From 11a3fa8eb8d9c6ba7fcff1a9ffe38d7eddada4b5 Mon Sep 17 00:00:00 2001 From: RoRu Date: Thu, 25 Aug 2022 14:39:52 +0300 Subject: [PATCH] infra: use helm chart for deployments Test secContext --- .github/workflows/production.yml | 34 ++--- .github/workflows/pull-request-close.yml | 20 ++- .github/workflows/pull-request.yml | 39 +++--- helm/chart/.helmignore | 23 ++++ helm/chart/Chart.yaml | 18 +++ helm/chart/templates/_helpers.tpl | 56 ++++++++ helm/chart/templates/api.yaml | 92 +++++++++++++ helm/chart/templates/ingress.yaml | 27 ++++ helm/chart/templates/redis.yaml | 64 +++++++++ helm/chart/templates/workers.yaml | 84 ++++++++++++ helm/chart/values.yaml | 69 ++++++++++ k8s/render.sh => helmfile-template.sh | 10 +- helmfile.yaml | 48 +++++++ k8s/backend_components.py | 158 ----------------------- k8s/common.py | 13 -- k8s/ingress.py | 37 ------ k8s/main.py | 16 --- k8s/redis_component.py | 59 --------- k8s/values.py | 29 ----- 19 files changed, 525 insertions(+), 371 deletions(-) create mode 100644 helm/chart/.helmignore create mode 100644 helm/chart/Chart.yaml create mode 100644 helm/chart/templates/_helpers.tpl create mode 100644 helm/chart/templates/api.yaml create mode 100644 helm/chart/templates/ingress.yaml create mode 100644 helm/chart/templates/redis.yaml create mode 100644 helm/chart/templates/workers.yaml create mode 100644 helm/chart/values.yaml rename k8s/render.sh => helmfile-template.sh (60%) create mode 100644 helmfile.yaml delete mode 100644 k8s/backend_components.py delete mode 100644 k8s/common.py delete mode 100644 k8s/ingress.py delete mode 100644 k8s/main.py delete mode 100644 k8s/redis_component.py delete mode 100644 k8s/values.py diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml index 6ebcd19..20b62a3 100644 --- a/.github/workflows/production.yml +++ b/.github/workflows/production.yml @@ -2,7 +2,7 @@ name: Production deploy concurrency: group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}-prod' - cancel-in-progress: true + cancel-in-progress: false on: workflow_dispatch: @@ -11,7 +11,7 @@ jobs: build: runs-on: ubuntu-latest outputs: - image_name: ${{ steps.build.outputs.image_name }} + image_name: '${{ steps.build.outputs.image_name }}' steps: - uses: actions/checkout@v2 @@ -24,7 +24,7 @@ jobs: environment: production needs: build container: - image: qwolphin/kdsl:1.21.8 + image: ghcr.io/helmfile/helmfile-ubuntu:v0.145.4 strategy: fail-fast: false matrix: @@ -38,33 +38,23 @@ jobs: - name: GCP Auth uses: google-github-actions/auth@v0.4.0 with: - credentials_json: ${{ secrets.GCP_SA_KEY }} + credentials_json: '${{ secrets.GCP_SA_KEY }}' - name: Get GKE credentials uses: google-github-actions/get-gke-credentials@v0.4.0 with: - cluster_name: ${{ secrets.GKE_CLUSTER }} - location: ${{ secrets.GKE_CLUSTER_REGION }} + cluster_name: '${{ secrets.GKE_CLUSTER }}' + location: '${{ secrets.GKE_CLUSTER_REGION }}' - name: Render kdsl resources into yaml env: MAINNET_RPC: '${{ secrets.MAINNET_RPC }}' POLYGON_RPC: '${{ secrets.POLYGON_RPC }}' - RECIPE: "chain${{ matrix.CHAIN_ID }}" - DOMAIN: cache-api-${{ matrix.CHAIN_ID }}.aave.com - CHAIN_ID: ${{ matrix.CHAIN_ID }} - IMAGE: ${{ needs.build.outputs.image_name }} + DOMAIN: 'cache-api-${{ matrix.CHAIN_ID }}.aave.com' + CHAIN_ID: '${{ matrix.CHAIN_ID }}' + IMAGE: '${{ needs.build.outputs.image_name }}' COMMIT_SHA: "${{ github.sha }}" - NAMESPACE: cache-${{ matrix.CHAIN_ID }} + NAMESPACE: 'cache-${{ matrix.CHAIN_ID }}' ENV_NAME: production + HELM_PLUGINS: '/root/.local/share/helm/plugins' run: | - cd k8s/ - kubectl config set-context --current --namespace=${{ env.NAMESPACE }} - python3 main.py > ../rendered.yml - - - name: Apply k8s resources - run: | - kubectl apply -f rendered.yml --dry-run=server - kubectl apply -f rendered.yml - sleep 3 - kubectl wait --for condition=ready --timeout 90s pods -l "commit_sha=${{ github.sha }}" || \ - { kubectl get pods && exit 1; } + helmfile apply --suppress-diff diff --git a/.github/workflows/pull-request-close.yml b/.github/workflows/pull-request-close.yml index 78604b2..068bd48 100644 --- a/.github/workflows/pull-request-close.yml +++ b/.github/workflows/pull-request-close.yml @@ -9,10 +9,7 @@ jobs: runs-on: ubuntu-latest environment: preview container: - image: registry.gitlab.com/aave-tech/k8s:63f618c0 - credentials: - username: github-actions - password: ${{ secrets.KUBE_IMAGE_PULL }} + image: ghcr.io/helmfile/helmfile-ubuntu:v0.145.4 strategy: fail-fast: false matrix: @@ -20,18 +17,19 @@ jobs: steps: - name: Set k8s namespace shell: bash - run: echo "NAMESPACE=cache-${NS_SUFFIX,,}" | tr -c '[:alnum:]-=\n' '-' >>${GITHUB_ENV} + run: | + cat <> ${GITHUB_ENV} + NAMESPACE=cache-${NS_SUFFIX,,} + EOF env: NS_SUFFIX: "${{ github.head_ref }}-${{ matrix.CHAIN_ID }}" - name: Remove preview env env: - REF_NAME: '${{ github.head_ref }}' + CHAIN_ID: '${{ matrix.CHAIN_ID }}' run: | mkdir -p ~/.kube echo "${{ secrets.DEV_KUBECONFIG }}" > ~/.kube/config - kubectl config set-context --current --namespace="${{ env.NAMESPACE }}" - kubectl delete deploy --all - kubectl delete svc --all - kubectl delete ingress --all - kubectl delete ns "${{ env.NAMESPACE }}" + kubectl -n "${NAMESPACE}" delete deploy --all + sleep 5 + kubectl delete ns "${NAMESPACE}" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 07f196f..46b3e76 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -33,7 +33,7 @@ jobs: environment: preview needs: build container: - image: qwolphin/kdsl:1.21.8 + image: ghcr.io/helmfile/helmfile-ubuntu:v0.145.4 strategy: fail-fast: false matrix: @@ -44,36 +44,35 @@ jobs: - name: Set k8s namespace shell: bash run: | - echo -e "NAMESPACE=cache-${NS_SUFFIX,,}\nENV_NAME=${{ github.head_ref }}" | tr -c '[:alnum:]-=\n_' '-' >> ${GITHUB_ENV} + cat <> ${GITHUB_ENV} + NAMESPACE=cache-${NS_SUFFIX,,} + ENV_NAME=${{ github.head_ref }} + EOF env: NS_SUFFIX: "${{ github.head_ref }}-${{ matrix.CHAIN_ID }}" - - name: Render kdsl resources into yaml - env: - MAINNET_RPC: "${{ secrets.MAINNET_RPC }}" - POLYGON_RPC: "${{ secrets.POLYGON_RPC }}" - RECIPE: "chain${{ matrix.CHAIN_ID }}" - DOMAIN: "${{ env.NAMESPACE }}.aaw.fi" - CHAIN_ID: "${{ matrix.CHAIN_ID }}" - IMAGE: "${{ needs.build.outputs.image_name }}" - COMMIT_SHA: "${{ github.sha }}" - run: | - cd k8s/ - python3 main.py > ../rendered.yml - - name: Set up kubeconfig run: | mkdir -p ~/.kube echo "${{ secrets.DEV_KUBECONFIG }}" > ~/.kube/config - kubectl config set-context --current --namespace="${{ env.NAMESPACE }}" - name: Apply k8s resources shell: bash + env: + MAINNET_RPC: "${{ secrets.MAINNET_RPC }}" + POLYGON_RPC: "${{ secrets.POLYGON_RPC }}" + DOMAIN: "${{ env.NAMESPACE }}.aaw.fi" + CHAIN_ID: "${{ matrix.CHAIN_ID }}" + IMAGE: "${{ needs.build.outputs.image_name }}" + COMMIT_SHA: "${{ github.sha }}" + HELM_PLUGINS: '/root/.local/share/helm/plugins' run: | - kubectl apply -f rendered.yml - sleep 3 - kubectl wait --for condition=ready --timeout 90s pods -l "commit_sha=${{ github.sha }}" || \ - { kubectl get pods && exit 1; } + helmfile