the MongoDB backend.
  bigchaindb-database-name: "bigchain"
@ -111,17 +108,9 @@ metadata:
  name: bdb-config
  namespace: default
 data:
  # Colon-separated list of all *other* nodes' BigchainDB public keys.
  bdb-keyring: "<':' separated list of public keys>"
  # BigchainDB instance authentication user name
  bdb-user: "<user name>"
  # BigchainDB public key of *this* node.
  # Generated using bigchaindb_driver in the docs
  # Example: "EPQk5i5yYpoUwGVM8VKZRjM8CYxB6j8Lu8i8SG7kGGce"
  bdb-public-key: "<public key>"
  # bigchaindb-backlog-reassign-delay is the number of seconds a transaction
  # can remain in the backlog before being reassigned.
  bigchaindb-backlog-reassign-delay: "120"
@ -138,3 +127,51 @@ data:
  # bigchaindb-log-level is the log level used to log to the console.
  bigchaindb-log-level: "debug"
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: tendermint-config
  namespace: default
 data:
  # tm-seeds is the list of all the peers in the network.
  tm-seeds: "<',' separated list of all tendermint nodes in the network>"
  # tm-validators is the list of all validators in the network.
  tm-validators: "<',' separated list of all validators in the network>"
  # tm-validator-power is the validators voting power, make sure the order and
  # the number of nodes in tm-validator-power and tm-validators is the same.
  tm-validator-power: "<',' separated list of validator power of each node in the network>"
  # tm-genesis-time is the official time of blockchain start.
  # example: 0001-01-01T00:00:00Z
  tm-genesis-time: "<timestamp of blockchain start>"
  # tm-chain-id is the ID of the blockchain. Must be unique for every blockchain.
  # example: test-chain-KPI1Ud
  tm-chain-id: "<ID of the blockchain>"
  # tendermint-instance-name is the name of the Tendermint instance
  # in the cluster
  tm-instance-name: "<name of tendermint instance>"
  # ngx-tendermint-instance-name is the FQDN of the tendermint instance in this cluster
  ngx-tendermint-instance-name: "<name of tendermint instance>.default.svc.cluster.local"
  # tm-abci-port is used by Tendermint Core for ABCI traffic. BigchainDB nodes
  # use that internally.
  tm-abci-port: "46658"
  # tm-p2p-port is used by Tendermint Core to communicate with
  # other peers in the network. This port is accessible publicly.
  tm-p2p-port: "46656"
  # tm-rpc-port is used by Tendermint Core to rpc. BigchainDB nodes
  # use this port internally.
  tm-rpc-port: "46657"
  # tm-pub-key-access is the port number used to host/publish the
  # public key of the tendemrint node in this cluster.
  tm-pub-key-access: "9986"
--- a/k8s/configuration/secret.yaml
+++ b/k8s/configuration/secret.yaml
@ -22,17 +22,6 @@ data:
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: bdb-private-key
  namespace: default
 type: Opaque
 data:
  # Base64-encoded BigchainDB private key of *this* node
  # Generated using bigchaindb_driver in the docs
  private.key: "<b64 encoded BigchainDB private key>"
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: mdb-certs
  namespace: default
--- a/k8s/mongodb/container/Dockerfile
+++ b/k8s/mongodb/container/Dockerfile
@ -1,4 +1,4 @@
-FROM mongo:3.4.4
+FROM mongo:3.4.10
 LABEL maintainer "dev@bigchaindb.com"
 WORKDIR /
 RUN apt-get update \
--- a/k8s/mongodb/container/README.md
+++ b/k8s/mongodb/container/README.md
@ -1,14 +1,5 @@
 ## Custom MongoDB container for BigchainDB Backend
 ### Need
 *  MongoDB needs the hostname provided in the `rs.initiate()` command to be
   resolvable through the hosts file locally.
 *  In the future, with the introduction of TLS for inter-cluster MongoDB
   communications, we will need a way to specify detailed configuration.
 *  We also need a way to overwrite certain parameters to suit our use case.
 ### Step 1: Build and Push the Latest Container
 Use the `docker_build_and_push.bash` script to build the latest docker image
 and upload it to Docker Hub.
@ -27,84 +18,12 @@ docker run \
  --volume=<host dir for mongodb data files>:/data/db \
  --volume=<host dir for mongodb config data files>:/data/configdb \
  --volume=<host dir with the required TLS certificates>:/mongo-ssl:ro \
-  bigchaindb/mongodb:3.0 \
+  bigchaindb/mongodb:<version of container> \
  --mongodb-port <mongod port number for external connections> \
  --mongodb-key-file-path /mongo-ssl/<private key file name>.pem \
  --mongodb-key-file-password <password for the private key file> \
  --mongodb-ca-file-path /mongo-ssl/<ca certificate file name>.crt \
  --mongodb-crl-file-path /mongo-ssl/<crl certificate file name>.pem \
  --replica-set-name <replica set name> \
  --mongodb-fqdn <fully qualified domain name of this instance> \
  --mongodb-ip <ip address of the mongodb container>
 ```
 #### Step 3: Initialize the Replica Set
 Login to one of the MongoDB containers, say mdb1:
 `docker exec -it mongodb bash`
 Since we need TLS certificates to use the mongo shell now, copy them using:
 ```
 docker cp bdb-instance-0.pem mongodb:/
 docker cp ca.crt mongodb:/
 ```
 Start the `mongo` shell:
 ```
 mongo --host mdb1-fqdn --port mdb1-port --verbose --ssl \
  --sslCAFile /ca.crt \
  --sslPEMKeyFile /bdb-instance-0.pem \
  --sslPEMKeyPassword password
 ```
 Run the rs.initiate() command:
 ```
 rs.initiate({ 
  _id : "<replica-set-name", members: [
  { 
    _id : 0,
    host : "<fqdn of this instance>:<port number>"
  } ]
 })
 ```
 For example:
 ```
 rs.initiate({ _id : "test-repl-set", members: [ { _id : 0, host :
 "mdb-instance-0.westeurope.cloudapp.azure.com:27017" } ] })
 ```
 You should also see changes in the mongo shell prompt from `>` to
 `test-repl-set:OTHER>` to `test-repl-set:SECONDARY>` to finally
 `test-repl-set:PRIMARY>`.
