From a533f26f975901f6890393a0fb6a623c22223bfd Mon Sep 17 00:00:00 2001 From: Mike Shultz Date: Tue, 26 May 2020 15:35:04 -0600 Subject: [PATCH] Dshop backend ops update (#4472) * update dockerfile for dshop backend changes * ignore secrets-dshop.yaml * update dshop backend deploys: adjusts env vars as necessary, switches dshop backends from statefulsets to deployments, configures CloudSQL connections, * new subdir in dshop dir * adds redis and move dshop backend back to statefulsets for redis persistance * dshop backend Dockerfile moved to different repo * adds backendapi.ogn.app to dshop backend ingress * fixes mainnet password for dshop DB * dshopapi.ogn.app not backendapi --- .gitignore | 1 + devops/dockerfiles/dshop-backend | 28 +----------- .../dshop-backend-mainnet.ingress.yaml | 7 ++- .../dshop-backend-mainnet.secret.yaml | 17 ++++++++ .../dshop-backend-mainnet.statefulset.yaml | 41 ++++++++++++++---- .../dshop-backend-rinkeby.secret.yaml | 3 +- .../dshop-backend-rinkeby.statefulset.yaml | 41 ++++++++++++++---- .../charts/origin-experimental/values.yaml | 3 ++ .../origin-experimental/secrets-dshop.enc | Bin 146 -> 391 bytes .../values/origin-experimental/values.yaml | 4 ++ 10 files changed, 100 insertions(+), 45 deletions(-) create mode 100644 devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml diff --git a/.gitignore b/.gitignore index 6853b49551da..7c77df3ae565 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ secrets.yaml secrets-dev.yaml secrets-staging.yaml secrets-prod.yaml +secrets-dshop.yaml github.key # Development # diff --git a/devops/dockerfiles/dshop-backend b/devops/dockerfiles/dshop-backend index 3e79721c237c..9c33dcb444ea 100644 --- a/devops/dockerfiles/dshop-backend +++ b/devops/dockerfiles/dshop-backend @@ -1,27 +1 @@ -FROM node:10 as build - -WORKDIR /app - -ARG ENVKEY -ARG DSHOP_BACKEND_DIR=dapps/shop/backend - -ENV NODE_ENV=production -ENV ENVKEY=$ENVKEY -ENV DISABLE_SYNC=true - -COPY $DSHOP_BACKEND_DIR/package.json ./ -COPY $DSHOP_BACKEND_DIR/app.js ./ -COPY $DSHOP_BACKEND_DIR/app.json ./ -COPY $DSHOP_BACKEND_DIR/config.js ./ -COPY $DSHOP_BACKEND_DIR/index.js ./ -COPY $DSHOP_BACKEND_DIR/listener.js ./ -COPY $DSHOP_BACKEND_DIR/tstEnc.js ./ -COPY $DSHOP_BACKEND_DIR/routes ./routes -COPY $DSHOP_BACKEND_DIR/utils ./utils -COPY $DSHOP_BACKEND_DIR/data/config.js ./data/config.js -COPY $DSHOP_BACKEND_DIR/data/migrations ./data/migrations -COPY $DSHOP_BACKEND_DIR/models ./models -COPY $DSHOP_BACKEND_DIR/scripts ./scripts - -RUN yarn install -CMD npm run migrate && node index.js +# Moved to https://github.com/OriginProtocol/dshop/blob/master/devops/Dockerfile diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml index f5e82b41a565..a6d2dcfd8797 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml @@ -23,11 +23,16 @@ spec: - secretName: "{{ .Values.dshopBackendMainnetHost }}" hosts: - {{ .Values.dshopBackendMainnetHost }} + - secretName: "dshopapi.ogn.app" + hosts: + - "dshopapi.ogn.app" rules: - host: {{ .Values.dshopBackendMainnetHost }} - http: + http: &http_rules paths: - path: / backend: serviceName: {{ template "dshopBackendMainnet.fullname" . }} servicePort: 3000 + - host: "dshopapi.ogn.app" + http: *http_rules diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml new file mode 100644 index 000000000000..3e0057fe786a --- /dev/null +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "dshopBackendMainnet.fullname" . }} + labels: + app: {{ template "dshopBackendMainnet.fullname" . }} + app.kubernetes.io/name: dshop + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: backend + app.kubernetes.io/part-of: dshop-backend-rinkeby +type: Opaque +data: + ENCRYPTION_KEY: {{ required "Set a .Values.dshopBackendMainnetEncryptionKey" .Values.dshopBackendMainnetEncryptionKey | b64enc | quote}} + DATABASE_URL: {{ required "Set a .Values.dshopBackendMainnetDatabaseURL" .Values.dshopBackendMainnetDatabaseURL | b64enc | quote}} diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml index d3edbd3304ff..d5327ee498ea 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml @@ -12,11 +12,11 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/part-of: dshop-backend-mainnet spec: + replicas: {{ default 1 .Values.dshopBackendMainnetReplicas }} selector: matchLabels: app: {{ template "dshopBackendMainnet.fullname" . }} serviceName: {{ template "dshopBackendMainnet.fullname" . }} - replicas: 1 template: metadata: labels: @@ -27,25 +27,50 @@ spec: image: "{{ .Values.containerRegistry }}/{{ .Release.Namespace }}/{{ .Values.dshopBackendMainnetImage }}:{{ .Values.dshopBackendMainnetImageTag }}" imagePullPolicy: Always env: - - name: ENVKEY + - name: ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ template "dshopBackendMainnet.fullname" . }} - key: ENVKEY + key: ENCRYPTION_KEY - name: DATABASE_URL - value: "sqlite:/data/dshop/net_mainnet.db" + valueFrom: + secretKeyRef: + name: {{ template "dshopBackendMainnet.fullname" . }} + key: DATABASE_URL + - name: REDIS_URL + value: redis://localhost:6379/0 port: - name: http containerPort: 3000 - volumeMounts: - - mountPath: /data/dshop - name: {{ template "dshopBackendMainnet.fullname" . }}-data resources: requests: memory: 1Gi + - name: cloudsql-proxy + image: gcr.io/cloudsql-docker/gce-proxy:1.11 + command: ["/cloud_sql_proxy", + "-instances={{ .Values.dshopBackendMainnetDBInstance }}=tcp:5432", + "-credential_file=/secrets/cloudsql/credentials.json"] + securityContext: + runAsUser: 2 # non-root user + allowPrivilegeEscalation: false + volumeMounts: + - name: dshop-cloudsql-credentials + mountPath: /secrets/cloudsql + readOnly: true + - name: redis + image: redis:6.0 + command: ["/bin/sh","-c"] + args: ["mkdir -p /data/redis && redis-server --dir /data/redis "] + volumeMounts: + - mountPath: /data + name: {{ template "dshopBackendMainnet.fullname" . }}-redis + volumes: + - name: dshop-cloudsql-credentials + secret: + secretName: dshop-cloudsql-credentials volumeClaimTemplates: - metadata: - name: {{ template "dshopBackendMainnet.fullname" . }}-data + name: {{ template "dshopBackendMainnet.fullname" . }}-redis labels: app: {{ template "dshopBackendMainnet.fullname" . }} spec: diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml index b5f5d0524620..ece2b56d9485 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml @@ -13,4 +13,5 @@ metadata: app.kubernetes.io/part-of: dshop-backend-rinkeby type: Opaque data: - ENVKEY: {{ required "Set a .Values.dshopBackendRinkebyEnvKey" .Values.dshopBackendRinkebyEnvKey | b64enc | quote}} + ENCRYPTION_KEY: {{ required "Set a .Values.dshopBackendRinkebyEncryptionKey" .Values.dshopBackendRinkebyEncryptionKey | b64enc | quote}} + DATABASE_URL: {{ required "Set a .Values.dshopBackendRinkebyDatabaseURL" .Values.dshopBackendRinkebyDatabaseURL | b64enc | quote}} diff --git a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml index 64be067dbbac..7f9f45e35a5f 100644 --- a/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml +++ b/devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml @@ -12,11 +12,11 @@ metadata: app.kubernetes.io/component: backend app.kubernetes.io/part-of: dshop-backend-rinkeby spec: + replicas: {{ default 1 .Values.dshopBackendRinkebyReplicas }} selector: matchLabels: app: {{ template "dshopBackendRinkeby.fullname" . }} serviceName: {{ template "dshopBackendRinkeby.fullname" . }} - replicas: 1 template: metadata: labels: @@ -27,25 +27,50 @@ spec: image: "{{ .Values.containerRegistry }}/{{ .Release.Namespace }}/{{ .Values.dshopBackendRinkebyImage }}:{{ .Values.dshopBackendRinkebyImageTag }}" imagePullPolicy: