From 00a46408112103b7cda633f5240016867bf7e8cf Mon Sep 17 00:00:00 2001
From: incubator4 <aries0robin@gmail.com>
Date: Mon, 15 Jan 2024 15:18:56 +0800
Subject: [PATCH] migrate to gcp

---
 .github/workflows/docker-build-push-prod.yml  |  30 ++--
 deploy/prod/cfg-web-deployment.yaml           |   6 +-
 deploy/prod/secrets.yaml                      |  73 ----------
 deploy/prod/txs-scheduler-deployment.yaml     |  32 -----
 deploy/prod/txs-web-deployment.yaml           | 128 ------------------
 ...xs-worker-contracts-tokens-deployment.yaml |  30 ----
 .../prod/txs-worker-indexer-deployment.yaml   |  38 ------
 ...ker-notifications-webhooks-deployment.yaml |  30 ----
 8 files changed, 15 insertions(+), 352 deletions(-)
 delete mode 100644 deploy/prod/secrets.yaml
 delete mode 100644 deploy/prod/txs-scheduler-deployment.yaml
 delete mode 100644 deploy/prod/txs-web-deployment.yaml
 delete mode 100644 deploy/prod/txs-worker-contracts-tokens-deployment.yaml
 delete mode 100644 deploy/prod/txs-worker-indexer-deployment.yaml
 delete mode 100644 deploy/prod/txs-worker-notifications-webhooks-deployment.yaml

diff --git a/.github/workflows/docker-build-push-prod.yml b/.github/workflows/docker-build-push-prod.yml
index 04d067f..ccbf852 100644
--- a/.github/workflows/docker-build-push-prod.yml
+++ b/.github/workflows/docker-build-push-prod.yml
@@ -12,22 +12,14 @@ env:
 
 jobs:
   deploy-prod:
-    runs-on: ubuntu-latest
-    environment: Production
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Set K8s context
-        uses: aliyun/ack-set-context@v1
-        with:
-          access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
-          access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
-          cluster-id: "${{ env.ACK_CLUSTER_ID }}"
-      - run: |
-          wget https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
-          curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
-      - uses: sljeff/secrets2env@main
-        with:
-          secrets-json: ${{ toJson(secrets) }}
-      - run: |
-          sh apply.sh deploy/prod/*
+    uses: NaturalSelectionLabs/Daedalus/.github/workflows/deploy-v3-tpl.yaml@main
+    with:
+      images: safe
+      tag: ""
+      cluster: prod
+      namespace: crossbell
+      releaseName: safe
+      revision: main
+      dir: deploy/prod
+    secrets:
+      ARGOCD_TOKEN: ${{ secrets.ARGOCD_TOKEN }}
diff --git a/deploy/prod/cfg-web-deployment.yaml b/deploy/prod/cfg-web-deployment.yaml
index e820782..73daa47 100644
--- a/deploy/prod/cfg-web-deployment.yaml
+++ b/deploy/prod/cfg-web-deployment.yaml
@@ -54,11 +54,13 @@ spec:
           configMap:
             name: nginx-cfg-web
   volumeClaimTemplates:
-    - metadata:
+    - apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
         name: nginx-shared-cfg
       spec:
         accessModes: ["ReadWriteOnce"]
-        storageClassName: "alicloud-disk-essd"
+        storageClassName: "standard"
         resources:
           requests:
             storage: 20Gi
diff --git a/deploy/prod/secrets.yaml b/deploy/prod/secrets.yaml
deleted file mode 100644
index 97d6165..0000000
--- a/deploy/prod/secrets.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-apiVersion: v1
-stringData:
-  CELERY_BROKER_URL: ${CELERY_BROKER_URL}
-  CSRF_TRUSTED_ORIGINS: http://localhost:8000,https://*.crossbell.io,https://crossbell.io,https://xlog.app,https://*.xlog.app
-  DATABASE_URL: psql://postgres:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:5432/txs
-  DEBUG: "0"
-  DJANGO_ALLOWED_HOSTS: '*'
-  DJANGO_SECRET_KEY: ${DJANGO_SECRET_KEY}
-  DJANGO_SETTINGS_MODULE: config.settings.production
-  ETHEREUM_NODE_URL: https://rpc.crossbell.io
-  ETH_L2_NETWORK: "1"
-  FORCE_SCRIPT_NAME: /txs/
-  PYTHONPATH: /app/
-  REDIS_URL: ${REDIS_URI_PREFIX}/1
-kind: Secret
-metadata:
-  name: safe-txs
-  namespace: crossbell
-type: Opaque
----
-apiVersion: v1
-stringData:
-  # CGW_FLUSH_TOKEN and WEBHOOK_TOKEN must be the same
-  CGW_FLUSH_TOKEN: ${WEBHOOK_TOKEN}
-  CGW_URL: https://safe-client.crossbell.io
-  CSRF_TRUSTED_ORIGINS: http://localhost:8000,https://*.crossbell.io,https://crossbell.io,https://xlog.app,https://*.xlog.app
-  DEBUG: "false"
-  DEFAULT_FILE_STORAGE: django.core.files.storage.FileSystemStorage
-  DJANGO_ALLOWED_HOSTS: '*'
-  DOCKER_NGINX_VOLUME_ROOT: /nginx
-  DOCKER_WEB_VOLUME: .:/app
-  FORCE_SCRIPT_NAME: /cfg/
-  GUNICORN_BIND_PORT: "8001"
