-
Notifications
You must be signed in to change notification settings - Fork 4
001 ‐ Creating Ethereum Sepolia Holesky accounts (L1) For A Basic OP Rollout Testnet
A basic OP rollout testnet requires 4 L1 addresses and their private keys when setting up the chain:
The Admin address has the ability to upgrade contracts. The Batcher address publishes Sequencer transaction data to L1. The Proposer address publishes L2 transaction results (state roots) to L1. The Sequencer address signs blocks on the p2p network.
For the address and private key generation, we will use Foundry's cast CLI. For storing the addresses and private keys we will use cLabs Akeyless.
- Create a pod that uses the
foundry
Docker image:
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: foundry
name: foundry
namespace: default
spec:
containers:
- image: ghcr.io/foundry-rs/foundry@sha256:d2007b8cbcd72bcc961cf9d889c621f198483f74985a3fe75e6f5499dd35a1fd
name: foundry
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do echo hola && sleep 30; done;" ]
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
EOF
- Wait till the pod is `Running``
kubectl get po foundry -n default
NAME READY STATUS RESTARTS AGE
foundry 1/1 Running 0 59s
- Exec into the pod
kubectl exec -it foundry -n default -- sh
/ #
- Execute
cast
to create the 4 addresses
/ # cast wallet new -n 4
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
/ # exit
- Copy the generated addresses and private keys to Akeyless as Static Secrets. For example, current secrets for Alfajores are at folder
/static-secrets/devops-circle/alfajores/op-testnet-alfajores/
:
- Clean up the
foundry
pod
kubectl delete po foundry -n default
pod "foundry" deleted
linux/arm64/v8
platform, so this doesn't work on a macOS M1
- Execute the foundry Docker image locally
docker run --entrypoint=/bin/sh -it ghcr.io/foundry-rs/foundry:master
/ #
- Execute
cast
to create the 4 addresses
/ # cast wallet new -n 4
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address: <ADDRESS>
Private key: <P_KEY>
/ # exit
- Copy the generated addresses and private keys to Akeyless as Static Secrets. For example, current secrets for Alfajores are at folder
/static-secrets/devops-circle/alfajores/op-testnet-alfajores/
(see point 5. above)
Permissions for a cluster to access secrets from Akeyless is controlled through the celo-org/akeyless repository.
For a cluster to have access to secrets, the path to those secrets has to be included in the kubernetes_clusters_and_paths
variable, in the corresponding "<PROJECT_ID>_<CLUSTER_NAME>_<CLUSTER_LOCATION>:external-secrets"
list. For example, this line gives access to alfajores
cluster to secrets at path "/static-secrets/devops-circle/alfajores/op-testnet-alfajores/*"