Intro

This runbook will guide the process of spinning up Standard Chain Security Monitoring deployments.

We are able to spinup monitors for a single l2/l1 chain, or for all l2/l1 chains that are ready to be monitored.

In order for a chain to be ready for monitoring it must satisfy three requirements:

  1. An internal archive node for the chain is in up and in sync
    1. Platform team will notify us when the node is ready as detailed here
  2. The chain is present in the superchain registry and standard_chain_candidate=True is set. As an example here
    1. There are case in which we may want to monitor a chain even if standard_chain_candidate=True is not present in the registry. In this case we must explicitly set the condition in our security monitoring automation configuration. TODO: Add section that explain how do to it
  3. The chain uses FaultProof

Full Process

Ticket created

Local Setup

In order to create new deployment you will need:

  1. VPN setup on the laptop
  2. Latest version of https://github.com/ethereum-optimism/k8s
  3. Local version of python3 and .venv or docker setup

VPN

When generating new node configurations or checking if a node is ready for being added to the configuration we need to have internal vpn enabled.

Screenshot 2024-09-04 at 21.44.49.png

Latest version of k8s repo

git clone <https://github.com/ethereum-optimism/k8s>

Setup Python3/Docker

You can either use local python 3 or docker, but you will need to keep using it for the rest of the process.

Python 3

cd k8s/scripts/security-monitoring-ops
make
source .venv/bin/activate

Docker

cd k8s/scripts/security-monitoring-ops
just setup

Generate Deployments files for the chain on local repository

Pull latest k8s changes

# 1. Pull the latest changes from the main branch
git checkout main
git pull origin main

# 2. Generate changes either by using python 2.1 or docker 2.2
# 2.1 
python main.py --sync-chain race/sepolia
# 2.2 
just run --sync-chain race/sepolia
# ==> Check command result. It should be all green

# 3. Check if local changes have being applied
git diff ../../kustomize/automated-security-monitoring

Sync deployment files

The sync process will add files if files needs to be added, or will remove files if files need to be removed. Files may change as well as a result of configuration changes.

# 2. Generate changes either by using python 2.1 or docker 2.2
# 2.1 
python main.py --sync-chain race/sepolia
# 2.2 
just run --sync-chain race/sepolia