 If this instance is not the primary, you can use the `rs.status()` command to
 find out who is the primary.
 #### Step 4: Add members to the Replica Set
 We can only add members to a replica set from the PRIMARY instance.
 Login to the PRIMARY and open a `mongo` shell.
 Run the rs.add() command with the ip and port number of the other
 containers/instances:
 ```
 rs.add("<fqdn>:<port>")
 ```
 For example:
 Add mdb2 to replica set from mdb1:
 ```
 rs.add("bdb-cluster-1.northeurope.cloudapp.azure.com:27017")
 ```
 Add mdb3 to replica set from mdb1:
 ```
 rs.add("bdb-cluster-2.northeurope.cloudapp.azure.com:27017")
 ```
--- a/k8s/mongodb/container/docker_build_and_push.bash
+++ b/k8s/mongodb/container/docker_build_and_push.bash
@ -3,3 +3,8 @@
 docker build -t bigchaindb/mongodb:3.2 .
 docker push bigchaindb/mongodb:3.2
 # For Tendermint
 # docker build -t bigchaindb/mongodb:unstable-tmt .
 # docker push bigchaindb/mongodb:unstable-tmt
--- a/k8s/mongodb/container/mongod.conf.template
+++ b/k8s/mongodb/container/mongod.conf.template
@ -25,8 +25,6 @@ systemLog:
      verbosity: 0
    query:
      verbosity: 0
    replication:
      verbosity: 0
    sharding:
      verbosity: 0
    storage:
@ -95,7 +93,3 @@ storage:
 operationProfiling:
  mode: slowOp
  slowOpThresholdMs: 100
 replication:
  replSetName: REPLICA_SET_NAME
  enableMajorityReadConcern: true
--- a/k8s/mongodb/container/mongod_entrypoint.bash
+++ b/k8s/mongodb/container/mongod_entrypoint.bash
@ -34,10 +34,6 @@ while [[ $# -gt 1 ]]; do
          MONGODB_CRL_FILE_PATH="$2"
          shift
          ;;
      --replica-set-name)
          REPLICA_SET_NAME="$2"
          shift
          ;;
      --mongodb-fqdn)
          MONGODB_FQDN="$2"
          shift
@ -59,8 +55,7 @@ while [[ $# -gt 1 ]]; do
 done
 # sanity checks
-if [[ -z "${REPLICA_SET_NAME:?REPLICA_SET_NAME not specified. Exiting!}" || \
+if [[ -z "${MONGODB_PORT:?MONGODB_PORT not specified. Exiting!}" || \
    -z "${MONGODB_PORT:?MONGODB_PORT not specified. Exiting!}" || \
    -z "${MONGODB_FQDN:?MONGODB_FQDN not specified. Exiting!}" || \
    -z "${MONGODB_IP:?MONGODB_IP not specified. Exiting!}" || \
    -z "${MONGODB_KEY_FILE_PATH:?MONGODB_KEY_FILE_PATH not specified. Exiting!}" || \
@ -70,7 +65,6 @@ if [[ -z "${REPLICA_SET_NAME:?REPLICA_SET_NAME not specified. Exiting!}" || \
    #-z "${MONGODB_KEY_FILE_PASSWORD:?MongoDB Key File Password not specified. Exiting!}" || \
  exit 1
 else
  echo REPLICA_SET_NAME="$REPLICA_SET_NAME"
  echo MONGODB_PORT="$MONGODB_PORT"
  echo MONGODB_FQDN="$MONGODB_FQDN"
  echo MONGODB_IP="$MONGODB_IP"
@ -86,10 +80,8 @@ HOSTS_FILE_PATH=/etc/hosts
 # configure the mongod.conf file
 sed -i "s|MONGODB_PORT|${MONGODB_PORT}|g" ${MONGODB_CONF_FILE_PATH}
 sed -i "s|MONGODB_KEY_FILE_PATH|${MONGODB_KEY_FILE_PATH}|g" ${MONGODB_CONF_FILE_PATH}
 #sed -i "s|MONGODB_KEY_FILE_PASSWORD|${MONGODB_KEY_FILE_PASSWORD}|g" ${MONGODB_CONF_FILE_PATH}
 sed -i "s|MONGODB_CA_FILE_PATH|${MONGODB_CA_FILE_PATH}|g" ${MONGODB_CONF_FILE_PATH}
 sed -i "s|MONGODB_CRL_FILE_PATH|${MONGODB_CRL_FILE_PATH}|g" ${MONGODB_CONF_FILE_PATH}
 sed -i "s|REPLICA_SET_NAME|${REPLICA_SET_NAME}|g" ${MONGODB_CONF_FILE_PATH}
 if [ ! -z "$STORAGE_ENGINE_CACHE_SIZE" ]; then
  if [[ "$STORAGE_ENGINE_CACHE_SIZE" =~ ^[0-9]+(G|M|T)B$ ]]; then
    sed -i.bk "s|STORAGE_ENGINE_CACHE_SIZE|${STORAGE_ENGINE_CACHE_SIZE}|g" ${MONGODB_CONF_FILE_PATH}
--- a/k8s/mongodb/mongo-ss.yaml
+++ b/k8s/mongodb/mongo-ss.yaml
@ -33,11 +33,6 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: MONGODB_REPLICA_SET_NAME
          valueFrom:
            configMapKeyRef:
             name: vars
             key: mongodb-replicaset-name
        - name: MONGODB_PORT
          valueFrom:
            configMapKeyRef:
@ -57,8 +52,6 @@ spec:
        - /etc/mongod/ca/ca.pem
        - --mongodb-crl-file-path
        - /etc/mongod/ca/crl.pem
        - --replica-set-name
        - $(MONGODB_REPLICA_SET_NAME)
        - --mongodb-fqdn
        - $(MONGODB_FQDN)
        - --mongodb-ip
--- a/k8s/nginx-http/container/Dockerfile
+++ b/k8s/nginx-http/container/Dockerfile
@ -7,5 +7,5 @@ RUN apt-get update \
    && apt-get clean
 COPY nginx.conf.template /etc/nginx/nginx.conf
 COPY nginx_entrypoint.bash /
-EXPOSE 80 27017
+EXPOSE 80 27017 9986 46656
 ENTRYPOINT ["/nginx_entrypoint.bash"]
--- a/k8s/nginx-http/container/docker_build_and_push.bash
+++ b/k8s/nginx-http/container/docker_build_and_push.bash
@ -3,3 +3,7 @@
 docker build -t bigchaindb/nginx_http:1.1 .
