Feat/add dynamic tolerations (#73)

* feat: add support for GCP to bootstrap

Signed-off-by: Ales Verbic <[email protected]>

* Implemented crdgen json output (#69)

* chore: implemented crdgen json output

* chore: implemented crdgen json output

* fix: adjusted host regex (#70)

* fix: fixed proxy api key (#71)

* chore: Update Ogmios base image (#72)

* feat(bootstrap): add dynamic support for tolerations

Signed-off-by: Ales Verbic <[email protected]>

---------

Signed-off-by: Ales Verbic <[email protected]>
Co-authored-by: Paulo Bressan <[email protected]>
Co-authored-by: Felipe Gonzalez <[email protected]>

Author: 3 people

bootstrap/feature/main.tf

@@ -31,9 +31,10 @@ variable "api_key_salt" {
 variable "dcu_per_frame" {
   type = map(string)
   default = {
-    "mainnet" = "10"
-    "preprod" = "5"
-    "preview" = "5"
+    "mainnet"        = "10"
+    "preprod"        = "5"
+    "preview"        = "5"
+    "vector-testnet" = "5"
   }
 }
 

bootstrap/instance/main.tf

@@ -55,7 +55,31 @@ variable "resources" {
   }
 }
 
-
-variable "compute_arch" {
-  type = string
-}
+variable "tolerations" {
+  description = "List of tolerations for the instance"
+  type = list(object({
+    effect   = string
+    key      = string
+    operator = string
+    value    = optional(string)
+  }))
+  default = [
+    {
+      effect   = "NoSchedule"
+      key      = "demeter.run/compute-profile"
+      operator = "Exists"
+    },
+    {
+      effect   = "NoSchedule"
+      key      = "demeter.run/compute-arch"
+      operator = "Equal"
+      value    = "x86"
+    },
+    {
+      effect   = "NoSchedule"
+      key      = "demeter.run/availability-sla"
+      operator = "Equal"
+      value    = "consistent"
+    }
+  ]
+}

bootstrap/instance/ogmios.tf

@@ -62,7 +62,7 @@ resource "kubernetes_deployment_v1" "ogmios" {
           name              = "main"
           image             = local.image
           image_pull_policy = "IfNotPresent"
-          args = local.container_args
+          args              = local.container_args
 
           resources {
             limits = {
@@ -137,24 +137,14 @@ resource "kubernetes_deployment_v1" "ogmios" {
           }
         }
 
-        toleration {
-          effect   = "NoSchedule"
-          key      = "demeter.run/compute-profile"
-          operator = "Exists"
-        }
-
-        toleration {
-          effect   = "NoSchedule"
-          key      = "demeter.run/compute-arch"
-          operator = "Equal"
-          value    = var.compute_arch
-        }
-
-        toleration {
-          effect   = "NoSchedule"
-          key      = "demeter.run/availability-sla"
-          operator = "Equal"
-          value    = "consistent"
+        dynamic "toleration" {
+          for_each = var.tolerations
+          content {
+            effect   = toleration.value.effect
+            key      = toleration.value.key
+            operator = toleration.value.operator
+            value    = toleration.value.value
+          }
         }
       }
     }

bootstrap/main.tf

@@ -32,6 +32,9 @@ module "ogmios_v1_proxy" {
   proxy_image_tag = var.proxy_blue_image_tag
   extension_name  = var.extension_name
   networks        = var.networks
+  cloud_provider  = var.cloud_provider
+  dns_zone        = var.dns_zone
+  cluster_issuer  = var.cluster_issuer
   name            = "proxy"
 }
 
@@ -44,6 +47,9 @@ module "ogmios_v1_proxy_green" {
   extension_name  = var.extension_name
   networks        = ["mainnet", "preprod", "preview", "vector-testnet"]
   environment     = "green"
+  cloud_provider  = var.cloud_provider
+  dns_zone        = var.dns_zone
+  cluster_issuer  = var.cluster_issuer
   name            = "proxy-green"
 }
 
