From 52fc94991eacf54dfc3588c0190dd31d062d55ac Mon Sep 17 00:00:00 2001 From: Ankur Dubey Date: Fri, 12 Jul 2024 14:28:54 +0400 Subject: [PATCH] Squashed commit of the following: commit 4f965cec23d8452f0816d73c990da06fc7207a9d Author: Ankur Dubey Date: Fri Jul 12 14:08:50 2024 +0400 Update pr.yaml commit 62e9acf6bfeee78da70f05a0badca5783305b806 Author: Takwa Date: Thu Jul 11 16:47:18 2024 +0200 add resources to cron commit c0e152f07585251221d60872e7ac685764379601 Author: Takwa Date: Thu Jul 11 16:46:56 2024 +0200 add apiversion to cron job commit 365120c71b5d48dcf298c53b0646dbf92a476e97 Merge: 6960a17 558c2a4 Author: TakGN <79975025+TakGN@users.noreply.github.com> Date: Thu Jul 11 16:35:30 2024 +0200 Merge pull request #22 from bcnmy/pipeline ci: helm charts and github action workflows commit 558c2a4cc1417f1d8d107cc2bbdb0bb0b3b675f4 Author: Takwa Date: Thu Jul 11 16:33:56 2024 +0200 newlines commit 398d46edf560491ac46a5b11cf8767c0b091bf59 Author: Takwa Date: Thu Jul 11 16:32:43 2024 +0200 add newlines commit 0e60c8bed94f48c18924f4421533c15ff929c28e Author: Takwa Date: Thu Jul 11 16:29:20 2024 +0200 add dockerfile commit 304ca8851e07dbacb32ff84d31d079d916d413a2 Author: Takwa Date: Thu Jul 11 16:26:58 2024 +0200 ci: helm charts and github action workflows commit 6960a1779c851f3caafde9b6ca7698abdace6266 Merge: 544f53c b38bac4 Author: Aman Raj <42104907+AmanRaj1608@users.noreply.github.com> Date: Thu Jul 11 16:51:39 2024 +0400 Merge pull request #20 from bcnmy/dev Dev main sync commit 544f53c4b01d2d3141e576f97f8f6c83907b0a12 Merge: a51ba93 daf5530 Author: Ankur Dubey Date: Wed Jun 12 12:35:25 2024 +0400 Merge branch 'main' of github.com:bcnmy/reflux commit daf5530bf2644589f31fb2f18d38df1e733a2d98 Author: Ankur Dubey Date: Tue Jun 11 20:03:23 2024 +0400 Create pull_request_template.md --- .github/workflows/pr.yaml | 67 +++++++++++++ .github/workflows/release.yaml | 87 +++++++++++++++++ .github/workflows/test.yml | 37 -------- Dockerfile | 61 ++++++++++-- k8s/Chart.yaml | 24 +++++ k8s/deploy_prod.sh | 19 ++++ k8s/templates/_helpers.tpl | 76 +++++++++++++++ k8s/templates/configmap-dd.yaml | 11 +++ k8s/templates/configmap.yaml | 12 +++ k8s/templates/cron.yaml | 48 ++++++++++ k8s/templates/deployment.yaml | 111 ++++++++++++++++++++++ k8s/templates/hpa.yaml | 14 +++ k8s/templates/ingress.yaml | 29 ++++++ k8s/templates/secret.yaml | 17 ++++ k8s/templates/svc.yaml | 13 +++ k8s/values.prod.yaml | 160 ++++++++++++++++++++++++++++++++ 16 files changed, 739 insertions(+), 47 deletions(-) create mode 100644 .github/workflows/pr.yaml create mode 100644 .github/workflows/release.yaml delete mode 100644 .github/workflows/test.yml create mode 100644 k8s/Chart.yaml create mode 100755 k8s/deploy_prod.sh create mode 100644 k8s/templates/_helpers.tpl create mode 100644 k8s/templates/configmap-dd.yaml create mode 100644 k8s/templates/configmap.yaml create mode 100644 k8s/templates/cron.yaml create mode 100644 k8s/templates/deployment.yaml create mode 100644 k8s/templates/hpa.yaml create mode 100644 k8s/templates/ingress.yaml create mode 100644 k8s/templates/secret.yaml create mode 100644 k8s/templates/svc.yaml create mode 100644 k8s/values.prod.yaml diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 0000000..b09365e --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,67 @@ +name: PR +on: + pull_request: + branches: + - '*' + +jobs: + test: + name: cargo test + runs-on: ubuntu-latest + services: + mongodb: + image: mongo:latest + ports: + - 27017:27017 + options: >- + --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'" + --health-interval=30s + --health-timeout=10s + --health-retries=10 + redis: + image: redis:latest + ports: + - 6379:6379 + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + - run: cargo test --all-features + env: + BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} + COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} + COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} + ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }} + ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} + OPTIMISM_RPC_URL: ${{ secrets.OPTIMISM_RPC_URL }} + BAE_RPC_URL: ${{ secrets.BASE_RPC_URL }} + MONGO_URL: ${{ secrets.MONGO_URL }} + REDIS_URL: ${{ secrets.REDIS_URL }} + environment: Testing + + container_img_build_push_gar: + needs: [test] + # Allow the job to fetch a GitHub ID token + permissions: + id-token: write + contents: read + # The plan is to build and push each docker image in parallel. + strategy: + matrix: + image: + - us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + # {owner}/{repo}/.github/workflows/{filename}@{ref} + uses: bcnmy/devops/.github/workflows/container_img_build_push_gar.yaml@master + with: + image: ${{ matrix.image }} + dockerfile: Dockerfile + # GCP project where the identity provider is + # gcloud projects describe prj-workload-identity-001 + gcp_project_number: '766873424314' + gcp_pool_id: 'pool-id-github-actions' + # gcp_provider_id: 'ga-GITHUB_REPO_NAME' + gcp_provider_id: 'ga-reflux' + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux' + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..d67e87f --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,87 @@ + name: Version_Release + on: + push: + tags: + - v0.** + jobs: + # test: + # name: cargo test + # runs-on: ubuntu-latest + # services: + # mongodb: + # image: mongo:latest + # ports: + # - 27017:27017 + # options: >- + # --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'" + # --health-interval=30s + # --health-timeout=10s + # --health-retries=10 + # redis: + # image: redis:latest + # ports: + # - 6379:6379 + # steps: + # - uses: actions/checkout@v4 + # - uses: dtolnay/rust-toolchain@stable + # - uses: Swatinem/rust-cache@v2 + # - run: cargo test --all-features + # env: + # BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} + # COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} + # COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} + # environment: Testing + + container_img_build_push_gar: + # needs: [test] + # Allow the job to fetch a GitHub ID token + permissions: + id-token: write + contents: read + # The plan is to build and push each docker image in parallel. + strategy: + matrix: + image: + - us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + # {owner}/{repo}/.github/workflows/{filename}@{ref} + uses: bcnmy/devops/.github/workflows/container_img_build_push_gar.yaml@master + with: + image: ${{ matrix.image }} + dockerfile: Dockerfile + # GCP project where the identity provider is + # gcloud projects describe prj-workload-identity-001 + gcp_project_number: '766873424314' + gcp_pool_id: 'pool-id-github-actions' + # gcp_provider_id: 'ga-GITHUB_REPO_NAME' + gcp_provider_id: 'ga-reflux' + # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE + gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux' + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' + + deploy_prod: + needs: [container_img_build_push_gar] + # Allow the job to fetch a GitHub ID token + # runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + uses: bcnmy/devops/.github/workflows/deploy_to_gke.yaml@master + with: + environment: 'prod' + # GCP project where the identity provider is + # gcloud projects describe prj-workload-identity-001 + gcp_project_number: '766873424314' + gcp_project_id: 'biconomy-prod' + gcp_bastion: '' + gcp_bastion_zone: '' + gcp_pool_id: 'pool-id-github-actions' + # created by devops/gcp/github-actions/configure_workload_identity_federation_with_github_actions_pipelines.sh + # gcp_provider_id: 'ga-GITHUB_REPO_NAME' + gcp_provider_id: 'ga-reflux' + # SERVICE_ACCOUNT_EMAIL="${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com" + gcp_service_account: 'sa-reflux@prj-workload-identity-001.iam.gserviceaccount.com' + gcp_cluster_name: 'biconomy-prod' + gcp_cluster_location: 'us-east1' + use_internal_ip: false + deploy_command: './k8s/deploy_prod.sh ${GITHUB_REF:10}' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 2196681..