 docker push bigchaindb/nginx_http:1.1
 # For tendermint deployments
 # docker build -t bigchaindb/nginx_https:unstable-tmt .
 # docker push bigchaindb/nginx_https:unstable-tmt
--- a/k8s/nginx-http/container/nginx.conf.template
+++ b/k8s/nginx-http/container/nginx.conf.template
@ -126,13 +126,13 @@ http {
 # NGINX stream block for TCP and UDP proxies. Used to proxy MDB TCP
 # connection.
 stream {
-  log_format mdb_log '[$time_iso8601] $realip_remote_addr $remote_addr '
+  log_format bdb_log '[$time_iso8601] $realip_remote_addr $remote_addr '
                     '$proxy_protocol_addr $proxy_protocol_port '
                     '$protocol $status $session_time $bytes_sent '
                     '$bytes_received "$upstream_addr" "$upstream_bytes_sent" '
                     '"$upstream_bytes_received" "$upstream_connect_time" ';
-  access_log /dev/stdout mdb_log buffer=16k flush=5s;
+  access_log /dev/stdout bdb_log buffer=16k flush=5s;
  # Define a zone 'two' of size 10 megabytes to store the counters
  # that hold number of TCP connections from a specific IP address.
@ -153,6 +153,12 @@ stream {
    default MONGODB_BACKEND_HOST;
  }
  # The following map block enables lazy-binding to the backend at runtime,
  # rather than binding as soon as NGINX starts.
  map $remote_addr $tm_backend {
    default TM_BACKEND_HOST;
  }
  # Frontend server to forward connections to MDB instance.
  server {
    listen MONGODB_FRONTEND_PORT so_keepalive=10m:1m:5;
@ -160,5 +166,20 @@ stream {
    tcp_nodelay on;
    proxy_pass $mdb_backend:MONGODB_BACKEND_PORT;
  }
  # Server to forward connection to nginx instance hosting
  # tendermint node public key.
  server {
    listen TM_PUB_KEY_ACCESS_PORT;
    proxy_pass $tm_backend:TM_PUB_KEY_ACCESS_PORT;
  }
  # Server to forward p2p connections to Tendermint instance.
  server {
    listen TM_P2P_PORT so_keepalive=3m:1m:5;
    preread_timeout 60s;
    tcp_nodelay on;
    proxy_pass $tm_backend:TM_P2P_PORT;
  }
 }
--- a/k8s/nginx-http/container/nginx_entrypoint.bash
+++ b/k8s/nginx-http/container/nginx_entrypoint.bash
@ -31,7 +31,10 @@ if [[ -z "${cluster_frontend_port:?CLUSTER_FRONTEND_PORT not specified. Exiting!
      -z "${bdb_api_port:?BIGCHAINDB_API_PORT not specified. Exiting!}" || \
      -z "${bdb_ws_port:?BIGCHAINDB_WS_PORT not specified. Exiting!}" || \
      -z "${dns_server:?DNS_SERVER not specified. Exiting!}" || \
-      -z "${health_check_port:?HEALTH_CHECK_PORT not specified.}" ]]; then
+      -z "${health_check_port:?HEALTH_CHECK_PORT not specified.}" || \
      -z "${tm_pub_key_access_port:?TM_PUB_KEY_ACCESS_PORT not specified. Exiting!}" || \
      -z "${tm_backend_host:?TM_BACKEND_HOST not specified. Exiting!}" || \
      -z "${tm_p2p_port:?TM_P2P_PORT not specified. Exiting!}" ]]; then
  exit 1
 else
  echo CLUSTER_FRONTEND_PORT="$cluster_frontend_port"
@ -43,6 +46,9 @@ else
  echo BIGCHAINDB_BACKEND_HOST="$bdb_backend_host"
  echo BIGCHAINDB_API_PORT="$bdb_api_port"
  echo BIGCHAINDB_WS_PORT="$bdb_ws_port"
  echo TM_PUB_KEY_ACCESS_PORT="$tm_pub_key_access_port"
  echo TM_BACKEND_HOST="$tm_backend_host"
  echo TM_P2P_PORT="$tm_p2p_port"
 fi
 NGINX_CONF_FILE=/etc/nginx/nginx.conf
@ -57,6 +63,9 @@ sed -i "s|BIGCHAINDB_API_PORT|${bdb_api_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|BIGCHAINDB_WS_PORT|${bdb_ws_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|DNS_SERVER|${dns_server}|g" ${NGINX_CONF_FILE}
 sed -i "s|HEALTH_CHECK_PORT|${health_check_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|TM_PUB_KEY_ACCESS_PORT|${tm_pub_key_access_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|TM_BACKEND_HOST|${tm_backend_host}|g" ${NGINX_CONF_FILE}
 sed -i "s|TM_P2P_PORT|${tm_p2p_port}|g" ${NGINX_CONF_FILE}
 # start nginx
 echo "INFO: starting nginx..."
