From da6ff85e9be17b41f23e0860f0723676534f4567 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Tue, 1 Oct 2024 11:21:19 -0500 Subject: [PATCH] fog-view - blue/green and zone based deployments. (#4009) * break out service and fogshardgenerator * add fog-view-fsg/fog-view-service charts * wire in fog-view-fsg to cd testing --- .github/workflows/mobilecoin-dev-cd.yaml | 3 +- .../mobilecoin-workflow-dev-deploy.yaml | 99 ++++++-- .../mobilecoin-workflow-dev-test.yaml | 15 -- .gitignore | 2 + .internal-ci/helm/fog-view-fsg/.helmignore | 23 ++ .internal-ci/helm/fog-view-fsg/Chart.yaml | 6 + .internal-ci/helm/fog-view-fsg/README.md | 67 ++++++ .../helm/fog-view-fsg/templates/NOTES.txt | 16 ++ .../fog-view-fsg/templates/_containers.tpl | 58 +++++ .../helm/fog-view-fsg/templates/_helpers.tpl | 62 +++++ .../helm/fog-view-fsg/templates/_router.tpl | 54 +++++ .../helm/fog-view-fsg/templates/_store.tpl | 92 ++++++++ .../fog-view-fsg-fogshardrangegenerator.yaml | 132 +++++++++++ .../fog-view-fsg-router-configmap.yaml | 9 + .../fog-view-fsg-router-headless-service.yaml | 25 ++ .../fog-view-fsg-store-configmap.yaml | 9 + .../templates/fog-view-fsg-store-service.yaml | 24 ++ .../fog-view-fsg-store-servicemonitor.yaml | 32 +++ .internal-ci/helm/fog-view-fsg/values.yaml | 213 ++++++++++++++++++ .../helm/fog-view-service/.helmignore | 23 ++ .internal-ci/helm/fog-view-service/Chart.yaml | 6 + .internal-ci/helm/fog-view-service/README.md | 23 ++ .../helm/fog-view-service/templates/NOTES.txt | 16 ++ .../fog-view-service/templates/_helpers.tpl | 56 +++++ .../fog-view-service-router-grpc-ingress.yaml | 34 +++ .../fog-view-service-router-http-ingress.yaml | 34 +++ .../fog-view-service-router-service.yaml | 24 ++ ...og-view-service-router-servicemonitor.yaml | 32 +++ .../fog-view-service-tls-certificate.yaml | 21 ++ .../helm/fog-view-service/values.yaml | 40 ++++ 30 files changed, 1218 insertions(+), 32 deletions(-) create mode 100644 .internal-ci/helm/fog-view-fsg/.helmignore create mode 100644 .internal-ci/helm/fog-view-fsg/Chart.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/README.md create mode 100644 .internal-ci/helm/fog-view-fsg/templates/NOTES.txt create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_containers.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_helpers.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_router.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/_store.tpl create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-fogshardrangegenerator.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-headless-service.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-configmap.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-service.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-servicemonitor.yaml create mode 100644 .internal-ci/helm/fog-view-fsg/values.yaml create mode 100644 .internal-ci/helm/fog-view-service/.helmignore create mode 100644 .internal-ci/helm/fog-view-service/Chart.yaml create mode 100644 .internal-ci/helm/fog-view-service/README.md create mode 100644 .internal-ci/helm/fog-view-service/templates/NOTES.txt create mode 100644 .internal-ci/helm/fog-view-service/templates/_helpers.tpl create mode 100644 .internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/fog-view-service-router-service.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/fog-view-service-router-servicemonitor.yaml create mode 100644 .internal-ci/helm/fog-view-service/templates/fog-view-service-tls-certificate.yaml create mode 100644 .internal-ci/helm/fog-view-service/values.yaml diff --git a/.github/workflows/mobilecoin-dev-cd.yaml b/.github/workflows/mobilecoin-dev-cd.yaml index d2f01d76d3..135d40b832 100644 --- a/.github/workflows/mobilecoin-dev-cd.yaml +++ b/.github/workflows/mobilecoin-dev-cd.yaml @@ -335,7 +335,8 @@ jobs: - mobilecoind - watcher - fog-report - - fog-view + - fog-view-service + - fog-view-fsg - fog-ledger steps: - name: Checkout diff --git a/.github/workflows/mobilecoin-workflow-dev-deploy.yaml b/.github/workflows/mobilecoin-workflow-dev-deploy.yaml index cb61f15706..48773ba14e 100644 --- a/.github/workflows/mobilecoin-workflow-dev-deploy.yaml +++ b/.github/workflows/mobilecoin-workflow-dev-deploy.yaml @@ -261,10 +261,10 @@ jobs: - consensus-deploy runs-on: mcf-dev-small-x64 steps: - - name: Generate fog-view values file + - name: Generate fog-view-service values file run: | mkdir -p "${VALUES_BASE_PATH}" - cat < "${VALUES_BASE_PATH}/fog-view-values.yaml" + cat < "${VALUES_BASE_PATH}/fog-view-service-values.yaml" image: org: ${{ inputs.docker_image_org }} @@ -273,18 +273,10 @@ jobs: partner: dev fogView: - stackConfig: - network: - default: - shardSize: ${{ inputs.shard_size }} - exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }} + responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com + color: green router: - hosts: - - partner: a - responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com - - partner: b - responderID: fog-b.