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Test Suite -on: [ pull_request ] - -jobs: - test: - name: cargo test - runs-on: ubuntu-latest - services: - mongodb: - image: mongo:latest - ports: - - 27017:27017 - options: >- - --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'" - --health-interval=30s - --health-timeout=10s - --health-retries=10 - redis: - image: redis:latest - ports: - - 6379:6379 - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - - uses: Swatinem/rust-cache@v2 - - run: cargo test --all-features - env: - BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }} - COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} - COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }} - ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }} - ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} - OPTIMISM_RPC_URL: ${{ secrets.OPTIMISM_RPC_URL }} - BAE_RPC_URL: ${{ secrets.BASE_RPC_URL }} - MONGO_URL: ${{ secrets.MONGO_URL }} - REDIS_URL: ${{ secrets.REDIS_URL }} - environment: Testing diff --git a/Dockerfile b/Dockerfile index 2349bac..f1f0759 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,51 @@ -FROM rust:latest as builder -WORKDIR /reflux -COPY . . -RUN cargo install --path bin/reflux --profile release - -FROM debian:latest -RUN apt-get update -RUN apt-get upgrade -y -RUN apt-get install -y libssl-dev ca-certificates -COPY --from=builder /usr/local/cargo/bin/reflux /app/reflux +FROM --platform=linux/amd64 rust:1.79.0-slim-bullseye AS builder + +ENV APP_PATH=/reflux + +RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev pkg-config + +RUN USER=root cargo new --bin reflux + +WORKDIR ${APP_PATH} + +COPY . ${APP_PATH} + +COPY Cargo.toml Cargo.lock ${APP_PATH} + +RUN cargo build --release --manifest-path ${APP_PATH}/Cargo.toml + + + +# Second stage +FROM --platform=linux/amd64 debian:bullseye-slim as execution + + +# Tini allows us to avoid several Docker edge cases, see https://github.com/krallin/tini. +# NOTE: See https://github.com/hexops/dockerfile#is-tini-still-required-in-2020-i-thought-docker-added-it-natively + +RUN apt-get update && apt-get install -y --no-install-recommends \ + tini libssl-dev ca-certificates \ + && rm -rf /var/lib/apt/lists/* + +# Non-root user for security purposes. +# +# UIDs below 10,000 are a security risk, as a container breakout could result +# in the container being ran as a more privileged user on the host kernel with +# the same UID. +# +# Static GID/UID is also useful for chown'ing files outside the container where +# such a user does not exist. +RUN addgroup --gid 10001 --system nonroot \ + && adduser --uid 10000 --system --ingroup nonroot --home /home/nonroot nonroot + + +WORKDIR /home/nonroot/reflux + +COPY --from=builder --chown=10000:10001 /reflux/target/release/reflux /usr/local/bin/ + +USER nonroot + +ENTRYPOINT ["/usr/bin/tini", "--"] + +# Run the binary +CMD ["reflux"] diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml new file mode 100644 index 0000000..343bfec --- /dev/null +++ b/k8s/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: reflux +description: A Helm chart for reflux deployed on Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.1" diff --git a/k8s/deploy_prod.sh b/k8s/deploy_prod.sh new file mode 100755 index 0000000..40ca6e5 --- /dev/null +++ b/k8s/deploy_prod.