Contract Job Processor¶
Relevant To: Level 1 chains with smart contracts
The contract job processor is responsible for launching the contract builder in its kubernetes cluster when necessary.
In order to run the job processor,
sh entrypoints/job_processor.sh should be
used as the command of the built docker container.
The contract job processor blocks on the
mq:contract-task redis queue. On
receiving an item, it triggers a kubernetes job in the
to build a smart contract.
This logic is separated into its own container because it requires permissions to create kubernetes jobs. Using a different pod allows permissions to be isolated on a per-pod basis when deployed.
Because of this, the job processor needs to be launched with a service account which has permissions to create, get, and delete jobs. An example RBAC for this role follows:
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: dragonchain name: <desired_role_name> rules: - apiGroups: ["batch"] resources: ["jobs", "jobs/status"] verbs: ["create", "get", "delete"]
Bind this role to a service account and automount its token when deploying the contract job processor microservice. If the permissions are not correct, the job processor will not be able to run.