From daf5530bf2644589f31fb2f18d38df1e733a2d98 Mon Sep 17 00:00:00 2001 From: Ankur Dubey Date: Tue, 11 Jun 2024 20:03:23 +0400 Subject: [PATCH 1/8] Create pull_request_template.md --- pull_request_template.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 pull_request_template.md diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..a6618b7 --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,9 @@ +## Describe your changes + +## Issue ticket number and link + +## Checklist before requesting a review +- [ ] I have performed a self-review of my code +- [ ] If it is a core feature, I have added thorough tests. +- [ ] Do we need to implement analytics? +- [ ] Will this be part of a product update? If yes, please write one phrase about this update. From 304ca8851e07dbacb32ff84d31d079d916d413a2 Mon Sep 17 00:00:00 2001 From: Takwa Date: Thu, 11 Jul 2024 16:26:58 +0200 Subject: [PATCH 2/8] ci: helm charts and github action workflows --- .github/workflows/pr.yaml | 61 ++++++++++++ .github/workflows/release.yaml | 87 +++++++++++++++++ .github/workflows/test.yml | 35 ------- k8s/Chart.yaml | 24 +++++ k8s/deploy_prod.sh | 19 ++++ k8s/templates/_helpers.tpl | 76 +++++++++++++++ k8s/templates/configmap-dd.yaml | 11 +++ k8s/templates/configmap.yaml | 12 +++ k8s/templates/cron.yaml | 40 ++++++++ k8s/templates/deployment.yaml | 111 ++++++++++++++++++++++ k8s/templates/hpa.yaml | 14 +++ k8s/templates/ingress.yaml | 29 ++++++ k8s/templates/secret.yaml | 17 ++++ k8s/templates/svc.yaml | 14 +++ k8s/values.prod.yaml | 160 ++++++++++++++++++++++++++++++++ 15 files changed, 675 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/pr.yaml create mode 100644 .github/workflows/release.yaml delete mode 100644 .github/workflows/test.yml create mode 100644 k8s/Chart.yaml create mode 100755 k8s/deploy_prod.sh create mode 100644 k8s/templates/_helpers.tpl create mode 100644 k8s/templates/configmap-dd.yaml create mode 100644 k8s/templates/configmap.yaml create mode 100644 k8s/templates/cron.yaml create mode 100644 k8s/templates/deployment.yaml create mode 100644 k8s/templates/hpa.yaml create mode 100644 k8s/templates/ingress.yaml create mode 100644 k8s/templates/secret.yaml create mode 100644 k8s/templates/svc.yaml create mode 100644 k8s/values.prod.yaml diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 0000000..940d985 --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,61 @@ +name: PR +on: + pull_request: + branches: + - '*' + +jobs: + test: + name: cargo test + runs-on: ubuntu-latest + services: + mongodb: + image: mongo:latest + ports: + - 27017:27017 + options: >- + --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'" + --health-interval=30s + --health-timeout=10s + --health-retries=10 + redis: + image: redis:latest + ports: + - 6379:6379 + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + - run: cargo test --all-features + env: + BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} + COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} + COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} + environment: Testing + + container_img_build_push_gar: + needs: [test] + # Allow the job to fetch a GitHub ID token + permissions: + id-token: write + contents: read + # The plan is to build and push each docker image in parallel. + strategy: + matrix: + image: + - us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + # {owner}/{repo}/.github/workflows/{filename}@{ref} + uses: bcnmy/devops/.github/workflows/container_img_build_push_gar.yaml@master + with: + image: ${{ matrix.image }} + dockerfile: Dockerfile + # GCP project where the identity provider is + # gcloud projects describe prj-workload-identity-001 + gcp_project_number: '766873424314' + gcp_pool_id: 'pool-id-github-actions' + # gcp_provider_id: 'ga-GITHUB_REPO_NAME' + gcp_provider_id: 'ga-reflux' + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux' + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..01e5f09 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,87 @@ + name: Version_Release + on: + push: + tags: + - v0.