diff --git a/.gitignore b/.gitignore index 6853b49551da..7c77df3ae565 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ secrets.yaml secrets-dev.yaml secrets-staging.yaml secrets-prod.yaml +secrets-dshop.yaml github.key # Development # diff --git a/devops/dockerfiles/dshop-backend b/devops/dockerfiles/dshop-backend index 3e79721c237c..9c33dcb444ea 100644 --- a/devops/dockerfiles/dshop-backend +++ b/devops/dockerfiles/dshop-backend @@ -1,27 +1 @@ -FROM node:10 as build - -WORKDIR /app - -ARG ENVKEY -ARG DSHOP_BACKEND_DIR=dapps/shop/backend - -ENV NODE_ENV=production -ENV ENVKEY=$ENVKEY -ENV DISABLE_SYNC=true - -COPY $DSHOP_BACKEND_DIR/package.json ./ -COPY $DSHOP_BACKEND_DIR/app.js ./ -COPY $DSHOP_BACKEND_DIR/app.json ./ -COPY $DSHOP_BACKEND_DIR/config.js ./ -COPY $DSHOP_BACKEND_DIR/index.js ./ -COPY $DSHOP_BACKEND_DIR/listener.js ./ -COPY $DSHOP_BACKEND_DIR/tstEnc.js ./ -COPY $DSHOP_BACKEND_DIR/routes ./routes -COPY $DSHOP_BACKEND_DIR/utils ./utils -COPY $DSHOP_BACKEND_DIR/data/config.js ./data/config.js -COPY $DSHOP_BACKEND_DIR/data/migrations ./data/migrations -COPY $DSHOP_BACKEND_DIR/models ./models -COPY $DSHOP_BACKEND_DIR/scripts ./scripts - -RUN yarn install -CMD npm run migrate && node index.js +# Moved to https://github.com/OriginProtocol/dshop/blob/master/devops/Dockerfile diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml index f5e82b41a565..a6d2dcfd8797 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml @@ -23,11 +23,16 @@ spec: - secretName: "{{ .Values.dshopBackendMainnetHost }}" hosts: - {{ .Values.dshopBackendMainnetHost }} + - secretName: "dshopapi.ogn.app" + hosts: + - "dshopapi.ogn.app" rules: - host: {{ .Values.dshopBackendMainnetHost }} - http: + http: &http_rules paths: - path: / backend: serviceName: {{ template "dshopBackendMainnet.fullname" . }} servicePort: 3000 + - host: "dshopapi.ogn.app" + http: *http_rules diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml new file mode 100644 index 000000000000..3e0057fe786a --- /dev/null +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "dshopBackendMainnet.fullname" . }} + labels: + app: {{ template "dshopBackendMainnet.fullname" . }} + app.kubernetes.io/name: dshop + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backend + app.kubernetes.io/part-of: dshop-backend-rinkeby +type: Opaque +data: + ENCRYPTION_KEY: {{ required "Set a .Values.dshopBackendMainnetEncryptionKey" .Values.dshopBackendMainnetEncryptionKey | b64enc | quote}} + DATABASE_URL: {{ required "Set a .Values.dshopBackendMainnetDatabaseURL" .Values.dshopBackendMainnetDatabaseURL | b64enc | quote}} diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml index d3edbd3304ff..d5327ee498ea 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml @@ -12,11 +12,11 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/part-of: dshop-backend-mainnet spec: + replicas: {{ default 1 .Values.dshopBackendMainnetReplicas }} selector: matchLabels: app: {{ template "dshopBackendMainnet.fullname" . }} serviceName: {{ template "dshopBackendMainnet.fullname" . }} - replicas: 1 template: metadata: labels: @@ -27,25 +27,50 @@ spec: image: "{{ .Values.containerRegistry }}/{{ .Release.Namespace }}/{{ .Values.dshopBackendMainnetImage }}:{{ .Values.dshopBackendMainnetImageTag }}" imagePullPolicy: Always env: - - name: ENVKEY + - name: ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ template "dshopBackendMainnet.fullname" . }} - key: ENVKEY + key: ENCRYPTION_KEY - name: DATABASE_URL - value: "sqlite:/data/dshop/net_mainnet.db" + valueFrom: + secretKeyRef: + name: {{ template "dshopBackendMainnet.fullname" . }} + key: DATABASE_URL + - name: REDIS_URL + value: redis://localhost:6379/0 port: - name: http containerPort: 3000 - volumeMounts: - - mountPath: /data/dshop - name: {{ template "dshopBackendMainnet.fullname" . }}-data resources: requests: memory: 1Gi + - name: cloudsql-proxy + image: gcr.io/cloudsql-docker/gce-proxy:1.11 + command: ["/cloud_sql_proxy", + "-instances={{ .Values.dshopBackendMainnetDBInstance }}=tcp:5432", + "-credential_file=/secrets/cloudsql/credentials.json"] + securityContext: + runAsUser: 2 # non-root user + allowPrivilegeEscalation: false + volumeMounts: + - name: dshop-cloudsql-credentials + mountPath: /secrets/cloudsql + readOnly: true + - name: redis + image: redis:6.0 + command: ["/bin/sh","-c"] + args: ["mkdir -p /data/redis && redis-server --dir /data/redis "] + volumeMounts: + - mountPath: /data + name: {{ template "dshopBackendMainnet.fullname" . }}-redis + volumes: + - name: dshop-cloudsql-credentials + secret: + secretName: dshop-cloudsql-credentials volumeClaimTemplates: - metadata: - name: {{ template "dshopBackendMainnet.fullname" . }}-data + name: {{ template "dshopBackendMainnet.fullname" . }}-redis labels: app: {{ template "dshopBackendMainnet.fullname" . }} spec: diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml index b5f5d0524620..ece2b56d9485 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml @@ -13,4 +13,5 @@ metadata: app.kubernetes.io/part-of: dshop-backend-rinkeby type: Opaque data: - ENVKEY: {{ required "Set a .Values.dshopBackendRinkebyEnvKey" .Values.dshopBackendRinkebyEnvKey | b64enc | quote}} + ENCRYPTION_KEY: {{ required "Set a .Values.dshopBackendRinkebyEncryptionKey" .Values.dshopBackendRinkebyEncryptionKey | b64enc | quote}} + DATABASE_URL: {{ required "Set a .Values.dshopBackendRinkebyDatabaseURL" .Values.dshopBackendRinkebyDatabaseURL | b64enc | quote}} diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml index 64be067dbbac..7f9f45e35a5f 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml @@ -12,11 +12,11 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/part-of: dshop-backend-rinkeby spec: + replicas: {{ default 1 .Values.dshopBackendRinkebyReplicas }} selector: matchLabels: app: {{ template "dshopBackendRinkeby.fullname" . }} serviceName: {{ template "dshopBackendRinkeby.fullname" . }} - replicas: 1 template: metadata: labels: @@ -27,25 +27,50 @@ spec: image: "{{ .Values.containerRegistry }}/{{ .Release.Namespace }}/{{ .Values.dshopBackendRinkebyImage }}:{{ .Values.dshopBackendRinkebyImageTag }}" imagePullPolicy: Always env: - - name: ENVKEY + - name: ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ template "dshopBackendRinkeby.fullname" . }} - key: ENVKEY + key: ENCRYPTION_KEY - name: DATABASE_URL - value: "sqlite:/data/dshop/net_rinkeby.db" + valueFrom: + secretKeyRef: + name: {{ template "dshopBackendRinkeby.fullname" . }} + key: DATABASE_URL + - name: REDIS_URL + value: redis://localhost:6379/0 port: - name: http containerPort: 3000 - volumeMounts: - - mountPath: /data/dshop - name: {{ template "dshopBackendRinkeby.fullname" . }}-data resources: requests: memory: 1Gi + - name: cloudsql-proxy + image: gcr.io/cloudsql-docker/gce-proxy:1.11 + command: ["/cloud_sql_proxy", + "-instances={{ .Values.dshopBackendRinkebyDBInstance }}=tcp:5432", + "-credential_file=/secrets/cloudsql/credentials.json"] + securityContext: + runAsUser: 2 # non-root user + allowPrivilegeEscalation: false + volumeMounts: + - name: dshop-cloudsql-credentials + mountPath: /secrets/cloudsql + readOnly: true + - name: redis + image: redis:6.0 + command: ["/bin/sh","-c"] + args: ["mkdir -p /data/redis && redis-server --dir /data/redis "] + volumeMounts: + - mountPath: /data + name: {{ template "dshopBackendRinkeby.fullname" . }}-redis + volumes: + - name: dshop-cloudsql-credentials + secret: + secretName: dshop-cloudsql-credentials volumeClaimTemplates: - metadata: - name: {{ template "dshopBackendRinkeby.fullname" . }}-data + name: {{ template "dshopBackendRinkeby.fullname" . }}-redis labels: app: {{ template "dshopBackendRinkeby.fullname" . }} spec: diff --git a/devops/kubernetes/charts/origin-experimental/values.yaml b/devops/kubernetes/charts/origin-experimental/values.yaml index 5bdca2d962dd..a2276588fea9 100644 --- a/devops/kubernetes/charts/origin-experimental/values.yaml +++ b/devops/kubernetes/charts/origin-experimental/values.yaml @@ -2,8 +2,11 @@ containerRegistry: gcr.io/origin-214503 clusterIssuer: letsencrypt-prod + +dshopBackendMainnetReplicas: 1 dshopBackendMainnetImage: dshop-backend dshopBackendMainnetImageTag: mainnet +dshopBackendRinkebyReplicas: 1 dshopBackendRinkebyImage: dshop-backend dshopBackendRinkebyImageTag: latest diff --git a/devops/kubernetes/values/origin-experimental/secrets-dshop.enc b/devops/kubernetes/values/origin-experimental/secrets-dshop.enc index d34f4bb139a9..36cc15f51c9d 100644 Binary files a/devops/kubernetes/values/origin-experimental/secrets-dshop.enc and b/devops/kubernetes/values/origin-experimental/secrets-dshop.enc differ diff --git a/devops/kubernetes/values/origin-experimental/values.yaml b/devops/kubernetes/values/origin-experimental/values.yaml index a8f36948f151..14da9d76aca0 100644 --- a/devops/kubernetes/values/origin-experimental/values.yaml +++ b/devops/kubernetes/values/origin-experimental/values.yaml @@ -1,2 +1,6 @@ dshopBackendMainnetHost: api.ogn.app +dshopBackendMainnetDBInstance: origin-214503:us-west1:dshop-mainnet0 +dshopBackendMainnetRedisURL: redis://localhost:6379/0 dshopBackendRinkebyHost: rinkebyapi.ogn.app +dshopBackendRinkebyDBInstance: origin-214503:us-west1:dshop-rinkeby0 +dshopBackendRinkebyRedisURL: redis://localhost:6379/0