Solana validator and RPC node operations — Agave builds, Kubernetes deployment, bare-metal provisioning, Yellowstone gRPC, monitoring, and low-latency tuning. Covers the full lifecycle from hardware selection through production cutover.
Production-grade Solana node deployment, monitoring, and operations for the CTO platform.
┌─────────────────────────────────────────────────────────┐
│ Bare Metal (Latitude.sh / Cherry Servers) │
│ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Talos Linux (immutable, API-driven) │ │
│ │ │ │
│ │ ┌──────────────────────┐ ┌──────────────────┐ │ │
│ │ │ agave-validator │ │ K8s Services │ │ │
│ │ │ ├─ RPC :8899 │ │ ├─ Trading bots │ │ │
│ │ │ ├─ WS :8900 │ │ ├─ DEX indexer │ │ │
│ │ │ ├─ Gossip :8001 │ │ ├─ QuestDB │ │ │
│ │ │ └─ gRPC :10000 │ │ ├─ Prometheus │ │ │
│ │ │ (Yellowstone) │ │ └─ Grafana │ │ │
│ │ └──────────────────────┘ └──────────────────┘ │ │
│ │ hostNetwork: true Cilium eBPF │ │
│ └─────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
Key design decision: The Agave validator runs with on a dedicated bare-metal node. Trading pods on the same Cilium network get sub-microsecond RPC latency via eBPF socket-level load balancing (bypasses TCP stack entirely).
hostNetwork: true| Resource | Minimum | Recommended | Notes |
|---|---|---|---|
| CPU | 16 cores | 32 cores (AMD EPYC) | Zen 4/5 for AVX-512 + SHA-NI |
| RAM | 256 GB | 512–1024 GB | Accounts index lives in memory |
| Storage | 2× NVMe | 4× NVMe | Separate: ledger, accounts, snapshots |
| Network | 1 Gbps | 10 Gbps | UDP gossip is bandwidth-hungry |
| Hugepages | 4 Gi (2Mi pages) | 4 Gi | Pre-allocated via kernel args |
| Provider | Plan | Specs | Cost |
|---|---|---|---|
| Latitude.sh | m3-large-x86 | 1024 GB RAM, NVMe | ~$2.57/hr |
| Cherry Servers | Gen5 | 256+ GB RAM, NVMe | Variable |
| OVH | High-memory | 512 GB RAM | Variable |
Provisioning is automated via crates/metal/ — supports Latitude, Cherry, Vultr,
Scaleway, Hetzner, OVH, DigitalOcean, and on-prem via the Provider trait.
Custom Agave build optimized for AMD EPYC (Zen 4/5) — enables AVX-512 + SHA-NI for 10-30% improvement on crypto hot paths.
# Dockerfile.agave — build optimized validator binary
FROM rust:1.86.0-slim-bookworm AS build
RUN apt-get update && apt-get install -y \
git clang cmake pkg-config libssl-dev \
protobuf-compiler libudev-dev \
&& rm -rf /var/lib/apt/lists/*
ARG AGAVE_VERSION=v2.2.20
RUN git clone --depth 1 --branch $AGAVE_VERSION \
https://github.com/anza-xyz/agave.git /agave
WORKDIR /agave
# Target znver4 (Zen 4) — closest stable LLVM target to Zen 5
# Enables: AVX-512, SHA-NI, VAES, VPCLMULQDQ
ENV RUSTFLAGS="-C target-cpu=znver4"
RUN ./scripts/cargo-install-all.sh --validator-only .
RUN strip /agave/bin/*
# --- Runtime ---
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates curl jq \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build /agave/bin/ /usr/local/bin/
# jemalloc tuning for Solana's allocation patterns
ENV MALLOC_CONF="background_thread:true,metadata_thp:always,dirty_decay_ms:3000"
ENTRYPOINT ["agave-validator"]
# Build and push
docker build --build-arg AGAVE_VERSION=v2.2.20 \
-t ghcr.io/5dlabs/agave:v2.2.20-znver4 \
-f Dockerfile.agave .
docker push ghcr.io/5dlabs/agave:v2.2.20-znver4
Real-time gRPC streaming from the validator via Yellowstone geyser plugin.
# Dockerfile.yellowstone-grpc — build geyser plugin .so
FROM rust:1.86-slim-bookworm AS build
RUN apt-get update && apt-get install -y \
git clang cmake pkg-config libssl-dev protobuf-compiler \
&& rm -rf /var/lib/apt/lists/*
ARG YELLOWSTONE_VERSION=v12.2.0+solana.3.1.10
RUN git clone --depth 1 --branch "${YELLOWSTONE_VERSION}" \
https://github.com/rpcpool/yellowstone-grpc.git /yellowstone-grpc
WORKDIR /yellowstone-grpc
RUN cargo build --release --package yellowstone-grpc-geyser
RUN mkdir -p /output \
&& cp target/release/libyellowstone_grpc_geyser.so /output/ \
&& strip /output/libyellowstone_grpc_geyser.so
FROM scratch
COPY --from=build /output/libyellowstone_grpc_geyser.so /output/
# Extract and deploy .so to the Solana node
docker create --name ys-extract yellowstone-grpc-builder:v3.1.x
docker cp ys-extract:/output/libyellowstone_grpc_geyser.so .
docker rm ys-extract
scp libyellowstone_grpc_geyser.so solana-rpc-01:/var/mnt/yellowstone/lib/
apiVersion: apps/v1