** + jobs: + # test: + # name: cargo test + # runs-on: ubuntu-latest + # services: + # mongodb: + # image: mongo:latest + # ports: + # - 27017:27017 + # options: >- + # --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'" + # --health-interval=30s + # --health-timeout=10s + # --health-retries=10 + # redis: + # image: redis:latest + # ports: + # - 6379:6379 + # steps: + # - uses: actions/checkout@v4 + # - uses: dtolnay/rust-toolchain@stable + # - uses: Swatinem/rust-cache@v2 + # - run: cargo test --all-features + # env: + # BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} + # COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} + # COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} + # environment: Testing + + container_img_build_push_gar: + # needs: [test] + # Allow the job to fetch a GitHub ID token + permissions: + id-token: write + contents: read + # The plan is to build and push each docker image in parallel. + strategy: + matrix: + image: + - us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + # {owner}/{repo}/.github/workflows/{filename}@{ref} + uses: bcnmy/devops/.github/workflows/container_img_build_push_gar.yaml@master + with: + image: ${{ matrix.image }} + dockerfile: Dockerfile + # GCP project where the identity provider is + # gcloud projects describe prj-workload-identity-001 + gcp_project_number: '766873424314' + gcp_pool_id: 'pool-id-github-actions' + # gcp_provider_id: 'ga-GITHUB_REPO_NAME' + gcp_provider_id: 'ga-reflux' + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux' + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' + + deploy_prod: + needs: [container_img_build_push_gar] + # Allow the job to fetch a GitHub ID token + # runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + uses: bcnmy/devops/.github/workflows/deploy_to_gke.yaml@master + with: + environment: 'prod' + # GCP project where the identity provider is + # gcloud projects describe prj-workload-identity-001 + gcp_project_number: '766873424314' + gcp_project_id: 'biconomy-prod' + gcp_bastion: '' + gcp_bastion_zone: '' + gcp_pool_id: 'pool-id-github-actions' + # created by devops/gcp/github-actions/configure_workload_identity_federation_with_github_actions_pipelines.sh + # gcp_provider_id: 'ga-GITHUB_REPO_NAME' + gcp_provider_id: 'ga-reflux' + # SERVICE_ACCOUNT_EMAIL="${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com" + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' + gcp_cluster_name: 'biconomy-prod' + gcp_cluster_location: 'us-east1' + use_internal_ip: false + deploy_command: './k8s/deploy_prod.sh ${GITHUB_REF:10}' \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 49d1503..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Test Suite -on: [ pull_request, push ] - -jobs: - test: - name: cargo test - runs-on: ubuntu-latest - services: - mongodb: - image: mongo:latest - ports: - - 27017:27017 - options: >- - --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'" - --health-interval=30s - --health-timeout=10s - --health-retries=10 - redis: - image: redis:latest - ports: - - 6379:6379 - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - - uses: Swatinem/rust-cache@v2 - - run: cargo test --all-features - env: - BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} - COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} - COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} - ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }} - ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} - MONGO_URL: ${{ secrets.MONGO_URL }} - REDIS_URL: ${{ secrets.REDIS_URL }} - environment: Testing diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml new file mode 100644 index 0000000..343bfec --- /dev/null +++ b/k8s/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: reflux +description: A Helm chart for reflux deployed on Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.1" diff --git a/k8s/deploy_prod.sh b/k8s/deploy_prod.sh new file mode 100755 index 0000000..b95a659 --- /dev/null +++ b/k8s/deploy_prod.