--- a/k8s/nginx-http/nginx-http-dep.yaml
+++ b/k8s/nginx-http/nginx-http-dep.yaml
@ -60,6 +60,21 @@ spec:
            configMapKeyRef:
              name: vars
              key: bigchaindb-ws-port
        - name: TM_PUB_KEY_ACCESS_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-pub-key-access
        - name: TM_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: ngx-tendermint-instance-name
        - name: TM_P2P_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-p2p-port
        ports:
        - containerPort: "<mongodb-frontend-port from ConfigMap>"
          protocol: TCP
@ -68,6 +83,12 @@ spec:
          name: ngx-health
        - containerPort: "<cluster-frontend-port from ConfigMap>"
          protocol: TCP
        - containerPort: "<tm-pub-key-access from ConfigMap>"
          protocol: TCP
          name: tm-pub-key
        - containerPort: "<tm-p2p-port from ConfigMap>"
          protocol: TCP
          name: tm-p2p-port
        livenessProbe:
          httpGet:
            path: /health
--- a/k8s/nginx-http/nginx-http-svc.yaml
+++ b/k8s/nginx-http/nginx-http-svc.yaml
@ -17,4 +17,12 @@ spec:
    targetPort: "<cluster-frontend-port from ConfigMap>"
    name: public-cluster-port
    protocol: TCP
  - port: "<tm-pub-key-access from ConfigMap>"
    targetPort: "<tm-pub-key-access from ConfigMap>"
    name: tm-pub-key-access
    protocol: TCP
  - port: "<tm-p2p-port from ConfigMap>"
    targetPort: "<tm-p2p-port from ConfigMap>"
    protocol: TCP
    name: tm-p2p-port
  type: LoadBalancer
--- a/k8s/nginx-https/container/Dockerfile
+++ b/k8s/nginx-https/container/Dockerfile
@ -7,5 +7,5 @@ RUN apt-get update \
    && apt-get clean
 COPY nginx.conf.template /etc/nginx/nginx.conf
 COPY nginx_entrypoint.bash /
-EXPOSE 80 443 27017
+EXPOSE 80 443 27017 9986 46656
 ENTRYPOINT ["/nginx_entrypoint.bash"]
--- a/k8s/nginx-https/container/docker_build_and_push.bash
+++ b/k8s/nginx-https/container/docker_build_and_push.bash
@ -3,3 +3,7 @@
 docker build -t bigchaindb/nginx_https:1.1 .
 docker push bigchaindb/nginx_https:1.1
 # For tendermint deployments
 # docker build -t bigchaindb/nginx_https:unstable-tmt .
 # docker push bigchaindb/nginx_https:unstable-tmt
--- a/k8s/nginx-https/container/nginx.conf.template
+++ b/k8s/nginx-https/container/nginx.conf.template
@ -152,16 +152,16 @@ http {
  }
 }
-# NGINX stream block for TCP and UDP proxies. Used to proxy MDB TCP
+# NGINX stream block for TCP and UDP proxies. Used to proxy MongoDB and Tendermint TCP
-# connection.
+# connections.
 stream {
-  log_format mdb_log '[$time_iso8601] $realip_remote_addr $remote_addr '
+  log_format bdb_log '[$time_iso8601] $realip_remote_addr $remote_addr '
                     '$proxy_protocol_addr $proxy_protocol_port '
                     '$protocol $status $session_time $bytes_sent '
                     '$bytes_received "$upstream_addr" "$upstream_bytes_sent" '
                     '"$upstream_bytes_received" "$upstream_connect_time" ';
-  access_log /dev/stdout mdb_log buffer=16k flush=5s;
+  access_log /dev/stdout bdb_log buffer=16k flush=5s;
  # Define a zone 'two' of size 10 megabytes to store the counters
  # that hold number of TCP connections from a specific IP address.
@ -186,6 +186,12 @@ stream {
    default MONGODB_BACKEND_HOST;
  }
  # The following map block enables lazy-binding to the backend at runtime,
  # rather than binding as soon as NGINX starts.
  map $remote_addr $tm_backend {
    default TM_BACKEND_HOST;
  }
  # Frontend server to forward connections to MDB instance.
  server {
    listen MONGODB_FRONTEND_PORT so_keepalive=3m:1m:5;
@ -193,5 +199,20 @@ stream {
    tcp_nodelay on;
    proxy_pass $mdb_backend:MONGODB_BACKEND_PORT;
  }
  # Server to forward connection to nginx instance hosting
  # tendermint node public key.
  server {
    listen TM_PUB_KEY_ACCESS_PORT;
    proxy_pass $tm_backend:TM_PUB_KEY_ACCESS_PORT;
  }
  # Server to forward p2p connections to Tendermint instance.
  server {
    listen TM_P2P_PORT so_keepalive=3m:1m:5;
    preread_timeout 60s;
    tcp_nodelay on;
    proxy_pass $tm_backend:TM_P2P_PORT;
  }
 }
--- a/k8s/nginx-https/container/nginx_entrypoint.bash
+++ b/k8s/nginx-https/container/nginx_entrypoint.bash
@ -27,6 +27,10 @@ bdb_backend_host=`printenv BIGCHAINDB_BACKEND_HOST`
 bdb_api_port=`printenv BIGCHAINDB_API_PORT`
 bdb_ws_port=`printenv BIGCHAINDB_WS_PORT`
 # Tendermint vars
 tm_pub_key_access_port=`printenv TM_PUB_KEY_ACCESS_PORT`
 tm_backend_host=`printenv TM_BACKEND_HOST`
 tm_p2p_port=`printenv TM_P2P_PORT`
 # sanity check
 if [[ -z "${cluster_frontend_port:?CLUSTER_FRONTEND_PORT not specified. Exiting!}" || \
@ -40,7 +44,11 @@ if [[ -z "${cluster_frontend_port:?CLUSTER_FRONTEND_PORT not specified. Exiting!