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +GIT_ROOT=$(git rev-parse --show-toplevel) +SCRIPT_DIR="${GIT_ROOT}"/k8s + +IMAGE_TAG=$1 + +if [[ -z "${IMAGE_TAG}" ]] ; then + IMAGE_TAG=latest +fi + +time helm upgrade reflux "${SCRIPT_DIR}" \ + --install \ + --wait \ + --atomic \ + --values "${SCRIPT_DIR}/values.prod.yaml" \ + --set-string namespace=reflux \ + --set image_tag="${IMAGE_TAG}" \ + --namespace reflux diff --git a/k8s/templates/_helpers.tpl b/k8s/templates/_helpers.tpl new file mode 100644 index 0000000..46e9917 --- /dev/null +++ b/k8s/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "reflux.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +DD-Trace lables and annotations +*/}} +{{- define "datadog.datatrace" -}} +tags.us5.datadoghq.com/env: {{ .Values.datadog.env }} +tags.us5.datadoghq.com/service: {{ .Values.datadog.service }} +tags.us5.datadoghq.com/version: {{ .Values.datadog.version }} +{{- end }} + +{{- define "datadog.datatrace-admission" -}} +admission.us5.datadoghq.com/config.mode: socket +admission.us5.datadoghq.com/enabled: "true" +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "reflux.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "reflux.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "reflux.labels" -}} +helm.sh/chart: {{ include "reflux.chart" . }} +{{ include "reflux.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "reflux.selectorLabels" -}} +app.kubernetes.io/name: {{ include "reflux.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "reflux.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "reflux.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/k8s/templates/configmap-dd.yaml b/k8s/templates/configmap-dd.yaml new file mode 100644 index 0000000..8cd3247 --- /dev/null +++ b/k8s/templates/configmap-dd.yaml @@ -0,0 +1,11 @@ +{{- if .Values.datadog.enable }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }}-dd-configmap + namespace: {{ .Values.namespace }} +data: +{{- range $key, $value := .Values.datadog.configs }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- end }} diff --git a/k8s/templates/configmap.yaml b/k8s/templates/configmap.yaml new file mode 100644 index 0000000..3ef12e6 --- /dev/null +++ b/k8s/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "reflux.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.config }} + {{ $key }}: | + {{ $value | quote }} +{{- end }} diff --git a/k8s/templates/cron.yaml b/k8s/templates/cron.yaml new file mode 100644 index 0000000..a71023a --- /dev/null +++ b/k8s/templates/cron.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Values.name }}-indexer + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.name }} + {{- include "reflux.labels" . | nindent 4 }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 4 }} + {{- end }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + jobTemplate: + spec: + template: + metadata: + labels: + app: {{ .Values.name }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 8 }} + {{- include "datadog.datatrace-admission" $ | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.name }} + image: {{ .Values.image_name }}:{{ .Values.image_tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: + {{- range .Values.cronjob.command }} + - {{ . }} + {{- end }} + volumeMounts: + - name: config-volume + mountPath: /home/nonroot/reflux/config.yaml + subPath: config.yaml + restartPolicy: {{ .Values.cronjob.restartPolicy }} + resources: + requests: + memory: {{ .Values.resource.requests.memory }} + cpu: {{ .Values.resource.requests.cpu }} + limits: + memory: {{ .Values.resource.limits.memory }} + cpu: {{ .Values.resource.limits.cpu }} + volumes: + - name: config-volume + configMap: + name: {{ .Values.name }} diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml new file mode 100644 index 0000000..61f868f --- /dev/null +++ b/k8s/templates/deployment.