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +GIT_ROOT=$(git rev-parse --show-toplevel) +SCRIPT_DIR="${GIT_ROOT}"/k8s + +IMAGE_TAG=$1 + +if [[ -z "${IMAGE_TAG}" ]] ; then + IMAGE_TAG=latest +fi + +time helm upgrade reflux "${SCRIPT_DIR}" \ + --install \ + --wait \ + --atomic \ + --values "${SCRIPT_DIR}/values.prod.yaml" \ + --set-string namespace=reflux \ + --set image_tag="${IMAGE_TAG}" \ + --namespace reflux \ No newline at end of file diff --git a/k8s/templates/_helpers.tpl b/k8s/templates/_helpers.tpl new file mode 100644 index 0000000..46e9917 --- /dev/null +++ b/k8s/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "reflux.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +DD-Trace lables and annotations +*/}} +{{- define "datadog.datatrace" -}} +tags.us5.datadoghq.com/env: {{ .Values.datadog.env }} +tags.us5.datadoghq.com/service: {{ .Values.datadog.service }} +tags.us5.datadoghq.com/version: {{ .Values.datadog.version }} +{{- end }} + +{{- define "datadog.datatrace-admission" -}} +admission.us5.datadoghq.com/config.mode: socket +admission.us5.datadoghq.com/enabled: "true" +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "reflux.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "reflux.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "reflux.labels" -}} +helm.sh/chart: {{ include "reflux.chart" . }} +{{ include "reflux.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "reflux.selectorLabels" -}} +app.kubernetes.io/name: {{ include "reflux.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "reflux.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "reflux.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/k8s/templates/configmap-dd.yaml b/k8s/templates/configmap-dd.yaml new file mode 100644 index 0000000..9e8dc6a --- /dev/null +++ b/k8s/templates/configmap-dd.yaml @@ -0,0 +1,11 @@ +{{- if .Values.datadog.enable }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }}-dd-configmap + namespace: {{ .Values.namespace }} +data: +{{- range $key, $value := .Values.datadog.configs }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/k8s/templates/configmap.yaml b/k8s/templates/configmap.yaml new file mode 100644 index 0000000..3ef12e6 --- /dev/null +++ b/k8s/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "reflux.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.config }} + {{ $key }}: | + {{ $value | quote }} +{{- end }} diff --git a/k8s/templates/cron.yaml b/k8s/templates/cron.yaml new file mode 100644 index 0000000..81eee5a --- /dev/null +++ b/k8s/templates/cron.yaml @@ -0,0 +1,40 @@ +kind: CronJob +metadata: + name: {{ .Values.name }}-indexer + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.name }} + {{- include "reflux.labels" . | nindent 4 }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 4 }} + {{- end }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + jobTemplate: + spec: + template: + metadata: + labels: + app: {{ .Values.name }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 8 }} + {{- include "datadog.datatrace-admission" $ | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.name }} + image: {{ .Values.image_name }}:{{ .Values.image_tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: + {{- range .Values.cronjob.command }} + - {{ . }} + {{- end }} + volumeMounts: + - name: config-volume + mountPath: /home/nonroot/reflux/config.yaml + subPath: config.yaml + restartPolicy: {{ .Values.cronjob.restartPolicy }} + volumes: + - name: config-volume + configMap: + name: {{ .Values.name }} diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml new file mode 100644 index 0000000..16b05f8 --- /dev/null +++ b/k8s/templates/deployment.