From f3d171dc62df8fad94e382dcf4670340cbf3c898 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Fri, 13 Sep 2024 13:20:45 -0500 Subject: [PATCH 1/6] draft fsg breakout --- .internal-ci/helm/fog-view-fsg/.helmignore | 23 + .internal-ci/helm/fog-view-fsg/Chart.yaml | 6 + .internal-ci/helm/fog-view-fsg/README.md | 83 ++++ .../helm/fog-view-fsg/templates/NOTES.txt | 0 .../helm/fog-view-fsg/templates/_helpers.tpl | 62 +++ .../fog-view-fogshardrangegenerator.yaml | 411 ++++++++++++++++++ .../templates/fog-view-router-configmap.yaml | 9 + .../fog-view-router-headless-service.yaml | 27 ++ .../templates/fog-view-store-configmap.yaml | 9 + .../templates/fog-view-store-service.yaml | 26 ++ .../fog-view-store-servicemonitor.yaml | 30 ++ .../supervisord-admin-configmap.yaml | 21 + .../supervisord-daemon-configmap.yaml | 11 + ...supervisord-fog-view-router-configmap.yaml | 18 + .../supervisord-fog-view-store-configmap.yaml | 21 + .internal-ci/helm/fog-view-fsg/values.yaml | 265 +++++++++++ .../helm/fog-view-support/.helmignore | 23 + .internal-ci/helm/fog-view-support/Chart.yaml | 6 + .internal-ci/helm/fog-view-support/README.md | 83 ++++ .../helm/fog-view-support/templates/NOTES.txt | 0 .../fog-view-support/templates/_helpers.tpl | 62 +++ .../fog-view-router-grpc-ingress.yaml | 33 ++ .../fog-view-router-http-ingress.yaml | 33 ++ .../templates/fog-view-router-service.yaml | 26 ++ .../fog-view-router-servicemonitor.yaml | 31 ++ .../templates/fog-view-tls-certificate.yaml | 21 + .../helm/fog-view-support/values.yaml | 41 ++ 27 files changed, 1381 insertions(+) create mode 100644 .internal-ci/helm/fog-view-fsg/.helmignore create mode 100644 .internal-ci/helm/fog-view-fsg/Chart.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/README.md create mode 100644 .internal-ci/helm/fog-view-fsg/templates/NOTES.txt create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_helpers.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-router-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-store-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/values.yaml create mode 100644 .internal-ci/helm/fog-view-support/.helmignore create mode 100644 .internal-ci/helm/fog-view-support/Chart.yaml create mode 100644 .internal-ci/helm/fog-view-support/README.md create mode 100644 .internal-ci/helm/fog-view-support/templates/NOTES.txt create mode 100644 .internal-ci/helm/fog-view-support/templates/_helpers.tpl create mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml create mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml create mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml create mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml create mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml create mode 100644 .internal-ci/helm/fog-view-support/values.yaml diff --git a/.internal-ci/helm/fog-view-fsg/.helmignore b/.internal-ci/helm/fog-view-fsg/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.internal-ci/helm/fog-view-fsg/Chart.yaml b/.internal-ci/helm/fog-view-fsg/Chart.yaml new file mode 100644 index 0000000000..27c6959757 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: fog-view-fsg +description: fog-view fogShardGenerator chart +type: application +version: 0.0.0 +appVersion: "0.0.0" diff --git a/.internal-ci/helm/fog-view-fsg/README.md b/.internal-ci/helm/fog-view-fsg/README.md new file mode 100644 index 0000000000..582d59cd1e --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/README.md @@ -0,0 +1,83 @@ +# Fog-View + +Run a MobileCoin fog-view instance. + +### Required Values + +You must set the fog view service hostnames and mobilecoin network and partner ids. + +```yaml +mobilecoin: + network: main + partner: mc + +fogView: + router: + hosts: + # add more instances here to generate additional routers + - partner: mc + responderID: fog.prod.mobilecoinww.com +``` + +Install chart: + +```bash +helm upgrade fog-view mcf-public/fog-view -i -f values.yaml +``` + +### Required ConfigMaps + +postgresReader example: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: fog-recovery-reader-0-postgresql +data: + postgresql-database: recovery + postgresql-hostname: + postgresql-port: "5432" + postgresql-ssl-options: "?sslmode=verify-full&sslrootcert=/etc/ssl/certs/ca-certificates.crt" + postgresql-username: +``` + +### Required Secrets + +postgresReader example: + +```yaml +apiVersion: v1 +metadata: + name: fog-recovery-reader-0-postgresql +kind: Secret +type: Opaque +stringData: + postgresql-password: +``` + +IAS example + +```yaml +apiVersion: v1 +metadata: + name: ias +kind: Secret +type: Opaque +stringData: + MC_IAS_API_KEY + MC_IAS_SPID +``` + +### Optional ConfigMaps + +sentry: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sentry +data: + fog-report-sentry-dsn: +``` diff --git a/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt b/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/.internal-ci/helm/fog-view-fsg/templates/_helpers.tpl b/.internal-ci/helm/fog-view-fsg/templates/_helpers.tpl new file mode 100644 index 0000000000..a73e933a86 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fog-view-fsg.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fog-view-fsg.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fog-view-fsg.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" | trimSuffix "." }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fog-view-fsg.labels" -}} +helm.sh/chart: {{ include "fog-view-fsg.chart" . }} +{{ include "fog-view-fsg.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fog-view-fsg.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fog-view-fsg.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* grpcCookieSalt */}} +{{- define "fog-view-fsg.grpcCookieSalt" -}} +{{- .Values.fogView.router.ingress.common.cookieSalt | default (randAlphaNum 8) }} +{{- end }} + +{{/* stackConfig - get "network" name of fall back to default */}} +{{- define "fog-view-fsg.stackConfig" }} +{{- $networkName := .Values.mobilecoin.network }} +{{- get .Values.fogView.stackConfig.network $networkName | default (get .Values.fogView.stackConfig.network "default") | toYaml }} +{{- end }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml new file mode 100644 index 0000000000..c12303891d --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml @@ -0,0 +1,411 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $stackConfig := (include "fog-view-fsg.stackConfig" . | fromYaml) }} +apiVersion: mc.mobilecoin.com/v1 +kind: FogShardRangeGenerator +metadata: + name: {{ include "fog-view-fsg.fullname" $ }} + labels: + {{- include "fog-view-fsg.labels" $ | nindent 4 }} +spec: + {{- with $stackConfig }} + shardSize: {{ .shardSize }} + exceedBlockHeightBy: {{ .exceedBlockHeightBy }} + shardOverlap: {{ .shardOverlap }} + {{- with .blockHeightRetrieval }} + blockCountURL: {{ tpl .blockCountURL $ | quote }} + blockCountQueryInterval: {{ .queryInterval | quote }} + blockCountResponseJQ: {{ .responseJQ | quote }} + blockCountReqBody: {{ .requestBody | quote }} + {{- end }} + {{- end }} + + {{- with $.Values.fogView.router }} + router: + templates: + - containerName: fog-view-router + spec: + podManagementPolicy: {{ .podManagementPolicy }} + replicas: {{ .replicaCount }} + selector: + matchLabels: + app: fog-view-router + color: {{ $stackConfig.color }} + stack: {{ include "fog-view-fsg.fullname" $ }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 12 }} + serviceName: {{ include "fog-view-fsg.fullname" $ }}-router-headless + template: + metadata: + annotations: + {{- toYaml .podAnnotations | nindent 14 }} + labels: + app: fog-view-router + color: {{ $stackConfig.color }} + stack: {{ include "fog-view-fsg.fullname" $ }} + {{- include "fog-view-fsg.labels" $ | nindent 14 }} + spec: + {{- if .affinityEnabled }} + affinity: + podAffinity: + # Pods prefer to be scheduled on nodes with pods from the same stack. + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: stack + operator: In + values: + - {{ include "fog-view-fsg.fullname" $ }} + topologyKey: "kubernetes.io/hostname" + weight: 1 + {{- end }} + imagePullSecrets: + {{- toYaml $.Values.imagePullSecrets | nindent 12 }} + initContainers: + - name: sysctl + image: ubuntu:20.04 + command: + - sysctl + - -w + - net.ipv4.tcp_retries2=5 + - net.core.somaxconn=65535 + securityContext: + privileged: true + runAsUser: 0 + runAsNonRoot: False + containers: + - name: fog-view-router + image: "{{ .image.org | default $.Values.image.org }}/{{ .image.name }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + args: [ "/usr/bin/supervisord" ] + ports: + - name: view-grpc + containerPort: 3225 + - name: mgmt-http + containerPort: 8000 + envFrom: + - configMapRef: + name: {{ include "fog-view-fsg.fullname" $ }}-router + startupProbe: + grpc: + port: 3225 + failureThreshold: 240 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + livenessProbe: + grpc: + port: 3225 + failureThreshold: 5 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + grpc: + port: 3225 + failureThreshold: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + env: + - name: RUST_BACKTRACE + value: {{ .rust.backtrace | quote }} + {{- if eq $.Values.jaegerTracing.enabled true }} + - name: MC_TELEMETRY + value: "true" + {{- end }} + - name: RUST_LOG + value: {{ .rust.log | quote }} + - name: MC_CLIENT_RESPONDER_ID + value: {{ $routerHosts.responderID }}:443 + - name: MC_CLIENT_LISTEN_URI + value: insecure-fog-view://0.0.0.0:3225/ + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + - name: MC_SENTRY_DSN + valueFrom: + configMapKeyRef: + name: sentry + key: fog-view-sentry-dsn + optional: true + # Maps to Sentry Environment + - name: MC_BRANCH + value: {{ $.Values.mobilecoin.network }} + - name: MC_CHAIN_ID + value: {{ $.Values.mobilecoin.network }} + volumeMounts: + - name: supervisor-conf + mountPath: /etc/supervisor/conf.d + readOnly: true + - mountPath: /var/run/aesmd + name: aesm-socket-dir + resources: + {{- toYaml .resources | nindent 16 }} + - name: grpc-gateway + image: "{{ $.Values.grpcGateway.image.org | default $.Values.image.org }}/{{ $.Values.grpcGateway.image.name }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: Always + command: + - /usr/bin/go-grpc-gateway + - -grpc-server-endpoint=127.0.0.1:3225 + - -grpc-insecure + - -http-server-listen=:8225 + - -logtostderr + ports: + - name: view-http + containerPort: 8225 + resources: + {{- toYaml $.Values.grpcGateway.resources | nindent 16 }} + {{- if eq $.Values.jaegerTracing.enabled true }} + - name: jaeger-agent + image: jaegertracing/jaeger-agent:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5775 + name: zk-compact-trft + protocol: UDP + - containerPort: 5778 + name: config-rest + protocol: TCP + - containerPort: 6831 + name: jg-compact-trft + protocol: UDP + - containerPort: 6832 + name: jg-binary-trft + protocol: UDP + - containerPort: 14271 + name: admin-http + protocol: TCP + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + args: + - --reporter.grpc.host-port=dns:///jaeger-collector:14250 + - --reporter.type=grpc + - --agent.tags=cluster=undefined,container.name=fog-view-router,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} + {{- end }} + nodeSelector: + topology.kubernetes.io/zone: {{ $.Values.fogView.stackConfig.zone }} + {{- toYaml .nodeSelector | nindent 14 }} + tolerations: + {{- toYaml .tolerations | nindent 12 }} + readinessGates: + - conditionType: mobilecoin.com/shards-ready + volumes: + - emptyDir: {} + name: aesm-socket-dir + - name: supervisor-conf + projected: + defaultMode: 420 + sources: + - configMap: + name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-fog-view-router + - configMap: + name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-daemon + - configMap: + name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-admin + {{- end }} + + {{- with $.Values.fogView.store }} + store: + containerName: fog-view-store + servicePort: 80 + targetPort: view-grpc + spec: + podManagementPolicy: {{ .podManagementPolicy }} + replicas: {{ .replicaCount }} + selector: + matchLabels: + app: fog-view-store + stack: {{ include "fog-view-fsg.fullname" $ }} + color: {{ $stackConfig.color }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 10 }} + serviceName: {{ include "fog-view-fsg.fullname" $ }}-store + template: + metadata: + annotations: + {{- toYaml .podAnnotations | nindent 12 }} + labels: + app: fog-view-store + stack: {{ include "fog-view-fsg.fullname" $ }} + color: {{ $stackConfig.color }} + {{- include "fog-view-fsg.labels" $ | nindent 12 }} + spec: + {{- if .affinityEnabled }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: stack + operator: In + values: + - {{ include "fog-view-fsg.fullname" $ }} + topologyKey: "kubernetes.io/hostname" + weight: 1 + {{- end }} + imagePullSecrets: + {{- toYaml $.Values.imagePullSecrets | nindent 10 }} + initContainers: + - name: sysctl + image: ubuntu:20.04 + command: + - sysctl + - -w + - net.ipv4.tcp_retries2=5 + - net.core.somaxconn=65535 + securityContext: + privileged: true + runAsUser: 0 + runAsNonRoot: False + containers: + - name: fog-view-store + image: "{{ .image.org | default $.Values.image.org }}/{{ .image.name }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ .image.pullPolicy }} + args: [ "/usr/bin/supervisord" ] + ports: + - name: view-grpc + containerPort: 3225 + - name: mgmt-http + containerPort: 8000 + envFrom: + - configMapRef: + name: {{ include "fog-view-fsg.fullname" $ }}-store + env: + {{- if eq $.Values.jaegerTracing.enabled true }} + - name: MC_TELEMETRY + value: "true" + {{- end }} + - name: RUST_BACKTRACE + value: {{ .rust.backtrace | quote }} + - name: RUST_LOG + value: {{ .rust.log | quote }} + - name: MC_SENTRY_DSN + valueFrom: + configMapKeyRef: + name: sentry + key: fog-view-sentry-dsn + optional: true + # Maps to Sentry Environment + - name: MC_BRANCH + value: {{ $.Values.mobilecoin.network }} + - name: MC_CHAIN_ID + value: {{ $.Values.mobilecoin.network }} + - name: FOGDB_HOST + valueFrom: + configMapKeyRef: + name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + key: postgres-hostname + - name: FOGDB_USER + valueFrom: + configMapKeyRef: + name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + key: postgres-username + - name: FOGDB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $.Values.fogView.externalSecrets.postgresReader.name }} + key: postgres-password + - name: FOGDB_DATABASE + valueFrom: + configMapKeyRef: + name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + key: postgres-database + - name: FOGDB_SSL_OPTIONS + valueFrom: + configMapKeyRef: + name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + key: postgres-ssl-options + - name: DATABASE_URL + value: "postgres://$(FOGDB_USER):$(FOGDB_PASSWORD)@$(FOGDB_HOST)/$(FOGDB_DATABASE)$(FOGDB_SSL_OPTIONS)" + livenessProbe: + grpc: + port: 3225 + failureThreshold: 5 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + startupProbe: + grpc: + port: 3225 + failureThreshold: 480 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + readinessProbe: + grpc: + port: 3225 + failureThreshold: 2 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + volumeMounts: + - name: supervisor-conf + mountPath: /etc/supervisor/conf.d + readOnly: true + - mountPath: /var/run/aesmd + name: aesm-socket-dir + resources: + {{- toYaml .resources | nindent 14 }} + {{- if eq $.Values.jaegerTracing.enabled true }} + - name: jaeger-agent + image: jaegertracing/jaeger-agent:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5775 + name: zk-compact-trft + protocol: UDP + - containerPort: 5778 + name: config-rest + protocol: TCP + - containerPort: 6831 + name: jg-compact-trft + protocol: UDP + - containerPort: 6832 + name: jg-binary-trft + protocol: UDP + - containerPort: 14271 + name: admin-http + protocol: TCP + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + args: + - --reporter.grpc.host-port=dns:///jaeger-collector:14250 + - --reporter.type=grpc + - --agent.tags=cluster=undefined,container.name=fog-view,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} + {{- end }} + nodeSelector: + topology.kubernetes.io/zone: {{ $.Values.fogView.stackConfig.zone }} + {{- toYaml .nodeSelector | nindent 12 }} + tolerations: + {{- toYaml .tolerations | nindent 10 }} + volumes: + - emptyDir: {} + name: aesm-socket-dir + - name: supervisor-conf + projected: + sources: + - configMap: + name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-daemon + - configMap: + name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-fog-view-store + - configMap: + name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-admin + {{- end }} +--- diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-configmap.yaml new file mode 100644 index 0000000000..7e7f2f5596 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-configmap.