sync && exit 0 || true + helmfile status | grep pending-upgrade + RELEASE="$(helmfile status | grep NAME: | awk '{print $2}')" + REVISION="$(helmfile status | grep REVISION: | awk '{print $2}')" + helm rollback --wait -n "${NAMESPACE}" "${RELEASE}" "$((REVISION-1))" + helmfile sync - uses: actions/github-script@v5 if: ${{ github.event.action == 'opened' || github.event.action == 'reopened' }} diff --git a/helm/chart/.helmignore b/helm/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/chart/Chart.yaml b/helm/chart/Chart.yaml new file mode 100644 index 0000000..b09300d --- /dev/null +++ b/helm/chart/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: aave-caching-server +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/helm/chart/templates/_helpers.tpl b/helm/chart/templates/_helpers.tpl new file mode 100644 index 0000000..76cfe06 --- /dev/null +++ b/helm/chart/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "common.env" -}} +{{- with .Values.common.env }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "common.labels" -}} +{{- with .Values.common.labels }} +{{- toYaml . }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Common annotations +*/}} +{{- define "common.annotations" -}} +{{- with .Values.common.annotations }} +{{- toYaml . }} +{{- end }} +{{- end }} diff --git a/helm/chart/templates/api.yaml b/helm/chart/templates/api.yaml new file mode 100644 index 0000000..794fabb --- /dev/null +++ b/helm/chart/templates/api.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api + labels: + {{- include "common.labels" . | nindent 4 }} + component: api + annotations: + {{- include "common.annotations" . | nindent 4 }} +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + replicas: 1 + selector: + matchLabels: + component: api + template: + metadata: + annotations: + {{- with .Values.api.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "common.annotations" . | nindent 8 }} + labels: + {{- include "common.labels" . | nindent 8 }} + component: api + spec: + automountServiceAccountToken: false + enableServiceLinks: false + containers: + - name: api + env: + - name: REDIS_HOST + value: redis + {{- include "common.env" . | nindent 12 }} + image: "{{ .Values.common.image }}" + imagePullPolicy: Always + ports: + - name: http + containerPort: 3000 + protocol: TCP + livenessProbe: + httpGet: + path: '/.well-known/apollo/server-health' + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + failureThreshold: 5 + readinessProbe: + httpGet: + path: '/.well-known/apollo/server-health' + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + failureThreshold: 5 + resources: + {{- toYaml .Values.api.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: api + labels: + {{- include "common.labels" . | nindent 4 }} + component: api + annotations: + {{- include "common.annotations" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: http + protocol: TCP + name: http-3000 + selector: + component: api diff --git a/helm/chart/templates/ingress.yaml b/helm/chart/templates/ingress.yaml new file mode 100644 index 0000000..114707f --- /dev/null +++ b/helm/chart/templates/ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: main + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- include "common.annotations" . | nindent 4 }} +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.ingress.domain | quote }} + rules: + - host: {{ .Values.ingress.domain | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: api + port: + name: http-3000 diff --git a/helm/chart/templates/redis.yaml b/helm/chart/templates/redis.yaml new file mode 100644 index 0000000..ee93c15 --- /dev/null +++ b/helm/chart/templates/redis.