-  GUNICORN_BIND_SOCKET: unix:/nginx/gunicorn.socket
-  GUNICORN_WEB_RELOAD: "false"
-  NGINX_ENVSUBST_OUTPUT_DIR: /etc/nginx/
-  POSTGRES_HOST: ${POSTGRES_HOST}
-  POSTGRES_NAME: cfg
-  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-  POSTGRES_PORT: "5432"
-  POSTGRES_USER: postgres
-  ROOT_LOG_LEVEL: WARNING
-  SECRET_KEY: ${SECRET_KEY}
-kind: Secret
-metadata:
-  name: safe-cfg
-  namespace: crossbell
-type: Opaque
----
-apiVersion: v1
-stringData:
-  CHAIN_INFO_REQUEST_TIMEOUT: "15000"
-  CONFIG_SERVICE_URI: https://safe.crossbell.io/cfg
-  EXCHANGE_API_BASE_URI: http://api.exchangeratesapi.io/latest
-  EXCHANGE_API_KEY: ${EXCHANGE_API_KEY}
-  FEATURE_FLAG_NESTED_DECODING: "true"
-  INTERNAL_CLIENT_CONNECT_TIMEOUT: "10000"
-  LOG_ALL_ERROR_RESPONSES: "true"
-  REDIS_URI: ${REDIS_URI_PREFIX}/0
-  REDIS_URI_MAINNET: ${REDIS_URI_PREFIX}/0
-  ROCKET_ADDRESS: 0.0.0.0
-  ROCKET_LOG_LEVEL: normal
-  ROCKET_PORT: "3666"
-  ROCKET_SECRET_KEY: ${ROCKET_SECRET_KEY}
-  RUST_LOG: warn
-  SAFE_APP_INFO_REQUEST_TIMEOUT: "10000"
-  SCHEME: http
-  WEBHOOK_TOKEN: ${WEBHOOK_TOKEN}
-kind: Secret
-metadata:
-  name: safe-cgw
-  namespace: crossbell
-type: Opaque
diff --git a/deploy/prod/txs-scheduler-deployment.yaml b/deploy/prod/txs-scheduler-deployment.yaml
deleted file mode 100644
index 488f6dc..0000000
--- a/deploy/prod/txs-scheduler-deployment.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: safe-txs-scheduler
-  name: safe-txs-scheduler
-  namespace: crossbell
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: safe-txs-scheduler
-  template:
-    metadata:
-      labels:
-        app: safe-txs-scheduler
-    spec:
-      containers:
-        - args:
-            - docker/web/celery/scheduler/run.sh
-          envFrom:
-            - secretRef:
-                name: safe-txs
-          env:
-            - name: RUN_MIGRATIONS
-              value: "1"
-            - name: WORKER_QUEUES
-              value: default,indexing
-          image: safeglobal/safe-transaction-service:latest
-          name: txs-scheduler
-          resources: {}
-      restartPolicy: Always
diff --git a/deploy/prod/txs-web-deployment.yaml b/deploy/prod/txs-web-deployment.yaml
deleted file mode 100644
index cbf3e0d..0000000
--- a/deploy/prod/txs-web-deployment.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: safe-txs-web
-  namespace: crossbell
-spec:
-  selector:
-    app: safe-txs-web
-  ports:
-    - name: http
-      protocol: TCP
-      port: 8000
-      targetPort: 8000
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    app: safe-txs-web
-  name: safe-txs-web
-  namespace: crossbell
-spec:
-  replicas: 1
-  serviceName: "safe-txs-web"
-  selector:
-    matchLabels:
-      app: safe-txs-web
-  template:
-    metadata:
-      labels:
-        app: safe-txs-web
-    spec:
-      containers:
-        - image: nginx:alpine
-          name: txs-web-nginx
-          ports:
-            - containerPort: 8000
-          volumeMounts:
-            - mountPath: /etc/nginx/nginx.conf
-              name: nginx-txs-web
-              subPath: nginx.conf
-              readOnly: true
-            - mountPath: /nginx-txs
-              name: nginx-shared-txs
-        - args:
-            - docker/web/run_web.sh
-          envFrom:
-            - secretRef:
-                name: safe-txs
-          image: safeglobal/safe-transaction-service:latest
-          name: txs-web
-          resources: {}
-          volumeMounts:
-            - mountPath: /nginx
-              name: nginx-shared-txs
-          workingDir: /app
-      restartPolicy: Always
-      volumes:
-        - name: nginx-txs-web
-          configMap:
-            name: nginx-txs-web
-  volumeClaimTemplates:
-    - metadata:
-        name: nginx-shared-txs
-      spec:
-        accessModes: ["ReadWriteOnce"]
-        storageClassName: "alicloud-disk-essd"
-        resources:
-          requests:
-            storage: 20Gi
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-txs-web
-  namespace: crossbell
-data:
-  nginx.conf: |
-    worker_processes 1;
-
-    events {
-      worker_connections 2000; # increase if you have lots of clients
-      accept_mutex off; # set to 'on' if nginx worker_processes > 1
-      use epoll; # Enable epoll for Linux 2.6+
-    }
-
-    http {
-        include mime.types;
-        default_type application/octet-stream;
-        sendfile on;
-
-        upstream txs_app_server {