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-router + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + {{- toYaml .Values.fogView.router.configMap.data | nindent 2 }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml new file mode 100644 index 0000000000..e895e6ba1d --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-fsg.fullname" $ }}-router-headless + labels: + app: fog-view-router + color: {{ $.Values.fogView.stackConfig.color }} + {{- include "fog-view-fsg.labels" $ | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + selector: + app: fog-view-router + color: {{ $.Values.fogView.stackConfig.color }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 4 }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: view-http + port: 8225 + targetPort: view-http +--- diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-configmap.yaml new file mode 100644 index 0000000000..9d7189b1cc --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-configmap.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-store + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + {{- toYaml .Values.fogView.store.configMap.data | nindent 2 }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml new file mode 100644 index 0000000000..56591e04c9 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml @@ -0,0 +1,26 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-store + labels: + app: fog-view-store + color: {{ .Values.fogView.stackConfig.color }} + {{- include "fog-view-fsg.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + selector: + app: fog-view-store + color: {{ .Values.fogView.stackConfig.color }} + {{- include "fog-view-fsg.selectorLabels" . | nindent 4 }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: view-http + port: 8225 + targetPort: view-http diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml new file mode 100644 index 0000000000..291dcbdd33 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml @@ -0,0 +1,30 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $network := .Values.mobilecoin.network | required "mobilecoin.network is required." }} +{{- $partner := .Values.mobilecoin.partner | required "mobilecoin.partner is required." }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-store + labels: + publish: grafana-cloud + app: fog-view-store + color: {{ .Values.fogView.stackConfig.color }} + {{- include "fog-view-fsg.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: fog-view-store + color: {{ .Values.fogView.stackConfig.color }} + {{- include "fog-view-fsg.selectorLabels" . | nindent 6 }} + endpoints: + - port: mgmt-http + relabelings: + - targetLabel: network + replacement: {{ $network }} + - targetLabel: partner + replacement: {{ $partner }} + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_stack + targetLabel: view_stack + diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml new file mode 100644 index 0000000000..0221e48b25 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-admin + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + admin_http_gw.conf: | + [program:mc-admin-http-gateway] + priority=200 + command=/usr/bin/mc-admin-http-gateway + --listen-host 0.0.0.0 + --listen-port 8000 + --admin-uri insecure-mca://127.0.0.1:8001/ + + stdout_logfile=/dev/fd/1 + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/fd/2 + stderr_logfile_maxbytes=0 + autorestart=true diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml new file mode 100644 index 0000000000..c573272b8b --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml @@ -0,0 +1,11 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-daemon + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + supervisor.conf: | + [supervisord] + nodaemon=true diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml new file mode 100644 index 0000000000..428412c243 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-router + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + fog_view_router.conf: | + [program:fogviewrouter] + priority=100 + command=fog_view_router + + stdout_logfile=/dev/fd/1 + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/fd/2 + stderr_logfile_maxbytes=0 + autorestart=true diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml new file mode 100644 index 0000000000..a4952c07bd --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-store + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + fog_view_store.conf: | + [program:fog-view-store] + priority=100 + command=/usr/bin/fog_view_server + --client-listen-uri insecure-fog-view-store://0.0.0.0:3225/?responder-id=%(ENV_HOSTNAME)s.{{ include "fog-view-fsg.fullname" . }}-store.{{ .Release.Namespace }}:3225 + --client-responder-id "%(ENV_HOSTNAME)s.{{ include "fog-view-fsg.fullname" . }}-store.{{ .Release.Namespace }}:3225" + --admin-listen-uri insecure-mca://127.0.0.1:8001/ + + stdout_logfile=/dev/fd/1 + stdout_logfile_maxbytes=0 + stderr_logfile=/dev/fd/2 + stderr_logfile_maxbytes=0 + autorestart=true diff --git a/.internal-ci/helm/fog-view-fsg/values.yaml b/.internal-ci/helm/fog-view-fsg/values.yaml new file mode 100644 index 0000000000..59db1bcd47 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/values.yaml @@ -0,0 +1,265 @@ +imagePullSecrets: +- name: docker-credentials + +# Pods share the image tag. +image: + org: mobilecoin + tag: '' # Overrides the image tag whose default is the chart appVersion. + +# Mobilecoin network instance +mobilecoin: + network: '' + partner: '' + +fogView: + # Stack configurations by network. + stackConfig: + # Affinity to a specific topology.kubernetes.io/zone= label value. + # zone will be "region-zoneId" format like "italynorth-1" + zone: '' + # color label of the fogShardGenerator stack. blue|green + color: 'blue' + + network: + # Assume default is a dev network. We can always define a "network" value if needed. + default: + shardSize: 20_000 + exceedBlockHeightBy: 5_000 + shardOverlap: 0 + count: 2 + blockHeightRetrieval: + blockCountURL: 'https://node1.{{ .Release.Namespace }}.development.mobilecoin.com/gw/consensus_common.BlockchainAPI/GetLastBlockInfo' + responseJQ: '.index' + queryInterval: 1m + requestBody: '' + test: + shardSize: 400_000 + exceedBlockHeightBy: 10_000 + shardOverlap: 0 + count: 2 + blockHeightRetrieval: + blockCountURL: https://node1.test.mobilecoin.com/gw/consensus_common.BlockchainAPI/GetLastBlockInfo + responseJQ: '.index' + queryInterval: 5m + requestBody: '' + main: + shardSize: 400_000 + exceedBlockHeightBy: 10_000 + shardOverlap: 0 + count: 3 + blockHeightRetrieval: + blockCountURL: https://node1.prod.mobilecoinww.com/gw/consensus_common.BlockchainAPI/GetLastBlockInfo + responseJQ: '.index' + queryInterval: 5m + requestBody: '' + + router: + ### list of fog-ledger-router hostnames (client responder ID) + + responderID: '' + + replicaCount: 1 + + image: + org: '' + name: fogview + pullPolicy: Always + + resources: + limits: + sgx.intel.com/epc: 512Ki + memory: 3Gi + requests: + sgx.intel.com/epc: 512Ki + memory: 3Gi + cpu: 1100m + + nodeSelector: + dcap: 'true' + + tolerations: + - key: dcap + operator: Equal + value: 'true' + effect: NoSchedule + + # disable affinity rules for single node testing + podManagementPolicy: Parallel + # affinityEnabled: true + # topologySpreadConstraintsEnabled: true + + rust: + backtrace: full + log: info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,reqwest=warn,rusoto_core=error,rusoto_signature=error,h2=error,rocket=warn,=warn + + podAnnotations: + fluentbit.io/include: 'true' # collect logs with fluentbit + fluentbit.io/exclude-jaeger-agent: 'true' + # This is the container name that needs to use sgx resources + sgx.intel.com/quote-provider: fog-view-router + + ingress: + enabled: true + common: + # Set a static salt for the dynamic cookie. See helpers for more info. + # cookieSalt: '' + tls: + clusterIssuer: letsencrypt-production-http + blocklist: + enabled: true + pattern: patterns/blocked-countries + annotations: |- + haproxy.org/server-ssl: "false" # The backend (server) is http + haproxy.org/timeout-client: 239s # 4 min timeout on azure + haproxy.org/timeout-server: 239s + haproxy.org/timeout-http-keep-alive: 120s + haproxy.org/abortonclose: "true" + haproxy.org/backend-config-snippet: |- + http-reuse aggressive + dynamic-cookie-key {{ include "fog-view.grpcCookieSalt" . }} + cookie VIEW insert indirect nocache dynamic + + grpc: + annotations: |- + haproxy.org/server-proto: "h2" # Force GRPC/H2 mode + + http: + annotations: |- + haproxy.org/path-rewrite: '/gw/(.*) /\1' # Strip the /gw prefix + + configMap: + data: + PLACEHOLDER: 'empty' + + store: + replicaCount: 1 + + image: + org: '' + name: fogview + pullPolicy: Always + + rust: + backtrace: full + log: info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,reqwest=warn,rusoto_core=error,rusoto_signature=error,h2=error,rocket=warn,=warn + + podAnnotations: + fluentbit.io/include: 'true' # collect logs with fluentbit + fluentbit.io/exclude-jaeger-agent: 'true' + # This is the container name that needs to use sgx resources + sgx.intel.com/quote-provider: fog-view-store + + # disable affinity rules for single node testing + podManagementPolicy: Parallel + affinityEnabled: true + topologySpreadConstraintsEnabled: true + + ### Intel SGX extended resources are defined with: https://github.com/sebva/sgx-device-plugin + resources: + limits: + sgx.intel.com/epc: 512Ki + memory: 5Gi + requests: + sgx.intel.com/epc: 512Ki + memory: 5Gi + cpu: 1100m + + nodeSelector: + dcap: 'true' + + tolerations: + - key: dcap + operator: Equal + value: 'true' + effect: NoSchedule + + configMap: + data: + # https://docs.diesel.rs/diesel/r2d2/struct.Builder.html + POSTGRES_IDLE_TIMEOUT: '60' + POSTGRES_MAX_LIFETIME: '120' + POSTGRES_CONNECTION_TIMEOUT: '5' + POSTGRES_MAX_CONNECTIONS: '3' + MC_OMAP_CAPACITY: '4194304' + + ### These configmaps and secrets must be deployed by external process to the namespace. + # override the name of the required configmaps + externalConfigMaps: + # Sentry is Optional + sentry: + name: sentry + ### required keys: + # fog-view-sentry-dsn + postgresReader: + name: fog-recovery-reader-0-postgresql + ### required keys: + # postgresql-ssl-options + # postgresql-database + # postgresql-username + # postgresql-hostname + + # override the name of the required secrets + externalSecrets: + postgresReader: + name: fog-recovery-reader-0-postgresql + ### required keys: + # postgresql-password + ias: + name: ias + ### required keys: + # MC_IAS_API_KEY + # MC_IAS_SPID + + +grpcGateway: + image: + org: '' + name: go-grpc-gateway + pullPolicy: Always + + resources: + limits: + cpu: 1 + memory: 256Mi + requests: + cpu: 256m + memory: 256Mi + +jaegerTracing: + enabled: false + +jaegerAgent: |- + - name: jaeger-agent + image: jaegertracing/jaeger-agent:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5775 + name: zk-compact-trft + protocol: UDP + - containerPort: 5778 + name: config-rest + protocol: TCP + - containerPort: 6831 + name: jg-compact-trft + protocol: UDP + - containerPort: 6832 + name: jg-binary-trft + protocol: UDP + - containerPort: 14271 + name: admin-http + protocol: TCP + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + args: + - --reporter.grpc.host-port=dns:///jaeger-collector:14250 + - --reporter.type=grpc + - --agent.tags=cluster=undefined,container.name=fog-view,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} diff --git a/.internal-ci/helm/fog-view-support/.helmignore b/.internal-ci/helm/fog-view-support/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/.internal-ci/helm/fog-view-support/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.internal-ci/helm/fog-view-support/Chart.yaml b/.internal-ci/helm/fog-view-support/Chart.yaml new file mode 100644 index 0000000000..5d58ed1643 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: fog-view-support +description: MobileCoin Fog View service stack. +type: application +version: 0.0.0 +appVersion: "0.0.0" diff --git a/.internal-ci/helm/fog-view-support/README.md b/.internal-ci/helm/fog-view-support/README.md new file mode 100644 index 0000000000..582d59cd1e --- /dev/null +++ b/.internal-ci/helm/fog-view-support/README.md @@ -0,0 +1,83 @@ +# Fog-View + +Run a MobileCoin fog-view instance. + +### Required Values + +You must set the fog view service hostnames and mobilecoin network and partner ids. + +```yaml +mobilecoin: + network: main + partner: mc + +fogView: + router: + hosts: + # add more instances here to generate additional routers + - partner: mc + responderID: fog.prod.mobilecoinww.com +``` + +Install chart: + +```bash +helm upgrade fog-view mcf-public/fog-view -i -f values.yaml +``` + +### Required ConfigMaps + +postgresReader example: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: fog-recovery-reader-0-postgresql +data: + postgresql-database: recovery + postgresql-hostname: + postgresql-port: "5432" + postgresql-ssl-options: "?sslmode=verify-full&sslrootcert=/etc/ssl/certs/ca-certificates.crt" + postgresql-username: +``` + +### Required Secrets + +postgresReader example: + +```yaml +apiVersion: v1 +metadata: + name: fog-recovery-reader-0-postgresql +kind: Secret +type: Opaque +stringData: + postgresql-password: +``` + +IAS example + +```yaml +apiVersion: v1 +metadata: + name: ias +kind: Secret +type: Opaque +stringData: + MC_IAS_API_KEY + MC_IAS_SPID +``` + +### Optional ConfigMaps + +sentry: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sentry +data: + fog-report-sentry-dsn: +``` diff --git a/.internal-ci/helm/fog-view-support/templates/NOTES.txt b/.internal-ci/helm/fog-view-support/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/.internal-ci/helm/fog-view-support/templates/_helpers.tpl b/.internal-ci/helm/fog-view-support/templates/_helpers.tpl new file mode 100644 index 0000000000..d469039e38 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fog-view-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fog-view-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fog-view-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" | trimSuffix "." }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fog-view-service.labels" -}} +helm.sh/chart: {{ include "fog-view-service.chart" . }} +{{ include "fog-view-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fog-view-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fog-view-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* grpcCookieSalt */}} +{{- define "fog-view-service.grpcCookieSalt" -}} +{{- .Values.fogView.router.ingress.common.cookieSalt | default (randAlphaNum 8) }} +{{- end }} + +{{/* stackConfig - get "network" name of fall back to default */}} +{{- define "fog-view-service.stackConfig" }} +{{- $networkName := .Values.mobilecoin.network }} +{{- get .Values.fogView.stackConfig.network $networkName | default (get .Values.fogView.stackConfig.network "default") | toYaml }} +{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml new file mode 100644 index 0000000000..c3c3ded531 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml @@ -0,0 +1,33 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "fog-view-service.fullname" $ }}-router-grpc + labels: + app: fog-view + {{- include "fog-view-service.labels" $ | nindent 4 }} + annotations: + {{- if $.Values.fogView.router.ingress.common.blocklist.enabled }} + haproxy.org/blacklist: {{ $.Values.fogView.router.ingress.common.blocklist.pattern }} + {{- end }} + {{ toYaml (tpl $.Values.fogView.router.ingress.common.annotations $ | fromYaml) | nindent 4 }} + {{ toYaml (tpl $.Values.fogView.router.ingress.grpc.annotations $ | fromYaml) | nindent 4 }} +spec: + tls: + - hosts: + - {{ .Values.fogView.router.responderID }} + secretName: {{ include "fog-view-service.fullname" $ }}-tls + rules: + - host: {{ .Values.fogView.router.responderID }} + http: + paths: + - path: /fog_view.FogViewAPI + pathType: Prefix + backend: + service: + name: {{ include "fog-view-service.fullname" $ }}-router + port: + name: view-grpc +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml new file mode 100644 index 0000000000..ec62754687 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml @@ -0,0 +1,33 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "fog-view-service.fullname" $ }}-router-http + labels: + app: fog-view + {{- include "fog-view-service.labels" $ | nindent 4 }} + annotations: + {{- if $.Values.fogView.router.ingress.common.blocklist.enabled }} + haproxy.org/blacklist: {{ $.Values.fogView.router.ingress.common.blocklist.pattern }} + {{- end }} + {{ toYaml (tpl $.Values.fogView.router.ingress.common.annotations $ | fromYaml) | nindent 4 }} + {{ toYaml (tpl $.Values.fogView.router.ingress.http.annotations $ | fromYaml) | nindent 4 }} +spec: + tls: + - hosts: + - {{ .Values.fogView.router.responderID }} + secretName: {{ include "fog-view-service.fullname" $ }}-tls + rules: + - host: {{ .Values.fogView.router.responderID }} + http: + paths: + - path: /gw/fog_view.FogViewAPI + pathType: Prefix + backend: + service: + name: {{ include "fog-view-service.fullname" $ }}-router + port: + name: view-http +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml new file mode 100644 index 0000000000..ef85369cc1 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml @@ -0,0 +1,26 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-service.fullname" $ }}-router + labels: + app: fog-view-router + {{- include "fog-view-service.labels" $ | nindent 4 }} +spec: + type: ClusterIP + selector: + app: fog-view-router + {{- include "fog-view-service.selectorLabels" $ | nindent 4 }} + # route to blue or green fogShardGenerator stacks. + color: {{ .Values.fogView.router.color }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: view-http + port: 8225 + targetPort: view-http +--- diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml new file mode 100644 index 0000000000..799c2b306f --- /dev/null +++ b/.internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $network := .Values.mobilecoin.network | required "mobilecoin.network is required." }} +{{- $partner := .Values.mobilecoin.partner | required "mobilecoin.partner is required." }} +{{- range $routerHosts := $.Values.fogView.router.hosts }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "fog-view-service.fullname" $ }}-router-{{ $routerHosts.partner }} + labels: + publish: grafana-cloud + app: fog-view-router + {{- include "fog-view-service.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + app: fog-view-router + partner: {{ $routerHosts.partner }} + {{- include "fog-view-service.selectorLabels" $ | nindent 6 }} + endpoints: + - port: mgmt-http + relabelings: + - targetLabel: network + replacement: {{ $network }} + - targetLabel: partner + replacement: {{ $partner }} + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_stack + targetLabel: view_stack +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml new file mode 100644 index 0000000000..9dc1b24e77 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "fog-view-service.fullname" $ }}-tls + labels: + {{- include "fog-view-service.labels" $ | nindent 4 }} +spec: + secretName: {{ include "fog-view-service.fullname" $ }}-tls + privateKey: + size: 2048 + algorithm: RSA + encoding: PKCS1 + dnsNames: + - {{ .Values.fogView.router.responderID }} + issuerRef: + name: {{ $.Values.fogView.router.ingress.common.tls.clusterIssuer }} + kind: ClusterIssuer +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-support/values.yaml b/.internal-ci/helm/fog-view-support/values.yaml new file mode 100644 index 0000000000..38b439c4b1 --- /dev/null +++ b/.internal-ci/helm/fog-view-support/values.yaml @@ -0,0 +1,41 @@ +# Mobilecoin network instance +mobilecoin: + network: '' + partner: '' + +fogView: + router: + # External hostname view service uses + responderID: '' + # color label of the fogShardGenerator stack to route traffic to. + # blue|green + color: blue + + ingress: + enabled: true + common: + # Set a static salt for the dynamic cookie. See helpers for more info. + # cookieSalt: '' + tls: + clusterIssuer: letsencrypt-production-http + blocklist: + enabled: true + pattern: patterns/blocked-countries + annotations: |- + haproxy.org/server-ssl: "false" # The backend (server) is http + haproxy.org/timeout-client: 239s # 4 min timeout on azure + haproxy.org/timeout-server: 239s + haproxy.org/timeout-http-keep-alive: 120s + haproxy.org/abortonclose: "true" + haproxy.org/backend-config-snippet: |- + http-reuse aggressive + dynamic-cookie-key {{ include "fog-view.grpcCookieSalt" . }} + cookie VIEW insert indirect nocache dynamic + + grpc: + annotations: |- + haproxy.org/server-proto: "h2" # Force GRPC/H2 mode + + http: + annotations: |- + haproxy.org/path-rewrite: '/gw/(.*) /\1' # Strip the /gw prefix From fab799024a5f16f62a715f5fa59f5f1b5e9a1779 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Mon, 16 Sep 2024 11:53:47 -0500 Subject: [PATCH 2/6] break out service and fogshardgenerator --- .gitignore | 2 + .../fog-view-fogshardrangegenerator.yaml | 157 +++++++++--------- .../fog-view-router-headless-service.yaml | 2 - .../templates/fog-view-store-service.yaml | 2 - .../fog-view-store-servicemonitor.yaml | 2 - .internal-ci/helm/fog-view-fsg/values.yaml | 13 +- .../helm/fog-view-support/.helmignore | 23 --- .internal-ci/helm/fog-view-support/Chart.yaml | 6 - .internal-ci/helm/fog-view-support/README.md | 83 --------- .../helm/fog-view-support/templates/NOTES.txt | 0 .../fog-view-support/templates/_helpers.tpl | 62 ------- .../fog-view-router-grpc-ingress.yaml | 33 ---- .../fog-view-router-http-ingress.yaml | 33 ---- .../templates/fog-view-router-service.yaml | 26 --- .../fog-view-router-servicemonitor.yaml | 31 ---- .../templates/fog-view-tls-certificate.yaml | 21 --- .../helm/fog-view-support/values.yaml | 41 ----- 17 files changed, 85 insertions(+), 452 deletions(-) delete mode 100644 .internal-ci/helm/fog-view-support/.helmignore delete mode 100644 .internal-ci/helm/fog-view-support/Chart.yaml delete mode 100644 .internal-ci/helm/fog-view-support/README.md delete mode 100644 .internal-ci/helm/fog-view-support/templates/NOTES.txt delete mode 100644 .internal-ci/helm/fog-view-support/templates/_helpers.tpl delete mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml delete mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml delete mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml delete mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml delete mode 100644 .internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml delete mode 100644 .internal-ci/helm/fog-view-support/values.yaml diff --git a/.gitignore b/.gitignore index 3d610b6396..18a1154acd 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,5 @@ minting-trust-root* # new cache dir for mob prompt with user sccache .mob/ + +.devcontainer/ diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml index c12303891d..73f893b921 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml @@ -1,5 +1,7 @@ # Copyright (c) 2018-2023 The MobileCoin Foundation -{{- $stackConfig := (include "fog-view-fsg.stackConfig" . | fromYaml) }} +{{- $stack := (include "fog-view-fsg.stackConfig" . | fromYaml) }} +{{- $router := .Values.fogView.router }} +{{- $store := .Values.fogView.store }} apiVersion: mc.mobilecoin.com/v1 kind: FogShardRangeGenerator metadata: @@ -7,43 +9,41 @@ metadata: labels: {{- include "fog-view-fsg.labels" $ | nindent 4 }} spec: - {{- with $stackConfig }} - shardSize: {{ .shardSize }} - exceedBlockHeightBy: {{ .exceedBlockHeightBy }} - shardOverlap: {{ .shardOverlap }} - {{- with .blockHeightRetrieval }} + + shardSize: {{ $stack.shardSize }} + exceedBlockHeightBy: {{ $stack.exceedBlockHeightBy }} + shardOverlap: {{ $stack.shardOverlap }} + {{- with $stack.blockHeightRetrieval }} blockCountURL: {{ tpl .blockCountURL $ | quote }} blockCountQueryInterval: {{ .queryInterval | quote }} blockCountResponseJQ: {{ .responseJQ | quote }} blockCountReqBody: {{ .requestBody | quote }} {{- end }} - {{- end }} - - {{- with $.Values.fogView.router }} router: templates: - - containerName: fog-view-router + - templateID: view + containerName: fog-view-router spec: - podManagementPolicy: {{ .podManagementPolicy }} - replicas: {{ .replicaCount }} + podManagementPolicy: {{ $router.podManagementPolicy }} + replicas: {{ $router.replicaCount }} selector: matchLabels: app: fog-view-router - color: {{ $stackConfig.color }} - stack: {{ include "fog-view-fsg.fullname" $ }} - {{- include "fog-view-fsg.selectorLabels" $ | nindent 12 }} - serviceName: {{ include "fog-view-fsg.fullname" $ }}-router-headless + color: {{ .Values.fogView.color }} + stack: {{ include "fog-view-fsg.fullname" . }} + {{- include "fog-view-fsg.selectorLabels" . | nindent 12 }} + serviceName: {{ include "fog-view-fsg.fullname" . }}-router-headless template: metadata: annotations: - {{- toYaml .podAnnotations | nindent 14 }} + {{- toYaml $router.podAnnotations | nindent 14 }} labels: app: fog-view-router - color: {{ $stackConfig.color }} - stack: {{ include "fog-view-fsg.fullname" $ }} - {{- include "fog-view-fsg.labels" $ | nindent 14 }} + color: {{ .Values.fogView.color }} + stack: {{ include "fog-view-fsg.fullname" . }} + {{- include "fog-view-fsg.labels" . | nindent 14 }} spec: - {{- if .affinityEnabled }} + {{- if $router.affinityEnabled }} affinity: podAffinity: # Pods prefer to be scheduled on nodes with pods from the same stack. @@ -54,12 +54,12 @@ spec: - key: stack operator: In values: - - {{ include "fog-view-fsg.fullname" $ }} + - {{ include "fog-view-fsg.fullname" . }} topologyKey: "kubernetes.io/hostname" weight: 1 {{- end }} imagePullSecrets: - {{- toYaml $.Values.imagePullSecrets | nindent 12 }} + {{- toYaml .Values.imagePullSecrets | nindent 12 }} initContainers: - name: sysctl image: ubuntu:20.04 @@ -74,8 +74,8 @@ spec: runAsNonRoot: False containers: - name: fog-view-router - image: "{{ .image.org | default $.Values.image.org }}/{{ .image.name }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .image.pullPolicy }} + image: "{{ $router.image.org | default .Values.image.org }}/{{ $router.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ $router.image.pullPolicy }} args: [ "/usr/bin/supervisord" ] ports: - name: view-grpc @@ -84,7 +84,7 @@ spec: containerPort: 8000 envFrom: - configMapRef: - name: {{ include "fog-view-fsg.fullname" $ }}-router + name: {{ include "fog-view-fsg.fullname" . }}-router startupProbe: grpc: port: 3225 @@ -108,15 +108,15 @@ spec: timeoutSeconds: 1 env: - name: RUST_BACKTRACE - value: {{ .rust.backtrace | quote }} - {{- if eq $.Values.jaegerTracing.enabled true }} + value: {{ $router.rust.backtrace | quote }} + {{- if eq .Values.jaegerTracing.enabled true }} - name: MC_TELEMETRY value: "true" {{- end }} - name: RUST_LOG - value: {{ .rust.log | quote }} + value: {{ $router.rust.log | quote }} - name: MC_CLIENT_RESPONDER_ID - value: {{ $routerHosts.responderID }}:443 + value: {{ .Values.fogView.router.responderID }}:443 - name: MC_CLIENT_LISTEN_URI value: insecure-fog-view://0.0.0.0:3225/ - name: MC_ADMIN_LISTEN_URI @@ -129,9 +129,9 @@ spec: optional: true # Maps to Sentry Environment - name: MC_BRANCH - value: {{ $.Values.mobilecoin.network }} + value: {{ .Values.mobilecoin.network }} - name: MC_CHAIN_ID - value: {{ $.Values.mobilecoin.network }} + value: {{ .Values.mobilecoin.network }} volumeMounts: - name: supervisor-conf mountPath: /etc/supervisor/conf.d @@ -139,9 +139,9 @@ spec: - mountPath: /var/run/aesmd name: aesm-socket-dir resources: - {{- toYaml .resources | nindent 16 }} + {{- toYaml $router.resources | nindent 16 }} - name: grpc-gateway - image: "{{ $.Values.grpcGateway.image.org | default $.Values.image.org }}/{{ $.Values.grpcGateway.image.name }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + image: "{{ .Values.grpcGateway.image.org | default .Values.image.org }}/{{ .Values.grpcGateway.