${{ inputs.namespace }}.development.mobilecoin.com ingress: common: blocklist: @@ -292,17 +284,92 @@ jobs: tls: clusterIssuer: google-public-ca EOF + - name: Deploy fog-view-service + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-deploy + chart_repo: ${{ inputs.chart_repo }} + chart_name: fog-view-service + chart_version: ${{ inputs.version }} + chart_wait_timeout: 10m + chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-service-values.yaml + release_name: fog-view-service + namespace: ${{ inputs.namespace }} + rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} + rancher_url: ${{ secrets.DEV_RANCHER_URL }} + rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }} + + - name: Generate fog-view-fsg-gr-z1 values file + run: | + mkdir -p "${VALUES_BASE_PATH}" + cat < "${VALUES_BASE_PATH}/fog-view-fsg-values-gr-z1.yaml" + image: + org: ${{ inputs.docker_image_org }} + + mobilecoin: + network: ${{ inputs.namespace }} + partner: dev + + fogView: + responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com + color: green + zone: westeurope-1 + + stackConfig: + network: + default: + shardSize: ${{ inputs.shard_size }} + exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }} + EOF + + - name: Deploy fog-view-fsg-gr-z1 + uses: mobilecoinofficial/gha-k8s-toolbox@v1 + with: + action: helm-deploy + chart_repo: ${{ inputs.chart_repo }} + chart_name: fog-view-fsg + chart_version: ${{ inputs.version }} + chart_wait_timeout: 10m + chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-fsg-values-gr-z1.yaml + release_name: fog-view-fsg-gr-z1 + namespace: ${{ inputs.namespace }} + rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} + rancher_url: ${{ secrets.DEV_RANCHER_URL }} + rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }} + + - name: Generate fog-view-fsg-gr-z2 values file + run: | + mkdir -p "${VALUES_BASE_PATH}" + cat < "${VALUES_BASE_PATH}/fog-view-fsg-values-gr-z2.yaml" + image: + org: ${{ inputs.docker_image_org }} + + mobilecoin: + network: ${{ inputs.namespace }} + partner: dev + + fogView: + responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com + color: green + zone: westeurope-2 + + stackConfig: + network: + default: + shardSize: ${{ inputs.shard_size }} + exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }} + EOF - - name: Deploy fog-view + - name: Deploy fog-view-fsg-gr-z2 uses: mobilecoinofficial/gha-k8s-toolbox@v1 with: action: helm-deploy chart_repo: ${{ inputs.chart_repo }} - chart_name: fog-view + chart_name: fog-view-fsg chart_version: ${{ inputs.version }} chart_wait_timeout: 10m - chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-values.yaml - release_name: fog-view + chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-fsg-values-gr-z2.yaml + release_name: fog-view-fsg-gr-z2 namespace: ${{ inputs.namespace }} rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} rancher_url: ${{ secrets.DEV_RANCHER_URL }} diff --git a/.github/workflows/mobilecoin-workflow-dev-test.yaml b/.github/workflows/mobilecoin-workflow-dev-test.yaml index 90664fb353..e24cde78d6 100644 --- a/.github/workflows/mobilecoin-workflow-dev-test.yaml +++ b/.github/workflows/mobilecoin-workflow-dev-test.yaml @@ -314,18 +314,3 @@ jobs: --token-ids 0,8192 \ --fog-hostname fog.${{ inputs.namespace }}.development.mobilecoin.com - - name: Test - block-v3 - fog-test-client fog-b, token ids 0,8192 - if: inputs.testing_block_v3 - uses: mobilecoinofficial/gha-k8s-toolbox@v1 - with: - action: toolbox-exec - ingest_color: ${{ inputs.ingest_color }} - namespace: ${{ inputs.namespace }} - rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }} - rancher_url: ${{ secrets.DEV_RANCHER_URL }} - rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }} - command: | - /test/fog-test-client.sh \ - --key-dir ${{ env.V3_DST_FOG_B_KEYS_DIR }} \ - --token-ids 0,8192 \ - --fog-hostname fog-b.${{ inputs.namespace }}.development.mobilecoin.com diff --git a/.gitignore b/.gitignore index 3d610b6396..18a1154acd 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,5 @@ minting-trust-root* # new cache dir for mob prompt with user sccache .mob/ + +.devcontainer/ diff --git a/.internal-ci/helm/fog-view-fsg/.helmignore b/.internal-ci/helm/fog-view-fsg/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.internal-ci/helm/fog-view-fsg/Chart.yaml b/.internal-ci/helm/fog-view-fsg/Chart.yaml new file mode 100644 index 0000000000..27c6959757 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: fog-view-fsg +description: fog-view fogShardGenerator chart +type: application +version: 0.0.0 +appVersion: "0.0.0" diff --git a/.internal-ci/helm/fog-view-fsg/README.md b/.internal-ci/helm/fog-view-fsg/README.md new file mode 100644 index 0000000000..a23350bad4 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/README.md @@ -0,0 +1,67 @@ +# Fog-View-FSG + +Run a MobileCoin fog-view fogShardGenerator chart + +### Required Values + +You must set the fog view service hostnames and mobilecoin network and partner ids. + +```yaml +mobilecoin: + network: main + partner: mc + +fogView: + color: (blue|green) + zone: + responderID: fog.prod.mobilecoinww.com +``` + +Install chart: + +```bash +helm upgrade fog-view-fsg-blue-z1 mcf-public/fog-view-fsg -i -f values.yaml +``` + +### Required ConfigMaps + +postgresReader example: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: fog-recovery-reader-0-postgresql +data: + postgresql-database: recovery + postgresql-hostname: + postgresql-port: "5432" + postgresql-ssl-options: "?sslmode=verify-full&sslrootcert=/etc/ssl/certs/ca-certificates.crt" + postgresql-username: +``` + +### Required Secrets + +postgresReader example: + +```yaml +apiVersion: v1 +metadata: + name: fog-recovery-reader-0-postgresql +kind: Secret +type: Opaque +stringData: + postgresql-password: +``` +### Optional ConfigMaps + +sentry: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sentry +data: + fog-report-sentry-dsn: +``` diff --git a/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt b/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt new file mode 100644 index 0000000000..905971b4a2 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt @@ -0,0 +1,16 @@ +:::: :::: :::::::: ::::::::: ::::::::::: ::: :::::::::: ++:+:+: :+:+:+ :+: :+: :+: :+: :+: :+: :+: ++:+ +:+:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++#+ +:+ +#+ +#+ +:+ +#++:++#+ +#+ +#+ +#++:++# ++#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+# #+# #+# #+# #+# #+# #+# #+# #+# +### ### ######## ######### ########### ########## ########## + :::::::: :::::::: ::::::::::: :::: ::: +:+: :+: :+: :+: :+: :+:+: :+: ++:+ +:+ +:+ +:+ :+:+:+ +:+ ++#+ +#+ +:+ +#+ +#+ +:+ +#+ ++#+ +#+ +#+ +#+ +#+ +#+#+# +#+# #+# #+# #+# #+# #+# #+#+# + ######## ######## ########### ### #### + +fog-view fogShardGenerator has been deployed. diff --git a/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl b/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl new file mode 100644 index 0000000000..3c112fcae6 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl @@ -0,0 +1,58 @@ +{{- define "containers.sysctl" -}} +- name: sysctl + image: ubuntu:20.04 + command: + - sysctl + - -w + - net.ipv4.tcp_retries2=5 + - net.core.somaxconn=65535 + securityContext: + privileged: true + runAsUser: 0 + runAsNonRoot: False + readOnlyRootFilesystem: true +{{- end -}} + +{{- define "containers.admin-http-gateway" -}} +- name: admin-http-gateway + image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + args: + - /usr/bin/mc-admin-http-gateway + - --listen-host=0.0.0.0 + - --listen-port=8000 + - --admin-uri=insecure-mca://127.0.0.1:8001/ + ports: + - name: mgmt-http + containerPort: 8000 + # securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # runAsNonRoot: true + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true +{{- end -}} + +{{- define "containers.go-grpc-gateway" -}} +- name: grpc-gateway + image: "{{ .Values.image.org }}/go-grpc-gateway:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + command: + - /usr/bin/go-grpc-gateway + - -grpc-server-endpoint=127.0.0.1:{{ .Values.grpcGateway.grpcServicePort }} + - -grpc-insecure + - -http-server-listen=:8200 + - -logtostderr + ports: + - name: gateway-http + containerPort: 8200 + resources: + limits: + cpu: 1 + memory: 256Mi + requests: + cpu: 256m + memory: 256Mi +{{- end -}} diff --git a/.internal-ci/helm/fog-view-fsg/templates/_helpers.tpl b/.internal-ci/helm/fog-view-fsg/templates/_helpers.tpl new file mode 100644 index 0000000000..a73e933a86 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fog-view-fsg.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fog-view-fsg.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fog-view-fsg.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" | trimSuffix "." }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fog-view-fsg.labels" -}} +helm.sh/chart: {{ include "fog-view-fsg.chart" . }} +{{ include "fog-view-fsg.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fog-view-fsg.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fog-view-fsg.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* grpcCookieSalt */}} +{{- define "fog-view-fsg.grpcCookieSalt" -}} +{{- .Values.fogView.router.ingress.common.cookieSalt | default (randAlphaNum 8) }} +{{- end }} + +{{/* stackConfig - get "network" name of fall back to default */}} +{{- define "fog-view-fsg.stackConfig" }} +{{- $networkName := .Values.mobilecoin.network }} +{{- get .Values.fogView.stackConfig.network $networkName | default (get .Values.fogView.stackConfig.network "default") | toYaml }} +{{- end }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/_router.tpl b/.internal-ci/helm/fog-view-fsg/templates/_router.tpl new file mode 100644 index 0000000000..b0c9c15d22 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_router.tpl @@ -0,0 +1,54 @@ +{{- define "fog-view-fsg.router" -}} +{{- $view := .Values.fogView }} +{{- $router := $view.router }} +- name: fog-view-router + image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + args: [ "/usr/bin/fog_view_router" ] + ports: + - name: view-grpc + containerPort: 3225 + startupProbe: + {{- $router.startupProbe | toYaml | nindent 4 }} + livenessProbe: + {{- $router.livenessProbe | toYaml | nindent 4 }} + readinessProbe: + {{- $router.readinessProbe | toYaml | nindent 4 }} + envFrom: + - configMapRef: + name: {{ include "fog-view-fsg.fullname" . }}-router + env: + - name: RUST_BACKTRACE + value: {{ $router.rust.backtrace | quote }} + - name: RUST_LOG + value: {{ $router.rust.log | quote }} + - name: MC_CLIENT_RESPONDER_ID + value: {{ $view.responderID }}:443 + - name: MC_CHAIN_ID + value: {{ .Values.mobilecoin.network }} + - name: MC_CLIENT_LISTEN_URI + value: insecure-fog-view://0.0.0.0:3225/ + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + {{- if eq .Values.jaegerTracing.enabled true }} + - name: MC_TELEMETRY + value: "true" + - name: OTEL_SERVICE_NAME + value: fog-view-router + - name: OTEL_RESOURCE_ATTRIBUTES + value: "deployment.environment={{ .Values.mobilecoin.partner }},deployment.chain_id={{ .Values.mobilecoin.network }}" + - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT + value: http://otel-collector.otel:4317 + {{- end }} + - name: MC_SENTRY_DSN + valueFrom: + configMapKeyRef: + name: sentry + key: fog-view-sentry-dsn + optional: true + # Maps to Sentry Environment + - name: MC_BRANCH + value: {{ .Values.mobilecoin.network }} + resources: + {{- toYaml $router.resources | nindent 4 }} +{{- end -}} diff --git a/.internal-ci/helm/fog-view-fsg/templates/_store.tpl b/.internal-ci/helm/fog-view-fsg/templates/_store.tpl new file mode 100644 index 0000000000..b8ada7237b --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/_store.tpl @@ -0,0 +1,92 @@ +{{- define "fog-view-fsg.store" -}} +{{- $view := .Values.fogView }} +{{- $store := $view.store }} +- name: fog-view-store + image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + args: [ "/usr/bin/fog_view_server" ] + ports: + - name: view-grpc + containerPort: 3225 + livenessProbe: + {{- $store.livenessProbe | toYaml | nindent 4 }} + startupProbe: + {{- $store.startupProbe | toYaml | nindent 4 }} + readinessProbe: + {{- $store.readinessProbe | toYaml | nindent 4 }} + envFrom: + - configMapRef: + name: {{ include "fog-view-fsg.fullname" . }}-store + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RUST_BACKTRACE + value: {{ $store.rust.backtrace | quote }} + - name: RUST_LOG + value: {{ $store.rust.log | quote }} + - name: MC_CHAIN_ID + value: {{ .Values.mobilecoin.network }} + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + # This is looking for the fqdn of the svc that is in front of the store. + - name: MC_CLIENT_LISTEN_URI + value: "insecure-fog-view-store://0.0.0.0:3225/?responder-id=$(POD_NAME).{{ include "fog-view-fsg.fullname" . }}-store.$(POD_NAMESPACE):3225" + - name: MC_CLIENT_RESPONDER_ID + value: "$(POD_NAME).{{ include "fog-view-fsg.fullname" . }}-store.$(POD_NAMESPACE):3225" + - name: MC_ADMIN_LISTEN_URI + value: insecure-mca://127.0.0.1:8001/ + - name: FOGDB_HOST + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-hostname + - name: FOGDB_USER + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-username + - name: FOGDB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $view.externalSecrets.postgresReader.name }} + key: postgres-password + - name: FOGDB_DATABASE + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-database + - name: FOGDB_SSL_OPTIONS + valueFrom: + configMapKeyRef: + name: {{ $view.externalConfigMaps.postgresReader.name }} + key: postgres-ssl-options + - name: DATABASE_URL + value: "postgres://$(FOGDB_USER):$(FOGDB_PASSWORD)@$(FOGDB_HOST)/$(FOGDB_DATABASE)$(FOGDB_SSL_OPTIONS)" + {{- if .Values.jaegerTracing.enabled }} + - name: MC_TELEMETRY + value: "true" + - name: OTEL_SERVICE_NAME + value: fog-view-store + - name: OTEL_RESOURCE_ATTRIBUTES + value: "deployment.environment={{ .Values.mobilecoin.partner }},deployment.chain_id={{ .Values.mobilecoin.network }}" + - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT + value: http://otel-collector.otel:4317 + {{- end }} + - name: MC_SENTRY_DSN + valueFrom: + configMapKeyRef: + name: sentry + key: fog-view-sentry-dsn + optional: true + # Maps to Sentry Environment + - name: MC_BRANCH + value: {{ .Values.mobilecoin.network }} + resources: + {{- toYaml $store.resources | nindent 4 }} +{{- end -}} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-fogshardrangegenerator.yaml new file mode 100644 index 0000000000..07f5553925 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-fogshardrangegenerator.yaml @@ -0,0 +1,132 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $stack := (include "fog-view-fsg.stackConfig" $ | fromYaml) }} +{{- $view := .Values.fogView }} +{{- $zone := $view.zone | required "fogView.zone is required." }} +{{- $color := $view.color | required "fogView.color is required." }} +{{- $responderId := $view.responderID | required "fogView.responderID is required." }} +{{- $router := $view.router }} +{{- $store := $view.store }} +{{- range $stackCount := until (int $stack.count) }} +apiVersion: mc.mobilecoin.com/v1 +kind: FogShardRangeGenerator +metadata: + name: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + labels: + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + color: {{ $view.color }} + {{- include "fog-view-fsg.labels" $ | nindent 4 }} +spec: + shardSize: {{ $stack.shardSize }} + exceedBlockHeightBy: {{ $stack.exceedBlockHeightBy }} + shardOverlap: {{ $stack.shardOverlap }} + blockCountURL: {{ tpl $stack.blockHeightRetrieval.blockCountURL $ | quote }} + blockCountQueryInterval: {{ $stack.blockHeightRetrieval.queryInterval | quote }} + blockCountResponseJQ: {{ $stack.blockHeightRetrieval.responseJQ | quote }} + blockCountReqBody: {{ $stack.blockHeightRetrieval.requestBody | quote }} + router: + templates: + - templateID: view + containerName: fog-view-router + spec: + podManagementPolicy: {{ $router.podManagementPolicy }} + replicas: {{ $router.replicaCount }} + selector: + matchLabels: + app: fog-view-router + color: {{ $view.color }} + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 12 }} + serviceName: {{ include "fog-view-fsg.fullname" $ }}-router-headless + template: + metadata: + annotations: + {{- toYaml $router.podAnnotations | nindent 14 }} + labels: + app: fog-view-router + color: {{ $view.color }} + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + {{- include "fog-view-fsg.labels" $ | nindent 14 }} + spec: + readinessGates: + - conditionType: mobilecoin.com/shards-ready + {{- if $router.affinityEnabled }} + affinity: + podAffinity: + # Prefer Pods to be scheduled on nodes with pods from the same stack. + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: stack + operator: In + values: + - {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + topologyKey: "kubernetes.io/hostname" + weight: 1 + {{- end }} + imagePullSecrets: + {{- toYaml $.Values.imagePullSecrets | nindent 12 }} + initContainers: + {{- include "containers.sysctl" $ | nindent 12 }} + containers: + {{- include "fog-view-fsg.router" $ | nindent 12 }} + {{- include "containers.go-grpc-gateway" $ | nindent 12 }} + {{- include "containers.admin-http-gateway" $ | nindent 12 }} + nodeSelector: + topology.kubernetes.io/zone: {{ $view.zone }} + {{- toYaml $router.nodeSelector | nindent 14 }} + tolerations: + {{- toYaml $router.tolerations | nindent 12 }} + + store: + containerName: fog-view-store + servicePort: 80 + targetPort: view-grpc + spec: + podManagementPolicy: {{ $store.podManagementPolicy }} + replicas: {{ $store.replicaCount }} + selector: + matchLabels: + app: fog-view-store + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + color: {{ $.Values.fogView.color }} + {{- include "fog-view-fsg.selectorLabels" $ | nindent 10 }} + serviceName: {{ include "fog-view-fsg.fullname" $ }}-store + template: + metadata: + annotations: + {{- toYaml $store.podAnnotations | nindent 12 }} + labels: + app: fog-view-store + stack: {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + color: {{ $.Values.fogView.color }} + {{- include "fog-view-fsg.labels" $ | nindent 12 }} + spec: + {{- if $store.affinityEnabled }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: stack + operator: In + values: + - {{ include "fog-view-fsg.fullname" $ }}-{{ $stackCount }} + topologyKey: "kubernetes.io/hostname" + weight: 1 + {{- end }} + imagePullSecrets: + {{- toYaml $.Values.imagePullSecrets | nindent 10 }} + initContainers: + {{- include "containers.sysctl" $ | nindent 12 }} + containers: + {{- include "fog-view-fsg.store" $ | nindent 12 }} + {{- include "containers.admin-http-gateway" $ | nindent 12 }} + nodeSelector: + topology.kubernetes.io/zone: {{ $.Values.fogView.zone }} + {{- toYaml $store.nodeSelector | nindent 12 }} + tolerations: + {{- toYaml $store.tolerations | nindent 10 }} +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-configmap.yaml new file mode 100644 index 0000000000..7e7f2f5596 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-configmap.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-router + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + {{- toYaml .Values.fogView.router.configMap.data | nindent 2 }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-headless-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-headless-service.yaml new file mode 100644 index 0000000000..7a46e032c0 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-router-headless-service.yaml @@ -0,0 +1,25 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-fsg.fullname" $ }}-router-headless + labels: + app: fog-view-router + {{- include "fog-view-fsg.labels" $ | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + selector: + app: fog-view-router + {{- include "fog-view-fsg.selectorLabels" $ | nindent 4 }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: gateway-http + port: 8200 + targetPort: gateway-http +--- diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-configmap.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-configmap.yaml new file mode 100644 index 0000000000..9d7189b1cc --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-configmap.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-store + labels: + {{- include "fog-view-fsg.labels" . | nindent 4 }} +data: + {{- toYaml .Values.fogView.store.configMap.data | nindent 2 }} diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-service.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-service.yaml new file mode 100644 index 0000000000..0621a48270 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-service.yaml @@ -0,0 +1,24 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-store + labels: + app: fog-view-store + {{- include "fog-view-fsg.