      -z "${bdb_ws_port:?BIGCHAINDB_WS_PORT not specified. Exiting!}" || \
      -z "${dns_server:?DNS_SERVER not specified. Exiting!}" || \
      -z "${health_check_port:?HEALTH_CHECK_PORT not specified. Exiting!}" || \
-      -z "${cluster_fqdn:?CLUSTER_FQDN not specified. Exiting!}" ]]; then
+      -z "${cluster_fqdn:?CLUSTER_FQDN not specified. Exiting!}" || \
      -z "${tm_pub_key_access_port:?TM_PUB_KEY_ACCESS_PORT not specified. Exiting!}" || \
      -z "${tm_backend_host:?TM_BACKEND_HOST not specified. Exiting!}" || \
      -z "${tm_p2p_port:?TM_P2P_PORT not specified. Exiting!}" ]]; then
  echo "Missing required environment variables. Exiting!"
  exit 1
 else
  echo CLUSTER_FQDN="$cluster_fqdn"
@ -55,6 +63,9 @@ else
  echo BIGCHAINDB_BACKEND_HOST="$bdb_backend_host"
  echo BIGCHAINDB_API_PORT="$bdb_api_port"
  echo BIGCHAINDB_WS_PORT="$bdb_ws_port"
  echo TM_PUB_KEY_ACCESS_PORT="$tm_pub_key_access_port"
  echo TM_BACKEND_HOST="$tm_backend_host"
  echo TM_P2P_PORT="$tm_p2p_port"
 fi
 NGINX_CONF_FILE=/etc/nginx/nginx.conf
@ -72,8 +83,10 @@ sed -i "s|BIGCHAINDB_API_PORT|${bdb_api_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|BIGCHAINDB_WS_PORT|${bdb_ws_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|DNS_SERVER|${dns_server}|g" ${NGINX_CONF_FILE}
 sed -i "s|HEALTH_CHECK_PORT|${health_check_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|TM_PUB_KEY_ACCESS_PORT|${tm_pub_key_access_port}|g" ${NGINX_CONF_FILE}
 sed -i "s|TM_BACKEND_HOST|${tm_backend_host}|g" ${NGINX_CONF_FILE}
 sed -i "s|TM_P2P_PORT|${tm_p2p_port}|g" ${NGINX_CONF_FILE}
 # start nginx
 echo "INFO: starting nginx..."
 exec nginx -c /etc/nginx/nginx.conf
--- a/k8s/nginx-https/nginx-https-dep.yaml
+++ b/k8s/nginx-https/nginx-https-dep.yaml
@ -75,6 +75,21 @@ spec:
            configMapKeyRef:
              name: vars
              key: bigchaindb-ws-port
        - name: TM_PUB_KEY_ACCESS_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-pub-key-access
        - name: TM_BACKEND_HOST
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: ngx-tendermint-instance-name
        - name: TM_P2P_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-p2p-port
        ports:
        # return a pretty error message on port 80, since we are expecting
        # HTTPS traffic.
@ -87,6 +102,12 @@ spec:
        - containerPort: "<cluster-health-check-port from ConfigMap>"
          protocol: TCP
          name: ngx-port
        - containerPort: "<tm-pub-key-access from ConfigMap>"
          protocol: TCP
          name: tm-pub-key
        - containerPort: "<tm-p2p-port from ConfigMap>"
          protocol: TCP
          name: tm-p2p-port
        livenessProbe:
          httpGet:
            path: /health
--- a/k8s/nginx-https/nginx-https-svc.yaml
+++ b/k8s/nginx-https/nginx-https-svc.yaml
@ -25,4 +25,12 @@ spec:
    targetPort: 80
    name: public-insecure-cluster-port
    protocol: TCP
  - port: "<tm-pub-key-access from ConfigMap>"
    targetPort: "<tm-pub-key-access from ConfigMap>"
    name: tm-pub-key-access
    protocol: TCP
  - port: "<tm-p2p-port from ConfigMap>"
    targetPort: "<tm-p2p-port from ConfigMap>"
    protocol: TCP
    name: tm-p2p-port
  type: LoadBalancer
--- a/k8s/tendermint/nginx_container/Dockerfile
+++ b/k8s/tendermint/nginx_container/Dockerfile
@ -0,0 +1,12 @@
 FROM nginx:stable
 LABEL maintainer "dev@bigchaindb.com"
 WORKDIR /
 RUN apt-get update \
    && apt-get -y upgrade \
    && apt-get autoremove \
    && apt-get clean
 COPY nginx.conf.template /etc/nginx/conf.d/access_pub_key.conf
 COPY nginx_entrypoint.bash /
 VOLUME /usr/share/nginx
 EXPOSE 9986
 ENTRYPOINT ["/nginx_entrypoint.bash"]
--- a/k8s/tendermint/nginx_container/README.md
+++ b/k8s/tendermint/nginx_container/README.md
@ -0,0 +1,19 @@
 ## Nginx container for hosting public key for a tendermint instance
 ### Step 1: Build and Push the Latest Container
 Use the `docker_build_and_push.bash` script to build the latest docker image
 and upload it to Docker Hub.
 Ensure that the image tag is updated to a new version number to properly
 reflect any changes made to the container.