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: Always command: - /usr/bin/go-grpc-gateway @@ -153,8 +153,8 @@ spec: - name: view-http containerPort: 8225 resources: - {{- toYaml $.Values.grpcGateway.resources | nindent 16 }} - {{- if eq $.Values.jaegerTracing.enabled true }} + {{- toYaml .Values.grpcGateway.resources | nindent 16 }} + {{- if eq .Values.jaegerTracing.enabled true }} - name: jaeger-agent image: jaegertracing/jaeger-agent:latest imagePullPolicy: IfNotPresent @@ -191,10 +191,10 @@ spec: - --agent.tags=cluster=undefined,container.name=fog-view-router,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} {{- end }} nodeSelector: - topology.kubernetes.io/zone: {{ $.Values.fogView.stackConfig.zone }} - {{- toYaml .nodeSelector | nindent 14 }} + topology.kubernetes.io/zone: {{ .Values.fogView.zone }} + {{- toYaml $router.nodeSelector | nindent 14 }} tolerations: - {{- toYaml .tolerations | nindent 12 }} + {{- toYaml $router.tolerations | nindent 12 }} readinessGates: - conditionType: mobilecoin.com/shards-ready volumes: @@ -205,39 +205,37 @@ spec: defaultMode: 420 sources: - configMap: - name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-fog-view-router + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-router - configMap: - name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-daemon + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-daemon - configMap: - name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-admin - {{- end }} + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-admin - {{- with $.Values.fogView.store }} store: containerName: fog-view-store servicePort: 80 targetPort: view-grpc spec: - podManagementPolicy: {{ .podManagementPolicy }} - replicas: {{ .replicaCount }} + podManagementPolicy: {{ $store.podManagementPolicy }} + replicas: {{ $store.replicaCount }} selector: matchLabels: app: fog-view-store - stack: {{ include "fog-view-fsg.fullname" $ }} - color: {{ $stackConfig.color }} - {{- include "fog-view-fsg.selectorLabels" $ | nindent 10 }} - serviceName: {{ include "fog-view-fsg.fullname" $ }}-store + stack: {{ include "fog-view-fsg.fullname" . }} + color: {{ .Values.fogView.color }} + {{- include "fog-view-fsg.selectorLabels" . | nindent 10 }} + serviceName: {{ include "fog-view-fsg.fullname" . }}-store template: metadata: annotations: - {{- toYaml .podAnnotations | nindent 12 }} + {{- toYaml $store.podAnnotations | nindent 12 }} labels: app: fog-view-store - stack: {{ include "fog-view-fsg.fullname" $ }} - color: {{ $stackConfig.color }} - {{- include "fog-view-fsg.labels" $ | nindent 12 }} + stack: {{ include "fog-view-fsg.fullname" . }} + color: {{ .Values.fogView.color }} + {{- include "fog-view-fsg.labels" . | nindent 12 }} spec: - {{- if .affinityEnabled }} + {{- if $store.affinityEnabled }} affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -247,12 +245,12 @@ spec: - key: stack operator: In values: - - {{ include "fog-view-fsg.fullname" $ }} + - {{ include "fog-view-fsg.fullname" . }} topologyKey: "kubernetes.io/hostname" weight: 1 {{- end }} imagePullSecrets: - {{- toYaml $.Values.imagePullSecrets | nindent 10 }} + {{- toYaml .Values.imagePullSecrets | nindent 10 }} initContainers: - name: sysctl image: ubuntu:20.04 @@ -267,8 +265,8 @@ spec: runAsNonRoot: False containers: - name: fog-view-store - image: "{{ .image.org | default $.Values.image.org }}/{{ .image.name }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ .image.pullPolicy }} + image: "{{ $store.image.org | default .Values.image.org }}/{{ $store.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ $store.image.pullPolicy }} args: [ "/usr/bin/supervisord" ] ports: - name: view-grpc @@ -277,16 +275,16 @@ spec: containerPort: 8000 envFrom: - configMapRef: - name: {{ include "fog-view-fsg.fullname" $ }}-store + name: {{ include "fog-view-fsg.fullname" . }}-store env: - {{- if eq $.Values.jaegerTracing.enabled true }} + {{- if .Values.jaegerTracing.enabled }} - name: MC_TELEMETRY value: "true" {{- end }} - name: RUST_BACKTRACE - value: {{ .rust.backtrace | quote }} + value: {{ $store.rust.backtrace | quote }} - name: RUST_LOG - value: {{ .rust.log | quote }} + value: {{ $store.rust.log | quote }} - name: MC_SENTRY_DSN valueFrom: configMapKeyRef: @@ -295,33 +293,33 @@ spec: optional: true # Maps to Sentry Environment - name: MC_BRANCH - value: {{ $.Values.mobilecoin.network }} + value: {{ .Values.mobilecoin.network }} - name: MC_CHAIN_ID - value: {{ $.Values.mobilecoin.network }} + value: {{ .Values.mobilecoin.network }} - name: FOGDB_HOST valueFrom: configMapKeyRef: - name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} key: postgres-hostname - name: FOGDB_USER valueFrom: configMapKeyRef: - name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} key: postgres-username - name: FOGDB_PASSWORD valueFrom: secretKeyRef: - name: {{ $.Values.fogView.externalSecrets.postgresReader.name }} + name: {{ .Values.fogView.externalSecrets.postgresReader.name }} key: postgres-password - name: FOGDB_DATABASE valueFrom: configMapKeyRef: - name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} key: postgres-database - name: FOGDB_SSL_OPTIONS valueFrom: configMapKeyRef: - name: {{ $.Values.fogView.externalConfigMaps.postgresReader.name }} + name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} key: postgres-ssl-options - name: DATABASE_URL value: "postgres://$(FOGDB_USER):$(FOGDB_PASSWORD)@$(FOGDB_HOST)/$(FOGDB_DATABASE)$(FOGDB_SSL_OPTIONS)" @@ -353,8 +351,8 @@ spec: - mountPath: /var/run/aesmd name: aesm-socket-dir resources: - {{- toYaml .resources | nindent 14 }} - {{- if eq $.Values.jaegerTracing.enabled true }} + {{- toYaml $store.resources | nindent 14 }} + {{- if .Values.jaegerTracing.enabled }} - name: jaeger-agent image: jaegertracing/jaeger-agent:latest imagePullPolicy: IfNotPresent @@ -388,13 +386,13 @@ spec: args: - --reporter.grpc.host-port=dns:///jaeger-collector:14250 - --reporter.type=grpc - - --agent.tags=cluster=undefined,container.name=fog-view,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} + - --agent.tags=cluster=undefined,container.name=fog-view,deployment.name={{ include "fog-view-fsg.fullname" . }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ .Release.Namespace }} {{- end }} nodeSelector: - topology.kubernetes.io/zone: {{ $.Values.fogView.stackConfig.zone }} - {{- toYaml .nodeSelector | nindent 12 }} + topology.kubernetes.io/zone: {{ .Values.fogView.zone }} + {{- toYaml $store.nodeSelector | nindent 12 }} tolerations: - {{- toYaml .tolerations | nindent 10 }} + {{- toYaml $store.tolerations | nindent 10 }} volumes: - emptyDir: {} name: aesm-socket-dir @@ -402,10 +400,9 @@ spec: projected: sources: - configMap: - name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-daemon + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-daemon - configMap: - name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-fog-view-store + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-store - configMap: - name: {{ include "fog-view-fsg.fullname" $ }}-supervisord-admin - {{- end }} + name: {{ include "fog-view-fsg.fullname" . }}-supervisord-admin --- diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml index e895e6ba1d..636a342cf8 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml @@ -5,14 +5,12 @@ metadata: name: {{ include "fog-view-fsg.fullname" $ }}-router-headless labels: app: fog-view-router - color: {{ $.Values.fogView.stackConfig.color }} {{- include "fog-view-fsg.labels" $ | nindent 4 }} spec: type: ClusterIP clusterIP: None selector: app: fog-view-router - color: {{ $.Values.fogView.stackConfig.color }} {{- include "fog-view-fsg.selectorLabels" $ | nindent 4 }} ports: - name: view-grpc diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml index 56591e04c9..0621a48270 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml @@ -5,14 +5,12 @@ metadata: name: {{ include "fog-view-fsg.fullname" . }}-store labels: app: fog-view-store - color: {{ .Values.fogView.stackConfig.color }} {{- include "fog-view-fsg.labels" . | nindent 4 }} spec: type: ClusterIP clusterIP: None selector: app: fog-view-store - color: {{ .Values.fogView.stackConfig.color }} {{- include "fog-view-fsg.selectorLabels" . | nindent 4 }} ports: - name: view-grpc diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml index 291dcbdd33..192fe47ce4 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml @@ -8,13 +8,11 @@ metadata: labels: publish: grafana-cloud app: fog-view-store - color: {{ .Values.fogView.stackConfig.color }} {{- include "fog-view-fsg.labels" . | nindent 4 }} spec: selector: matchLabels: app: fog-view-store - color: {{ .Values.fogView.stackConfig.color }} {{- include "fog-view-fsg.selectorLabels" . | nindent 6 }} endpoints: - port: mgmt-http diff --git a/.internal-ci/helm/fog-view-fsg/values.yaml b/.internal-ci/helm/fog-view-fsg/values.yaml index 59db1bcd47..59cf07bf08 100644 --- a/.internal-ci/helm/fog-view-fsg/values.yaml +++ b/.internal-ci/helm/fog-view-fsg/values.yaml @@ -12,14 +12,13 @@ mobilecoin: partner: '' fogView: - # Stack configurations by network. - stackConfig: - # Affinity to a specific topology.kubernetes.io/zone= label value. - # zone will be "region-zoneId" format like "italynorth-1" - zone: '' - # color label of the fogShardGenerator stack. blue|green - color: 'blue' + # Affinity to a specific topology.kubernetes.io/zone= label value. + # zone will be "region-zoneId" format like "italynorth-1" + zone: '' + # color label of the fogShardGenerator stack. blue|green + color: 'blue' + stackConfig: network: # Assume default is a dev network. We can always define a "network" value if needed. default: diff --git a/.internal-ci/helm/fog-view-support/.helmignore b/.internal-ci/helm/fog-view-support/.helmignore deleted file mode 100644 index 0e8a0eb36f..0000000000 --- a/.internal-ci/helm/fog-view-support/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/.internal-ci/helm/fog-view-support/Chart.yaml b/.internal-ci/helm/fog-view-support/Chart.yaml deleted file mode 100644 index 5d58ed1643..0000000000 --- a/.internal-ci/helm/fog-view-support/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: fog-view-support -description: MobileCoin Fog View service stack. -type: application -version: 0.0.0 -appVersion: "0.0.0" diff --git a/.internal-ci/helm/fog-view-support/README.md b/.internal-ci/helm/fog-view-support/README.md deleted file mode 100644 index 582d59cd1e..0000000000 --- a/.internal-ci/helm/fog-view-support/README.md +++ /dev/null @@ -1,83 +0,0 @@ -# Fog-View - -Run a MobileCoin fog-view instance. - -### Required Values - -You must set the fog view service hostnames and mobilecoin network and partner ids. - -```yaml -mobilecoin: - network: main - partner: mc - -fogView: - router: - hosts: - # add more instances here to generate additional routers - - partner: mc - responderID: fog.prod.mobilecoinww.com -``` - -Install chart: - -```bash -helm upgrade fog-view mcf-public/fog-view -i -f values.yaml -``` - -### Required ConfigMaps - -postgresReader example: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: fog-recovery-reader-0-postgresql -data: - postgresql-database: recovery - postgresql-hostname: - postgresql-port: "5432" - postgresql-ssl-options: "?sslmode=verify-full&sslrootcert=/etc/ssl/certs/ca-certificates.crt" - postgresql-username: -``` - -### Required Secrets - -postgresReader example: - -```yaml -apiVersion: v1 -metadata: - name: fog-recovery-reader-0-postgresql -kind: Secret -type: Opaque -stringData: - postgresql-password: -``` - -IAS example - -```yaml -apiVersion: v1 -metadata: - name: ias -kind: Secret -type: Opaque -stringData: - MC_IAS_API_KEY - MC_IAS_SPID -``` - -### Optional ConfigMaps - -sentry: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: sentry -data: - fog-report-sentry-dsn: -``` diff --git a/.internal-ci/helm/fog-view-support/templates/NOTES.txt b/.internal-ci/helm/fog-view-support/templates/NOTES.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/.internal-ci/helm/fog-view-support/templates/_helpers.tpl b/.internal-ci/helm/fog-view-support/templates/_helpers.tpl deleted file mode 100644 index d469039e38..0000000000 --- a/.internal-ci/helm/fog-view-support/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "fog-view-service.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "fog-view-service.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "fog-view-service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" | trimSuffix "." }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "fog-view-service.labels" -}} -helm.sh/chart: {{ include "fog-view-service.chart" . }} -{{ include "fog-view-service.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "fog-view-service.selectorLabels" -}} -app.kubernetes.io/name: {{ include "fog-view-service.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* grpcCookieSalt */}} -{{- define "fog-view-service.grpcCookieSalt" -}} -{{- .Values.fogView.router.ingress.common.cookieSalt | default (randAlphaNum 8) }} -{{- end }} - -{{/* stackConfig - get "network" name of fall back to default */}} -{{- define "fog-view-service.stackConfig" }} -{{- $networkName := .Values.mobilecoin.network }} -{{- get .Values.fogView.stackConfig.network $networkName | default (get .Values.fogView.stackConfig.network "default") | toYaml }} -{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml deleted file mode 100644 index c3c3ded531..0000000000 --- a/.internal-ci/helm/fog-view-support/templates/fog-view-router-grpc-ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -{{- if .Values.fogView.router.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "fog-view-service.fullname" $ }}-router-grpc - labels: - app: fog-view - {{- include "fog-view-service.labels" $ | nindent 4 }} - annotations: - {{- if $.Values.fogView.router.ingress.common.blocklist.enabled }} - haproxy.org/blacklist: {{ $.Values.fogView.router.ingress.common.blocklist.pattern }} - {{- end }} - {{ toYaml (tpl $.Values.fogView.router.ingress.common.annotations $ | fromYaml) | nindent 4 }} - {{ toYaml (tpl $.Values.fogView.router.ingress.grpc.annotations $ | fromYaml) | nindent 4 }} -spec: - tls: - - hosts: - - {{ .Values.fogView.router.responderID }} - secretName: {{ include "fog-view-service.fullname" $ }}-tls - rules: - - host: {{ .Values.fogView.router.responderID }} - http: - paths: - - path: /fog_view.FogViewAPI - pathType: Prefix - backend: - service: - name: {{ include "fog-view-service.fullname" $ }}-router - port: - name: view-grpc ---- -{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml deleted file mode 100644 index ec62754687..0000000000 --- a/.internal-ci/helm/fog-view-support/templates/fog-view-router-http-ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -{{- if .Values.fogView.router.