From 4d0a5fc03ae8159ba297491d9e2db400006232bc Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 12:14:47 -0300 Subject: [PATCH 1/9] feat: configured github action CD --- .github/iac/.terraform/terraform.tfstate | 74 ++++++++++++++++++++++++ .github/workflows/build.yml | 2 +- .github/workflows/deploy.yml | 41 +++++++++++++ 3 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 .github/iac/.terraform/terraform.tfstate create mode 100644 .github/workflows/deploy.yml diff --git a/.github/iac/.terraform/terraform.tfstate b/.github/iac/.terraform/terraform.tfstate new file mode 100644 index 0000000..459434f --- /dev/null +++ b/.github/iac/.terraform/terraform.tfstate @@ -0,0 +1,74 @@ +{ + "version": 3, + "serial": 3, + "lineage": "f9336342-bf35-8916-008a-9dcff5880ffc", + "backend": { + "type": "s3", + "config": { + "access_key": null, + "acl": null, + "allowed_account_ids": null, + "assume_role": null, + "assume_role_duration_seconds": null, + "assume_role_policy": null, + "assume_role_policy_arns": null, + "assume_role_tags": null, + "assume_role_transitive_tag_keys": null, + "assume_role_with_web_identity": null, + "bucket": "demeter-tf", + "custom_ca_bundle": null, + "dynamodb_endpoint": null, + "dynamodb_table": null, + "ec2_metadata_service_endpoint": null, + "ec2_metadata_service_endpoint_mode": null, + "encrypt": null, + "endpoint": null, + "endpoints": null, + "external_id": null, + "forbidden_account_ids": null, + "force_path_style": null, + "http_proxy": null, + "https_proxy": null, + "iam_endpoint": null, + "insecure": null, + "key": "github/demeter-fabric.tfstate", + "kms_key_id": null, + "max_retries": null, + "no_proxy": null, + "profile": null, + "region": "us-west-2", + "retry_mode": null, + "role_arn": null, + "secret_key": null, + "session_name": null, + "shared_config_files": null, + "shared_credentials_file": null, + "shared_credentials_files": null, + "skip_credentials_validation": null, + "skip_metadata_api_check": null, + "skip_region_validation": null, + "skip_requesting_account_id": null, + "skip_s3_checksum": null, + "sse_customer_key": null, + "sts_endpoint": null, + "sts_region": null, + "token": null, + "use_dualstack_endpoint": null, + "use_fips_endpoint": null, + "use_legacy_workflow": null, + "use_path_style": null, + "workspace_key_prefix": null + }, + "hash": 2450725169 + }, + "modules": [ + { + "path": [ + "root" + ], + "outputs": {}, + "resources": {}, + "depends_on": [] + } + ] +} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d8a0a4..229c294 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: build +name: Build on: workflow_dispatch: {} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..27d3d4c --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,41 @@ +name: Deploy + +on: + check_run: + workflows: ["Build"] + types: [completed] + +jobs: + rpc: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ClusterAdminRole + role-session-name: Github-Actions-Demeter + role-duration-seconds: 1200 + + - name: setup kubeconfig + run: aws eks update-kubeconfig --name ${{ secrets.AWS_CLUSTER_NAME }} + + - name: setup terraform + uses: hashicorp/setup-terraform@v3 + + - name: init terraform + working-directory: .github/iac + run: terraform init -reconfigure + + - name: validate terraform + working-directory: .github/iac + run: terraform validate + + - name: apply terraform + working-directory: .github/iac + env: + IMAGE_TAG: ${{ github.sha }} + run: terraform apply -auto-approve -input=false -var="rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }}" From 9ee38d311e72f2e861ff87cc2ca5e54c9259f4dc Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 17:34:33 -0300 Subject: [PATCH 2/9] chore: allow temp build ci to validate deploy --- .github/workflows/build.