 ### Step 2: Run the container
 ```
 docker run \
  --name=tendermint_instance_pub_key \
  --env TENDERMINT_PUB_KEY_ACCESS_PORT=''
  --publish=<nginx port for external connections>:<corresponding host port> \
  --volume=<host dir with public key>:/tendermint_node_data \
  bigchaindb/nginx_pub_key_access:<version_number>
 ```
--- a/k8s/tendermint/nginx_container/docker_build_and_push.bash
+++ b/k8s/tendermint/nginx_container/docker_build_and_push.bash
@ -0,0 +1,5 @@
 #!/bin/bash
 docker build -t bigchaindb/nginx_pub_key_access:unstable-tmt .
 docker push bigchaindb/nginx_pub_key_access:unstable-tmt
--- a/k8s/tendermint/nginx_container/nginx.conf.template
+++ b/k8s/tendermint/nginx_container/nginx.conf.template
@ -0,0 +1,10 @@
 # Serve the public key for a tendermint instance
 server {
    listen PUBLIC_KEY_ACCESS_PORT default_server;
    listen [::]:PUBLIC_KEY_ACCESS_PORT default_server ipv6only=on;
    location / {
        root /usr/share/nginx/;
        autoindex on;
    }
 }
--- a/k8s/tendermint/nginx_container/nginx_entrypoint.bash
+++ b/k8s/tendermint/nginx_container/nginx_entrypoint.bash
@ -0,0 +1,21 @@
 #!/bin/bash
 set -euo pipefail
 # Tendermint public key access port
 tm_pub_key_access_port=`printenv TM_PUB_KEY_ACCESS_PORT`
 if [[ -z "${tm_pub_key_access_port:?TM_PUB_KEY_ACCESS_PORT not specified. Exiting}" ]]; then
  exit 1
 else
  echo TM_PUB_KEY_ACCESS_PORT="$tm_pub_key_access_port"
 fi
 NGINX_CONF_FILE=/etc/nginx/conf.d/access_pub_key.conf
 # configure the access_pub_key file with env variable(s)
 sed -i "s|PUBLIC_KEY_ACCESS_PORT|${tm_pub_key_access_port}|g" ${NGINX_CONF_FILE}
 cat /etc/nginx/conf.d/access_pub_key.conf
 # start nginx
 echo "INFO: starting nginx..."
 exec nginx -g "daemon off;"
--- a/k8s/tendermint/tendermint-ext-conn-svc.yaml
+++ b/k8s/tendermint/tendermint-ext-conn-svc.yaml
@ -0,0 +1,17 @@
 apiVersion: v1
 kind: Service
 metadata:
  # Name of tendermint instance you are trying to connect to
  # e.g. tm-instance-0
  name: "<remote-tendermint-host>"
  namespace: default
 spec:
  ports:
 spec:
  ports:
  - port: "<tm-p2p-port from ConfigMap>"
    name: p2p
  - port: "<tm-rpc-port from ConfigMap>"
    name: pubkey
  # FQDN of remote cluster/NGINX instance
  externalName: "<dns-name-remote-nginx>"
--- a/k8s/tendermint/tendermint-pv.yaml
+++ b/k8s/tendermint/tendermint-pv.yaml
@ -0,0 +1,41 @@
 #########################################################
 # This YAML section desribes a k8s PV for tendermint db #
 #########################################################
 apiVersion: v1
 kind: PersistentVolume
 metadata:
  name: pv-tm-db
 spec:
  accessModes:
  - ReadWriteOnce
  azureDisk:
    cachingMode: None
    diskName: <Azure Disk Name>
    diskURI: <Azure Disk URL>
    fsType: ext4
    readOnly: false
  capacity:
    storage: 20Gi
  persistentVolumeReclaimPolicy: Retain
  storageClassName: tendermint-db
 ---
 ##############################################################
 # This YAML section desribes a k8s PV  for Tendermint config #
 ##############################################################
 apiVersion: v1
 kind: PersistentVolume
 metadata:
  name: pv-tm-configdb
 spec:
  accessModes:
  - ReadWriteOnce
  azureDisk:
    cachingMode: None
    diskName: <Azure Disk Name>
    diskURI: <Azure Disk URL>
    fsType: ext4
    readOnly: false
  capacity:
    storage: 1Gi
  persistentVolumeReclaimPolicy: Retain
  storageClassName: tendermint-config-db
--- a/k8s/tendermint/tendermint-pvc.yaml
+++ b/k8s/tendermint/tendermint-pvc.yaml
@ -0,0 +1,32 @@
 ##########################################################
 # This section file desribes a k8s pvc for tendermint db #
 ##########################################################
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: tendermint-db-claim
  annotations:
    volume.beta.kubernetes.io/storage-class: tendermint-db
 spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
 ---
 ################################################################
 # This YAML section desribes a k8s pvc for tendermint configdb #
 ################################################################
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: tendermint-config-db-claim
  annotations:
    volume.beta.kubernetes.io/storage-class: tendermint-config-db
 spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
--- a/k8s/tendermint/tendermint-sc.yaml
+++ b/k8s/tendermint/tendermint-sc.yaml
@ -0,0 +1,31 @@
 ###################################################################
 # This YAML section desribes a StorageClass for the tendermint db #
 ###################################################################
 kind: StorageClass
 apiVersion: storage.k8s.io/v1beta1
 metadata:
  name: tendermint-db
 provisioner: kubernetes.io/azure-disk
 parameters:
  skuName: Premium_LRS #[Premium_LRS, Standard_LRS]
  location: westeurope
  # If you have created a different storage account e.g. for Premium Storage
  #storageAccount: <Storage account name>
  # Use Managed Disk(s) with VMs using Managed Disks(Only used for Tectonic deployment)
  #kind: Managed
 ---
 #########################################################################
 # This YAML section desribes a StorageClass for the tendermint configdb #
 #########################################################################
 kind: StorageClass
 apiVersion: storage.k8s.io/v1beta1
 metadata:
  name: tendermint-config-db
 provisioner: kubernetes.io/azure-disk
 parameters:
  skuName: Premium_LRS #[Premium_LRS, Standard_LRS]
  location: westeurope
  # If you have created a different storage account e.g. for Premium Storage
  #storageAccount: <Storage account name>
  # Use Managed Disk(s) with VMs using Managed Disks(Only used for Tectonic deployment)
  #kind: Managed
--- a/k8s/tendermint/tendermint-ss.yaml
+++ b/k8s/tendermint/tendermint-ss.yaml