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "fog-view-service.fullname" $ }}-router-http - labels: - app: fog-view - {{- include "fog-view-service.labels" $ | nindent 4 }} - annotations: - {{- if $.Values.fogView.router.ingress.common.blocklist.enabled }} - haproxy.org/blacklist: {{ $.Values.fogView.router.ingress.common.blocklist.pattern }} - {{- end }} - {{ toYaml (tpl $.Values.fogView.router.ingress.common.annotations $ | fromYaml) | nindent 4 }} - {{ toYaml (tpl $.Values.fogView.router.ingress.http.annotations $ | fromYaml) | nindent 4 }} -spec: - tls: - - hosts: - - {{ .Values.fogView.router.responderID }} - secretName: {{ include "fog-view-service.fullname" $ }}-tls - rules: - - host: {{ .Values.fogView.router.responderID }} - http: - paths: - - path: /gw/fog_view.FogViewAPI - pathType: Prefix - backend: - service: - name: {{ include "fog-view-service.fullname" $ }}-router - port: - name: view-http ---- -{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml deleted file mode 100644 index ef85369cc1..0000000000 --- a/.internal-ci/helm/fog-view-support/templates/fog-view-router-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -apiVersion: v1 -kind: Service -metadata: - name: {{ include "fog-view-service.fullname" $ }}-router - labels: - app: fog-view-router - {{- include "fog-view-service.labels" $ | nindent 4 }} -spec: - type: ClusterIP - selector: - app: fog-view-router - {{- include "fog-view-service.selectorLabels" $ | nindent 4 }} - # route to blue or green fogShardGenerator stacks. - color: {{ .Values.fogView.router.color }} - ports: - - name: view-grpc - port: 3225 - targetPort: view-grpc - - name: mgmt-http - port: 8000 - targetPort: mgmt-http - - name: view-http - port: 8225 - targetPort: view-http ---- diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml deleted file mode 100644 index 799c2b306f..0000000000 --- a/.internal-ci/helm/fog-view-support/templates/fog-view-router-servicemonitor.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -{{- $network := .Values.mobilecoin.network | required "mobilecoin.network is required." }} -{{- $partner := .Values.mobilecoin.partner | required "mobilecoin.partner is required." }} -{{- range $routerHosts := $.Values.fogView.router.hosts }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "fog-view-service.fullname" $ }}-router-{{ $routerHosts.partner }} - labels: - publish: grafana-cloud - app: fog-view-router - {{- include "fog-view-service.labels" $ | nindent 4 }} -spec: - selector: - matchLabels: - app: fog-view-router - partner: {{ $routerHosts.partner }} - {{- include "fog-view-service.selectorLabels" $ | nindent 6 }} - endpoints: - - port: mgmt-http - relabelings: - - targetLabel: network - replacement: {{ $network }} - - targetLabel: partner - replacement: {{ $partner }} - - action: replace - sourceLabels: - - __meta_kubernetes_pod_label_stack - targetLabel: view_stack ---- -{{- end }} diff --git a/.internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml b/.internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml deleted file mode 100644 index 9dc1b24e77..0000000000 --- a/.internal-ci/helm/fog-view-support/templates/fog-view-tls-certificate.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -{{- if .Values.fogView.router.ingress.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "fog-view-service.fullname" $ }}-tls - labels: - {{- include "fog-view-service.labels" $ | nindent 4 }} -spec: - secretName: {{ include "fog-view-service.fullname" $ }}-tls - privateKey: - size: 2048 - algorithm: RSA - encoding: PKCS1 - dnsNames: - - {{ .Values.fogView.router.responderID }} - issuerRef: - name: {{ $.Values.fogView.router.ingress.common.tls.clusterIssuer }} - kind: ClusterIssuer ---- -{{- end }} diff --git a/.internal-ci/helm/fog-view-support/values.yaml b/.internal-ci/helm/fog-view-support/values.yaml deleted file mode 100644 index 38b439c4b1..0000000000 --- a/.internal-ci/helm/fog-view-support/values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Mobilecoin network instance -mobilecoin: - network: '' - partner: '' - -fogView: - router: - # External hostname view service uses - responderID: '' - # color label of the fogShardGenerator stack to route traffic to. - # blue|green - color: blue - - ingress: - enabled: true - common: - # Set a static salt for the dynamic cookie. See helpers for more info. - # cookieSalt: '' - tls: - clusterIssuer: letsencrypt-production-http - blocklist: - enabled: true - pattern: patterns/blocked-countries - annotations: |- - haproxy.org/server-ssl: "false" # The backend (server) is http - haproxy.org/timeout-client: 239s # 4 min timeout on azure - haproxy.org/timeout-server: 239s - haproxy.org/timeout-http-keep-alive: 120s - haproxy.org/abortonclose: "true" - haproxy.org/backend-config-snippet: |- - http-reuse aggressive - dynamic-cookie-key {{ include "fog-view.grpcCookieSalt" . }} - cookie VIEW insert indirect nocache dynamic - - grpc: - annotations: |- - haproxy.org/server-proto: "h2" # Force GRPC/H2 mode - - http: - annotations: |- - haproxy.org/path-rewrite: '/gw/(.*) /\1' # Strip the /gw prefix From c19a2eb41c2b65ed78f76cf448048ba1ca5df275 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Fri, 20 Sep 2024 13:45:30 -0500 Subject: [PATCH 3/6] add fog-view-fsg/fog-view-service charts --- .internal-ci/helm/fog-view-fsg/README.md | 28 +- .../helm/fog-view-fsg/templates/NOTES.txt | 16 + .../fog-view-fsg/templates/_containers.tpl | 58 +++ .../helm/fog-view-fsg/templates/_router.tpl | 54 +++ .../helm/fog-view-fsg/templates/_store.tpl | 92 +++++ .../fog-view-fogshardrangegenerator.yaml | 368 +++--------------- .../fog-view-router-headless-service.yaml | 6 +- .../fog-view-store-servicemonitor.yaml | 4 + .../supervisord-admin-configmap.yaml | 21 - .../supervisord-daemon-configmap.yaml | 11 - ...supervisord-fog-view-router-configmap.yaml | 18 - .../supervisord-fog-view-store-configmap.yaml | 21 - .internal-ci/helm/fog-view-fsg/values.yaml | 159 +++----- .../helm/fog-view-service/.helmignore | 23 ++ .internal-ci/helm/fog-view-service/Chart.yaml | 6 + .internal-ci/helm/fog-view-service/README.md | 23 ++ .../helm/fog-view-service/templates/NOTES.txt | 16 + .../fog-view-service/templates/_helpers.tpl | 56 +++ .../templates/router-grpc-ingress.yaml | 34 ++ .../templates/router-http-ingress.yaml | 34 ++ .../templates/router-service.yaml | 24 ++ .../templates/router-servicemonitor.yaml | 32 ++ .../templates/tls-certificate.yaml | 21 + .../helm/fog-view-service/values.yaml | 40 ++ 24 files changed, 642 insertions(+), 523 deletions(-) create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_containers.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_router.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_store.tpl delete mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml delete mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml delete mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml delete mode 100644 .internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-service/.helmignore create mode 100644 .internal-ci/helm/fog-view-service/Chart.yaml create mode 100644 .internal-ci/helm/fog-view-service/README.md create mode 100644 .internal-ci/helm/fog-view-service/templates/NOTES.txt create mode 100644 .internal-ci/helm/fog-view-service/templates/_helpers.tpl create mode 100644 .internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/router-service.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/router-servicemonitor.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/tls-certificate.yaml create mode 100644 .internal-ci/helm/fog-view-service/values.yaml diff --git a/.internal-ci/helm/fog-view-fsg/README.md b/.internal-ci/helm/fog-view-fsg/README.md index 582d59cd1e..a23350bad4 100644 --- a/.internal-ci/helm/fog-view-fsg/README.md +++ b/.internal-ci/helm/fog-view-fsg/README.md @@ -1,6 +1,6 @@ -# Fog-View +# Fog-View-FSG -Run a MobileCoin fog-view instance. +Run a MobileCoin fog-view fogShardGenerator chart ### Required Values @@ -12,17 +12,15 @@ mobilecoin: partner: mc fogView: - router: - hosts: - # add more instances here to generate additional routers - - partner: mc - responderID: fog.prod.mobilecoinww.com + color: (blue|green) + zone: + responderID: fog.prod.mobilecoinww.com ``` Install chart: ```bash -helm upgrade fog-view mcf-public/fog-view -i -f values.yaml +helm upgrade fog-view-fsg-blue-z1 mcf-public/fog-view-fsg -i -f values.yaml ``` ### Required ConfigMaps @@ -55,20 +53,6 @@ type: Opaque stringData: postgresql-password: ``` - -IAS example - -```yaml -apiVersion: v1 -metadata: - name: ias -kind: Secret -type: Opaque -stringData: - MC_IAS_API_KEY - MC_IAS_SPID -``` - ### Optional ConfigMaps sentry: diff --git a/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt b/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt index e69de29bb2..905971b4a2 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt +++ b/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt @@ -0,0 +1,16 @@ +:::: :::: :::::::: ::::::::: ::::::::::: ::: :::::::::: ++:+:+: :+:+:+ :+: :+: :+: :+: :+: :+: :+: ++:+ +:+:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++#+ +:+ +#+ +#+ +:+ +#++:++#+ +#+ +#+ +#++:++# ++#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+# #+# #+# #+# #+# #+# #+# #+# #+# +### ### ######## ######### ########### ########## ########## + :::::::: :::::::: ::::::::::: :::: ::: +:+: :+: :+: :+: :+: :+:+: :+: ++:+ +:+ +:+ +:+ :+:+:+ +:+ ++#+ +#+ +:+ +#+ +#+ +:+ +#+ ++#+ +#+ +#+ +#+ +#+ +#+#+# +#+# #+# #+# #+# #+# #+# #+#+# + ######## ######## ########### ### #### + +fog-view fogShardGenerator has been deployed. diff --git a/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl b/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl new file mode 100644 index 0000000000..3c112fcae6 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl @@ -0,0 +1,58 @@ +{{- define "containers.sysctl" -}} +- name: sysctl + image: ubuntu:20.04 + command: + - sysctl + - -w + - net.ipv4.tcp_retries2=5 + - net.core.somaxconn=65535 + securityContext: + privileged: true + runAsUser: 0 + runAsNonRoot: False + readOnlyRootFilesystem: true +{{- end -}} + +{{- define "containers.admin-http-gateway" -}} +- name: admin-http-gateway + image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + args: + - /usr/bin/mc-admin-http-gateway + - --listen-host=0.0.0.0 + - --listen-port=8000 + - --admin-uri=insecure-mca://127.0.0.1:8001/ + ports: + - name: mgmt-http + containerPort: 8000 + # securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true +{{- end -}} + +{{- define "containers.go-grpc-gateway" -}} +- name: grpc-gateway + image: "{{ .Values.image.org }}/go-grpc-gateway:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + command: + - /usr/bin/go-grpc-gateway + - -grpc-server-endpoint=127.0.0.1:{{ .Values.grpcGateway.grpcServicePort }} + - -grpc-insecure + - -http-server-listen=:8200 + - -logtostderr + ports: + - name: gateway-http + containerPort: 8200 + resources: + limits: + cpu: 1 + memory: 256Mi + requests: + cpu: 256m + memory: 256Mi +{{- end -}} diff --git a/.internal-ci/helm/fog-view-fsg/templates/_router.tpl b/.internal-ci/helm/fog-view-fsg/templates/_router.tpl new file mode 100644 index 0000000000..b0c9c15d22 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_router.tpl @@ -0,0 +1,54 @@ +{{- define "fog-view-fsg.router" -}} +{{- $view := .Values.fogView }} +{{- $router := $view.router }} +- name: fog-view-router + image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + args: [ "/usr/bin/fog_view_router" ] + ports: + - name: view-grpc + containerPort: 3225 + startupProbe: + {{- $router.startupProbe | toYaml | nindent 4 }} + livenessProbe: + {{- $router.livenessProbe | toYaml | nindent 4 }} + readinessProbe: + {{- $router.readinessProbe | toYaml | nindent 4 }} + envFrom: + - configMapRef: + name: {{ include "fog-view-fsg.fullname" . }}-router + env: + - name: RUST_BACKTRACE + value: {{ $router.rust.backtrace | quote }} + - name: RUST_LOG + value: {{ $router.rust.log | quote }} + - name: MC_CLIENT_RESPONDER_ID + value: {{ $view.responderID }}:443 + - name: MC_CHAIN_ID + value: {{ .Values.mobilecoin.network }} + - name: MC_CLIENT_LISTEN_URI + value: insecure-fog-view://0.0.0.0:3225/ + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + {{- if eq .Values.jaegerTracing.enabled true }} + - name: MC_TELEMETRY + value: "true" + - name: OTEL_SERVICE_NAME + value: fog-view-router + - name: OTEL_RESOURCE_ATTRIBUTES + value: "deployment.environment={{ .Values.mobilecoin.partner }},deployment.chain_id={{ .Values.mobilecoin.network }}" + - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT + value: http://otel-collector.otel:4317 + {{- end }} + - name: MC_SENTRY_DSN + valueFrom: + configMapKeyRef: + name: sentry + key: fog-view-sentry-dsn + optional: true + # Maps to Sentry Environment + - name: MC_BRANCH + value: {{ .Values.mobilecoin.network }} + resources: + {{- toYaml $router.resources | nindent 4 }} +{{- end -}} diff --git a/.internal-ci/helm/fog-view-fsg/templates/_store.tpl b/.internal-ci/helm/fog-view-fsg/templates/_store.tpl new file mode 100644 index 0000000000..b8ada7237b --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_store.tpl @@ -0,0 +1,92 @@ +{{- define "fog-view-fsg.store" -}} +{{- $view := .Values.fogView }} +{{- $store := $view.store }} +- name: fog-view-store + image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + args: [ "/usr/bin/fog_view_server" ] + ports: + - name: view-grpc + containerPort: 3225 + livenessProbe: + {{- $store.livenessProbe | toYaml | nindent 4 }} + startupProbe: + {{- $store.startupProbe | toYaml | nindent 4 }} + readinessProbe: + {{- $store.readinessProbe | toYaml | nindent 4 }} + envFrom: + - configMapRef: + name: {{ include "fog-view-fsg.fullname" . }}-store + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RUST_BACKTRACE + value: {{ $store.rust.backtrace | quote }} + - name: RUST_LOG + value: {{ $store.rust.log | quote }} + - name: MC_CHAIN_ID + value: {{ .Values.mobilecoin.network }} + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + # This is looking for the fqdn of the svc that is in front of the store. + - name: MC_CLIENT_LISTEN_URI + value: "insecure-fog-view-store://0.0.0.0:3225/?responder-id=$(POD_NAME).{{ include "fog-view-fsg.fullname" . }}-store.$(POD_NAMESPACE):3225" + - name: MC_CLIENT_RESPONDER_ID + value: "$(POD_NAME).{{ include "fog-view-fsg.fullname" . }}-store.