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 229c294..3d5b8d6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,10 +1,18 @@ name: Build +# on: +# workflow_dispatch: {} +# push: +# branches: +# - "main" + on: - workflow_dispatch: {} push: branches: - - "main" + - main + pull_request: + branches: + - main jobs: rpc: From d4c0d76fc8b22c3eb91c5cd45c62b171ce43d875 Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 17:50:10 -0300 Subject: [PATCH 3/9] chore: disabled build ci to validate deploy --- .github/workflows/build.yml | 32 ++++++++++++++++---------------- .github/workflows/deploy.yml | 5 +++-- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d5b8d6..9c32b0a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,14 +34,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: ${{ matrix.context }} - file: ${{ matrix.file }} - platforms: linux/amd64 - push: true - tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} + # - name: Build and push + # uses: docker/build-push-action@v2 + # with: + # context: ${{ matrix.context }} + # file: ${{ matrix.file }} + # platforms: linux/amd64 + # push: true + # tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} daemon: strategy: fail-fast: false @@ -61,11 +61,11 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: ${{ matrix.context }} - file: ${{ matrix.file }} - platforms: linux/amd64 - push: true - tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} + # - name: Build and push + # uses: docker/build-push-action@v2 + # with: + # context: ${{ matrix.context }} + # file: ${{ matrix.file }} + # platforms: linux/amd64 + # push: true + # tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 27d3d4c..8c0da1e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,9 +1,10 @@ name: Deploy on: - check_run: + workflow_run: workflows: ["Build"] - types: [completed] + types: + - completed jobs: rpc: From 0ae3e051872105d5646da2b1b4add378e4b226fb Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 17:54:34 -0300 Subject: [PATCH 4/9] chore: disabled build ci to validate deploy --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8c0da1e..b8c465d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,7 +2,7 @@ name: Deploy on: workflow_run: - workflows: ["Build"] + workflows: [Build] types: - completed From 8d57b3745407b27d91a9d32c3093ba2f4060e839 Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 18:03:37 -0300 Subject: [PATCH 5/9] chore: adjusted build ci to validate deploy --- .github/workflows/deploy.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b8c465d..b208faa 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -3,8 +3,7 @@ name: Deploy on: workflow_run: workflows: [Build] - types: - - completed + types: [completed] jobs: rpc: From ccae37a5433145e0c2ab56c34fe323173dafda03 Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 18:07:47 -0300 Subject: [PATCH 6/9] chore: adjusted build ci to validate deploy --- .github/workflows/build.yml | 12 ++---------- .github/workflows/deploy.yml | 1 + 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9c32b0a..8f6bc8e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,18 +1,10 @@ name: Build -# on: -# workflow_dispatch: {} -# push: -# branches: -# - "main" - on: + workflow_dispatch: {} push: branches: - - main - pull_request: - branches: - - main + - "main" jobs: rpc: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b208faa..50dbc89 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,6 +1,7 @@ name: Deploy on: + workflow_dispatch: {} workflow_run: workflows: [Build] types: [completed] From 742f65ca20107b4744d6e398e2c96404727b5f15 Mon Sep 17 00:00:00 2001 From: paulobressan Date: Thu, 5 Sep 2024 18:12:52 -0300 Subject: [PATCH 7/9] chore: adjusted build ci to validate deploy --- .github/workflows/deploy.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 50dbc89..57a5da4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,10 +1,18 @@ name: Deploy +# on: +# workflow_dispatch: {} +# workflow_run: +# workflows: [Build] +# types: [completed] + on: - workflow_dispatch: {} - workflow_run: - workflows: [Build] - types: [completed] + push: + branches: + - main + pull_request: + branches: + - main jobs: rpc: From 814a706cdc65c9241b21a201db69f99187fbdce2 Mon Sep 17 00:00:00 2001 From: paulobressan Date: Fri, 6 Sep 2024 17:03:23 -0300 Subject: [PATCH 8/9] feat: configured terraform to deploy to staging --- .github/iac/.terraform/terraform.tfstate | 74 -------------- .github/iac/main.tf | 121 +++++++++++++++++++++++ .github/workflows/build.yml | 32 +++--- .github/workflows/deploy.yml | 32 +++--- .gitignore | 1 + 5 files changed, 156 insertions(+), 104 deletions(-) delete mode 100644 .github/iac/.terraform/terraform.tfstate create mode 100644 .github/iac/main.tf diff --git a/.github/iac/.terraform/terraform.tfstate b/.github/iac/.terraform/terraform.tfstate deleted file mode 100644 index 459434f..0000000 --- a/.github/iac/.terraform/terraform.tfstate +++ /dev/null @@ -1,74 +0,0 @@ -{ - "version": 3, - "serial": 3, - "lineage": "f9336342-bf35-8916-008a-9dcff5880ffc", - "backend": { - "type": "s3", - "config": { - "access_key": null, - "acl": null, - "allowed_account_ids": null, - "assume_role": null, - "assume_role_duration_seconds": null, - "assume_role_policy": null, - "assume_role_policy_arns": null, - "assume_role_tags": null, - "assume_role_transitive_tag_keys": null, - "assume_role_with_web_identity": null, - "bucket": "demeter-tf", - "custom_ca_bundle": null, - "dynamodb_endpoint": null, - "dynamodb_table": null, - "ec2_metadata_service_endpoint": null, - "ec2_metadata_service_endpoint_mode": null, - "encrypt": null, - "endpoint": null, - "endpoints": null, - "external_id": null, - "forbidden_account_ids": null, - "force_path_style": null, - "http_proxy": null, - "https_proxy": null, - "iam_endpoint": null, - "insecure": null, - "key": "github/demeter-fabric.tfstate", - "kms_key_id": null, - "max_retries": null, - "no_proxy": null, - "profile": null, - "region": "us-west-2", - "retry_mode": null, - "role_arn": null, - "secret_key": null, - "session_name": null, - "shared_config_files": null, - "shared_credentials_file": null, - "shared_credentials_files": null, - "skip_credentials_validation": null, - "skip_metadata_api_check": null, - "skip_region_validation": null, - "skip_requesting_account_id": null, - "skip_s3_checksum": null, - "sse_customer_key": null, - "sts_endpoint": null, - "sts_region": null, - "token": null, - "use_dualstack_endpoint": null, - "use_fips_endpoint": null, - "use_legacy_workflow": null, - "use_path_style": null, - "workspace_key_prefix": null - }, - "hash": 2450725169 - }, - "modules": [ - { - "path": [ - "root" - ], - "outputs": {}, - "resources": {}, - "depends_on": [] - } - ] -} diff --git a/.github/iac/main.tf b/.github/iac/main.tf new file mode 100644 index 0000000..231b61a --- /dev/null +++ b/.github/iac/main.tf @@ -0,0 +1,121 @@ +terraform { + backend "s3" { + bucket = "demeter-tf" + key = "github/demeter-fabric.tfstate" + region = "us-west-2" + } + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} + +provider "kubernetes" { + config_path = "~/.kube/config" + config_context = "arn:aws:eks:us-west-2:295114534192:cluster/m2-prod-7xjh33" +} + +provider "helm" { + kubernetes { + config_path = "~/.kube/config" + config_context = "arn:aws:eks:us-west-2:295114534192:cluster/m2-prod-7xjh33" + } +} + +variable "rpc_image" {} +variable "kafka_admin_password" {} +variable "kafka_rpc_password" {} +variable "kafka_daemon_password" {} +variable "secret" {} +variable "auth0_client_id" {} +variable "auth0_client_secret" {} +variable "auth0_audience" {} +variable "stripe_api_key" {} +variable "email_ses_access_key_id" {} +variable "email_ses_secret_access_key" {} + +locals { + namespace = "fabric-stg" + queue_instance_name = "fabric-queue" + replicas = 1 + external_domain = "stg-fabric-queue.demeter.run" + broker_urls = "redpanda.${local.external_domain}:31092" + secret = var.secret + kafka_admin_username = "admin" + kafka_admin_password = var.kafka_admin_password + kafka_rpc_username = "rpc" + kafka_rpc_password = var.kafka_rpc_password + kafka_daemon_username = "daemon" + kafka_daemon_password = var.kafka_daemon_password + kafka_daemon_consumer = "daemon" + kafka_topic = "stg" + auth0_client_id = var.auth0_client_id + auth0_client_secret = var.auth0_client_secret + auth0_audience = var.auth0_audience + stripe_api_key = var.stripe_api_key + email_invite_ttl_min = 15 + email_ses_region = "us-west-2" + email_ses_access_key_id = var.email_ses_access_key_id + email_ses_secret_access_key = var.email_ses_secret_access_key + email_ses_verified_email = "no-reply@demeter.run" +} + +resource "kubernetes_namespace_v1" "fabric_namespace" { + metadata { + name = local.namespace + } +} + +module "fabric_queue" { + source = "../../../fabric/bootstrap/queue/" + depends_on = [kubernetes_namespace_v1.fabric_namespace] + + namespace = local.namespace + instance_name = local.queue_instance_name + replicas = local.replicas + external_domain = local.external_domain + admin_username = local.kafka_admin_username + admin_password = local.kafka_admin_password + rpc_username = local.kafka_rpc_username + rpc_password = local.kafka_rpc_password + + daemon_users = [ + { + name = local.kafka_daemon_username + password = local.kafka_daemon_password + consumer_name = local.kafka_daemon_consumer + }, + ] +} + +module "fabric_rpc" { + source = "../../../fabric/bootstrap/rpc" + + namespace = local.namespace + image = var.rpc_image + broker_urls = local.broker_urls + consumer_name = "rpc" + kafka_username = local.kafka_admin_username + kafka_password = local.kafka_admin_password + kafka_topic = local.kafka_topic + secret = local.secret + auth0_client_id = local.auth0_client_id + auth0_client_secret = local.auth0_client_secret + auth0_audience = local.auth0_audience + stripe_api_key = local.stripe_api_key + email_invite_ttl_min = local.email_invite_ttl_min + email_ses_region = local.email_ses_region + email_ses_access_key_id = local.email_ses_access_key_id + email_ses_secret_access_key = local.email_ses_secret_access_key + email_ses_verified_email = local.email_ses_verified_email +} + +module "fabric_services" { + source = "../../../fabric/bootstrap/services/" + depends_on = [module.fabric_queue, module.fabric_rpc] + + namespace = local.namespace + ingress_class_name = "nginx" + dns_zone = "demeter.run" +} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8f6bc8e..229c294 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,14 +26,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # - name: Build and push - # uses: docker/build-push-action@v2 - # with: - # context: ${{ matrix.context }} - # file: ${{ matrix.file }} - # platforms: linux/amd64 - # push: true - # tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: ${{ matrix.context }} + file: ${{ matrix.file }} + platforms: linux/amd64 + push: true + tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} daemon: strategy: fail-fast: false @@ -53,11 +53,11 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # - name: Build and push - # uses: docker/build-push-action@v2 - # with: - # context: ${{ matrix.context }} - # file: ${{ matrix.file }} - # platforms: linux/amd64 - # push: true - # tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: ${{ matrix.context }} + file: ${{ matrix.file }} + platforms: linux/amd64 + push: true + tags: ghcr.io/${{ matrix.endpoint }},ghcr.io/${{ matrix.endpoint }}:${{ github.sha }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 57a5da4..e8bf705 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,22 +1,26 @@ name: Deploy -# on: -# workflow_dispatch: {} -# workflow_run: -# workflows: [Build] -# types: [completed] - on: - push: - branches: - - main - pull_request: - branches: - - main + workflow_dispatch: {} + workflow_run: + workflows: [Build] + types: [completed] jobs: rpc: runs-on: ubuntu-latest + env: + TF_VAR_rpc_image: rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }} + TF_VAR_kafka_admin_password: ${{ secrets.KAFKA_ADMIN_PASSWORD }} + TF_VAR_kafka_rpc_password: ${{ secrets.KAFKA_RPC_PASSWORD }} + TF_VAR_kafka_daemon_password: ${{ secrets.KAFKA_DAEMON_PASSWORD }} + TF_VAR_secret: ${{ secrets.SECRET }} + TF_VAR_auth0_client_id: ${{ secrets.AUTH0_CLIENT_ID }} + TF_VAR_auth0_client_secret: ${{ secrets.AUTH0_CLIENT_SECRET }} + TF_VAR_auth0_audience: ${{ secrets.AUTH0_AUDIENCE }} + TF_VAR_stripe_api_key: ${{ secrets.STRIPE_API_KEY }} + TF_VAR_email_ses_access_key_id: ${{ secrets.EMAIL_SES_ACCESS_KEY_ID }} + TF_VAR_email_ses_secret_access_key: ${{ secrets.EMAIL_SES_SECRET_ACCESS_KEY }} steps: - uses: actions/checkout@v2 @@ -37,7 +41,7 @@ jobs: - name: init