deployment: add service ports to hybrid common service overlays

[nimrod-starkware]

Devops repo counterpart: https://github.com/starkware-industries/sequencer-devops/pull/729

[reviewable-StarkWare]

This change is 

[nimrod-starkware]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• deployment: make gcpPodMonitoring enable configurable #14240
• deployment: fix storage reader port #14229
• deployment: add service ports to hybrid common service overlays #14215 👈 (View in Graphite)
• deployment: extract common env to hybrid/common/common.yaml #14249
• deployment: extract core common config #14248
• deployment: extract mempool common config #14247
• deployment: extract gateway common config #14246
• deployment: extract l1 common config #14245
• deployment: extract committer common config #14244
• deployment: extract sierra-compiler common config #14243
• deployment: support include directive in common yaml loader #14242
• deployment: add gcp pod monitoring to hybrid environment overlays #14192 : 1 other dependent PR (#14196 )
• deployment: add liveness probe to hybrid environment overlays #14191
• deployment: add readiness probe to hybrid environment overlays #14190
• deployment: add startup probe to hybrid environment overlays #14188
• deployment: add monitoring endpoint port to hybrid environment overlays #14187
• main-v0.14.3

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cursor]

PR Summary

Low Risk
Pure deployment YAML exposing ports that already exist in sequencer config; no application or security logic changes.

Overview
Adds explicit Kubernetes service.ports blocks to the hybrid common overlays for core and mempool, so those workloads expose the same TCP ports already referenced in sequencerConfig (batcher, class-manager, consensus P2P, state-sync, signature-manager, storage readers on core; mempool and mempool P2P on mempool).

This brings core and mempool in line with other hybrid service overlays (e.g. gateway, committer) that already declare named ClusterIP ports for in-cluster access.

^{Reviewed by Cursor Bugbot for commit dbe50c3. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit d024716. Configure here.}

[cursor]

Service port exposed without matching application port config

Medium Severity

The mempool-p2p-config service port (53200) is added to the common overlay, but mempool_p2p_config.network_config.port is never set in the common sequencerConfig. Production environments (mainnet, sepolia-alpha, sepolia-integration) only include this common config with no overrides for mempool. The replacer config template contains an unresolved placeholder ($$$_MEMPOOL_P2P_CONFIG-NETWORK_CONFIG-PORT_$$$) for this value. Only the testing environment explicitly sets this port to 53200. This means the Kubernetes service will expose port 53200 in production, but the application may not be configured to bind to it, potentially causing an unresolved placeholder error at startup or silent misconfiguration.

 

^{Reviewed by Cursor Bugbot for commit d024716. Configure here.}