$(POD_NAMESPACE):3225" + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + - name: FOGDB_HOST + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-hostname + - name: FOGDB_USER + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-username + - name: FOGDB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $view.externalSecrets.postgresReader.name }} + key: postgres-password + - name: FOGDB_DATABASE + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-database + - name: FOGDB_SSL_OPTIONS + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-ssl-options + - name: DATABASE_URL + value: "postgres://$(FOGDB_USER):$(FOGDB_PASSWORD)@$(FOGDB_HOST)/$(FOGDB_DATABASE)$(FOGDB_SSL_OPTIONS)" + {{- if .Values.jaegerTracing.enabled }} + - name: MC_TELEMETRY + value: "true" + - name: OTEL_SERVICE_NAME + value: fog-view-store + - name: OTEL_RESOURCE_ATTRIBUTES + value: "deployment.environment={{ .Values.mobilecoin.partner }},deployment.chain_id={{ .Values.mobilecoin.network }}" + - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT + value: http://otel-collector.otel:4317 + {{- end }} + - name: MC_SENTRY_DSN + valueFrom: + configMapKeyRef: + name: sentry + key: fog-view-sentry-dsn + optional: true + # Maps to Sentry Environment + - name: MC_BRANCH + value: {{ .Values.mobilecoin.network }} + resources: + {{- toYaml $store.resources | nindent 4 }} +{{- end -}} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml index 73f893b921..07f5553925 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml @@ -1,24 +1,28 @@ # Copyright (c) 2018-2023 The MobileCoin Foundation -{{- $stack := (include "fog-view-fsg.stackConfig" . | fromYaml) }} -{{- $router := .Values.fogView.router }} -{{- $store := .Values.fogView.store }} +{{- $stack := (include "fog-view-fsg.stackConfig" $ | fromYaml) }} +{{- $view := .Values.fogView }} +{{- $zone := $view.zone | required "fogView.zone is required." }} +{{- $color := $view.color | required "fogView.color is required." }} +{{- $responderId := $view.responderID | required "fogView.responderID is required." }} +{{- $router := $view.router }} +{{- $store := $view.store }} +{{- range $stackCount := until (int $stack.count) }} apiVersion: mc.mobilecoin.com/v1 kind: FogShardRangeGenerator metadata: - name: {{ include "fog-view-fsg.fullname" $ }} + name: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} labels: + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + color: {{ $view.color }} {{- include "fog-view-fsg.labels" $ | nindent 4 }} spec: - shardSize: {{ $stack.shardSize }} exceedBlockHeightBy: {{ $stack.exceedBlockHeightBy }} shardOverlap: {{ $stack.shardOverlap }} - {{- with $stack.blockHeightRetrieval }} - blockCountURL: {{ tpl .blockCountURL $ | quote }} - blockCountQueryInterval: {{ .queryInterval | quote }} - blockCountResponseJQ: {{ .responseJQ | quote }} - blockCountReqBody: {{ .requestBody | quote }} - {{- end }} + blockCountURL: {{ tpl $stack.blockHeightRetrieval.blockCountURL $ | quote }} + blockCountQueryInterval: {{ $stack.blockHeightRetrieval.queryInterval | quote }} + blockCountResponseJQ: {{ $stack.blockHeightRetrieval.responseJQ | quote }} + blockCountReqBody: {{ $stack.blockHeightRetrieval.requestBody | quote }} router: templates: - templateID: view @@ -29,24 +33,26 @@ spec: selector: matchLabels: app: fog-view-router - color: {{ .Values.fogView.color }} - stack: {{ include "fog-view-fsg.fullname" . }} - {{- include "fog-view-fsg.selectorLabels" . | nindent 12 }} - serviceName: {{ include "fog-view-fsg.fullname" . }}-router-headless + color: {{ $view.color }} + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 12 }} + serviceName: {{ include "fog-view-fsg.fullname" $ }}-router-headless template: metadata: annotations: {{- toYaml $router.podAnnotations | nindent 14 }} labels: app: fog-view-router - color: {{ .Values.fogView.color }} - stack: {{ include "fog-view-fsg.fullname" . }} - {{- include "fog-view-fsg.labels" . | nindent 14 }} + color: {{ $view.color }} + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + {{- include "fog-view-fsg.labels" $ | nindent 14 }} spec: + readinessGates: + - conditionType: mobilecoin.com/shards-ready {{- if $router.affinityEnabled }} affinity: podAffinity: - # Pods prefer to be scheduled on nodes with pods from the same stack. + # Prefer Pods to be scheduled on nodes with pods from the same stack. preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: @@ -54,162 +60,23 @@ spec: - key: stack operator: In values: - - {{ include "fog-view-fsg.fullname" . }} + - {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} topologyKey: "kubernetes.io/hostname" weight: 1 {{- end }} imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 12 }} + {{- toYaml $.Values.imagePullSecrets | nindent 12 }} initContainers: - - name: sysctl - image: ubuntu:20.04 - command: - - sysctl - - -w - - net.ipv4.tcp_retries2=5 - - net.core.somaxconn=65535 - securityContext: - privileged: true - runAsUser: 0 - runAsNonRoot: False + {{- include "containers.sysctl" $ | nindent 12 }} containers: - - name: fog-view-router - image: "{{ $router.image.org | default .Values.image.org }}/{{ $router.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ $router.image.pullPolicy }} - args: [ "/usr/bin/supervisord" ] - ports: - - name: view-grpc - containerPort: 3225 - - name: mgmt-http - containerPort: 8000 - envFrom: - - configMapRef: - name: {{ include "fog-view-fsg.fullname" . }}-router - startupProbe: - grpc: - port: 3225 - failureThreshold: 240 - periodSeconds: 30 - timeoutSeconds: 1 - successThreshold: 1 - livenessProbe: - grpc: - port: 3225 - failureThreshold: 5 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - grpc: - port: 3225 - failureThreshold: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - env: - - name: RUST_BACKTRACE - value: {{ $router.rust.backtrace | quote }} - {{- if eq .Values.jaegerTracing.enabled true }} - - name: MC_TELEMETRY - value: "true" - {{- end }} - - name: RUST_LOG - value: {{ $router.rust.log | quote }} - - name: MC_CLIENT_RESPONDER_ID - value: {{ .Values.fogView.router.responderID }}:443 - - name: MC_CLIENT_LISTEN_URI - value: insecure-fog-view://0.0.0.0:3225/ - - name: MC_ADMIN_LISTEN_URI - value: insecure-mca://127.0.0.1:8001/ - - name: MC_SENTRY_DSN - valueFrom: - configMapKeyRef: - name: sentry - key: fog-view-sentry-dsn - optional: true - # Maps to Sentry Environment - - name: MC_BRANCH - value: {{ .Values.mobilecoin.network }} - - name: MC_CHAIN_ID - value: {{ .Values.mobilecoin.network }} - volumeMounts: - - name: supervisor-conf - mountPath: /etc/supervisor/conf.d - readOnly: true - - mountPath: /var/run/aesmd - name: aesm-socket-dir - resources: - {{- toYaml $router.resources | nindent 16 }} - - name: grpc-gateway - image: "{{ .Values.grpcGateway.image.org | default .Values.image.org }}/{{ .Values.grpcGateway.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: Always - command: - - /usr/bin/go-grpc-gateway - - -grpc-server-endpoint=127.0.0.1:3225 - - -grpc-insecure - - -http-server-listen=:8225 - - -logtostderr - ports: - - name: view-http - containerPort: 8225 - resources: - {{- toYaml .Values.grpcGateway.resources | nindent 16 }} - {{- if eq .Values.jaegerTracing.enabled true }} - - name: jaeger-agent - image: jaegertracing/jaeger-agent:latest - imagePullPolicy: IfNotPresent - ports: - - containerPort: 5775 - name: zk-compact-trft - protocol: UDP - - containerPort: 5778 - name: config-rest - protocol: TCP - - containerPort: 6831 - name: jg-compact-trft - protocol: UDP - - containerPort: 6832 - name: jg-binary-trft - protocol: UDP - - containerPort: 14271 - name: admin-http - protocol: TCP - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - args: - - --reporter.grpc.host-port=dns:///jaeger-collector:14250 - - --reporter.type=grpc - - --agent.tags=cluster=undefined,container.name=fog-view-router,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} - {{- end }} + {{- include "fog-view-fsg.router" $ | nindent 12 }} + {{- include "containers.go-grpc-gateway" $ | nindent 12 }} + {{- include "containers.admin-http-gateway" $ | nindent 12 }} nodeSelector: - topology.kubernetes.io/zone: {{ .Values.fogView.zone }} + topology.kubernetes.io/zone: {{ $view.zone }} {{- toYaml $router.nodeSelector | nindent 14 }} tolerations: {{- toYaml $router.tolerations | nindent 12 }} - readinessGates: - - conditionType: mobilecoin.com/shards-ready - volumes: - - emptyDir: {} - name: aesm-socket-dir - - name: supervisor-conf - projected: - defaultMode: 420 - sources: - - configMap: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-router - - configMap: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-daemon - - configMap: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-admin store: containerName: fog-view-store @@ -221,19 +88,19 @@ spec: selector: matchLabels: app: fog-view-store - stack: {{ include "fog-view-fsg.fullname" . }} - color: {{ .Values.fogView.color }} - {{- include "fog-view-fsg.selectorLabels" . | nindent 10 }} - serviceName: {{ include "fog-view-fsg.fullname" . }}-store + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + color: {{ $.Values.fogView.color }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 10 }} + serviceName: {{ include "fog-view-fsg.fullname" $ }}-store template: metadata: annotations: {{- toYaml $store.podAnnotations | nindent 12 }} labels: app: fog-view-store - stack: {{ include "fog-view-fsg.fullname" . }} - color: {{ .Values.fogView.color }} - {{- include "fog-view-fsg.labels" . | nindent 12 }} + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + color: {{ $.Values.fogView.color }} + {{- include "fog-view-fsg.labels" $ | nindent 12 }} spec: {{- if $store.affinityEnabled }} affinity: @@ -245,164 +112,21 @@ spec: - key: stack operator: In values: - - {{ include "fog-view-fsg.fullname" . }} + - {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} topologyKey: "kubernetes.io/hostname" weight: 1 {{- end }} imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 10 }} + {{- toYaml $.Values.imagePullSecrets | nindent 10 }} initContainers: - - name: sysctl - image: ubuntu:20.04 - command: - - sysctl - - -w - - net.ipv4.tcp_retries2=5 - - net.core.somaxconn=65535 - securityContext: - privileged: true - runAsUser: 0 - runAsNonRoot: False + {{- include "containers.sysctl" $ | nindent 12 }} containers: - - name: fog-view-store - image: "{{ $store.image.org | default .Values.image.org }}/{{ $store.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ $store.image.pullPolicy }} - args: [ "/usr/bin/supervisord" ] - ports: - - name: view-grpc - containerPort: 3225 - - name: mgmt-http - containerPort: 8000 - envFrom: - - configMapRef: - name: {{ include "fog-view-fsg.fullname" . }}-store - env: - {{- if .Values.jaegerTracing.enabled }} - - name: MC_TELEMETRY - value: "true" - {{- end }} - - name: RUST_BACKTRACE - value: {{ $store.rust.backtrace | quote }} - - name: RUST_LOG - value: {{ $store.rust.log | quote }} - - name: MC_SENTRY_DSN - valueFrom: - configMapKeyRef: - name: sentry - key: fog-view-sentry-dsn - optional: true - # Maps to Sentry Environment - - name: MC_BRANCH - value: {{ .Values.mobilecoin.network }} - - name: MC_CHAIN_ID - value: {{ .Values.mobilecoin.network }} - - name: FOGDB_HOST - valueFrom: - configMapKeyRef: - name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} - key: postgres-hostname - - name: FOGDB_USER - valueFrom: - configMapKeyRef: - name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} - key: postgres-username - - name: FOGDB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.fogView.externalSecrets.postgresReader.name }} - key: postgres-password - - name: FOGDB_DATABASE - valueFrom: - configMapKeyRef: - name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} - key: postgres-database - - name: FOGDB_SSL_OPTIONS - valueFrom: - configMapKeyRef: - name: {{ .Values.fogView.externalConfigMaps.postgresReader.name }} - key: postgres-ssl-options - - name: DATABASE_URL - value: "postgres://$(FOGDB_USER):$(FOGDB_PASSWORD)@$(FOGDB_HOST)/$(FOGDB_DATABASE)$(FOGDB_SSL_OPTIONS)" - livenessProbe: - grpc: - port: 3225 - failureThreshold: 5 - periodSeconds: 30 - timeoutSeconds: 1 - successThreshold: 1 - startupProbe: - grpc: - port: 3225 - failureThreshold: 480 - periodSeconds: 30 - timeoutSeconds: 1 - successThreshold: 1 - readinessProbe: - grpc: - port: 3225 - failureThreshold: 2 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - volumeMounts: - - name: supervisor-conf - mountPath: /etc/supervisor/conf.d - readOnly: true - - mountPath: /var/run/aesmd - name: aesm-socket-dir - resources: - {{- toYaml $store.resources | nindent 14 }} - {{- if .Values.jaegerTracing.enabled }} - - name: jaeger-agent - image: jaegertracing/jaeger-agent:latest - imagePullPolicy: IfNotPresent - ports: - - containerPort: 5775 - name: zk-compact-trft - protocol: UDP - - containerPort: 5778 - name: config-rest - protocol: TCP - - containerPort: 6831 - name: jg-compact-trft - protocol: UDP - - containerPort: 6832 - name: jg-binary-trft - protocol: UDP - - containerPort: 14271 - name: admin-http - protocol: TCP - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - args: - - --reporter.grpc.host-port=dns:///jaeger-collector:14250 - - --reporter.type=grpc - - --agent.tags=cluster=undefined,container.name=fog-view,deployment.name={{ include "fog-view-fsg.fullname" . }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ .Release.Namespace }} - {{- end }} + {{- include "fog-view-fsg.store" $ | nindent 12 }} + {{- include "containers.admin-http-gateway" $ | nindent 12 }} nodeSelector: - topology.kubernetes.io/zone: {{ .Values.fogView.zone }} + topology.kubernetes.io/zone: {{ $.Values.fogView.zone }} {{- toYaml $store.nodeSelector | nindent 12 }} tolerations: {{- toYaml $store.tolerations | nindent 10 }} - volumes: - - emptyDir: {} - name: aesm-socket-dir - - name: supervisor-conf - projected: - sources: - - configMap: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-daemon - - configMap: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-store - - configMap: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-admin --- +{{- end }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml index 636a342cf8..7a46e032c0 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml @@ -19,7 +19,7 @@ spec: - name: mgmt-http port: 8000 targetPort: mgmt-http - - name: view-http - port: 8225 - targetPort: view-http + - name: gateway-http + port: 8200 + targetPort: gateway-http --- diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml index 192fe47ce4..c2eceaae22 100644 --- a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml @@ -25,4 +25,8 @@ spec: sourceLabels: - __meta_kubernetes_pod_label_stack targetLabel: view_stack + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_color + targetLabel: color diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml deleted file mode 100644 index 0221e48b25..0000000000 --- a/.internal-ci/helm/fog-view-fsg/templates/supervisord-admin-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-admin - labels: - {{- include "fog-view-fsg.labels" . | nindent 4 }} -data: - admin_http_gw.conf: | - [program:mc-admin-http-gateway] - priority=200 - command=/usr/bin/mc-admin-http-gateway - --listen-host 0.0.0.0 - --listen-port 8000 - --admin-uri insecure-mca://127.0.0.1:8001/ - - stdout_logfile=/dev/fd/1 - stdout_logfile_maxbytes=0 - stderr_logfile=/dev/fd/2 - stderr_logfile_maxbytes=0 - autorestart=true diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml deleted file mode 100644 index c573272b8b..0000000000 --- a/.internal-ci/helm/fog-view-fsg/templates/supervisord-daemon-configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-daemon - labels: - {{- include "fog-view-fsg.labels" . | nindent 4 }} -data: - supervisor.conf: | - [supervisord] - nodaemon=true diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml deleted file mode 100644 index 428412c243..0000000000 --- a/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-router-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-router - labels: - {{- include "fog-view-fsg.labels" . | nindent 4 }} -data: - fog_view_router.conf: | - [program:fogviewrouter] - priority=100 - command=fog_view_router - - stdout_logfile=/dev/fd/1 - stdout_logfile_maxbytes=0 - stderr_logfile=/dev/fd/2 - stderr_logfile_maxbytes=0 - autorestart=true diff --git a/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml deleted file mode 100644 index a4952c07bd..0000000000 --- a/.internal-ci/helm/fog-view-fsg/templates/supervisord-fog-view-store-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2018-2023 The MobileCoin Foundation -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "fog-view-fsg.fullname" . }}-supervisord-fog-view-store - labels: - {{- include "fog-view-fsg.labels" . | nindent 4 }} -data: - fog_view_store.conf: | - [program:fog-view-store] - priority=100 - command=/usr/bin/fog_view_server - --client-listen-uri insecure-fog-view-store://0.0.0.0:3225/?responder-id=%(ENV_HOSTNAME)s.