@ -0,0 +1,115 @@
 #################################################################################
 # This YAML file desribes a StatefulSet with a service for running and exposing #
 # a Tendermint instance. It depends on the tendermint-config-db-claim           #
 # and tendermint-db-claim k8s pvc.                                              #
 #################################################################################
 apiVersion: apps/v1beta1
 kind: StatefulSet
 metadata:
  name: tendermint-instance-0-ss
  namespace: default
 spec:
  serviceName: tendermint-instance-0
  replicas: 1
  template:
    metadata:
      name: tendermint-instance-0-ss
      labels:
        app: tendermint-instance-0-ss
    spec:
      restartPolicy: Always
      volumes:
      - name: tm-data
        persistentVolumeClaim:
          claimName: tendermint-db-claim
      - name: tm-config-data
        persistentVolumeClaim:
          claimName: tendermint-config-db-claim
      containers:
      # Treating nginx + tendermint as a POD because they should not
      # exist without each other
      # Nginx container for hosting public key of this ndoe
      - name: nginx
        imagePullPolicy: Always
        image: bigchaindb/nginx_pub_key_access:unstable-tmt
        env:
        - name: TM_PUB_KEY_ACCESS_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-pub-key-access
        ports:
        - containerPort: "<tm-pub-key-access from ConfigMap>"
          name: tm-pk-access
        volumeMounts:
        - name: tm-config-data
          mountPath: /usr/share/nginx
          readOnly: true
      #Tendermint container
      - name: tendermint
        imagePullPolicy: Always
        image: bigchaindb/tendermint:unstable-tmt
        env:
        - name: TM_SEEDS
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-seeds
        - name: TM_VALIDATOR_POWER
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-validator-power
        - name: TM_VALIDATORS
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-validators
        - name: TM_PUB_KEY_ACCESS_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-pub-key-access
        - name: TM_GENESIS_TIME
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-genesis-time
        - name: TM_CHAIN_ID
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-chain-id
        - name: TM_P2P_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-p2p-port
        - name: TMHOME
          value: /tendermint
        - name: TM_PROXY_APP
          valueFrom:
            configMapKeyRef:
              name: vars
              key: bdb-instance-name
        - name: TM_ABCI_PORT
          valueFrom:
            configMapKeyRef:
              name: tendermint-config
              key: tm-abci-port
        # Resource constraint on the pod, can be changed
        resources:
          limits:
            cpu: 200m
            memory: 5G
        volumeMounts:
        - name: tm-data
          mountPath: /tendermint
        - name: tm-config-data
          mountPath: /tendermint_node_data
        ports:
        - containerPort: "<tm-p2p-port from ConfigMap>"
          name: p2p
        - containerPort: "<tm-rpc-port from ConfigMap>"
          name: rpc
--- a/k8s/tendermint/tendermint-svc.yaml
+++ b/k8s/tendermint/tendermint-svc.yaml
@ -0,0 +1,24 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: tendermint-instance-1
  namespace: default
  labels:
    name: tendermint-instance-1
 spec:
  selector:
    app: tendermint-instance-1-ss
  ports:
    - port: "<tm-p2p-port from ConfigMap>"
      targetPort: "<tm-p2p-port from ConfigMap>"
      name: p2p
      protocol: TCP
    - port: "<tm-rpc-port from ConfigMap>"
      targetPort: "<tm-rpc-port from ConfigMap>"
      name: rpc
      protocol: TCP
    - port: "<tm-pub-key-access from ConfigMap>"
      targetPort: "<tm-pub-key-access from ConfigMap>"
      name: pub-key-access
      protocol: TCP
  clusterIP: None
--- a/k8s/tendermint/tendermint_container/Dockerfile
+++ b/k8s/tendermint/tendermint_container/Dockerfile
@ -0,0 +1,8 @@
 FROM tendermint/tendermint:develop
 LABEL maintainer "dev@bigchaindb.com"
 WORKDIR /
 COPY genesis.json.template /etc/tendermint/genesis.json
 COPY tendermint_entrypoint.bash /
 VOLUME /tendermint /tendermint_node_data
 EXPOSE 46656 46657
 ENTRYPOINT ["/tendermint_entrypoint.bash"]
--- a/k8s/tendermint/tendermint_container/README.md
+++ b/k8s/tendermint/tendermint_container/README.md
@ -0,0 +1,29 @@
 ## Tendermint container used to consensus
 ### Step 1: Build and Push the Latest Container
 Use the `docker_build_and_push.bash` script to build the latest docker image
 and upload it to Docker Hub.
 Ensure that the image tag is updated to a new version number to properly
 reflect any changes made to the container.
 ### Step 2: Run the container
 ```
 docker run \
  --name=tendermint \
  --env TM_PUB_KEY_ACCESS_PORT=<port to access public keys hosted by nginx> \
  --env TM_SEEDS=<commad separated list of all nodes IP addresses/Hostnames> \
  --env TM_VALIDATOR_POWER=<voting power of node> \
  --env TM_VALIDATORS=<list of all validators> \
  --env TM_GENESIS_TIME=<genesis time> \
  --env TM_CHAIN_ID=<chain id> \
  --env TM_P2P_PORT=<Port used by all peers to communicate> \
  --env TMHOME=<Tendermint home directory containing all config files> \
  --env TM_PROXY_APP=<Hostname/IP address of app> \
  --publish=<rpc port on host>:<rpc port> \
  --publish=<p2p port on host>:<p2p port> \
  --volume <host dir for tendermint data>:/tendermint \
  --volume=<host dir for public key>:/tendermint_node_data \
  bigchaindb/tendermint:<version_number>
 ```
--- a/k8s/tendermint/tendermint_container/docker_build_and_push.bash
+++ b/k8s/tendermint/tendermint_container/docker_build_and_push.bash
@ -0,0 +1,5 @@
 #!/bin/bash
 docker build -t bigchaindb/tendermint:unstable-tmt .