@@ -69,7 +75,7 @@ module "ogmios_instances" {
   ogmios_image     = each.value.ogmios_image
   node_private_dns = each.value.node_private_dns
   ogmios_version   = each.value.ogmios_version
-  compute_arch     = each.value.compute_arch
+  tolerations      = each.value.tolerations
   replicas         = each.value.replicas
 }
 

bootstrap/proxy/cert.tf

@@ -25,7 +25,7 @@ resource "kubernetes_manifest" "certificate_cluster_wildcard_tls" {
 
       "issuerRef" = {
         "kind" = "ClusterIssuer"
-        "name" = "letsencrypt"
+        "name" = var.cluster_issuer
       }
       "secretName" = local.cert_secret_name
     }

bootstrap/proxy/main.tf

@@ -80,3 +80,18 @@ variable "dns_zone" {
   type    = string
   default = "demeter.run"
 }
+
+variable "cluster_issuer" {
+  type    = string
+  default = "letsencrypt"
+}
+
+variable "cloud_provider" {
+  type    = string
+  default = "aws"
+}
+
+variable "healthcheck_port" {
+  type    = number
+  default = null
+}

bootstrap/proxy/service.tf

@@ -1,4 +1,5 @@
-resource "kubernetes_service_v1" "proxy_service" {
+resource "kubernetes_service_v1" "proxy_service_aws" {
+  for_each = toset([for n in toset(["loadbalancer"]) : n if var.cloud_provider == "aws"])
   metadata {
     name      = local.name
     namespace = var.namespace
@@ -8,6 +9,7 @@ resource "kubernetes_service_v1" "proxy_service" {
       "service.beta.kubernetes.io/aws-load-balancer-type" : "external"
       "service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" : "HTTPS"
       "service.beta.kubernetes.io/aws-load-balancer-healthcheck-path" : "/healthz"
+      "service.beta.kubernetes.io/aws-load-balancer-healthcheck-port" : var.healthcheck_port != null ? var.healthcheck_port : "traffic-port"
     }
   }
 
@@ -22,6 +24,46 @@ resource "kubernetes_service_v1" "proxy_service" {
       protocol    = "TCP"
     }
 
+
+    port {
+      name        = "health"
+      port        = 80
+      target_port = local.prometheus_port
+      protocol    = "TCP"
+    }
+
+    type = "LoadBalancer"
+  }
+}
+
+resource "kubernetes_service_v1" "proxy_service_gcp" {
+  for_each = toset([for n in toset(["loadbalancer"]) : n if var.cloud_provider == "gcp"])
+  metadata {
+    name      = local.name
+    namespace = var.namespace
+    annotations = {
+      "cloud.google.com/l4-rbs" : "enabled"
+    }
+  }
+
+  spec {
+    external_traffic_policy = "Local"
+    selector                = local.proxy_labels
+
+    port {
+      name        = "proxy"
+      port        = 443
+      target_port = local.proxy_port
+      protocol    = "TCP"
+    }
+
+    port {
+      name        = "health"
+      port        = 80
+      target_port = local.prometheus_port
+      protocol    = "TCP"
+    }
+
     type = "LoadBalancer"
   }
 }

bootstrap/variables.tf

@@ -7,11 +7,20 @@ variable "dns_zone" {
   default = "demeter.run"
 }
 
+variable "cluster_issuer" {
+  type    = string
+  default = "letsencrypt"
+}
+
 variable "extension_name" {
   type    = string
   default = "ogmios-m1"
 }
 
+variable "cloud_provider" {
+  type    = string
+  default = "aws"
+}
 
 variable "networks" {
   type    = list(string)
@@ -37,9 +46,10 @@ variable "api_key_salt" {
 variable "dcu_per_frame" {
   type = map(string)
   default = {
-    "mainnet" = "10"
-    "preprod" = "5"
-    "preview" = "5"
+    "mainnet"        = "10"
+    "preprod"        = "5"
+    "preview"        = "5"
+    "vector-testnet" = "5"
   }
 }
 
@@ -128,7 +138,6 @@ variable "proxy_resources" {
   }
 }
 
-
 variable "instances" {
   type = map(object({
     salt             = string
@@ -148,5 +157,11 @@ variable "instances" {
         memory = string
       })
     }))
+    tolerations = optional(list(object({
+      effect   = string
+      key      = string
+      operator = string
+      value    = optional(string)
+    })))
   }))
 }