Always env: - - name: ENVKEY + - name: ENCRYPTION_KEY valueFrom: secretKeyRef: name: {{ template "dshopBackendRinkeby.fullname" . }} - key: ENVKEY + key: ENCRYPTION_KEY - name: DATABASE_URL - value: "sqlite:/data/dshop/net_rinkeby.db" + valueFrom: + secretKeyRef: + name: {{ template "dshopBackendRinkeby.fullname" . }} + key: DATABASE_URL + - name: REDIS_URL + value: redis://localhost:6379/0 port: - name: http containerPort: 3000 - volumeMounts: - - mountPath: /data/dshop - name: {{ template "dshopBackendRinkeby.fullname" . }}-data resources: requests: memory: 1Gi + - name: cloudsql-proxy + image: gcr.io/cloudsql-docker/gce-proxy:1.11 + command: ["/cloud_sql_proxy", + "-instances={{ .Values.dshopBackendRinkebyDBInstance }}=tcp:5432", + "-credential_file=/secrets/cloudsql/credentials.json"] + securityContext: + runAsUser: 2 # non-root user + allowPrivilegeEscalation: false + volumeMounts: + - name: dshop-cloudsql-credentials + mountPath: /secrets/cloudsql + readOnly: true + - name: redis + image: redis:6.0 + command: ["/bin/sh","-c"] + args: ["mkdir -p /data/redis && redis-server --dir /data/redis "] + volumeMounts: + - mountPath: /data + name: {{ template "dshopBackendRinkeby.fullname" . }}-redis + volumes: + - name: dshop-cloudsql-credentials + secret: + secretName: dshop-cloudsql-credentials volumeClaimTemplates: - metadata: - name: {{ template "dshopBackendRinkeby.fullname" . }}-data + name: {{ template "dshopBackendRinkeby.fullname" . }}-redis labels: app: {{ template "dshopBackendRinkeby.fullname" . }} spec: diff --git a/devops/kubernetes/charts/origin-experimental/values.yaml b/devops/kubernetes/charts/origin-experimental/values.yaml index 5bdca2d962dd..a2276588fea9 100644 --- a/devops/kubernetes/charts/origin-experimental/values.yaml +++ b/devops/kubernetes/charts/origin-experimental/values.yaml @@ -2,8 +2,11 @@ containerRegistry: gcr.io/origin-214503 clusterIssuer: letsencrypt-prod + +dshopBackendMainnetReplicas: 1 dshopBackendMainnetImage: dshop-backend dshopBackendMainnetImageTag: mainnet +dshopBackendRinkebyReplicas: 1 dshopBackendRinkebyImage: dshop-backend dshopBackendRinkebyImageTag: latest diff --git a/devops/kubernetes/values/origin-experimental/secrets-dshop.enc b/devops/kubernetes/values/origin-experimental/secrets-dshop.enc index d34f4bb139a907729699050b4ccee9462364fa32..36cc15f51c9da6fb8e356e90a694baa5f8c1769a 100644 GIT binary patch literal 391 zcmV;20eJojBmmg1&6>o51?o4;%6?vdK-5Jq#DW?1wr7?V7FC_z7$a|FhZ5cb04`ck zrrVbb{_l_*BK6?rSv|li8(>;*u``p1_Z)odjVasf^=k{1I!T7#H{1tbaTyMjnk2Ua zo`0s#sU&Q2A=ImfTFz)PCGU3in)=dpwtD<0rD2$SIQ22c;z!~Jf@%x4z=}Z5wrCY( zWE38n&|@R4W#Jxh2(U93TufjxZGnIK1HK|KgpXTDP>a&{WNTEJ!(1zguTp|sWe&6) z-QUc@G>me3FC)V^`(PP6yPP4&wFmh6vkdrlj&U_e8xzd*q6A`|H#<6jKwZ}4oa`|` zr5eT(>(xq55IVw{^DQuN@7#XG7j`=*c7%O7^f(=v_h^h5^fT_9E_OV~Y1QQ)3yjxQ zmOn^>_CQFYdu~PKNnP5Fmr5yEWAcK8RL_jqL;rHA3gm^WB@3w?BK2ODY@?C@Mfv6C l2NLAxYs(h{2L&7$6CS3eB%Bw^Y?*j{3A4f3ZUK#Z0(T|RxG?|# literal 146 zcmV;D0B!#YBmmg1&6-L9`rmaP`4Pu$)j+Ce?Hj{15=baM2s0NJCsOi@G7@S4Onu!h z;uTqD|E&rMthuNk*CT9fw&SpJv*y1K*>j|gcr2&)KhsS#=1!HmHJw|k!Gohi=zl+l zm&phFE>r%xP$t>kN#^sCerV=QLQgO5{&9y%{MImum{PTfQ?IppeGGMr=E8E`mXAb8 A=l}o! diff --git a/devops/kubernetes/values/origin-experimental/values.yaml b/devops/kubernetes/values/origin-experimental/values.yaml index a8f36948f151..14da9d76aca0 100644 --- a/devops/kubernetes/values/origin-experimental/values.yaml +++ b/devops/kubernetes/values/origin-experimental/values.yaml @@ -1,2 +1,6 @@ dshopBackendMainnetHost: api.ogn.app +dshopBackendMainnetDBInstance: origin-214503:us-west1:dshop-mainnet0 +dshopBackendMainnetRedisURL: redis://localhost:6379/0 dshopBackendRinkebyHost: rinkebyapi.ogn.app +dshopBackendRinkebyDBInstance: origin-214503:us-west1:dshop-rinkeby0 +dshopBackendRinkebyRedisURL: redis://localhost:6379/0