terraform working-directory: .github/iac - run: terraform init -reconfigure + run: terraform init - name: validate terraform working-directory: .github/iac @@ -47,4 +51,4 @@ jobs: working-directory: .github/iac env: IMAGE_TAG: ${{ github.sha }} - run: terraform apply -auto-approve -input=false -var="rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }}" + run: terraform apply -auto-approve -input=false diff --git a/.gitignore b/.gitignore index 27d1eb1..6cc28cf 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ rpc.toml test/.terraform* test/local.tfstate* crds-path/ +.github/iac/.terraform* From 24762cd7f9dbd3b8a337a2412c5bee0390737ba0 Mon Sep 17 00:00:00 2001 From: paulobressan Date: Fri, 6 Sep 2024 18:18:14 -0300 Subject: [PATCH 9/9] chore: removed queue and service --- .github/iac/main.tf | 45 +++--------------------------------- .github/workflows/deploy.yml | 2 -- 2 files changed, 3 insertions(+), 44 deletions(-) diff --git a/.github/iac/main.tf b/.github/iac/main.tf index 231b61a..bd84d22 100644 --- a/.github/iac/main.tf +++ b/.github/iac/main.tf @@ -24,9 +24,7 @@ provider "helm" { } variable "rpc_image" {} -variable "kafka_admin_password" {} variable "kafka_rpc_password" {} -variable "kafka_daemon_password" {} variable "secret" {} variable "auth0_client_id" {} variable "auth0_client_secret" {} @@ -37,18 +35,11 @@ variable "email_ses_secret_access_key" {} locals { namespace = "fabric-stg" - queue_instance_name = "fabric-queue" replicas = 1 - external_domain = "stg-fabric-queue.demeter.run" - broker_urls = "redpanda.${local.external_domain}:31092" + broker_urls = "redpanda.stg-fabric-queue.demeter.run:31092" secret = var.secret - kafka_admin_username = "admin" - kafka_admin_password = var.kafka_admin_password kafka_rpc_username = "rpc" kafka_rpc_password = var.kafka_rpc_password - kafka_daemon_username = "daemon" - kafka_daemon_password = var.kafka_daemon_password - kafka_daemon_consumer = "daemon" kafka_topic = "stg" auth0_client_id = var.auth0_client_id auth0_client_secret = var.auth0_client_secret @@ -67,28 +58,6 @@ resource "kubernetes_namespace_v1" "fabric_namespace" { } } -module "fabric_queue" { - source = "../../../fabric/bootstrap/queue/" - depends_on = [kubernetes_namespace_v1.fabric_namespace] - - namespace = local.namespace - instance_name = local.queue_instance_name - replicas = local.replicas - external_domain = local.external_domain - admin_username = local.kafka_admin_username - admin_password = local.kafka_admin_password - rpc_username = local.kafka_rpc_username - rpc_password = local.kafka_rpc_password - - daemon_users = [ - { - name = local.kafka_daemon_username - password = local.kafka_daemon_password - consumer_name = local.kafka_daemon_consumer - }, - ] -} - module "fabric_rpc" { source = "../../../fabric/bootstrap/rpc" @@ -96,8 +65,8 @@ module "fabric_rpc" { image = var.rpc_image broker_urls = local.broker_urls consumer_name = "rpc" - kafka_username = local.kafka_admin_username - kafka_password = local.kafka_admin_password + kafka_username = local.kafka_rpc_username + kafka_password = local.kafka_rpc_password kafka_topic = local.kafka_topic secret = local.secret auth0_client_id = local.auth0_client_id @@ -111,11 +80,3 @@ module "fabric_rpc" { email_ses_verified_email = local.email_ses_verified_email } -module "fabric_services" { - source = "../../../fabric/bootstrap/services/" - depends_on = [module.fabric_queue, module.fabric_rpc] - - namespace = local.namespace - ingress_class_name = "nginx" - dns_zone = "demeter.run" -} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e8bf705..3f05fad 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -11,9 +11,7 @@ jobs: runs-on: ubuntu-latest env: TF_VAR_rpc_image: rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }} - TF_VAR_kafka_admin_password: ${{ secrets.KAFKA_ADMIN_PASSWORD }} TF_VAR_kafka_rpc_password: ${{ secrets.KAFKA_RPC_PASSWORD }} - TF_VAR_kafka_daemon_password: ${{ secrets.KAFKA_DAEMON_PASSWORD }} TF_VAR_secret: ${{ secrets.SECRET }} TF_VAR_auth0_client_id: ${{ secrets.AUTH0_CLIENT_ID }} TF_VAR_auth0_client_secret: ${{ secrets.AUTH0_CLIENT_SECRET }}