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + labels: + {{- include "common.labels" . | nindent 4 }} + component: redis + annotations: + {{- include "common.annotations" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + component: redis + template: + metadata: + annotations: + {{- with .Values.redis.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "common.annotations" . | nindent 8 }} + labels: + {{- omit (include "common.labels" . | fromYaml ) "commit" | toYaml | nindent 8 }} + component: redis + spec: + automountServiceAccountToken: false + enableServiceLinks: false + containers: + - name: redis + image: "{{ .Values.redis.image }}" + imagePullPolicy: Always + ports: + - name: redis + containerPort: 6379 + protocol: TCP + resources: + {{- toYaml .Values.redis.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + labels: + {{- include "common.labels" . | nindent 4 }} + component: redis + annotations: + {{- include "common.annotations" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: redis + protocol: TCP + name: redis + selector: + component: redis diff --git a/helm/chart/templates/workers.yaml b/helm/chart/templates/workers.yaml new file mode 100644 index 0000000..2e6055e --- /dev/null +++ b/helm/chart/templates/workers.yaml @@ -0,0 +1,84 @@ +{{- range $name, $val := .Values.workers }} +{{- if $val.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }} + labels: + {{- include "common.labels" $ | nindent 4 }} + component: {{ $name }} + annotations: + {{- include "common.annotations" $ | nindent 4 }} +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + replicas: 1 + selector: + matchLabels: + component: {{ $name }} + template: + metadata: + annotations: + {{- with $val.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "common.annotations" $ | nindent 8 }} + labels: + {{- include "common.labels" $ | nindent 8 }} + component: {{ $name }} + spec: + automountServiceAccountToken: false + enableServiceLinks: false + containers: + - name: {{ $name }} + env: + - name: REDIS_HOST + value: redis + {{- include "common.env" $ | nindent 12 }} + image: {{ $.Values.common.image }} + imagePullPolicy: Always + livenessProbe: + exec: + command: + - ps + - -p + - "1" + failureThreshold: 5 + initialDelaySeconds: 5 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - ps + - -p + - "1" + failureThreshold: 5 + initialDelaySeconds: 5 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + resources: + {{- if $val.resources }} + {{- toYaml $val.resources | nindent 12 }} + {{- else }} + requests: + cpu: 30m + memory: 256Mi + {{- end }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + drop: + - ALL +{{- end }} +{{- end }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml new file mode 100644 index 0000000..1d44f46 --- /dev/null +++ b/helm/chart/values.yaml @@ -0,0 +1,69 @@ +common: + labels: + pod: aave + project: interface + app: caching-server + annotations: + git-repo: "https://github.com/aave/aave-ui-caching-server" + image: "ghcr.io/aave/aave-ui-caching-server" + env: + - name: RPC_URL + value: "" + - name: CHAIN_ID + value: "" + +api: + podAnnotations: {} + resources: + requests: + cpu: 50m + memory: 200Mi + + +workers: + protocol-data-loader: + enabled: true + podAnnotations: {} + resources: {} + reserve-incentives: + enabled: true + podAnnotations: {} + resources: {} + update-block-number-loader: + enabled: true + podAnnotations: {} + resources: {} + user-data-loader: + enabled: true + podAnnotations: {} + resources: {} + user-incentives: + enabled: true + podAnnotations: {} + resources: {} + + # only used on mainnet + stake-general-data-loader: + enabled: false + podAnnotations: {} + resources: {} + stake-user-data-loader: + enabled: false + podAnnotations: {} + resources: {} + + +ingress: + domain: + annotations: + nginx.ingress.kubernetes.io/auth-tls-secret: default/cf-mtls + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" + +redis: + podAnnotations: {} + image: "redis:6-alpine" + resources: + requests: + cpu: 50m + memory: 200Mi diff --git a/k8s/render.sh b/helmfile-template.sh similarity index 60% rename from k8s/render.sh rename to helmfile-template.sh index 1418b3e..b1d3afc 100755 --- a/k8s/render.sh +++ b/helmfile-template.sh @@ -1,18 +1,16 @@ #!/usr/bin/env bash set -xeuo pipefail -RENDER_FILE=${1:-"main.py"} -CHAIN_ID=${2:-1} +CHAIN_ID=${1:-1} docker run -it --rm -v "$(pwd)":/app --workdir=/app \ -e NAMESPACE="cache-${CHAIN_ID}" \ --e IMAGE='ghcr.io/aave/aave-ui-caching-server:9610077d06eecb7b25b59655af7d1b3ff8e81725' \ +-e IMAGE='ghcr.io/aave/aave-ui-caching-server:5fcb2af774a257765ba95ac35787c35b87020aa6' \ -e DOMAIN='example.com' \ --e RECIPE="chain${CHAIN_ID}" \ -e CHAIN_ID="${CHAIN_ID}" \ -e POLYGON_RPC="poly-secret-rpc" \ -e MAINNET_RPC="main-secret-rpc" \ -e COMMIT_SHA="$(git rev-parse --verify HEAD)" \ -e ENV_NAME="rendered" \ -qwolphin/kdsl:1.21.8 \ -python3 "${RENDER_FILE}" +ghcr.io/helmfile/helmfile:v0.145.3 \ +helmfile template diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..b86780f --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1,48 @@ +# The desired states of Helm releases. +# +# Helmfile runs various helm commands to converge the current state in the live cluster to the desired state defined here. +helmDefaults: + createNamespace: true + wait: true + timeout: 150 + force: false + + # restores previous state in case of failed release (default false) + atomic: true + # when true, cleans up any new resources created during a failed release (default false) + cleanupOnFail: true + historyMax: 5 + +releases: + {{- $chainID := (requiredEnv "CHAIN_ID") }} + - name: aave-caching-server-{{ $chainID }} + namespace: {{ requiredEnv "NAMESPACE" | quote }} + chart: ./helm/chart + values: + - common: + labels: + env: {{ env "ENV_NAME" | quote }} + commit: {{ env "COMMIT_SHA" | quote }} + image: {{ env "IMAGE" | quote }} + env: + - name: CHAIN_ID + value: {{ $chainID | quote }} + - name: RPC_URL + {{- if eq $chainID "1" }} + value: {{ env "MAINNET_RPC" | quote }} + {{- else if eq $chainID "137" }} + value: {{ env "POLYGON_RPC" | quote }} + {{- else if eq $chainID "43114" }} + value: 'https://api.avax.network/ext/bc/C/rpc' + {{- end }} + + {{- if eq $chainID "1" }} + - workers: + stake-general-data-loader: + enabled: true + stake-user-data-loader: + enabled: true + {{- end }} + + - ingress: + domain: {{ env "DOMAIN" | quote }} diff --git a/k8s/backend_components.py b/k8s/backend_components.py deleted file mode 100644 index 47cf1d9..0000000 --- a/k8s/backend_components.py +++ /dev/null @@ -1,158 +0,0 @@ -from typing import Sequence, Optional - -from kdsl.apps.v1 import Deployment, DeploymentSpec, DeploymentStrategy, RollingUpdateDeployment -from kdsl.core.v1 import Service, ServiceSpec, PodSpec, ObjectMeta, ContainerItem, Probe, ExecAction, HTTPGetAction -from kdsl.extra import mk_env -from kdsl.recipe import choice, collection - -import values - -env = mk_env( - REDIS_HOST="redis", - RPC_URL=choice( - chain1=values.MAINNET_RPC, - chain137=values.POLYGON_RPC, - chain43114="https://api.avax.network/ext/bc/C/rpc" - ), - CHAIN_ID=values.CHAIN_ID, -) - -api_probe = Probe( - httpGet=HTTPGetAction( - port="http", - path='/.well-known/apollo/server-health', - scheme='HTTP' - ), - initialDelaySeconds=5, - periodSeconds=10, - timeoutSeconds=3, - failureThreshold=5, -) - -worker_probe = Probe( - exec=ExecAction( - command="ps -p 1".split() - ), - initialDelaySeconds=5, - periodSeconds=20, - failureThreshold=5, -) - - -def mk_backend_entries( - name: str, - command: Sequence[str], - probe: Probe = worker_probe, - port: Optional[int] = None, - scale: int = 1, -): - labels = dict(component=name) - - metadata = ObjectMeta( - name=name, - namespace=values.NAMESPACE, - labels=dict(**labels, **values.shared_labels, **values.datadog_labels(name)), - annotations=values.shared_annotations - ) - - if port is not None: - service = Service( - metadata=metadata, - spec=ServiceSpec( - selector=labels, - ports={ - port: dict(name="http"), - }, - ), - ) - service_list = [service] - container_ports_mixin = dict( - ports={ - port: dict(name="http", protocol="TCP"), - } - ) - else: - service_list = [] - container_ports_mixin = dict() - - pod_spec = PodSpec( - containers={ - name: ContainerItem( - image=values.IMAGE, - imagePullPolicy="Always", - **container_ports_mixin, - command=command, - env=env, - readinessProbe=probe, - livenessProbe=probe, - ), - }, - ) - - deployment = Deployment( - metadata=metadata, - spec=DeploymentSpec( - replicas=scale, - selector=dict(matchLabels=labels), - progressDeadlineSeconds=180, - strategy=DeploymentStrategy( - type="RollingUpdate", - rollingUpdate=RollingUpdateDeployment( - maxUnavailable=1, - maxSurge=1, - ), - ), - template=dict( - metadata=ObjectMeta( - labels=dict(**metadata.labels), - annotations=values.shared_annotations - ), - spec=pod_spec, - ), - ), - ) - - return [*service_list, deployment] - - -entries = collection( - base=[ - *mk_backend_entries( - name="api", - command=["npm", "run", "prod"], - probe=api_probe, - port=3000, - scale=1 - ), - *mk_backend_entries( - name="protocol-data-loader", - command=["npm", "run", "job:update-general-reserves-data"], - ), - *mk_backend_entries( - name="reserve-incentives", - command=["npm", "run", "job:update-reserve-incentives-data"], - ), - *mk_backend_entries( - name="user-incentives", - command=["npm", "run", "job:update-users-incentives-data"], - ), - *mk_backend_entries( - name="user-data-loader", - command=["npm", "run", "job:update-users-data"], - ), - *mk_backend_entries( - name="update-block-number-loader", - command=["npm", "run", "job:update-block-number"], - ), - ], - chain1=[ - *mk_backend_entries( - name="stake-general-data-loader", - command=["npm", "run", "job:update-stake-general-ui-data"], - ), - *mk_backend_entries( - name="stake-user-data-loader", - command=["npm", "run", "job:update-stake-user-ui-data"], - ), - ], -) diff --git a/k8s/common.py b/k8s/common.py deleted file mode 100644 index 9b64dce..0000000 --- a/k8s/common.py +++ /dev/null @@ -1,13 +0,0 @@ -from kdsl.core.v1 import Namespace, ObjectMeta - -import values - -namespace = Namespace( - metadata=ObjectMeta( - name=values.NAMESPACE, - labels=values.shared_labels, - annotations=values.shared_annotations - ) -) - -entries = [namespace] diff --git a/k8s/ingress.py b/k8s/ingress.py deleted file mode 100644 index c028cd0..0000000 --- a/k8s/ingress.py +++ /dev/null @@ -1,37 +0,0 @@ -from kdsl.core.v1 import ObjectMeta -from kdsl.networking.v1beta1 import Ingress, IngressSpec, IngressTLS, IngressRule, IngressBackend, HTTPIngressRuleValue, \ - HTTPIngressPath - -import values - -ingress = Ingress( - metadata=ObjectMeta( - name='main', - namespace=values.NAMESPACE, - labels=values.shared_labels, - annotations={ - "nginx.ingress.kubernetes.io/auth-tls-secret": "default/cf-mtls", - "nginx.ingress.kubernetes.io/auth-tls-verify-client": "on", - "nginx.ingress.kubernetes.io/auth-tls-verify-depth": "1", - **values.shared_annotations - } - ), - spec=IngressSpec( - rules=[IngressRule( - host=values.DOMAIN, - http=HTTPIngressRuleValue( - paths=[HTTPIngressPath( - backend=IngressBackend( - serviceName="api", - servicePort=3000 - ) - )] - ) - )], - tls=[IngressTLS( - hosts=[values.DOMAIN] - )] - ) -) - -entries = [ingress] diff --git a/k8s/main.py b/k8s/main.py deleted file mode 100644 index e4bd781..0000000 --- a/k8s/main.py +++ /dev/null @@ -1,16 +0,0 @@ -from kdsl.utils import render_to_stdout - -import backend_components -import common -import ingress -import redis_component - -entries = [ - *common.entries, - *backend_components.entries, - *redis_component.entries, - *ingress.entries, -] - -if __name__ == "__main__": - render_to_stdout(entries) diff --git a/k8s/redis_component.py b/k8s/redis_component.py deleted file mode 100644 index f724923..0000000 --- a/k8s/redis_component.py +++ /dev/null @@ -1,59 +0,0 @@ -from kdsl.apps.v1 import Deployment, DeploymentSpec -from kdsl.core.v1 import Service, ServiceSpec, PodSpec, ObjectMeta, ContainerItem - -import values - -name = "redis" -labels = dict(component=name) -annotations = values.shared_annotations - - -metadata = ObjectMeta( - name=name, - namespace=values.NAMESPACE, - labels=dict(**labels, **values.shared_labels, **values.datadog_labels(name)), - annotations=values.shared_annotations -) - - -service = Service( - metadata=metadata, - spec=ServiceSpec( - selector=labels, - ports={ - 6379: dict(name="redis"), - }, - ), -) - - -pod_spec = PodSpec( - containers=dict( - redis=ContainerItem( - image="redis:6-alpine", - imagePullPolicy="Always", - ports={ - 6379: dict(name="redis", protocol="TCP"), - }, - ), - ), -) - - -deployment = Deployment( - metadata=metadata, - spec=DeploymentSpec( - replicas=1, - selector=dict(matchLabels=labels), - template=dict( - metadata=ObjectMeta( - labels=dict(**metadata.labels), - annotations=annotations - ), - spec=pod_spec, - ), - ), -) - - -entries = [service, deployment] diff --git a/k8s/values.py b/k8s/values.py deleted file mode 100644 index b72e958..0000000 --- a/k8s/values.py +++ /dev/null @@ -1,29 +0,0 @@ -from envparse import env # type: ignore - -NAMESPACE: str = env.str("NAMESPACE") -IMAGE: str = env.str("IMAGE") -DOMAIN: str = env.str("DOMAIN") - -CHAIN_ID: str = env.str("CHAIN_ID") -POLYGON_RPC: str = env.str("POLYGON_RPC") -MAINNET_RPC: str = env.str("MAINNET_RPC") - -shared_labels = dict( - project="aave", - app="caching-server", - commit_sha=env.str("COMMIT_SHA"), - environment=env.str("ENV_NAME"), -) - - -def datadog_labels(service: str): - return { - "tags.datadoghq.com/env": env.str("ENV_NAME"), - "tags.datadoghq.com/service": service, - "tags.datadoghq.com/version": env.str("COMMIT_SHA"), - } - - -shared_annotations = dict( - git_repo="https://github.com/aave/aave-ui-caching-server" -)