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.name }}-solver + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.name }} + {{- include "reflux.labels" . | nindent 4 }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replica }} + selector: + matchLabels: + app: {{ .Values.name }} + template: + metadata: + labels: + app: {{ .Values.name }} + {{- if .Values.datadog.enable }} + {{- include "datadog.datatrace" $ | nindent 8 }} + {{- include "datadog.datatrace-admission" $ | nindent 8 }} + {{- end }} + annotations: + releaseTime: {{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC"| quote }} + {{- if .Values.datadog.enable }} + admission.us5.datadoghq.com/js-lib.version: {{ .Values.datadog.lib_version }} + {{- end }} + spec: + {{- if .Values.affinity }} + affinity: + {{- if .Values.affinity.antiAffinity }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ .Values.name }} + topologyKey: {{ .Values.affinity.antiAffinity.topologyKey }} + weight: {{ .Values.affinity.antiAffinity.weight }} + {{- end }} + {{- if .Values.affinity.affinityTolerations }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .Values.affinity.affinityTolerations.key }} + operator: In + values: + - {{ .Values.affinity.affinityTolerations.values }} + tolerations: + - effect: NoSchedule + key: {{ .Values.affinity.affinityTolerations.key }} + operator: Equal + value: {{ .Values.affinity.affinityTolerations.values }} + {{- end }} + {{- end }} + containers: + - name: {{ .Values.name }} + image: {{ .Values.image_name }}:{{ .Values.image_tag }} + command: [ "reflux", "--solver", "--config", "/home/nonroot/reflux/config.yaml" ] + imagePullPolicy: {{ .Values.imagePullPolicy }} + ports: + - containerPort: {{ .Values.port }} + envFrom: + - secretRef: + name: {{ .Values.name }} + {{- if .Values.datadog.enable }} + - configMapRef: + name: {{ .Values.name }}-dd-configmap + {{- end }} + {{- if .Values.datadog.enable }} + volumeMounts: + - mountPath: /var/run/datadog + name: apmsocketpath + - name: config-volume + mountPath: /home/nonroot/reflux/config.yaml + subPath: config.yaml + {{- end }} + {{- if .Values.probes }} + livenessProbe: + httpGet: + path: {{ .Values.probes.healthEndpoint }} + port: {{ .Values.port }} +{{ toYaml .Values.probes.liveness | indent 10 }} + readinessProbe: + httpGet: + path: {{ .Values.probes.healthEndpoint }} + port: {{ .Values.port }} +{{ toYaml .Values.probes.readiness | indent 10 }} + {{- end }} + resources: + requests: + memory: {{ .Values.resource.requests.memory }} + cpu: {{ .Values.resource.requests.cpu }} + limits: + memory: {{ .Values.resource.limits.memory }} + cpu: {{ .Values.resource.limits.cpu }} + {{- if .Values.datadog.enable }} + volumes: + - name: config-volume + configMap: + name: {{ .Values.name }} + - hostPath: + path: /var/run/datadog/ + name: apmsocketpath + {{- end }} diff --git a/k8s/templates/hpa.yaml b/k8s/templates/hpa.yaml new file mode 100644 index 0000000..ecfd038 --- /dev/null +++ b/k8s/templates/hpa.yaml @@ -0,0 +1,14 @@ +{{- if .Values.autoscale.enable }} +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.name }}-hpa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.name }} + minReplicas: {{ .Values.autoscale.minReplicas }} + maxReplicas: {{ .Values.autoscale.maxReplicas }} + targetCPUUtilizationPercentage: {{ .Values.autoscale.targetCPUUtilizationPercentage }} +{{- end }} diff --git a/k8s/templates/ingress.yaml b/k8s/templates/ingress.yaml new file mode 100644 index 0000000..217c6a6 --- /dev/null +++ b/k8s/templates/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt + kubernetes.io/tls-acme: "true" + cert-manager.io/acme-challenge-type: http01 + ingress.kubernetes.io/force-ssl-redirect: "true" + labels: + {{- include "reflux.labels" . | nindent 4 }} + name: {{ .Values.name }}-ingress + namespace: {{ .Values.namespace }} +spec: + ingressClassName: kong + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: {{ .Values.name }} + port: + number: 8 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.name }}-tls-cert diff --git a/k8s/templates/secret.yaml b/k8s/templates/secret.yaml new file mode 100644 index 0000000..9d01d89 --- /dev/null +++ b/k8s/templates/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "reflux.labels" . | nindent 4 }} +spec: + backendType: gcpSecretsManager + projectId: {{ .Values.secret.projectID }} + data: + {{- range $key, $value := .Values.secret.data }} + - key: {{ $.Values.secret.key }} + name: {{ $value.name }} + version: {{ $value.version }} + property: {{ $value.property }} + {{- end }} diff --git a/k8s/templates/svc.yaml b/k8s/templates/svc.yaml new file mode 100644 index 0000000..69bf00c --- /dev/null +++ b/k8s/templates/svc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + {{- include "reflux.labels" . | nindent 4 }} +spec: + selector: + app: {{ .Values.name }} + ports: + - port: 8090 + targetPort: {{ .Values.port }} diff --git a/k8s/values.prod.yaml b/k8s/values.prod.yaml new file mode 100644 index 0000000..14ca3e4 --- /dev/null +++ b/k8s/values.prod.yaml @@ -0,0 +1,160 @@ +name: reflux +namespace: "reflux" +image_name: "us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux" +image_tag: "latest" +imagePullPolicy: Always +port: 8000 +replica: 2 + +resource: + requests: + memory: 16Gi + cpu: 4 + limits: + memory: 32Gi + cpu: 8 + +autoscale: + enable: true + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + +config: + ENV: "production" + config.toml: | + chains: + - id: 1 + name: Ethereum + covalent_name: eth-mainnet + is_enabled: true + - id: 42161 + name: Arbitrum + is_enabled: true + covalent_name: bsc-mainnet + tokens: + - symbol: USDC + is_enabled: true + coingecko_symbol: usd-coin + by_chain: + 1: + is_enabled: true + decimals: 6 + address: '0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48' + 42161: + is_enabled: true + decimals: 6 + address: '0xaf88d065e77c8cC2239327C5EDb3A432268e5831' + buckets: + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 1 + token_amount_to_usd: 10 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 10 + token_amount_to_usd: 100 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 100 + token_amount_to_usd: 1000 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 1000 + token_amount_to_usd: 10000 + - from_chain_id: 1 + to_chain_id: 42161 + from_token: USDC + to_token: USDC + is_smart_contract_deposit_supported: false + token_amount_from_usd: 10000 + token_amount_to_usd: 100000 + bungee: + base_url: https://api.socket.tech/v2 + covalent: + base_url: '' + coingecko: + base_url: https://api.coingecko.com/api/v3 + expiry_sec: 300 + infra: + redis_url: redis://localhost:6379 + mongo_url: mongodb://127.0.0.1:27017 + server: + port: 8080 + host: localhost + indexer_config: + indexer_update_topic: indexer_update + indexer_update_message: message + points_per_bucket: 3 + solver_config: + x_value: 2.0 + y_value: 1.0 + +secret: + projectID: biconomy-prod + key: reflux + data: + TOKEN: + name: TOKEN + version: latest + property: TOKEN + +ingress: + host: reflux.prod.biconomy.io + +probes: + healthEndpoint: /health + liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +cronjob: + schedule: "0 */5 * * *" + command: + - reflux + - --indexer + - --config + - /home/nonroot/reflux/config.toml + restartPolicy: OnFailure + + +datadog: + enable: true + env: "production" + + service: "reflux" + version: "v0.0.10" + lib_version: "v0.0.1" + + configs: + DD_TRACE_AGENT_URL: "unix:///var/run/datadog/apm.socket" + DD_ENV: "production" + DD_SERVICE: "reflux" + DD_VERSION: "v0.0.1" + DD_LIB_VERSION: "v0.0.1" + DD_TRACE_DEBUG: "false" + DD_TRACE_STARTUP_LOGS: "false" + DD_PROFILING_ENABLED: "true" + DD_LOGS_INJECTION: "false" + DD_RUNTIME_METRICS_ENABLED: "true"