Skip to content

Commit

Permalink
Merge branch 'develop' into chore/VRF-329-add-bhs-ctf-test
Browse files Browse the repository at this point in the history
  • Loading branch information
iljapavlovs authored Feb 6, 2024
2 parents 9dc09d6 + b3ec54a commit fd3533a
Show file tree
Hide file tree
Showing 66 changed files with 609 additions and 226 deletions.
23 changes: 20 additions & 3 deletions charts/chainlink-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Install `kubefwd` (no nixpkg for it yet, planned)
```
brew install txn2/tap/kubefwd
```
If you want to build images you need [docker](https://docs.docker.com/engine/install/) service running

Enter the shell (from the root project dir)
```
Expand All @@ -18,17 +19,33 @@ We are using [devspace](https://www.devspace.sh/docs/getting-started/installatio

Configure the cluster, see `deployments.app.helm.values` and [values.yaml](./values.yaml) comments for more details

Enter the shell and deploy
Configure your `cluster` setup (one time setup, internal usage only)
```
export DEVSPACE_IMAGE="..."
cd charts/chainlink-cluster
./setup.sh ${my-personal-namespace-name-crib}
```

Build and deploy current commit
```
# set your unique namespace if it's a new cluster
devspace use namespace cl-cluster
devspace deploy
```

If you don't need a build use
```
devspace deploy --skip-build
```

To deploy particular commit (must be in registry) use
```
devspace deploy --skip-build ${short_sha_of_image}
```

Forward ports to check UI or run tests
```
devspace run connect ${my-personal-namespace-name-crib}
```

Connect to your environment, by replacing container with label `node-1` with your local repository files
```
devspace dev -p node
Expand Down
190 changes: 167 additions & 23 deletions charts/chainlink-cluster/devspace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,34 +4,91 @@ name: chainlink
vars:
NS_TTL: 72h
DEVSPACE_IMAGE:
noCache: true
source: env
# This is the base domain in AWS Route 53 that our ingress subdomains will use.
DEVSPACE_INGRESS_BASE_DOMAIN:
source: env
# This is the ARN of the AWS ACM certificate that will be used for the ingress.
DEVSPACE_INGRESS_CERT_ARN:
source: env
# This is a comma separated list of CIDR blocks that will be allowed to access the ingress.
DEVSPACE_INGRESS_CIDRS:
source: env

# This is a list of `pipelines` that DevSpace can execute (you can define your own)
pipelines:
# create_deployments --all can be used to apply manifests again
# This is the pipeline for the main command: `devspace dev` (or `devspace run-pipeline dev`)
dev:
run: |-
run_dependencies --all # 1. Deploy any projects this project needs (see "dependencies")
ensure_pull_secrets --all # 2. Ensure pull secrets
start_dev app # 3. Start dev mode "app" (see "dev" section)
# You can run this pipeline via `devspace deploy` (or `devspace run-pipeline deploy`)
deploy:
run: |-
set -o pipefail
echo "Removing .devspace cache!"
rm -rf .devspace/ || true
registry_id=$(echo "$DEVSPACE_IMAGE" | cut -d'.' -f1)
# Login into registry
echo "Authorizing into ECR registry"
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${registry_id}.dkr.ecr.us-west-2.amazonaws.com
run_dependencies --all
ensure_pull_secrets --all
build_images ---var DOCKER_DEFAULT_PLATFORM=linux/amd64 --all -t $(git rev-parse --short HEAD)
kubectl annotate namespace ${DEVSPACE_NAMESPACE} janitor/ttl=${NS_TTL} || true
kubectl label namespace/${DEVSPACE_NAMESPACE} network=crib || true
create_deployments --all
if [ -n "$1" ]; then
echo "Deploying tag $1"
tag=$1
image=${DEVSPACE_IMAGE}:$tag
else
echo "Deploying current commit tag: $(git rev-parse --short HEAD)"
tag=$(git rev-parse --short HEAD)
image=${DEVSPACE_IMAGE}:$tag
fi
echo "Checking tag: $tag"
repository_name="chainlink-devspace"
desired_tag=$tag
# Check if the desired tag is present in the repository
image_list=$(aws ecr list-images --repository-name "$repository_name")
tag_exists=$(echo "$image_list" | jq -e '.imageIds[] | select(.imageTag == "'"${desired_tag}"'")' >/dev/null && echo true || echo false)
# Check the value of the tag_exists variable
if [ "$tag_exists" = "true" ]; then
echo "Image tag '$tag' found."
else
echo "Image tag '$tag' not found. Please build the image using 'devspace deploy'"
exit 1
fi
create_deployments app \
--set=helm.values.chainlink.nodes[0].image=$image \
--set=helm.values.chainlink.nodes[1].image=$image \
--set=helm.values.chainlink.nodes[2].image=$image \
--set=helm.values.chainlink.nodes[3].image=$image \
--set=helm.values.chainlink.nodes[4].image=$image \
--set=helm.values.chainlink.nodes[5].image=$image
echo "Namespace ${DEVSPACE_NAMESPACE} will be deleted in ${NS_TTL}"
echo
echo "############################################"
echo "Ingress Domains"
echo "############################################"
ingress_names="node1 node2 node3 node4 node5 node6 geth-http geth-ws"
for ingress in ${ingress_names}; do
echo "https://${DEVSPACE_NAMESPACE}-${ingress}.${DEVSPACE_INGRESS_BASE_DOMAIN}"
done
purge:
run: |-
kubectl delete ns ${DEVSPACE_NAMESPACE}
commands:
connect: |-
sudo kubefwd svc -n ${DEVSPACE_NAMESPACE}
sudo kubefwd svc -n $1
images:
app:
Expand Down Expand Up @@ -64,7 +121,7 @@ deployments:
path: .
# for simplicity, we define all the values here
# they can be defined the same way in values.yml
# devspace merging this "values" and "values.yml" before deploy
# devspace merges these "values" with the "values.yaml" before deploy
values:
podSecurityContext:
fsGroup: 999
Expand All @@ -83,7 +140,6 @@ deployments:
nodes:
- name: node-1
image: ${DEVSPACE_IMAGE}
version: latest
# default resources are 300m/1Gi
# first node need more resources to build faster inside container
# at least 2Gi of memory is required otherwise build will fail (OOM)
Expand Down Expand Up @@ -128,19 +184,14 @@ deployments:
# overridesToml: |
- name: node-2
image: ${DEVSPACE_IMAGE}
version: latest
- name: node-3
image: ${DEVSPACE_IMAGE}
version: latest
- name: node-4
image: ${DEVSPACE_IMAGE}
version: latest
- name: node-5
image: ${DEVSPACE_IMAGE}
version: latest
- name: node-6
image: ${DEVSPACE_IMAGE}
version: latest

# each CL node have a dedicated PostgreSQL 11.15
# use StatefulSet by setting:
Expand Down Expand Up @@ -231,23 +282,116 @@ deployments:
limits:
cpu: 1
memory: 512Mi
affinity: { }
tolerations: [ ]
nodeSelector: { }
affinity: {}
tolerations: []
nodeSelector: {}
ingress:
enabled: false
className: ""
hosts: [ ]
tls: [ ]
annotations: { }
hosts: []
tls: []
annotations: {}
service:
type: NodePort
port: 8080


# monitoring.coreos.com/v1 PodMonitor for each node
prometheusMonitor: true

networkPolicy:
ingress:
# Should be a comma separated list of CIDR blocks. To include
# AWS ALB private CIDRs and optionally other custom CIDRs.
# Example format: 10.0.0.0/16,192.168.0.1/24
allowCustomCidrs: ${DEVSPACE_INGRESS_CIDRS}
# These ingresses create AWS ALB resources and Route 53 Records.
ingress:
enabled: true
annotation_certificate_arn: ${DEVSPACE_INGRESS_CERT_ARN}
annotation_group_name: ${DEVSPACE_NAMESPACE}
hosts:
- host: ${DEVSPACE_NAMESPACE}-node1.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: app-node-1
port:
number: 6688
- host: ${DEVSPACE_NAMESPACE}-node2.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: app-node-2
port:
number: 6688
- host: ${DEVSPACE_NAMESPACE}-node3.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: app-node-3
port:
number: 6688
- host: ${DEVSPACE_NAMESPACE}-node4.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: app-node-4
port:
number: 6688
- host: ${DEVSPACE_NAMESPACE}-node5.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: app-node-5
port:
number: 6688
- host: ${DEVSPACE_NAMESPACE}-node6.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: app-node-6
port:
number: 6688
- host: ${DEVSPACE_NAMESPACE}-geth-http.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: geth
port:
number: 8544
- host: ${DEVSPACE_NAMESPACE}-geth-ws.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: geth
port:
number: 8546
- host: ${DEVSPACE_NAMESPACE}-mockserver.${DEVSPACE_INGRESS_BASE_DOMAIN}
http:
paths:
- path: /
backend:
service:
name: mockserver
port:
number: 1080

# deployment placement, standard helm stuff
podAnnotations:
nodeSelector:
Expand Down Expand Up @@ -314,10 +458,10 @@ dev:
ssh:
enabled: true
proxyCommands:
# TODO: access issues
# - command: devspace
# - command: kubectl
# - command: helm
# TODO: access issues
# - command: devspace
# - command: kubectl
# - command: helm
- gitCredentials: true
ports:
- port: "2345"
37 changes: 37 additions & 0 deletions charts/chainlink-cluster/setup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/usr/bin/env bash

set -e
user_home="$HOME"
file_path="$user_home/.aws/config"
image=""
registry_id=$(echo "$DEVSPACE_IMAGE" | cut -d'.' -f1)

if grep -q "staging-crib" "$file_path"; then
echo "Staging AWS config is already applied, role is 'staging-crib'"
else
cat <<EOF >> "$file_path"
[profile staging-crib]
region=us-west-2
sso_start_url=https://smartcontract.awsapps.com/start
sso_region=us-west-2
sso_account_id=${registry_id}
sso_role_name=CRIB-ECR-Power
EOF
echo "~/.aws/config modified, added 'staging-crib"
fi

# Login through SSO
aws sso login --profile staging-crib
# Update kubeconfig and switch context
export AWS_PROFILE=staging-crib
aws eks update-kubeconfig --name main-stage-cluster --alias main-stage-cluster-crib --profile staging-crib

# Check if the Docker daemon is running
if docker info > /dev/null 2>&1; then
echo "Docker daemon is running, authorizing registry"
else
echo "Docker daemon is not running, exiting"
exit 1
fi
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${registry_id}.dkr.ecr.us-west-2.amazonaws.com
devspace use namespace $1
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.networkPolicies.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
Expand All @@ -21,3 +22,4 @@ spec:
ports:
- protocol: TCP
port: 5432
{{- end }}
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.networkPolicies.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
Expand All @@ -17,3 +18,4 @@ spec:
- podSelector:
matchLabels:
app: runner
{{- end }}
2 changes: 2 additions & 0 deletions charts/chainlink-cluster/templates/geth-networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.networkPolicies.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
Expand All @@ -23,3 +24,4 @@ spec:
port: 8544
- protocol: TCP
port: 8546
{{- end }}
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.networkPolicies.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
Expand All @@ -21,3 +22,4 @@ spec:
ports:
- protocol: TCP
port: 1080
{{- end }}
Loading

0 comments on commit fd3533a

Please sign in to comment.