{{ include "fog-view-fsg.fullname" . }}-store.{{ .Release.Namespace }}:3225 - --client-responder-id "%(ENV_HOSTNAME)s.{{ include "fog-view-fsg.fullname" . }}-store.{{ .Release.Namespace }}:3225" - --admin-listen-uri insecure-mca://127.0.0.1:8001/ - - stdout_logfile=/dev/fd/1 - stdout_logfile_maxbytes=0 - stderr_logfile=/dev/fd/2 - stderr_logfile_maxbytes=0 - autorestart=true diff --git a/.internal-ci/helm/fog-view-fsg/values.yaml b/.internal-ci/helm/fog-view-fsg/values.yaml index 59cf07bf08..898d5277dd 100644 --- a/.internal-ci/helm/fog-view-fsg/values.yaml +++ b/.internal-ci/helm/fog-view-fsg/values.yaml @@ -4,6 +4,7 @@ imagePullSecrets: # Pods share the image tag. image: org: mobilecoin + name: fogview tag: '' # Overrides the image tag whose default is the chart appVersion. # Mobilecoin network instance @@ -17,6 +18,8 @@ fogView: zone: '' # color label of the fogShardGenerator stack. blue|green color: 'blue' + ### fog-ledger-router public hostnames (client responder ID) + responderID: '' stackConfig: network: @@ -53,17 +56,8 @@ fogView: requestBody: '' router: - ### list of fog-ledger-router hostnames (client responder ID) - - responderID: '' - replicaCount: 1 - image: - org: '' - name: fogview - pullPolicy: Always - resources: limits: sgx.intel.com/epc: 512Ki @@ -82,10 +76,8 @@ fogView: value: 'true' effect: NoSchedule - # disable affinity rules for single node testing podManagementPolicy: Parallel - # affinityEnabled: true - # topologySpreadConstraintsEnabled: true + affinityEnabled: true rust: backtrace: full @@ -93,67 +85,53 @@ fogView: podAnnotations: fluentbit.io/include: 'true' # collect logs with fluentbit - fluentbit.io/exclude-jaeger-agent: 'true' # This is the container name that needs to use sgx resources sgx.intel.com/quote-provider: fog-view-router - ingress: - enabled: true - common: - # Set a static salt for the dynamic cookie. See helpers for more info. - # cookieSalt: '' - tls: - clusterIssuer: letsencrypt-production-http - blocklist: - enabled: true - pattern: patterns/blocked-countries - annotations: |- - haproxy.org/server-ssl: "false" # The backend (server) is http - haproxy.org/timeout-client: 239s # 4 min timeout on azure - haproxy.org/timeout-server: 239s - haproxy.org/timeout-http-keep-alive: 120s - haproxy.org/abortonclose: "true" - haproxy.org/backend-config-snippet: |- - http-reuse aggressive - dynamic-cookie-key {{ include "fog-view.grpcCookieSalt" . }} - cookie VIEW insert indirect nocache dynamic + configMap: + data: + PLACEHOLDER: 'empty' + startupProbe: grpc: - annotations: |- - haproxy.org/server-proto: "h2" # Force GRPC/H2 mode + port: 3225 + failureThreshold: 240 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 - http: - annotations: |- - haproxy.org/path-rewrite: '/gw/(.*) /\1' # Strip the /gw prefix + livenessProbe: + grpc: + port: 3225 + failureThreshold: 5 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 - configMap: - data: - PLACEHOLDER: 'empty' + readinessProbe: + grpc: + port: 3225 + failureThreshold: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 store: replicaCount: 1 - image: - org: '' - name: fogview - pullPolicy: Always - rust: backtrace: full log: info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,reqwest=warn,rusoto_core=error,rusoto_signature=error,h2=error,rocket=warn,=warn podAnnotations: fluentbit.io/include: 'true' # collect logs with fluentbit - fluentbit.io/exclude-jaeger-agent: 'true' # This is the container name that needs to use sgx resources sgx.intel.com/quote-provider: fog-view-store # disable affinity rules for single node testing podManagementPolicy: Parallel affinityEnabled: true - topologySpreadConstraintsEnabled: true - ### Intel SGX extended resources are defined with: https://github.com/sebva/sgx-device-plugin resources: limits: sgx.intel.com/epc: 512Ki @@ -175,12 +153,36 @@ fogView: configMap: data: # https://docs.diesel.rs/diesel/r2d2/struct.Builder.html - POSTGRES_IDLE_TIMEOUT: '60' - POSTGRES_MAX_LIFETIME: '120' + # POSTGRES_IDLE_TIMEOUT: '60' + # POSTGRES_MAX_LIFETIME: '120' POSTGRES_CONNECTION_TIMEOUT: '5' POSTGRES_MAX_CONNECTIONS: '3' MC_OMAP_CAPACITY: '4194304' + livenessProbe: + grpc: + port: 3225 + failureThreshold: 5 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + + startupProbe: + grpc: + port: 3225 + failureThreshold: 480 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + + readinessProbe: + grpc: + port: 3225 + failureThreshold: 2 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + ### These configmaps and secrets must be deployed by external process to the namespace. # override the name of the required configmaps externalConfigMaps: @@ -203,62 +205,9 @@ fogView: name: fog-recovery-reader-0-postgresql ### required keys: # postgresql-password - ias: - name: ias - ### required keys: - # MC_IAS_API_KEY - # MC_IAS_SPID - grpcGateway: - image: - org: '' - name: go-grpc-gateway - pullPolicy: Always - - resources: - limits: - cpu: 1 - memory: 256Mi - requests: - cpu: 256m - memory: 256Mi + grpcServicePort: 3225 jaegerTracing: enabled: false - -jaegerAgent: |- - - name: jaeger-agent - image: jaegertracing/jaeger-agent:latest - imagePullPolicy: IfNotPresent - ports: - - containerPort: 5775 - name: zk-compact-trft - protocol: UDP - - containerPort: 5778 - name: config-rest - protocol: TCP - - containerPort: 6831 - name: jg-compact-trft - protocol: UDP - - containerPort: 6832 - name: jg-binary-trft - protocol: UDP - - containerPort: 14271 - name: admin-http - protocol: TCP - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - args: - - --reporter.grpc.host-port=dns:///jaeger-collector:14250 - - --reporter.type=grpc - - --agent.tags=cluster=undefined,container.name=fog-view,deployment.name={{ include "fog-view-fsg.fullname" $ }},host.ip=${HOST_IP:},pod.name=${POD_NAME:},pod.namespace={{ $.Release.Namespace }} diff --git a/.internal-ci/helm/fog-view-service/.helmignore b/.internal-ci/helm/fog-view-service/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/.internal-ci/helm/fog-view-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.internal-ci/helm/fog-view-service/Chart.yaml b/.internal-ci/helm/fog-view-service/Chart.yaml new file mode 100644 index 0000000000..0090451eb6 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: fog-view-service +description: MobileCoin Fog View service stack. +type: application +version: 0.0.0 +appVersion: "0.0.0" diff --git a/.internal-ci/helm/fog-view-service/README.md b/.internal-ci/helm/fog-view-service/README.md new file mode 100644 index 0000000000..976f7f4119 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/README.md @@ -0,0 +1,23 @@ +# Fog-View-Service + +Run a MobileCoin fog-view instance. + +### Required Values + +You must set the fog view service hostnames and mobilecoin network and partner ids. + +```yaml +mobilecoin: + network: main + partner: mc + +fogView: + responderID: fog..development.mobilecoin.com + color: blue +``` + +Install chart: + +```bash +helm upgrade fog-view-service mcf-public/fog-view-service -i -f values.yaml +``` diff --git a/.internal-ci/helm/fog-view-service/templates/NOTES.txt b/.internal-ci/helm/fog-view-service/templates/NOTES.txt new file mode 100644 index 0000000000..e85bfc0ddc --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/NOTES.txt @@ -0,0 +1,16 @@ +:::: :::: :::::::: ::::::::: ::::::::::: ::: :::::::::: ++:+:+: :+:+:+ :+: :+: :+: :+: :+: :+: :+: ++:+ +:+:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++#+ +:+ +#+ +#+ +:+ +#++:++#+ +#+ +#+ +#++:++# ++#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+# #+# #+# #+# #+# #+# #+# #+# #+# +### ### ######## ######### ########### ########## ########## + :::::::: :::::::: ::::::::::: :::: ::: +:+: :+: :+: :+: :+: :+:+: :+: ++:+ +:+ +:+ +:+ :+:+:+ +:+ ++#+ +#+ +:+ +#+ +#+ +:+ +#+ ++#+ +#+ +#+ +#+ +#+ +#+#+# +#+# #+# #+# #+# #+# #+# #+#+# + ######## ######## ########### ### #### + +fog-view-service has been deployed. diff --git a/.internal-ci/helm/fog-view-service/templates/_helpers.tpl b/.internal-ci/helm/fog-view-service/templates/_helpers.tpl new file mode 100644 index 0000000000..03c3657461 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fog-view-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fog-view-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fog-view-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" | trimSuffix "." }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fog-view-service.labels" -}} +helm.sh/chart: {{ include "fog-view-service.chart" . }} +{{ include "fog-view-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fog-view-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fog-view-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* grpcCookieSalt */}} +{{- define "fog-view-service.grpcCookieSalt" -}} +{{- .Values.fogView.router.ingress.common.cookieSalt | default (randAlphaNum 8) }} +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml b/.internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml new file mode 100644 index 0000000000..b9b3fe1c7e --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml @@ -0,0 +1,34 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +{{- $responderId := .Values.responderID | required "fogView.responderID is required." }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "fog-view-service.fullname" . }}-router-grpc + labels: + app: fog-view + {{- include "fog-view-service.labels" . | nindent 4 }} + annotations: + {{- if .Values.fogView.router.ingress.common.blocklist.enabled }} + haproxy.org/blacklist: {{ .Values.fogView.router.ingress.common.blocklist.pattern }} + {{- end }} + {{ toYaml (tpl .Values.fogView.router.ingress.common.annotations . | fromYaml) | nindent 4 }} + {{ toYaml (tpl .Values.fogView.router.ingress.grpc.annotations . | fromYaml) | nindent 4 }} +spec: + tls: + - hosts: + - {{ $responderId }} + secretName: {{ include "fog-view-service.fullname" . }}-tls + rules: + - host: {{ $responderId }} + http: + paths: + - path: /fog_view.FogViewAPI + pathType: Prefix + backend: + service: + name: {{ include "fog-view-service.fullname" . }}-router + port: + name: view-grpc +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml b/.internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml new file mode 100644 index 0000000000..e6f9e21346 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml @@ -0,0 +1,34 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +{{- $responderId := .Values.responderID | required "fogView.responderID is required." }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "fog-view-service.fullname" $ }}-router-http + labels: + app: fog-view + {{- include "fog-view-service.labels" . | nindent 4 }} + annotations: + {{- if .Values.fogView.router.ingress.common.blocklist.enabled }} + haproxy.org/blacklist: {{ .Values.fogView.router.ingress.common.blocklist.pattern }} + {{- end }} + {{ toYaml (tpl .Values.fogView.router.ingress.common.annotations . | fromYaml) | nindent 4 }} + {{ toYaml (tpl .Values.fogView.router.ingress.http.annotations . | fromYaml) | nindent 4 }} +spec: + tls: + - hosts: + - {{ $responderId }} + secretName: {{ include "fog-view-service.fullname" . }}-tls + rules: + - host: {{ $responderId }} + http: + paths: + - path: /gw/fog_view.FogViewAPI + pathType: Prefix + backend: + service: + name: {{ include "fog-view-service.fullname" . }}-router + port: + name: gateway-http +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/templates/router-service.yaml b/.internal-ci/helm/fog-view-service/templates/router-service.yaml new file mode 100644 index 0000000000..2edab456c0 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/router-service.yaml @@ -0,0 +1,24 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-service.fullname" . }}-router + labels: + app: fog-view-router + {{- include "fog-view-service.labels" . | nindent 4 }} +spec: + type: ClusterIP + selector: + app: fog-view-router + color: {{ .Values.fogView.color }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: gateway-http + port: 8200 + targetPort: gateway-http +--- diff --git a/.internal-ci/helm/fog-view-service/templates/router-servicemonitor.yaml b/.internal-ci/helm/fog-view-service/templates/router-servicemonitor.yaml new file mode 100644 index 0000000000..ed691407b6 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/router-servicemonitor.yaml @@ -0,0 +1,32 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $network := .Values.mobilecoin.network | required "mobilecoin.network is required." }} +{{- $partner := .Values.mobilecoin.partner | required "mobilecoin.partner is required." }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "fog-view-service.fullname" . }}-router + labels: + publish: grafana-cloud + app: fog-view-router + {{- include "fog-view-service.