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.name }}-solver + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.name }} + {{- include "reflux.labels" . | nindent 4 }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replica }} + selector: + matchLabels: + app: {{ .Values.name }} + template: + metadata: + labels: + app: {{ .Values.name }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 8 }} + {{- include "datadog.datatrace-admission" $ | nindent 8 }} + {{- end }} + annotations: + releaseTime: {{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC"| quote }} + {{- if .Values.datadog.enable }} + admission.us5.datadoghq.com/js-lib.version: {{ .Values.datadog.lib_version }} + {{- end }} + spec: + {{- if .Values.affinity }} + affinity: + {{- if .Values.affinity.antiAffinity }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ .Values.name }} + topologyKey: {{ .Values.affinity.antiAffinity.topologyKey }} + weight: {{ .Values.affinity.antiAffinity.weight }} + {{- end }} + {{- if .Values.affinity.affinityTolerations }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .Values.affinity.affinityTolerations.key }} + operator: In + values: + - {{ .Values.affinity.affinityTolerations.values }} + tolerations: + - effect: NoSchedule + key: {{ .Values.affinity.affinityTolerations.key }} + operator: Equal + value: {{ .Values.affinity.affinityTolerations.values }} + {{- end }} + {{- end }} + containers: + - name: {{ .Values.name }} + image: {{ .Values.image_name }}:{{ .Values.image_tag }} + command: [ "reflux", "--solver", "--config", "/home/nonroot/reflux/config.yaml" ] + imagePullPolicy: {{ .Values.imagePullPolicy }} + ports: + - containerPort: {{ .Values.port }} + envFrom: + - secretRef: + name: {{ .Values.name }} + {{- if .Values.datadog.enable }} + - configMapRef: + name: {{ .Values.name }}-dd-configmap + {{- end }} + {{- if .Values.datadog.enable }} + volumeMounts: + - mountPath: /var/run/datadog + name: apmsocketpath + - name: config-volume + mountPath: /home/nonroot/reflux/config.yaml + subPath: config.yaml + {{- end }} + {{- if .Values.probes }} + livenessProbe: + httpGet: + path: {{ .Values.probes.healthEndpoint }} + port: {{ .Values.port }} +{{ toYaml .Values.probes.liveness | indent 10 }} + readinessProbe: + httpGet: + path: {{ .Values.probes.healthEndpoint }} + port: {{ .Values.port }} +{{ toYaml .Values.probes.readiness | indent 10 }} + {{- end }} + resources: + requests: + memory: {{ .Values.resource.requests.memory }} + cpu: {{ .Values.resource.requests.cpu }} + limits: + memory: {{ .Values.resource.limits.memory }} + cpu: {{ .Values.resource.limits.cpu }} + {{- if .Values.datadog.enable }} + volumes: + - name: config-volume + configMap: + name: {{ .Values.name }} + - hostPath: + path: /var/run/datadog/ + name: apmsocketpath + {{- end }} \ No newline at end of file diff --git a/k8s/templates/hpa.yaml b/k8s/templates/hpa.yaml new file mode 100644 index 0000000..6e78a86 --- /dev/null +++ b/k8s/templates/hpa.yaml @@ -0,0 +1,14 @@ +{{- if .Values.autoscale.enable }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.name }}-hpa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.name }} + minReplicas: {{ .Values.autoscale.minReplicas }} + maxReplicas: {{ .Values.autoscale.maxReplicas }} + targetCPUUtilizationPercentage: {{ .Values.autoscale.targetCPUUtilizationPercentage }} +{{- end }} \ No newline at end of file diff --git a/k8s/templates/ingress.yaml b/k8s/templates/ingress.yaml new file mode 100644 index 0000000..127218d --- /dev/null +++ b/k8s/templates/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt + kubernetes.io/tls-acme: "true" + cert-manager.io/acme-challenge-type: http01 + ingress.kubernetes.io/force-ssl-redirect: "true" + labels: + {{- include "reflux.labels" . | nindent 4 }} + name: {{ .Values.name }}-ingress + namespace: {{ .Values.namespace }} +spec: + ingressClassName: kong + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: {{ .Values.name }} + port: + number: 8 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.name }}-tls-cert \ No newline at end of file diff --git a/k8s/templates/secret.yaml b/k8s/templates/secret.yaml new file mode 100644 index 0000000..9d01d89 --- /dev/null +++ b/k8s/templates/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "reflux.labels" . | nindent 4 }} +spec: + backendType: gcpSecretsManager + projectId: {{ .Values.secret.projectID }} + data: + {{- range $key, $value := .Values.secret.data }} + - key: {{ $.Values.secret.key }} + name: {{ $value.name }} + version: {{ $value.version }} + property: {{ $value.property }} + {{- end }} diff --git a/k8s/templates/svc.yaml b/k8s/templates/svc.yaml new file mode 100644 index 0000000..abcc070 --- /dev/null +++ b/k8s/templates/svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "reflux.labels" . | nindent 4 }} +spec: + selector: + app: {{ .Values.name }} + ports: + - port: 8090 + targetPort: {{ .Values.port }} + \ No newline at end of file diff --git a/k8s/values.prod.yaml b/k8s/values.prod.yaml new file mode 100644 index 0000000..14ca3e4 --- /dev/null +++ b/k8s/values.prod.yaml @@ -0,0 +1,160 @@ +name: reflux +namespace: "reflux" +image_name: "us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux" +image_tag: "latest" +imagePullPolicy: Always +port: 8000 +replica: 2 + +resource: + requests: + memory: 16Gi + cpu: 4 + limits: + memory: 32Gi + cpu: 8 + +autoscale: + enable: true + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + +config: + ENV: "production" + config.toml: | + chains: + - id: 1 + name: Ethereum + covalent_name: eth-mainnet + is_enabled: true + - id: 42161 + name: Arbitrum + is_enabled: true + covalent_name: bsc-mainnet + tokens: + - symbol: USDC + is_enabled: true + coingecko_symbol: usd-coin + by_chain: + 1: + is_enabled: true + decimals: 6 + address: '0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48' + 42161: + is_enabled: true + decimals: 6 + address: '0xaf88d065e77c8cC2239327C5EDb3A432268e5831' + buckets: + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 1 + token_amount_to_usd: 10 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 10 + token_amount_to_usd: 100 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 100 + token_amount_to_usd: 1000 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 1000 + token_amount_to_usd: 10000 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 10000 + token_amount_to_usd: 100000 + bungee: + base_url: https://api.socket.tech/v2 + covalent: + base_url: '' + coingecko: + base_url: https://api.coingecko.com/api/v3 + expiry_sec: 300 + infra: + redis_url: redis://localhost:6379 + mongo_url: mongodb://127.0.0.1:27017 + server: + port: 8080 + host: localhost + indexer_config: + indexer_update_topic: indexer_update + indexer_update_message: message + points_per_bucket: 3 + solver_config: + x_value: 2.0 + y_value: 1.0 + +secret: + projectID: biconomy-prod + key: reflux + data: + TOKEN: + name: TOKEN + version: latest + property: TOKEN + +ingress: + host: reflux.prod.biconomy.io + +probes: + healthEndpoint: /health + liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +cronjob: + schedule: "0 */5 * * *" + command: + - reflux + - --indexer + - --config + - /home/nonroot/reflux/config.toml + restartPolicy: OnFailure + + +datadog: + enable: true + env: "production" + + service: "reflux" + version: "v0.0.10" + lib_version: "v0.0.1" + + configs: + DD_TRACE_AGENT_URL: "unix:///var/run/datadog/apm.socket" + DD_ENV: "production" + DD_SERVICE: "reflux" + DD_VERSION: "v0.0.1" + DD_LIB_VERSION: "v0.0.1" + DD_TRACE_DEBUG: "false" + DD_TRACE_STARTUP_LOGS: "false" + DD_PROFILING_ENABLED: "true" + DD_LOGS_INJECTION: "false" + DD_RUNTIME_METRICS_ENABLED: "true" From 0e60c8bed94f48c18924f4421533c15ff929c28e Mon Sep 17 00:00:00 2001 From: Takwa Date: Thu, 11 Jul 2024 16:29:20 +0200 Subject: [PATCH 3/8] add dockerfile --- Dockerfile | 61 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2349bac..c562f5f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,51 @@ -FROM rust:latest as builder -WORKDIR /reflux -COPY . . -RUN cargo install --path bin/reflux --profile release - -FROM debian:latest -RUN apt-get update -RUN apt-get upgrade -y -RUN apt-get install -y libssl-dev ca-certificates -COPY --from=builder /usr/local/cargo/bin/reflux /app/reflux +FROM --platform=linux/amd64 rust:1.79.0-slim-bullseye AS builder + +ENV APP_PATH=/reflux + +RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev pkg-config + +RUN USER=root cargo new --bin reflux + +WORKDIR ${APP_PATH} + +COPY . ${APP_PATH} + +COPY Cargo.toml Cargo.lock ${APP_PATH} + +RUN cargo build --release --manifest-path ${APP_PATH}/Cargo.toml + + + +# Second stage +FROM --platform=linux/amd64 debian:bullseye-slim as execution + + +# Tini allows us to avoid several Docker edge cases, see https://github.com/krallin/tini. +# NOTE: See https://github.com/hexops/dockerfile#is-tini-still-required-in-2020-i-thought-docker-added-it-natively + +RUN apt-get update && apt-get install -y --no-install-recommends \ + tini libssl-dev ca-certificates \ + && rm -rf /var/lib/apt/lists/* + +# Non-root user for security purposes. +# +# UIDs below 10,000 are a security risk, as a container breakout could result +# in the container being ran as a more privileged user on the host kernel with +# the same UID. +# +# Static GID/UID is also useful for chown'ing files outside the container where +# such a user does not exist. +RUN addgroup --gid 10001 --system nonroot \ + && adduser --uid 10000 --system --ingroup nonroot --home /home/nonroot nonroot + + +WORKDIR /home/nonroot/reflux + +COPY --from=builder --chown=10000:10001 /reflux/target/release/reflux /usr/local/bin/ + +USER nonroot + +ENTRYPOINT ["/usr/bin/tini", "--"] + +# Run the binary +CMD ["reflux"] \ No newline at end of file From 398d46edf560491ac46a5b11cf8767c0b091bf59 Mon Sep 17 00:00:00 2001 From: Takwa Date: Thu, 11 Jul 2024 16:32:43 +0200 Subject: [PATCH 4/8] add newlines --- Dockerfile | 2 +- k8s/deploy_prod.sh | 2 +- k8s/templates/configmap-dd.yaml | 2 +- k8s/templates/deployment.yaml | 2 +- k8s/templates/hpa.yaml | 2 +- k8s/templates/ingress.yaml | 2 +- k8s/templates/svc.yaml | 1 - 7 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index c562f5f..f1f0759 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,4 +48,4 @@ USER nonroot ENTRYPOINT ["/usr/bin/tini", "--"] # Run the binary -CMD ["reflux"] \ No newline at end of file +CMD ["reflux"] diff --git a/k8s/deploy_prod.sh b/k8s/deploy_prod.sh index b95a659..40ca6e5 100755 --- a/k8s/deploy_prod.sh +++ b/k8s/deploy_prod.sh @@ -16,4 +16,4 @@ time helm upgrade reflux "${SCRIPT_DIR}" \ --values "${SCRIPT_DIR}/values.prod.yaml" \ --set-string namespace=reflux \ --set image_tag="${IMAGE_TAG}" \ - --namespace reflux \ No newline at end of file + --namespace reflux diff --git a/k8s/templates/configmap-dd.yaml b/k8s/templates/configmap-dd.yaml index 9e8dc6a..8cd3247 100644 --- a/k8s/templates/configmap-dd.yaml +++ b/k8s/templates/configmap-dd.yaml @@ -8,4 +8,4 @@ data: {{- range $key, $value := .Values.datadog.configs }} {{ $key }}: {{ $value | quote }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml index 16b05f8..61f868f 100644 --- a/k8s/templates/deployment.yaml +++ b/k8s/templates/deployment.yaml @@ -108,4 +108,4 @@ spec: - hostPath: path: /var/run/datadog/ name: apmsocketpath - {{- end }} \ No newline at end of file + {{- end }} diff --git a/k8s/templates/hpa.yaml b/k8s/templates/hpa.yaml index 6e78a86..ecfd038 100644 --- a/k8s/templates/hpa.yaml +++ b/k8s/templates/hpa.yaml @@ -11,4 +11,4 @@ spec: minReplicas: {{ .Values.autoscale.minReplicas }} maxReplicas: {{ .Values.autoscale.maxReplicas }} targetCPUUtilizationPercentage: {{ .Values.autoscale.targetCPUUtilizationPercentage }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/k8s/templates/ingress.yaml b/k8s/templates/ingress.yaml index 127218d..217c6a6 100644 --- a/k8s/templates/ingress.yaml +++ b/k8s/templates/ingress.yaml @@ -26,4 +26,4 @@ spec: tls: - hosts: - {{ .Values.ingress.host }} - secretName: {{ .Values.name }}-tls-cert \ No newline at end of file + secretName: {{ .Values.name }}-tls-cert diff --git a/k8s/templates/svc.yaml b/k8s/templates/svc.yaml index abcc070..69bf00c 100644 --- a/k8s/templates/svc.yaml +++ b/k8s/templates/svc.yaml @@ -11,4 +11,3 @@ spec: ports: - port: 8090 targetPort: {{ .Values.port }} - \ No newline at end of file From 558c2a4cc1417f1d8d107cc2bbdb0bb0b3b675f4 Mon Sep 17 00:00:00 2001 From: Takwa Date: Thu, 11 Jul 2024 16:33:56 +0200 Subject: [PATCH 5/8] newlines --- .github/workflows/pr.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 940d985..6424949 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -58,4 +58,4 @@ jobs: gcp_provider_id: 'ga-reflux' # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux' - gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' \ No newline at end of file + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 01e5f09..d67e87f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -84,4 +84,4 @@ gcp_cluster_name: 'biconomy-prod' gcp_cluster_location: 'us-east1' use_internal_ip: false - deploy_command: './k8s/deploy_prod.sh ${GITHUB_REF:10}' \ No newline at end of file + deploy_command: './k8s/deploy_prod.sh ${GITHUB_REF:10}' From c0e152f07585251221d60872e7ac685764379601 Mon Sep 17 00:00:00 2001 From: Takwa Date: Thu, 11 Jul 2024 16:46:56 +0200 Subject: [PATCH 6/8] add apiversion to cron job --- k8s/templates/cron.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s/templates/cron.yaml b/k8s/templates/cron.yaml index 81eee5a..1d3edaf 100644 --- a/k8s/templates/cron.yaml +++ b/k8s/templates/cron.yaml @@ -1,3 +1,4 @@ +apiVersion: batch/v1 kind: CronJob metadata: name: {{ .Values.name }}-indexer From 62e9acf6bfeee78da70f05a0badca5783305b806 Mon Sep 17 00:00:00 2001 From: Takwa Date: Thu, 11 Jul 2024 16:47:18 +0200 Subject: [PATCH 7/8] add resources to cron --- k8s/templates/cron.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/k8s/templates/cron.yaml b/k8s/templates/cron.yaml index 1d3edaf..a71023a 100644 --- a/k8s/templates/cron.yaml +++ b/k8s/templates/cron.yaml @@ -35,6 +35,13 @@ spec: mountPath: /home/nonroot/reflux/config.yaml subPath: config.yaml restartPolicy: {{ .Values.cronjob.restartPolicy }} + resources: + requests: + memory: {{ .Values.resource.requests.memory }} + cpu: {{ .Values.resource.requests.cpu }} + limits: + memory: {{ .Values.resource.limits.memory }} + cpu: {{ .Values.resource.limits.cpu }} volumes: - name: config-volume configMap: From 4f965cec23d8452f0816d73c990da06fc7207a9d Mon Sep 17 00:00:00 2001 From: Ankur Dubey Date: Fri, 12 Jul 2024 14:08:50 +0400 Subject: [PATCH 8/8] Update pr.yaml --- .github/workflows/pr.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 6424949..b09365e 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -31,6 +31,12 @@ jobs: BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} + ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }} + ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} + OPTIMISM_RPC_URL: ${{ secrets.OPTIMISM_RPC_URL }} + BAE_RPC_URL: ${{ secrets.BASE_RPC_URL }} + MONGO_URL: ${{ secrets.MONGO_URL }} + REDIS_URL: ${{ secrets.REDIS_URL }} environment: Testing container_img_build_push_gar: