Skip to content

chore(platform): bump DefaultSidecarImage to seictl :latest digest#199

Merged
bdchatham merged 1 commit intomainfrom
chore/bump-default-sidecar-image
May 7, 2026
Merged

chore(platform): bump DefaultSidecarImage to seictl :latest digest#199
bdchatham merged 1 commit intomainfrom
chore/bump-default-sidecar-image

Conversation

@bdchatham
Copy link
Copy Markdown
Collaborator

@bdchatham bdchatham commented May 7, 2026
edited
Loading

Summary

Bump DefaultSidecarImage from sha256:f3ed1297... to sha256:a6e00256... (current ghcr.io/sei-protocol/seictl:latest index digest). The previous default predates seictl's bump to sei-config v0.0.13, causing archive-mode nodes to render app.toml without the [receipt-store] section.

Why this is needed

While bringing up pacific-1-archive-0 from a pre-populated EBS volume, seid panicked on first boot. Inspection of the running pod revealed:

  1. /sei/config/app.toml had no [receipt-store] section. The applyArchiveOverrides in sei-config v0.0.13 emits this section to pin keep-recent=0 for archive mode. Without it, seid uses upstream sei-chain default keep-recent=100000 and prunes historical receipts at first boot — defeating the point of an archive node restored from a pre-populated EBS.

  2. DefaultSidecarImage lineage: The previous digest was set in PR chore(platform): bump DefaultSidecarImage to post-#128 GHCR image #168 (chore(platform): bump DefaultSidecarImage to post-#128 GHCR image) — i.e., built from a seictl revision after PR design(#127): re-apply sidecar mark-ready on pod replacement #128 but before docs: LLD for ValidationRun CRD (for #139) #143. seictl PR docs: LLD for ValidationRun CRD (for #139) #143 was the bump to sei-config v0.0.13. So the deployed sidecar image predates the receipt-store fix.

The new digest (a6e00256) is the multi-arch index of ghcr.io/sei-protocol/seictl:latest as of 2026-05-07, built from seictl main at v0.0.48. v0.0.43 onward all carry sei-config v0.0.13.

Verification of the new image

  • Multi-arch index sha256:a6e00256c2ff1f0984902c506771b58c0ebe334a246f853425d1c65da975d472
  • amd64 manifest: sha256:ec0e97b657a8f0e95f9f0e4e03edf2daa3c541e0ee01b9c69ad84b78a6d40948
  • arm64 manifest: sha256:bae41c985310f71c500a700fb32ecc3ce6579218d7b9f950b945f332c88a9b71
  • seictl tags v0.0.43+ all carry github.com/sei-protocol/sei-config v0.0.13 in their go.mod

Pinning by digest

Kept the digest-based reference (not :latest) so deploys remain deterministic — no surprise base-image swaps on controller restart.

Out of scope

  • Chain-id rendering: A separate observed issue is that config.toml is rendered without a chain-id field, causing seid to panic on the genesis/config mismatch. Whether this is addressed by the new sidecar image is unverified — if not, follow-up sei-config investigation needed in legacy.go. This PR addresses only the [receipt-store] issue, not chain-id.
  • Sample manifest digests (manifests/samples/seinode/*.yaml, manifests/samples/seinodedeployment/*.yaml) reference an even older sha256:2cb320dd... digest. Those are documentation/examples, not the active code path. Worth a separate cleanup PR.

Rollout

Once merged:

  1. CI builds a new controller image
  2. Bump the controller image tag in the platform repo (clusters/prod/controllers/sei-k8s-controller/)
  3. flux applies → controller restarts with the new compiled-in DefaultSidecarImage
  4. Next archive-0 pod boot will use the new sidecar image and render app.toml with [receipt-store]

Test plan

  • Unit tests pass: go test ./internal/platform/... ./internal/noderesource/... ./internal/task/...
  • After rollout, verify kubectl exec into a SeiNode pod shows [receipt-store] section in /sei/config/app.toml
  • Verify keep-recent = 0 in that section for archive-mode nodes

🤖 Generated with Claude Code

@bdchatham @claude
chore(platform): bump DefaultSidecarImage to seictl :latest digest
a028a00 
Previous DefaultSidecarImage (sha256:f3ed1297..., set in PR #168)
predates seictl PR #143 which bumped to sei-config v0.0.13. As a
result the rendered /sei/config/app.toml on archive nodes has no
[receipt-store] section — seid uses the upstream default
keep-recent=100000 and prunes historical receipts on first boot.
This makes BYOV archive nodes with pre-populated receipt data
(e.g. pacific-1-archive-0) effectively unusable: the data on disk
is fine, but seid prunes it within minutes of starting.

Bump to a6e00256... — the current ghcr.io/sei-protocol/seictl:latest
multi-arch index — built from seictl main which has sei-config
v0.0.13 ([receipt-store] archive-mode override) and the most recent
seictl client features through v0.0.48.

Pinning by digest (not :latest) keeps deploys deterministic.

Note: a separate chain-id rendering issue surfaced during the
pacific-1-archive-0 attempt — config.toml is missing chain-id
entirely, causing seid to panic on genesis/config mismatch. This
bump may or may not address that; chain-id rendering needs to be
investigated in sei-config legacy.go regardless.

After this lands: build new controller image, bump controller
image tag in platform repo so the running controller picks up the
new DefaultSidecarImage.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@bdchatham bdchatham merged commit 8aa879d into main May 7, 2026
2 checks passed
@bdchatham bdchatham mentioned this pull request May 7, 2026
Merged
3 tasks
bdchatham added a commit that referenced this pull request May 7, 2026
@bdchatham @claude
chore: bump controller image to 8aa879d (DefaultSidecarImage to seict…
e0c598c 
…l latest) (#200)

Pulls in #199 — DefaultSidecarImage bumped from sha256:f3ed1297...
to sha256:a6e00256... so SeiNodes pick up the seictl image built
from sei-config v0.0.13 (renders [receipt-store] keep-recent=0 for
archive mode).

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@bdchatham bdchatham mentioned this pull request May 7, 2026
Merged
2 tasks
bdchatham added a commit that referenced this pull request May 7, 2026
@bdchatham @claude
chore(platform): re-bump DefaultSidecarImage to actual-latest seictl (#…
43cc3e1 
…201)

PR #199 bumped DefaultSidecarImage to sha256:a6e00256... (the
seictl:latest tag), but that tag is stale and predates two
critical changes:
  - /v0/livez handler (commit a595641, present in v0.0.31+) —
    kubelet's livenessProbe on /v0/livez gets 404 → restarts
    sei-sidecar in a CrashLoopBackOff
  - sei-config v0.0.13 [receipt-store] archive override
    (seictl PR #143)

The seictl Containerize workflow does not push a `latest` tag —
the metadata-action config only emits semver, branch (`main`),
and SHA tags. The `:latest` tag in the registry is from some
other publishing mechanism that hasn't been updated in a while.

Bump to sha256:d3ecb1a0... — the index digest for
ghcr.io/sei-protocol/seictl:main / :sha-d829dcf... built by the
latest Containerize run on commit d829dcf (chore: bump version
to v0.0.48). Confirmed:
  - go.mod: github.com/sei-protocol/sei-config v0.0.13
  - server.go: registers GET /v0/livez handler

Verified live in pod:
  - GET /v0/healthz → 503 Service Unavailable (handler exists)
  - GET /v0/livez   → 404 Not Found  (handler MISSING — confirms
                                       a6e00256 predates a595641)
  - GET /v0/status  → 200 OK         (handler exists)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bdchatham