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: fog-view-router + {{- include "fog-view-service.selectorLabels" . | nindent 6 }} + endpoints: + - port: mgmt-http + relabelings: + - targetLabel: network + replacement: {{ $network }} + - targetLabel: partner + replacement: {{ $partner }} + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_stack + targetLabel: view_stack + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_color + targetLabel: color +--- diff --git a/.internal-ci/helm/fog-view-service/templates/tls-certificate.yaml b/.internal-ci/helm/fog-view-service/templates/tls-certificate.yaml new file mode 100644 index 0000000000..43ac28bec9 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/tls-certificate.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "fog-view-service.fullname" . }}-tls + labels: + {{- include "fog-view-service.labels" . | nindent 4 }} +spec: + secretName: {{ include "fog-view-service.fullname" . }}-tls + privateKey: + size: 2048 + algorithm: RSA + encoding: PKCS1 + dnsNames: + - {{ .Values.fogView.responderID }} + issuerRef: + name: {{ .Values.fogView.router.ingress.common.tls.clusterIssuer }} + kind: ClusterIssuer +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/values.yaml b/.internal-ci/helm/fog-view-service/values.yaml new file mode 100644 index 0000000000..e9cfaf99c9 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/values.yaml @@ -0,0 +1,40 @@ +# Mobilecoin network instance +mobilecoin: + network: '' + partner: '' + +fogView: + # external hostname for the fog-view service + responderID: '' + # color label of the fogShardGenerator stack. blue|green + color: blue + + router: + ingress: + enabled: true + common: + # Set a static salt for the dynamic cookie. See helpers for more info. + # cookieSalt: '' + tls: + clusterIssuer: letsencrypt-production-http + blocklist: + enabled: true + pattern: patterns/blocked-countries + annotations: |- + haproxy.org/server-ssl: "false" # The backend (server) is http + haproxy.org/timeout-client: 239s # 4 min timeout on azure + haproxy.org/timeout-server: 239s + haproxy.org/timeout-http-keep-alive: 120s + haproxy.org/abortonclose: "true" + haproxy.org/backend-config-snippet: |- + http-reuse aggressive + dynamic-cookie-key {{ include "fog-view-service.grpcCookieSalt" . }} + cookie VIEW insert indirect nocache dynamic + + grpc: + annotations: |- + haproxy.org/server-proto: "h2" # Force GRPC/H2 mode + + http: + annotations: |- + haproxy.org/path-rewrite: '/gw/(.*) /\1' # Strip the /gw prefix From d88c048fefba430e321361840e630ef0af61e4cb Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Thu, 26 Sep 2024 17:07:28 -0500 Subject: [PATCH 4/6] wire in fog-view-fsg to cd testing --- .../mobilecoin-workflow-dev-deploy.yaml | 99 ++++++++++++++++--- .../mobilecoin-workflow-dev-test.yaml | 15 --- 2 files changed, 83 insertions(+), 31 deletions(-) diff --git a/.github/workflows/mobilecoin-workflow-dev-deploy.yaml b/.github/workflows/mobilecoin-workflow-dev-deploy.yaml index cb61f15706..48773ba14e 100644 --- a/.github/workflows/mobilecoin-workflow-dev-deploy.yaml +++ b/.github/workflows/mobilecoin-workflow-dev-deploy.yaml @@ -261,10 +261,10 @@ jobs: - consensus-deploy runs-on: mcf-dev-small-x64 steps: - - name: Generate fog-view values file + - name: Generate fog-view-service values file run: | mkdir -p "${VALUES_BASE_PATH}" - cat < "${VALUES_BASE_PATH}/fog-view-values.yaml" + cat < "${VALUES_BASE_PATH}/fog-view-service-values.yaml" image: org: ${{ inputs.docker_image_org }} @@ -273,18 +273,10 @@ jobs: partner: dev fogView: - stackConfig: - network: - default: - shardSize: ${{ inputs.shard_size }} - exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }} + responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com + color: green router: - hosts: - - partner: a - responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com - - partner: b - responderID: fog-b.${{ inputs.namespace }}.development.mobilecoin.com ingress: common: blocklist: @@ -292,17 +284,92 @@ jobs: tls: clusterIssuer: google-public-ca EOF + - name: Deploy fog-view-service + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-deploy + chart_repo: ${{ inputs.chart_repo }} + chart_name: fog-view-service + chart_version: ${{ inputs.version }} + chart_wait_timeout: 10m + chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-service-values.yaml + release_name: fog-view-service + namespace: ${{ inputs.namespace }} + rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} + rancher_url: ${{ secrets.DEV_RANCHER_URL }} + rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }} + + - name: Generate fog-view-fsg-gr-z1 values file + run: | + mkdir -p "${VALUES_BASE_PATH}" + cat < "${VALUES_BASE_PATH}/fog-view-fsg-values-gr-z1.yaml" + image: + org: ${{ inputs.docker_image_org }} + + mobilecoin: + network: ${{ inputs.namespace }} + partner: dev + + fogView: + responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com + color: green + zone: westeurope-1 + + stackConfig: + network: + default: + shardSize: ${{ inputs.shard_size }} + exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }} + EOF + + - name: Deploy fog-view-fsg-gr-z1 + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-deploy + chart_repo: ${{ inputs.chart_repo }} + chart_name: fog-view-fsg + chart_version: ${{ inputs.version }} + chart_wait_timeout: 10m + chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-fsg-values-gr-z1.yaml + release_name: fog-view-fsg-gr-z1 + namespace: ${{ inputs.namespace }} + rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} + rancher_url: ${{ secrets.DEV_RANCHER_URL }} + rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }} + + - name: Generate fog-view-fsg-gr-z2 values file + run: | + mkdir -p "${VALUES_BASE_PATH}" + cat < "${VALUES_BASE_PATH}/fog-view-fsg-values-gr-z2.yaml" + image: + org: ${{ inputs.docker_image_org }} + + mobilecoin: + network: ${{ inputs.namespace }} + partner: dev + + fogView: + responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com + color: green + zone: westeurope-2 + + stackConfig: + network: + default: + shardSize: ${{ inputs.shard_size }} + exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }} + EOF - - name: Deploy fog-view + - name: Deploy fog-view-fsg-gr-z2 uses: mobilecoinofficial/gha-k8s-toolbox@v1 with: action: helm-deploy chart_repo: ${{ inputs.chart_repo }} - chart_name: fog-view + chart_name: fog-view-fsg chart_version: ${{ inputs.version }} chart_wait_timeout: 10m - chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-values.yaml - release_name: fog-view + chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-fsg-values-gr-z2.yaml + release_name: fog-view-fsg-gr-z2 namespace: ${{ inputs.namespace }} rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} rancher_url: ${{ secrets.DEV_RANCHER_URL }} diff --git a/.github/workflows/mobilecoin-workflow-dev-test.yaml b/.github/workflows/mobilecoin-workflow-dev-test.yaml index 90664fb353..e24cde78d6 100644 --- a/.github/workflows/mobilecoin-workflow-dev-test.yaml +++ b/.github/workflows/mobilecoin-workflow-dev-test.yaml @@ -314,18 +314,3 @@ jobs: --token-ids 0,8192 \ --fog-hostname fog.${{ inputs.namespace }}.development.mobilecoin.com - - name: Test - block-v3 - fog-test-client fog-b, token ids 0,8192 - if: inputs.testing_block_v3 - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: toolbox-exec - ingest_color: ${{ inputs.ingest_color }} - namespace: ${{ inputs.namespace }} - rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} - rancher_url: ${{ secrets.DEV_RANCHER_URL }} - rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }} - command: | - /test/fog-test-client.sh \ - --key-dir ${{ env.V3_DST_FOG_B_KEYS_DIR }} \ - --token-ids 0,8192 \ - --fog-hostname fog-b.${{ inputs.namespace }}.development.mobilecoin.com From 824b068636c95028ae578ca3f8fc926de64a432e Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Thu, 26 Sep 2024 17:24:44 -0500 Subject: [PATCH 5/6] update chart list --- .github/workflows/mobilecoin-dev-cd.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/mobilecoin-dev-cd.yaml b/.github/workflows/mobilecoin-dev-cd.yaml index d2f01d76d3..135d40b832 100644 --- a/.github/workflows/mobilecoin-dev-cd.yaml +++ b/.github/workflows/mobilecoin-dev-cd.yaml @@ -335,7 +335,8 @@ jobs: - mobilecoind - watcher - fog-report - - fog-view + - fog-view-service + - fog-view-fsg - fog-ledger steps: - name: Checkout From b9b49bb90fad34fa5633d28469fd304fc7cd54c3 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Mon, 30 Sep 2024 15:25:54 -0500 Subject: [PATCH 6/6] fix responderID --- ...egenerator.yaml => fog-view-fsg-fogshardrangegenerator.yaml} | 0 ...router-configmap.yaml => fog-view-fsg-router-configmap.yaml} | 0 ...s-service.yaml => fog-view-fsg-router-headless-service.yaml} | 0 ...w-store-configmap.yaml => fog-view-fsg-store-configmap.yaml} | 0 ...-view-store-service.yaml => fog-view-fsg-store-service.yaml} | 0 ...rvicemonitor.yaml => fog-view-fsg-store-servicemonitor.yaml} | 0 ...c-ingress.yaml => fog-view-service-router-grpc-ingress.yaml} | 2 +- ...p-ingress.yaml => fog-view-service-router-http-ingress.yaml} | 2 +- ...router-service.yaml => fog-view-service-router-service.yaml} | 0 ...monitor.yaml => fog-view-service-router-servicemonitor.yaml} | 0 ...s-certificate.yaml => fog-view-service-tls-certificate.yaml} | 0 11 files changed, 2 insertions(+), 2 deletions(-) rename .internal-ci/helm/fog-view-fsg/templates/{fog-view-fogshardrangegenerator.yaml => fog-view-fsg-fogshardrangegenerator.yaml} (100%) rename .internal-ci/helm/fog-view-fsg/templates/{fog-view-router-configmap.yaml => fog-view-fsg-router-configmap.yaml} (100%) rename .internal-ci/helm/fog-view-fsg/templates/{fog-view-router-headless-service.yaml => fog-view-fsg-router-headless-service.yaml} (100%) rename .internal-ci/helm/fog-view-fsg/templates/{fog-view-store-configmap.yaml => fog-view-fsg-store-configmap.yaml} (100%) rename .internal-ci/helm/fog-view-fsg/templates/{fog-view-store-service.yaml => fog-view-fsg-store-service.yaml} (100%) rename .internal-ci/helm/fog-view-fsg/templates/{fog-view-store-servicemonitor.yaml => fog-view-fsg-store-servicemonitor.yaml} (100%) rename .internal-ci/helm/fog-view-service/templates/{router-grpc-ingress.yaml => fog-view-service-router-grpc-ingress.yaml} (91%) rename .internal-ci/helm/fog-view-service/templates/{router-http-ingress.yaml => fog-view-service-router-http-ingress.yaml} (91%) rename .internal-ci/helm/fog-view-service/templates/{router-service.yaml => fog-view-service-router-service.yaml} (100%) rename .internal-ci/helm/fog-view-service/templates/{router-servicemonitor.yaml => fog-view-service-router-servicemonitor.yaml} (100%) rename .internal-ci/helm/fog-view-service/templates/{tls-certificate.yaml => fog-view-service-tls-certificate.yaml} (100%) diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-fogshardrangegenerator.yaml similarity index 100% rename from .internal-ci/helm/fog-view-fsg/templates/fog-view-fogshardrangegenerator.yaml rename to .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-fogshardrangegenerator.yaml diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-configmap.yaml similarity index 100% rename from .internal-ci/helm/fog-view-fsg/templates/fog-view-router-configmap.yaml rename to .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-configmap.yaml diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-headless-service.yaml similarity index 100% rename from .internal-ci/helm/fog-view-fsg/templates/fog-view-router-headless-service.yaml rename to .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-headless-service.yaml diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-configmap.yaml similarity index 100% rename from .internal-ci/helm/fog-view-fsg/templates/fog-view-store-configmap.yaml rename to .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-configmap.yaml diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-service.yaml similarity index 100% rename from .internal-ci/helm/fog-view-fsg/templates/fog-view-store-service.yaml rename to .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-service.yaml diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-servicemonitor.yaml similarity index 100% rename from .internal-ci/helm/fog-view-fsg/templates/fog-view-store-servicemonitor.yaml rename to .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-servicemonitor.yaml diff --git a/.internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml similarity index 91% rename from .internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml rename to .internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml index b9b3fe1c7e..6c423f44b5 100644 --- a/.internal-ci/helm/fog-view-service/templates/router-grpc-ingress.yaml +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml @@ -1,6 +1,6 @@ # Copyright (c) 2018-2023 The MobileCoin Foundation {{- if .Values.fogView.router.ingress.enabled }} -{{- $responderId := .Values.responderID | required "fogView.responderID is required." }} +{{- $responderId := .Values.fogView.responderID | required "fogView.responderID is required." }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/.internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml similarity index 91% rename from .internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml rename to .internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml index e6f9e21346..f60f89c080 100644 --- a/.internal-ci/helm/fog-view-service/templates/router-http-ingress.yaml +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml @@ -1,6 +1,6 @@ # Copyright (c) 2018-2023 The MobileCoin Foundation {{- if .Values.fogView.router.ingress.enabled }} -{{- $responderId := .Values.responderID | required "fogView.responderID is required." }} +{{- $responderId := .Values.fogView.responderID | required "fogView.responderID is required." }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/.internal-ci/helm/fog-view-service/templates/router-service.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-service.yaml similarity index 100% rename from .internal-ci/helm/fog-view-service/templates/router-service.yaml rename to .internal-ci/helm/fog-view-service/templates/fog-view-service-router-service.yaml diff --git a/.internal-ci/helm/fog-view-service/templates/router-servicemonitor.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-servicemonitor.yaml similarity index 100% rename from .internal-ci/helm/fog-view-service/templates/router-servicemonitor.yaml rename to .internal-ci/helm/fog-view-service/templates/fog-view-service-router-servicemonitor.yaml diff --git a/.internal-ci/helm/fog-view-service/templates/tls-certificate.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-tls-certificate.yaml similarity index 100% rename from .internal-ci/helm/fog-view-service/templates/tls-certificate.yaml rename to .internal-ci/helm/fog-view-service/templates/fog-view-service-tls-certificate.yaml