From 2ca79e3b550a6523b80b088cf557e99d4854450a Mon Sep 17 00:00:00 2001 From: Ales Verbic Date: Sun, 18 Aug 2024 16:19:36 -0400 Subject: [PATCH 1/6] feat: add support for GCP to bootstrap Signed-off-by: Ales Verbic --- bootstrap/feature/main.tf | 7 +++--- bootstrap/main.tf | 6 +++++ bootstrap/proxy/cert.tf | 2 +- bootstrap/proxy/main.tf | 15 ++++++++++++ bootstrap/proxy/service.tf | 48 +++++++++++++++++++++++++++++++++++--- bootstrap/variables.tf | 17 ++++++++++---- 6 files changed, 84 insertions(+), 11 deletions(-) diff --git a/bootstrap/feature/main.tf b/bootstrap/feature/main.tf index 8d3d041..07c5290 100644 --- a/bootstrap/feature/main.tf +++ b/bootstrap/feature/main.tf @@ -31,9 +31,10 @@ variable "api_key_salt" { variable "dcu_per_frame" { type = map(string) default = { - "mainnet" = "10" - "preprod" = "5" - "preview" = "5" + "mainnet" = "10" + "preprod" = "5" + "preview" = "5" + "vector-testnet" = "5" } } diff --git a/bootstrap/main.tf b/bootstrap/main.tf index 2abf985..c78b48d 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -32,6 +32,9 @@ module "ogmios_v1_proxy" { proxy_image_tag = var.proxy_blue_image_tag extension_name = var.extension_name networks = var.networks + cloud_provider = var.cloud_provider + dns_zone = var.dns_zone + cluster_issuer = var.cluster_issuer name = "proxy" } @@ -44,6 +47,9 @@ module "ogmios_v1_proxy_green" { extension_name = var.extension_name networks = ["mainnet", "preprod", "preview", "vector-testnet"] environment = "green" + cloud_provider = var.cloud_provider + dns_zone = var.dns_zone + cluster_issuer = var.cluster_issuer name = "proxy-green" } diff --git a/bootstrap/proxy/cert.tf b/bootstrap/proxy/cert.tf index 92decbb..c5084c6 100644 --- a/bootstrap/proxy/cert.tf +++ b/bootstrap/proxy/cert.tf @@ -25,7 +25,7 @@ resource "kubernetes_manifest" "certificate_cluster_wildcard_tls" { "issuerRef" = { "kind" = "ClusterIssuer" - "name" = "letsencrypt" + "name" = var.cluster_issuer } "secretName" = local.cert_secret_name } diff --git a/bootstrap/proxy/main.tf b/bootstrap/proxy/main.tf index 5772e8f..16abb21 100644 --- a/bootstrap/proxy/main.tf +++ b/bootstrap/proxy/main.tf @@ -80,3 +80,18 @@ variable "dns_zone" { type = string default = "demeter.run" } + +variable "cluster_issuer" { + type = string + default = "letsencrypt" +} + +variable "cloud_provider" { + type = string + default = "aws" +} + +variable "healthcheck_port" { + type = number + default = null +} diff --git a/bootstrap/proxy/service.tf b/bootstrap/proxy/service.tf index a3bc0fd..131bf89 100644 --- a/bootstrap/proxy/service.tf +++ b/bootstrap/proxy/service.tf @@ -1,4 +1,5 @@ -resource "kubernetes_service_v1" "proxy_service" { +resource "kubernetes_service_v1" "proxy_service_aws" { + for_each = toset([for n in toset(["loadbalancer"]) : n if var.cloud_provider == "aws"]) metadata { name = local.name namespace = var.namespace @@ -6,8 +7,9 @@ resource "kubernetes_service_v1" "proxy_service" { "service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" : "instance" "service.beta.kubernetes.io/aws-load-balancer-scheme" : "internet-facing" "service.beta.kubernetes.io/aws-load-balancer-type" : "external" - "service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" : "HTTPS" + "service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" : "HTTP" "service.beta.kubernetes.io/aws-load-balancer-healthcheck-path" : "/healthz" + "service.beta.kubernetes.io/aws-load-balancer-healthcheck-port" : var.healthcheck_port != null ? var.healthcheck_port : "traffic-port" } } @@ -17,11 +19,51 @@ resource "kubernetes_service_v1" "proxy_service" { port { name = "proxy" - port = 443 + port = 9443 target_port = local.proxy_port protocol = "TCP" } + + port { + name = "health" + port = 80 + target_port = local.prometheus_port + protocol = "TCP" + } + + type = "LoadBalancer" + } +} + +resource "kubernetes_service_v1" "proxy_service_gcp" { + for_each = toset([for n in toset(["loadbalancer"]) : n if var.cloud_provider == "gcp"]) + metadata { + name = local.name + namespace = var.namespace + annotations = { + "cloud.google.com/l4-rbs" : "enabled" + } + } + + spec { + external_traffic_policy = "Local" + selector = local.proxy_labels + + port { + name = "proxy" + port = 9443 + target_port = local.proxy_port + protocol = "TCP" + } + + port { + name = "health" + port = 80 + target_port = local.prometheus_port + protocol = "TCP" + } + type = "LoadBalancer" } } diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf index 4284e37..076063d 100644 --- a/bootstrap/variables.tf +++ b/bootstrap/variables.tf @@ -7,11 +7,20 @@ variable "dns_zone" { default = "demeter.run" } +variable "cluster_issuer" { + type = string + default = "letsencrypt" +} + variable "extension_name" { type = string default = "ogmios-m1" } +variable "cloud_provider" { + type = string + default = "aws" +} variable "networks" { type = list(string) @@ -37,9 +46,10 @@ variable "api_key_salt" { variable "dcu_per_frame" { type = map(string) default = { - "mainnet" = "10" - "preprod" = "5" - "preview" = "5" + "mainnet" = "10" + "preprod" = "5" + "preview" = "5" + "vector-testnet" = "5" } } @@ -128,7 +138,6 @@ variable "proxy_resources" { } } - variable "instances" { type = map(object({ salt = string From 8f490331004c2d4b9bd3a818378ad295cf8b9478 Mon Sep 17 00:00:00 2001 From: Paulo Bressan Date: Mon, 23 Sep 2024 20:14:20 -0300 Subject: [PATCH 2/6] Implemented crdgen json output (#69) * chore: implemented crdgen json output * chore: implemented crdgen json output --- operator/src/crdgen.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/operator/src/crdgen.rs b/operator/src/crdgen.rs index 83cf9bc..2b2abf9 100644 --- a/operator/src/crdgen.rs +++ b/operator/src/crdgen.rs @@ -2,6 +2,15 @@ use kube::CustomResourceExt; use operator::controller; fn main() { + let args: Vec = std::env::args().collect(); + if args.len() > 1 && args[1] == "json" { + print!( + "{}", + serde_json::to_string_pretty(&controller::OgmiosPort::crd()).unwrap() + ); + return; + } + print!( "{}", serde_yaml::to_string(&controller::OgmiosPort::crd()).unwrap() From fe4a4e6a204e5e2f37c5651889cc2b82fedbfa59 Mon Sep 17 00:00:00 2001 From: Paulo Bressan Date: Tue, 12 Nov 2024 15:55:47 -0300 Subject: [PATCH 3/6] fix: adjusted host regex (#70) --- proxy/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy/src/main.rs b/proxy/src/main.rs index 09b6397..8f67aa9 100644 --- a/proxy/src/main.rs +++ b/proxy/src/main.rs @@ -52,7 +52,7 @@ impl State { pub fn try_new() -> Result> { let config = Config::new(); let metrics = Metrics::try_new(Registry::default())?; - let host_regex = Regex::new(r"(dmtr_[\w\d-]+)?\.?.+")?; + let host_regex = Regex::new(r"([dmtr_]?[\w\d-]+)?\.?.+")?; let consumers = Default::default(); let tiers = Default::default(); let limiter = Default::default(); From 52828b4f7339f216bd93e79c46a2da6870d234d4 Mon Sep 17 00:00:00 2001 From: Paulo Bressan Date: Sat, 16 Nov 2024 16:37:40 -0300 Subject: [PATCH 4/6] fix: fixed proxy api key (#71) --- proxy/src/proxy.rs | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/proxy/src/proxy.rs b/proxy/src/proxy.rs index 1247acd..e12d834 100644 --- a/proxy/src/proxy.rs +++ b/proxy/src/proxy.rs @@ -312,11 +312,6 @@ pub struct ProxyRequest { } impl ProxyRequest { pub async fn new(hyper_req: &mut Request, state: &State) -> Option { - let mut host = get_header(hyper_req, HOST.as_str())?; - let host_regex = host.clone(); - - let captures = state.host_regex.captures(&host_regex)?; - let namespace = state.config.proxy_namespace.clone(); let protocol = get_header(hyper_req, UPGRADE.as_str()) @@ -329,15 +324,13 @@ impl ProxyRequest { }) .unwrap_or(Protocol::Http); - if let Some(key) = captures.get(1) { - let key = key.as_str(); - hyper_req - .headers_mut() - .insert(DMTR_API_KEY, HeaderValue::from_str(key).unwrap()); - host = host.replace(&format!("{key}."), ""); - } + let host = get_header(hyper_req, HOST.as_str())?; + let captures = state.host_regex.captures(&host)?; + + let token = get_header(hyper_req, DMTR_API_KEY) + .or_else(|| captures.get(1).map(|v| v.as_str().to_string())) + .unwrap_or_default(); - let token = get_header(hyper_req, DMTR_API_KEY).unwrap_or_default(); let consumer = state.get_consumer(&token).await?; let instance = format!( "ogmios-{}-{}.