feat: add k8s manifests

zkemail · Apr 4, 2024 · 6f154f5 · 6f154f5
1 parent dce9d19
commit 6f154f5
Show file tree

Hide file tree

Showing 9 changed files with 222 additions and 11 deletions.
diff --git a/kubernetes/db.yml b/kubernetes/db.yml
@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-secret-email-auth
+  namespace: email-auth
+  labels:
+    app: postgres-email-auth
+type: Opaque
+data:
+  POSTGRES_DB:
+  POSTGRES_USER:
+  POSTGRES_PASSWORD:
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-pvc-email-auth
+  namespace: email-auth
+  labels:
+    app: postgres-email-auth
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: standard
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-email-auth
+  namespace: email-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres-email-auth
+  template:
+    metadata:
+      labels:
+        app: postgres-email-auth
+    spec:
+      containers:
+        - name: postgres-email-auth
+          image: postgres:latest
+          imagePullPolicy: "IfNotPresent"
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - secretRef:
+                name: postgres-secret-email-auth
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgredb
+              subPath: data
+      volumes:
+        - name: postgredb
+          persistentVolumeClaim:
+            claimName: postgres-pvc-email-auth
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-email-auth
+  namespace: email-auth
+  labels:
+    app: postgres-email-auth
+spec:
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+  selector:
+    app: postgres-email-auth
diff --git a/kubernetes/ingress.yml b/kubernetes/ingress.yml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: managed-cert-ingress-email-auth
+  annotations:
+    kubernetes.io/ingress.global-static-ip-name: k8s-email-auth-ip
+    networking.gke.io/managed-certificates: managed-cert-email-auth
+    ingressClassName: "gce"
+spec:
+  rules:
+    - host: auth.prove.email
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: relayer-svc-email-auth
+                port:
+                  number: 443
diff --git a/kubernetes/managed-cert.yml b/kubernetes/managed-cert.yml
@@ -0,0 +1,8 @@
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: managed-cert-email-auth
+  namespace: email-auth
+spec:
+  domains:
+    - auth.prove.email
diff --git a/kubernetes/relayer.yml b/kubernetes/relayer.yml
@@ -0,0 +1,111 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: relayer-config-email-auth
+  labels:
+    app: relayer-email-auth
+data:
+  EMAIL_ACCOUNT_RECOVERY_VERSION_ID: ""
+  CHAIN_RPC_PROVIDER: ""
+  CHAIN_RPC_EXPLORER: ""
+  CHAIN_ID: ""
+  WEB_SERVER_ADDRESS: ""
+  CIRCUITS_DIR_PATH: ""
+  EMAIL_TEMPLATES_PATH: ""
+  CANISTER_ID: ""
+  IC_REPLICA_URL: ""
+  JSON_LOGGER: ""
+  PEM_PATH: ""
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: relayer-secret-email-auth
+  labels:
+    app: relayer-email-auth
+type: Opaque
+data:
+  PRIVATE_KEY:
+  DATABASE_URL:
+  IMAP_DOMAIN_NAME:
+  IMAP_PORT:
+  AUTH_TYPE:
+  SMTP_DOMAIN_NAME:
+  LOGIN_ID:
+  LOGIN_PASSWORD:
+  PROVER_ADDRESS:
+  ICPEM:
+
+---
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  name: relayer-email-auth
+  labels:
+    app: relayer-email-auth
+spec:
+  replicas: 1 # Number of initial replicas
+  selector:
+    matchLabels:
+      app: relayer-email-auth
+  template:
+    metadata:
+      labels:
+        app: relayer-email-auth
+    spec:
+      containers:
+        - name: relayer-container-email-auth
+          image: bisht13/relayer:latest
+          ports:
+            - containerPort: 4500
+          envFrom:
+            - configMapRef:
+                name: relayer-config-email-auth
+            - secretRef:
+                name: relayer-secret-email-auth
+          resources:
+            requests:
+              memory: "8Gi"
+              cpu: "4"
+            limits:
+              memory: "16Gi"
+              cpu: "8"
+          livenessProbe:
+            httpGet:
+              path: /api/echo
+              port: 4500
+            initialDelaySeconds: 60
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /api/echo
+              port: 4500
+            initialDelaySeconds: 60
+            periodSeconds: 30
+          volumeMounts:
+            - name: pem-volume
+              mountPath: "/relayer/packages/relayer/.ic.pem"
+              subPath: ".ic.pem"
+          command: ["/bin/sh", "-c", "sleep infinity"]
+      volumes:
+        - name: pem-volume
+          secret:
+            secretName: relayer-secret-email-auth
+            items:
+              - key: ICPEM
+                path: ".ic.pem"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: relayer-svc-email-auth
+spec:
+  selector:
+    app: relayer-email-auth
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 4500
+  type: ClusterIP
diff --git a/packages/relayer/.env.example b/packages/relayer/.env.example
@@ -12,15 +12,11 @@ SMTP_DOMAIN_NAME=smtp.gmail.com
 LOGIN_ID=                    # IMAP login id - usually your email address.
 LOGIN_PASSWORD=""         # IMAP password - usually your email password.
 