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + selector: + app: fog-view-store + {{- include "fog-view-fsg.selectorLabels" . | nindent 4 }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: view-http + port: 8225 + targetPort: view-http diff --git a/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-servicemonitor.yaml b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-servicemonitor.yaml new file mode 100644 index 0000000000..c2eceaae22 --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/templates/fog-view-fsg-store-servicemonitor.yaml @@ -0,0 +1,32 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $network := .Values.mobilecoin.network | required "mobilecoin.network is required." }} +{{- $partner := .Values.mobilecoin.partner | required "mobilecoin.partner is required." }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "fog-view-fsg.fullname" . }}-store + labels: + publish: grafana-cloud + app: fog-view-store + {{- include "fog-view-fsg.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: fog-view-store + {{- include "fog-view-fsg.selectorLabels" . | nindent 6 }} + endpoints: + - port: mgmt-http + relabelings: + - targetLabel: network + replacement: {{ $network }} + - targetLabel: partner + replacement: {{ $partner }} + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_stack + targetLabel: view_stack + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_color + targetLabel: color + diff --git a/.internal-ci/helm/fog-view-fsg/values.yaml b/.internal-ci/helm/fog-view-fsg/values.yaml new file mode 100644 index 0000000000..898d5277dd --- /dev/null +++ b/.internal-ci/helm/fog-view-fsg/values.yaml @@ -0,0 +1,213 @@ +imagePullSecrets: +- name: docker-credentials + +# Pods share the image tag. +image: + org: mobilecoin + name: fogview + tag: '' # Overrides the image tag whose default is the chart appVersion. + +# Mobilecoin network instance +mobilecoin: + network: '' + partner: '' + +fogView: + # Affinity to a specific topology.kubernetes.io/zone= label value. + # zone will be "region-zoneId" format like "italynorth-1" + zone: '' + # color label of the fogShardGenerator stack. blue|green + color: 'blue' + ### fog-ledger-router public hostnames (client responder ID) + responderID: '' + + stackConfig: + network: + # Assume default is a dev network. We can always define a "network" value if needed. + default: + shardSize: 20_000 + exceedBlockHeightBy: 5_000 + shardOverlap: 0 + count: 2 + blockHeightRetrieval: + blockCountURL: 'https://node1.{{ .Release.Namespace }}.development.mobilecoin.com/gw/consensus_common.BlockchainAPI/GetLastBlockInfo' + responseJQ: '.index' + queryInterval: 1m + requestBody: '' + test: + shardSize: 400_000 + exceedBlockHeightBy: 10_000 + shardOverlap: 0 + count: 2 + blockHeightRetrieval: + blockCountURL: https://node1.test.mobilecoin.com/gw/consensus_common.BlockchainAPI/GetLastBlockInfo + responseJQ: '.index' + queryInterval: 5m + requestBody: '' + main: + shardSize: 400_000 + exceedBlockHeightBy: 10_000 + shardOverlap: 0 + count: 3 + blockHeightRetrieval: + blockCountURL: https://node1.prod.mobilecoinww.com/gw/consensus_common.BlockchainAPI/GetLastBlockInfo + responseJQ: '.index' + queryInterval: 5m + requestBody: '' + + router: + replicaCount: 1 + + resources: + limits: + sgx.intel.com/epc: 512Ki + memory: 3Gi + requests: + sgx.intel.com/epc: 512Ki + memory: 3Gi + cpu: 1100m + + nodeSelector: + dcap: 'true' + + tolerations: + - key: dcap + operator: Equal + value: 'true' + effect: NoSchedule + + podManagementPolicy: Parallel + affinityEnabled: true + + rust: + backtrace: full + log: info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,reqwest=warn,rusoto_core=error,rusoto_signature=error,h2=error,rocket=warn,=warn + + podAnnotations: + fluentbit.io/include: 'true' # collect logs with fluentbit + # This is the container name that needs to use sgx resources + sgx.intel.com/quote-provider: fog-view-router + + configMap: + data: + PLACEHOLDER: 'empty' + + startupProbe: + grpc: + port: 3225 + failureThreshold: 240 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + + livenessProbe: + grpc: + port: 3225 + failureThreshold: 5 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + + readinessProbe: + grpc: + port: 3225 + failureThreshold: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + store: + replicaCount: 1 + + rust: + backtrace: full + log: info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,reqwest=warn,rusoto_core=error,rusoto_signature=error,h2=error,rocket=warn,=warn + + podAnnotations: + fluentbit.io/include: 'true' # collect logs with fluentbit + # This is the container name that needs to use sgx resources + sgx.intel.com/quote-provider: fog-view-store + + # disable affinity rules for single node testing + podManagementPolicy: Parallel + affinityEnabled: true + + resources: + limits: + sgx.intel.com/epc: 512Ki + memory: 5Gi + requests: + sgx.intel.com/epc: 512Ki + memory: 5Gi + cpu: 1100m + + nodeSelector: + dcap: 'true' + + tolerations: + - key: dcap + operator: Equal + value: 'true' + effect: NoSchedule + + configMap: + data: + # https://docs.diesel.rs/diesel/r2d2/struct.Builder.html + # POSTGRES_IDLE_TIMEOUT: '60' + # POSTGRES_MAX_LIFETIME: '120' + POSTGRES_CONNECTION_TIMEOUT: '5' + POSTGRES_MAX_CONNECTIONS: '3' + MC_OMAP_CAPACITY: '4194304' + + livenessProbe: + grpc: + port: 3225 + failureThreshold: 5 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + + startupProbe: + grpc: + port: 3225 + failureThreshold: 480 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + + readinessProbe: + grpc: + port: 3225 + failureThreshold: 2 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + + ### These configmaps and secrets must be deployed by external process to the namespace. + # override the name of the required configmaps + externalConfigMaps: + # Sentry is Optional + sentry: + name: sentry + ### required keys: + # fog-view-sentry-dsn + postgresReader: + name: fog-recovery-reader-0-postgresql + ### required keys: + # postgresql-ssl-options + # postgresql-database + # postgresql-username + # postgresql-hostname + + # override the name of the required secrets + externalSecrets: + postgresReader: + name: fog-recovery-reader-0-postgresql + ### required keys: + # postgresql-password + +grpcGateway: + grpcServicePort: 3225 + +jaegerTracing: + enabled: false diff --git a/.internal-ci/helm/fog-view-service/.helmignore b/.internal-ci/helm/fog-view-service/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/.internal-ci/helm/fog-view-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.internal-ci/helm/fog-view-service/Chart.yaml b/.internal-ci/helm/fog-view-service/Chart.yaml new file mode 100644 index 0000000000..0090451eb6 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: fog-view-service +description: MobileCoin Fog View service stack. +type: application +version: 0.0.0 +appVersion: "0.0.0" diff --git a/.internal-ci/helm/fog-view-service/README.md b/.internal-ci/helm/fog-view-service/README.md new file mode 100644 index 0000000000..976f7f4119 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/README.md @@ -0,0 +1,23 @@ +# Fog-View-Service + +Run a MobileCoin fog-view instance. + +### Required Values + +You must set the fog view service hostnames and mobilecoin network and partner ids. + +```yaml +mobilecoin: + network: main + partner: mc + +fogView: + responderID: fog..development.mobilecoin.com + color: blue +``` + +Install chart: + +```bash +helm upgrade fog-view-service mcf-public/fog-view-service -i -f values.yaml +``` diff --git a/.internal-ci/helm/fog-view-service/templates/NOTES.txt b/.internal-ci/helm/fog-view-service/templates/NOTES.txt new file mode 100644 index 0000000000..e85bfc0ddc --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/NOTES.txt @@ -0,0 +1,16 @@ +:::: :::: :::::::: ::::::::: ::::::::::: ::: :::::::::: ++:+:+: :+:+:+ :+: :+: :+: :+: :+: :+: :+: ++:+ +:+:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++#+ +:+ +#+ +#+ +:+ +#++:++#+ +#+ +#+ +#++:++# ++#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+# #+# #+# #+# #+# #+# #+# #+# #+# +### ### ######## ######### ########### ########## ########## + :::::::: :::::::: ::::::::::: :::: ::: +:+: :+: :+: :+: :+: :+:+: :+: ++:+ +:+ +:+ +:+ :+:+:+ +:+ ++#+ +#+ +:+ +#+ +#+ +:+ +#+ ++#+ +#+ +#+ +#+ +#+ +#+#+# +#+# #+# #+# #+# #+# #+# #+#+# + ######## ######## ########### ### #### + +fog-view-service has been deployed. diff --git a/.internal-ci/helm/fog-view-service/templates/_helpers.tpl b/.internal-ci/helm/fog-view-service/templates/_helpers.tpl new file mode 100644 index 0000000000..03c3657461 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fog-view-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fog-view-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fog-view-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" | trimSuffix "." }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fog-view-service.labels" -}} +helm.sh/chart: {{ include "fog-view-service.chart" . }} +{{ include "fog-view-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fog-view-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fog-view-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* grpcCookieSalt */}} +{{- define "fog-view-service.grpcCookieSalt" -}} +{{- .Values.fogView.router.ingress.common.cookieSalt | default (randAlphaNum 8) }} +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml new file mode 100644 index 0000000000..6c423f44b5 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-grpc-ingress.yaml @@ -0,0 +1,34 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +{{- $responderId := .Values.fogView.responderID | required "fogView.responderID is required." }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "fog-view-service.fullname" . }}-router-grpc + labels: + app: fog-view + {{- include "fog-view-service.labels" . | nindent 4 }} + annotations: + {{- if .Values.fogView.router.ingress.common.blocklist.enabled }} + haproxy.org/blacklist: {{ .Values.fogView.router.ingress.common.blocklist.pattern }} + {{- end }} + {{ toYaml (tpl .Values.fogView.router.ingress.common.annotations . | fromYaml) | nindent 4 }} + {{ toYaml (tpl .Values.fogView.router.ingress.grpc.annotations . | fromYaml) | nindent 4 }} +spec: + tls: + - hosts: + - {{ $responderId }} + secretName: {{ include "fog-view-service.fullname" . }}-tls + rules: + - host: {{ $responderId }} + http: + paths: + - path: /fog_view.FogViewAPI + pathType: Prefix + backend: + service: + name: {{ include "fog-view-service.fullname" . }}-router + port: + name: view-grpc +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml new file mode 100644 index 0000000000..f60f89c080 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-http-ingress.yaml @@ -0,0 +1,34 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +{{- $responderId := .Values.fogView.responderID | required "fogView.responderID is required." }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "fog-view-service.fullname" $ }}-router-http + labels: + app: fog-view + {{- include "fog-view-service.labels" . | nindent 4 }} + annotations: + {{- if .Values.fogView.router.ingress.common.blocklist.enabled }} + haproxy.org/blacklist: {{ .Values.fogView.router.ingress.common.blocklist.pattern }} + {{- end }} + {{ toYaml (tpl .Values.fogView.router.ingress.common.annotations . | fromYaml) | nindent 4 }} + {{ toYaml (tpl .Values.fogView.router.ingress.http.annotations . | fromYaml) | nindent 4 }} +spec: + tls: + - hosts: + - {{ $responderId }} + secretName: {{ include "fog-view-service.fullname" . }}-tls + rules: + - host: {{ $responderId }} + http: + paths: + - path: /gw/fog_view.FogViewAPI + pathType: Prefix + backend: + service: + name: {{ include "fog-view-service.fullname" . }}-router + port: + name: gateway-http +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-service.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-service.yaml new file mode 100644 index 0000000000..2edab456c0 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-service.yaml @@ -0,0 +1,24 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fog-view-service.fullname" . }}-router + labels: + app: fog-view-router + {{- include "fog-view-service.labels" . | nindent 4 }} +spec: + type: ClusterIP + selector: + app: fog-view-router + color: {{ .Values.fogView.color }} + ports: + - name: view-grpc + port: 3225 + targetPort: view-grpc + - name: mgmt-http + port: 8000 + targetPort: mgmt-http + - name: gateway-http + port: 8200 + targetPort: gateway-http +--- diff --git a/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-servicemonitor.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-servicemonitor.yaml new file mode 100644 index 0000000000..ed691407b6 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-router-servicemonitor.yaml @@ -0,0 +1,32 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- $network := .Values.mobilecoin.network | required "mobilecoin.network is required." }} +{{- $partner := .Values.mobilecoin.partner | required "mobilecoin.partner is required." }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "fog-view-service.fullname" . }}-router + labels: + publish: grafana-cloud + app: fog-view-router + {{- include "fog-view-service.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: fog-view-router + {{- include "fog-view-service.selectorLabels" . | nindent 6 }} + endpoints: + - port: mgmt-http + relabelings: + - targetLabel: network + replacement: {{ $network }} + - targetLabel: partner + replacement: {{ $partner }} + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_stack + targetLabel: view_stack + - action: replace + sourceLabels: + - __meta_kubernetes_pod_label_color + targetLabel: color +--- diff --git a/.internal-ci/helm/fog-view-service/templates/fog-view-service-tls-certificate.yaml b/.internal-ci/helm/fog-view-service/templates/fog-view-service-tls-certificate.yaml new file mode 100644 index 0000000000..43ac28bec9 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/templates/fog-view-service-tls-certificate.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2023 The MobileCoin Foundation +{{- if .Values.fogView.router.ingress.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "fog-view-service.fullname" . }}-tls + labels: + {{- include "fog-view-service.labels" . | nindent 4 }} +spec: + secretName: {{ include "fog-view-service.fullname" . }}-tls + privateKey: + size: 2048 + algorithm: RSA + encoding: PKCS1 + dnsNames: + - {{ .Values.fogView.responderID }} + issuerRef: + name: {{ .Values.fogView.router.ingress.common.tls.clusterIssuer }} + kind: ClusterIssuer +--- +{{- end }} diff --git a/.internal-ci/helm/fog-view-service/values.yaml b/.internal-ci/helm/fog-view-service/values.yaml new file mode 100644 index 0000000000..e9cfaf99c9 --- /dev/null +++ b/.internal-ci/helm/fog-view-service/values.yaml @@ -0,0 +1,40 @@ +# Mobilecoin network instance +mobilecoin: + network: '' + partner: '' + +fogView: + # external hostname for the fog-view service + responderID: '' + # color label of the fogShardGenerator stack. blue|green + color: blue + + router: + ingress: + enabled: true + common: + # Set a static salt for the dynamic cookie. See helpers for more info. + # cookieSalt: '' + tls: + clusterIssuer: letsencrypt-production-http + blocklist: + enabled: true + pattern: patterns/blocked-countries + annotations: |- + haproxy.org/server-ssl: "false" # The backend (server) is http + haproxy.org/timeout-client: 239s # 4 min timeout on azure + haproxy.org/timeout-server: 239s + haproxy.org/timeout-http-keep-alive: 120s + haproxy.org/abortonclose: "true" + haproxy.org/backend-config-snippet: |- + http-reuse aggressive + dynamic-cookie-key {{ include "fog-view-service.grpcCookieSalt" . }} + cookie VIEW insert indirect nocache dynamic + + grpc: + annotations: |- + haproxy.org/server-proto: "h2" # Force GRPC/H2 mode + + http: + annotations: |- + haproxy.org/path-rewrite: '/gw/(.*) /\1' # Strip the /gw prefix