You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Alpha software. nodectl is under active development. Configuration format, CLI interface, and Helm chart values may change between releases without notice.
nodectl is a management daemon for TON validator nodes. It connects to one or more validators via the ADNL Control Server protocol and handles election participation, contract deployment, stake management, and network voting.
nodectl works in two modes:
Daemon (nodectl service) — runs as the main container process, manages elections and contracts automatically
CLI (nodectl config ..., nodectl config log ..., nodectl key ..., nodectl api ...) — accessible via kubectl exec for configuration, log management, and diagnostics
Key concepts
Configuration model
nodectl uses four independent lists connected by bindings:
Entity
Purpose
Nodes
ADNL connections to validator Control Servers
Wallets
Validator wallets for signing transactions
Pools
Single Nominator Pool contracts
Bindings
Map each node to a wallet and optionally a pool
A binding ties everything together: node node0 uses wallet wallet0 and pool pool0. This decoupled model allows flexible mapping — wallets and pools are reusable, named independently from nodes.
Single Nominator Pool (SNP)
nodectl currently supports only Single Nominator Pool contracts for staking. The SNP contract address is deterministic:
This means each node must have its own wallet. If two nodes share a wallet (= same validator address), their pools get the same address, which breaks election participation. Always create one wallet per node.
When you add a pool with just the owner address (no explicit contract address), nodectl computes the SNP address automatically on startup from the owner and the bound validator wallet.
Auto-deploy
The contracts_task runs in the background and automatically deploys contracts using the master wallet:
Deploys uninitialized validator wallets (1 TON each)
Deploys uninitialized nomination pools (1 TON each)
Tops up active wallets that fall below 5 TON (adds 10 TON)
The master wallet key is auto-generated in vault on first start. You only need to fund the master wallet address — contract deployment is automatic.
Total master wallet funding needed: N * 1 TON (wallets) + N * 1 TON (pools) + reserve. For 9 nodes, ~20 TON is sufficient for initial deployment.
Vault
Vault stores private keys (wallet keys, control client keys). Currently only the file-based backend is documented:
Backend
URL format
Use case
File-based
file:///nodectl/data/vault.json?master_key=<hex>
All setups
Vault is configured via the VAULT_URL environment variable, not in config.json. The Helm chart passes this from a K8s Secret or plain value.
Tip: Add IPC_LOCK capability to the container security context if you want file-based vault to use mlock() for memory protection. Not required — the service works without it.
For a complete step-by-step guide covering deployment, configuration, key management, and funding, see docs/setup.md.
Environment variables
The chart sets these environment variables on the nodectl container:
Variable
Source
Description
VAULT_URL
vault.secretName or vault.url
Vault connection string (required)
CONFIG_PATH
dataPath + /config.json
Path to config file on the PVC
Do not edit the Parameters section by hand. It is auto-generated from @param annotations in values.yaml. To make changes, edit values.yaml and regenerate — see docs/maintaining.md.
Parameters
General parameters
Name
Description
Value
replicas
Number of nodectl instances. Each replica shares the same PVC — do not scale beyond 1 unless using ReadWriteMany storage.
1
Image parameters
Name
Description
Value
image.repository
Container image repository
ghcr.io/rsquad/ton-rust-node/nodectl
image.tag
Image tag
v0.2.1
image.pullPolicy
Pull policy
IfNotPresent
imagePullSecrets
Registry pull secrets for private container images
[]
Port parameters
Name
Description
Value
port
HTTP API port. Used for health probes, REST API, and Swagger UI.
8080
Service parameters
Name
Description
Value
service.type
Service type for the HTTP API
ClusterIP
service.annotations
Annotations for the Service
{}
Storage parameters
Name
Description
Value
storage.size
PVC size for nodectl data
1Gi
storage.storageClassName
Storage class name. Empty string uses cluster default.
""
storage.accessMode
PVC access mode
ReadWriteOnce
storage.resourcePolicy
Value for the helm.sh/resource-policy annotation. Set to keep (default) to prevent PVC deletion on helm uninstall. Set to empty string to omit the annotation.
keep
storage.annotations
Extra annotations for the PVC
{}
Data directory
Name
Description
Value
dataPath
Directory inside the container where the PVC is mounted. Config, vault, and runtime state live here.
# Check pod status
kubectl get pods -l app.kubernetes.io/name=nodectl
# View logs
kubectl logs deploy/my-nodectl -f
# Exec into pod for CLI access
kubectl exec -it deploy/my-nodectl -- sh
# Check binding status
kubectl exec deploy/my-nodectl -- nodectl config elections show
# Check service health
kubectl exec deploy/my-nodectl -- nodectl api health
# Port-forward to access Swagger UI
kubectl port-forward deploy/my-nodectl 8080:8080
# Open http://localhost:8080/swagger