-PROVER_LOCATION=local         # Keep this local for running the prover locally.
 PROVER_ADDRESS="https://zkemail--email-wallet-relayer-v1-1-flask-app-dev.modal.run"
 
 DATABASE_URL= "postgres://test@localhost/emailauth_test"
-RELAYER_EMAIL_ADDR=
-RELAYER_HOSTNAME="example.com"
 WEB_SERVER_ADDRESS="127.0.0.1:4500"
 CIRCUITS_DIR_PATH=  #Path to email-wallet/packages/circuits
-INPUT_FILES_DIR_PATH=  #Path to email-wallet/packages/relayer/input_files
 EMAIL_TEMPLATES_PATH=  #Path to email templates, e.g. ./packages/relayer/eml_templates/
 
 CANISTER_ID="q7eci-dyaaa-aaaak-qdbia-cai"

diff --git a/packages/relayer/src/config.rs b/packages/relayer/src/config.rs
@@ -17,7 +17,6 @@ pub struct RelayerConfig {
     pub chain_id: u32,
     pub private_key: String,
     pub email_account_recovery_version_id: u8,
-    pub input_files_dir: String,
     pub email_templates: String,
 }
 
@@ -55,8 +54,6 @@ impl RelayerConfig {
             password: env::var(LOGIN_PASSWORD_KEY).unwrap(),
         };
 
-        let input_files_dir = env::var(INPUT_FILES_DIR_KEY).unwrap();
-
         Self {
             imap_config,
             smtp_config,
@@ -72,7 +69,6 @@ impl RelayerConfig {
                 .unwrap()
                 .parse()
                 .unwrap(),
-            input_files_dir,
             email_templates: env::var(EMAIL_TEMPLATES_PATH_KEY).unwrap(),
         }
     }

diff --git a/packages/relayer/src/lib.rs b/packages/relayer/src/lib.rs
@@ -44,7 +44,6 @@ pub static CHAIN_ID: OnceLock<u32> = OnceLock::new();
 pub static EMAIL_ACCOUNT_RECOVERY_VERSION_ID: OnceLock<u8> = OnceLock::new();
 pub static CHAIN_RPC_PROVIDER: OnceLock<String> = OnceLock::new();
 pub static CHAIN_RPC_EXPLORER: OnceLock<String> = OnceLock::new();
-pub static INPUT_FILES_DIR: OnceLock<String> = OnceLock::new();
 pub static EMAIL_TEMPLATES: OnceLock<String> = OnceLock::new();
 pub static RELAYER_EMAIL_ADDRESS: OnceLock<String> = OnceLock::new();
 
@@ -94,7 +93,6 @@ pub async fn run(
     EMAIL_ACCOUNT_RECOVERY_VERSION_ID
         .set(config.email_account_recovery_version_id)
         .unwrap();
-    INPUT_FILES_DIR.set(config.input_files_dir).unwrap();
     EMAIL_TEMPLATES.set(config.email_templates).unwrap();
     RELAYER_EMAIL_ADDRESS
         .set(config.smtp_config.id.clone())

diff --git a/packages/relayer/src/modules/web_server/server.rs b/packages/relayer/src/modules/web_server/server.rs
@@ -22,6 +22,10 @@ pub async fn run_server(
     let tx_event_consumer_recovery = tx_event_consumer.clone();
 
     let mut app = Router::new()
+        .route(
+            "/api/echo",
+            axum::routing::get(move || async move { "Hello, world!" }),
+        )
         .route(
             "/api/requestStatus",
             axum::routing::get(move |payload: String| async move {

diff --git a/packages/relayer/src/utils/strings.rs b/packages/relayer/src/utils/strings.rs
@@ -19,7 +19,6 @@ pub const CHAIN_RPC_EXPLORER_KEY: &str = "CHAIN_RPC_EXPLORER";
 pub const PRIVATE_KEY_KEY: &str = "PRIVATE_KEY";
 pub const CHAIN_ID_KEY: &str = "CHAIN_ID";
 pub const EMAIL_ACCOUNT_RECOVERY_VERSION_ID_KEY: &str = "EMAIL_ACCOUNT_RECOVERY_VERSION_ID";
-pub const INPUT_FILES_DIR_KEY: &str = "INPUT_FILES_DIR_PATH";
 pub const EMAIL_TEMPLATES_PATH_KEY: &str = "EMAIL_TEMPLATES_PATH";
 
 // Log strings