 docker push bigchaindb/tendermint:unstable-tmt
--- a/k8s/tendermint/tendermint_container/genesis.json.template
+++ b/k8s/tendermint/tendermint_container/genesis.json.template
@ -0,0 +1,6 @@
 {
  "genesis_time": TM_GENESIS_TIME,
  "chain_id": TM_CHAIN_ID,
  "validators": [],
  "app_hash": ""
 }
--- a/k8s/tendermint/tendermint_container/tendermint_entrypoint.bash
+++ b/k8s/tendermint/tendermint_container/tendermint_entrypoint.bash
@ -0,0 +1,98 @@
 #!/bin/bash
 set -euo pipefail
 # Cluster vars
 tm_seeds=`printenv TM_SEEDS`
 tm_validators=`printenv TM_VALIDATORS`
 tm_validator_power=`printenv TM_VALIDATOR_POWER`
 tm_pub_key_access_port=`printenv TM_PUB_KEY_ACCESS_PORT`
 tm_genesis_time=`printenv TM_GENESIS_TIME`
 tm_chain_id=`printenv TM_CHAIN_ID`
 tm_p2p_port=`printenv TM_P2P_PORT`
 # tendermint node vars
 tmhome=`printenv TMHOME`
 tm_proxy_app=`printenv TM_PROXY_APP`
 tm_abci_port=`printenv TM_ABCI_PORT`
 # sanity check
 if [[ -z "${tm_seeds:?TM_SEEDS not specified. Exiting!}" || \
      -z "${tm_validators:?TM_VALIDATORS not specified. Exiting!}" || \
      -z "${tm_validator_power:?TM_VALIDATOR_POWER not specified. Exiting!}" || \
      -z "${tm_pub_key_access_port:?TM_PUB_KEY_ACCESS_PORT not specified. Exiting!}" || \
      -z "${tm_genesis_time:?TM_GENESIS_TIME not specified. Exiting!}" || \
      -z "${tm_chain_id:?TM_CHAIN_ID not specified. Exiting!}" || \
      -z "${tmhome:?TMHOME not specified. Exiting!}" || \
      -z "${tm_p2p_port:?TM_P2P_PORT not specified. Exiting!}" || \
      -z "${tm_abci_port:?TM_ABCI_PORT not specified. Exiting! }" ]]; then
  echo "Missing required enviroment variables."
  exit 1
 else
  echo tm_seeds="$TM_SEEDS"
  echo tm_validators="$TM_VALIDATORS"
  echo tm_validator_power="$TM_VALIDATOR_POWER"
  echo tm_pub_key_access_port="$TM_PUB_KEY_ACCESS_PORT"
  echo tm_genesis_time="$TM_GENESIS_TIME"
  echo tm_chain_id="$TM_CHAIN_ID"
  echo tmhome="$TMHOME"
  echo tm_p2p_port="$TM_P2P_PORT"
  echo tm_abci_port="$TM_ABCI_PORT"
 fi
 # copy template
 cp /etc/tendermint/genesis.json /tendermint/genesis.json
 TM_GENESIS_FILE=/tendermint/genesis.json
 TM_PUB_KEY_DIR=/tendermint_node_data
 # configure the nginx.conf file with env variables
 sed -i "s|TM_GENESIS_TIME|\"${tm_genesis_time}\"|g" ${TM_GENESIS_FILE}
 sed -i "s|TM_CHAIN_ID|\"${tm_chain_id}\"|g" ${TM_GENESIS_FILE}
 if [ ! -f /tendermint/priv_validator.json ]; then
  tendermint gen_validator > /tendermint/priv_validator.json
  # pub_key.json will be served by the nginx container
  cat /tendermint/priv_validator.json
  cat /tendermint/priv_validator.json | jq ".pub_key" > "$TM_PUB_KEY_DIR"/pub_key.json
 fi
 # fill genesis file with validators
 IFS=',' read -ra VALS_ARR <<< "$TM_VALIDATORS"
 IFS=',' read -ra VAL_POWERS_ARR <<< "$TM_VALIDATOR_POWER"
 if [ ${#VALS_ARR[@]} -ne ${#VAL_POWERS_ARR[@]} ]; then
  echo "Invalid configuration of Validator(s) and Validator Power(s)"
  exit 1
 fi
 for i in "${!VALS_ARR[@]}"; do
  # wait until validator generates priv/pub key pair
  set +e
  echo Validator: "${VALS_ARR[$i]}"
  echo Validator Power: "${VALS_POWERS_ARR[$i]}"
  echo "http://${VALS_ARR[$i]}:$tm_pub_key_access_port/pub_key.json"
  curl -s --fail "http://${VALS_ARR[$i]}:$tm_pub_key_access_port/pub_key.json" > /dev/null
  ERR=$?
  while [ "$ERR" != 0 ]; do
    sleep 5
    curl -s --fail "http://${VALS_ARR[$i]}:$tm_pub_key_access_port/pub_key.json" > /dev/null
    ERR=$?
  done
  set -e
  # add validator to genesis file along with its pub_key
  curl -s "http://${VALS_ARR[$i]}:$tm_pub_key_access_port/pub_key.json" | jq ". as \$k | {pub_key: \$k, power: ${VAL_POWERS_ARR[$i]}, name: \"${VALS_ARR[$i]}\"}" > pub_validator.json
  cat /tendermint/genesis.json | jq ".validators |= .+ [$(cat pub_validator.json)]" > tmpgenesis && mv tmpgenesis /tendermint/genesis.json
  rm pub_validator.json
  done
 # construct seeds
 IFS=',' read -ra SEEDS_ARR <<< "$tm_seeds"
 seeds=()
 for s in "${SEEDS_ARR[@]}"; do
  seeds+=("$s:$tm_p2p_port")
 done
 seeds=$(IFS=','; echo "${seeds[*]}")
 # start nginx
 echo "INFO: starting tendermint..."
 exec tendermint node --p2p.seeds="$seeds" --moniker="`hostname`" --proxy_app="tcp://$tm_proxy_app:$tm_abci_port"