{}:{}", From 84fb8192b9b1777f59042298b3b3312e5ed30197 Mon Sep 17 00:00:00 2001 From: Felipe Gonzalez Date: Wed, 20 Nov 2024 19:11:56 -0300 Subject: [PATCH 5/6] chore: Update Ogmios base image (#72) --- docker/ogmios-6/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/ogmios-6/Dockerfile b/docker/ogmios-6/Dockerfile index 53a1b44..94a10ed 100644 --- a/docker/ogmios-6/Dockerfile +++ b/docker/ogmios-6/Dockerfile @@ -1,3 +1,3 @@ -FROM cardanosolutions/ogmios:v6.6.1 +FROM cardanosolutions/ogmios:v6.9.0 COPY ./genesis /genesis From 64db91a801f4b9a3704beb301e7bba5dc8a6ba1b Mon Sep 17 00:00:00 2001 From: Ales Verbic Date: Fri, 13 Dec 2024 07:03:40 -0500 Subject: [PATCH 6/6] feat(bootstrap): add dynamic support for tolerations Signed-off-by: Ales Verbic --- bootstrap/instance/main.tf | 32 ++++++++++++++++++++++++++++---- bootstrap/instance/ogmios.tf | 28 +++++++++------------------- bootstrap/main.tf | 2 +- bootstrap/proxy/service.tf | 6 +++--- bootstrap/variables.tf | 6 ++++++ 5 files changed, 47 insertions(+), 27 deletions(-) diff --git a/bootstrap/instance/main.tf b/bootstrap/instance/main.tf index 97a3642..e3fb00c 100644 --- a/bootstrap/instance/main.tf +++ b/bootstrap/instance/main.tf @@ -55,7 +55,31 @@ variable "resources" { } } - -variable "compute_arch" { - type = string -} \ No newline at end of file +variable "tolerations" { + description = "List of tolerations for the instance" + type = list(object({ + effect = string + key = string + operator = string + value = optional(string) + })) + default = [ + { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Exists" + }, + { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + }, + { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + } + ] +} diff --git a/bootstrap/instance/ogmios.tf b/bootstrap/instance/ogmios.tf index 7c68f19..1bef4e9 100644 --- a/bootstrap/instance/ogmios.tf +++ b/bootstrap/instance/ogmios.tf @@ -62,7 +62,7 @@ resource "kubernetes_deployment_v1" "ogmios" { name = "main" image = local.image image_pull_policy = "IfNotPresent" - args = local.container_args + args = local.container_args resources { limits = { @@ -137,24 +137,14 @@ resource "kubernetes_deployment_v1" "ogmios" { } } - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-profile" - operator = "Exists" - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-arch" - operator = "Equal" - value = var.compute_arch - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/availability-sla" - operator = "Equal" - value = "consistent" + dynamic "toleration" { + for_each = var.tolerations + content { + effect = toleration.value.effect + key = toleration.value.key + operator = toleration.value.operator + value = toleration.value.value + } } } } diff --git a/bootstrap/main.tf b/bootstrap/main.tf index c78b48d..4ae187c 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -75,7 +75,7 @@ module "ogmios_instances" { ogmios_image = each.value.ogmios_image node_private_dns = each.value.node_private_dns ogmios_version = each.value.ogmios_version - compute_arch = each.value.compute_arch + tolerations = each.value.tolerations replicas = each.value.replicas } diff --git a/bootstrap/proxy/service.tf b/bootstrap/proxy/service.tf index 131bf89..10be1c9 100644 --- a/bootstrap/proxy/service.tf +++ b/bootstrap/proxy/service.tf @@ -7,7 +7,7 @@ resource "kubernetes_service_v1" "proxy_service_aws" { "service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" : "instance" "service.beta.kubernetes.io/aws-load-balancer-scheme" : "internet-facing" "service.beta.kubernetes.io/aws-load-balancer-type" : "external" - "service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" : "HTTP" + "service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" : "HTTPS" "service.beta.kubernetes.io/aws-load-balancer-healthcheck-path" : "/healthz" "service.beta.kubernetes.io/aws-load-balancer-healthcheck-port" : var.healthcheck_port != null ? var.healthcheck_port : "traffic-port" } @@ -19,7 +19,7 @@ resource "kubernetes_service_v1" "proxy_service_aws" { port { name = "proxy" - port = 9443 + port = 443 target_port = local.proxy_port protocol = "TCP" } @@ -52,7 +52,7 @@ resource "kubernetes_service_v1" "proxy_service_gcp" { port { name = "proxy" - port = 9443 + port = 443 target_port = local.proxy_port protocol = "TCP" } diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf index 076063d..800794e 100644 --- a/bootstrap/variables.tf +++ b/bootstrap/variables.tf @@ -157,5 +157,11 @@ variable "instances" { memory = string }) })) + tolerations = optional(list(object({ + effect = string + key = string + operator = string + value = optional(string) + }))) })) }