-          server unix:/nginx-txs/gunicorn.socket fail_timeout=0;
-          keepalive 32;
-        }
-
-       server {
-            access_log off;
-            listen 8000 deferred;
-            charset utf-8;
-            keepalive_timeout 75s;
-
-            gzip             on;
-            gzip_min_length 1000;
-            gzip_comp_level  2;
-            gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
-            gzip_disable "MSIE [1-6]\.";
-
-            location /txs/static {
-                alias /nginx-txs/staticfiles;
-                expires 365d;
-            }
-
-            location /txs/ {
-                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-                proxy_set_header    X-Forwarded-Proto   $scheme;
-                proxy_set_header    Host                $host;
-                # we don't want nginx trying to do something clever with
-                # redirects, we set the Host: header above already.
-                proxy_redirect off;
-                proxy_pass http://txs_app_server/;
-
-                proxy_set_header X-Forwarded-Host $server_name;
-                proxy_set_header X-Real-IP $remote_addr;
-                add_header              Front-End-Https   on;
-            }
-        }
-    }
diff --git a/deploy/prod/txs-worker-contracts-tokens-deployment.yaml b/deploy/prod/txs-worker-contracts-tokens-deployment.yaml
deleted file mode 100644
index 8b48ef2..0000000
--- a/deploy/prod/txs-worker-contracts-tokens-deployment.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: safe-txs-worker-contracts-tokens
-  name: safe-txs-worker-contracts-tokens
-  namespace: crossbell
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: safe-txs-worker-contracts-tokens
-  template:
-    metadata:
-      labels:
-        app: safe-txs-worker-contracts-tokens
-    spec:
-      containers:
-        - args:
-            - docker/web/celery/worker/run.sh
-          envFrom:
-            - secretRef:
-                name: safe-txs
-          env:
-            - name: WORKER_QUEUES
-              value: contracts,tokens
-          image: safeglobal/safe-transaction-service:latest
-          name: txs-worker-contracts-tokens
-          resources: {}
-      restartPolicy: Always
diff --git a/deploy/prod/txs-worker-indexer-deployment.yaml b/deploy/prod/txs-worker-indexer-deployment.yaml
deleted file mode 100644
index efd9498..0000000
--- a/deploy/prod/txs-worker-indexer-deployment.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: safe-txs-worker-indexer
-  name: safe-txs-worker-indexer
-  namespace: crossbell
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: safe-txs-worker-indexer
-  template:
-    metadata:
-      labels:
-        app: safe-txs-worker-indexer
-    spec:
-      containers:
-        - args:
-            - docker/web/celery/worker/run.sh
-          envFrom:
-            - secretRef:
-                name: safe-txs
-          env:
-            - name: RUN_MIGRATIONS
-              value: "1"
-            - name: WORKER_QUEUES
-              value: default,indexing
-          image: safeglobal/safe-transaction-service:latest
-          name: txs-worker-indexer
-          resources:
-            requests:
-              cpu: "1000m"
-              memory: "4000Mi"
-            limits:
-              cpu: "2000m"
-              memory: "8000Mi"
-      restartPolicy: Always
diff --git a/deploy/prod/txs-worker-notifications-webhooks-deployment.yaml b/deploy/prod/txs-worker-notifications-webhooks-deployment.yaml
deleted file mode 100644
index 46517fc..0000000
--- a/deploy/prod/txs-worker-notifications-webhooks-deployment.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: safe-txs-worker-notifications-webhooks
-  name: safe-txs-worker-notifications-webhooks
-  namespace: crossbell
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: safe-txs-worker-notifications-webhooks
-  template:
-    metadata:
-      labels:
-        app: safe-txs-worker-notifications-webhooks
-    spec:
-      containers:
-        - args:
-            - docker/web/celery/worker/run.sh
-          envFrom:
-            - secretRef:
-                name: safe-txs
-          env:
-            - name: WORKER_QUEUES
-              value: notifications,webhooks
-          image: safeglobal/safe-transaction-service:latest
-          name: txs-worker-notifications-webhooks
-          resources: {}
-      restartPolicy: Always