From 94917338cc5e9be0ebf58e01c46f76fa3e2a6b8a Mon Sep 17 00:00:00 2001 From: Alejandro Avagnina Date: Wed, 20 Dec 2023 19:01:43 -0300 Subject: [PATCH] chore: initial bootstrap --- bootstrap/configs/main.tf | 39 +++ bootstrap/configs/mainnet/config.json | 103 +++++++ bootstrap/configs/mainnet/db-sync-config.json | 114 ++++++++ bootstrap/configs/preprod/config.json | 107 +++++++ bootstrap/configs/preprod/db-sync-config.json | 114 ++++++++ bootstrap/configs/preview/config.json | 113 ++++++++ bootstrap/configs/preview/db-sync-config.json | 114 ++++++++ bootstrap/feature/main.tf | 19 ++ bootstrap/feature/monitor.tf | 27 ++ bootstrap/feature/postgres.tf | 263 ++++++++++++++++++ bootstrap/feature/secret.tf | 33 +++ bootstrap/instance/dbsync.tf | 219 +++++++++++++++ bootstrap/instance/main.tf | 149 ++++++++++ bootstrap/instance/monitor.tf | 57 ++++ bootstrap/instance/postgrest.tf | 152 ++++++++++ bootstrap/operator/main.tf | 135 +++++++++ bootstrap/operator/monitor.tf | 27 ++ bootstrap/pvc/main.tf | 35 +++ 18 files changed, 1820 insertions(+) create mode 100644 bootstrap/configs/main.tf create mode 100644 bootstrap/configs/mainnet/config.json create mode 100644 bootstrap/configs/mainnet/db-sync-config.json create mode 100644 bootstrap/configs/preprod/config.json create mode 100644 bootstrap/configs/preprod/db-sync-config.json create mode 100644 bootstrap/configs/preview/config.json create mode 100644 bootstrap/configs/preview/db-sync-config.json create mode 100644 bootstrap/feature/main.tf create mode 100644 bootstrap/feature/monitor.tf create mode 100644 bootstrap/feature/postgres.tf create mode 100644 bootstrap/feature/secret.tf create mode 100644 bootstrap/instance/dbsync.tf create mode 100644 bootstrap/instance/main.tf create mode 100644 bootstrap/instance/monitor.tf create mode 100644 bootstrap/instance/postgrest.tf create mode 100644 bootstrap/operator/main.tf create mode 100644 bootstrap/operator/monitor.tf create mode 100644 bootstrap/pvc/main.tf diff --git a/bootstrap/configs/main.tf b/bootstrap/configs/main.tf new file mode 100644 index 0000000..31086c1 --- /dev/null +++ b/bootstrap/configs/main.tf @@ -0,0 +1,39 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} + +variable "network" { + description = "cardano node network" +} + +variable "salt" { + description = "random value to avoid naming conflicts between instances" +} + +variable "namespace" { + description = "the namespace where the resources will be created" +} + +locals { + cm_name = "configs-${var.network}-${var.salt}" +} + +resource "kubernetes_config_map" "node-config" { + metadata { + namespace = var.namespace + name = local.cm_name + } + + data = { + "config.json" = "${file("${path.module}/${var.network}/config.json")}" + "db-sync-config.json" = "${file("${path.module}/${var.network}/db-sync-config.json")}" + } +} + +output "cm_name" { + value = local.cm_name +} diff --git a/bootstrap/configs/mainnet/config.json b/bootstrap/configs/mainnet/config.json new file mode 100644 index 0000000..fef7e9e --- /dev/null +++ b/bootstrap/configs/mainnet/config.json @@ -0,0 +1,103 @@ +{ + "AlonzoGenesisFile": "/genesis/mainnet/alonzo-genesis.json", + "AlonzoGenesisHash": "7e94a15f55d1e82d10f09203fa1d40f8eede58fd8066542cf6566008068ed874", + "ApplicationName": "cardano-sl", + "ApplicationVersion": 1, + "ByronGenesisFile": "/genesis/mainnet/byron-genesis.json", + "ByronGenesisHash": "5f20df933584822601f9e3f8c024eb5eb252fe8cefb24d1317dc3d432e940ebb", + "ConwayGenesisFile": "/genesis/mainnet/conway-genesis.json", + "ConwayGenesisHash": "f28f1c1280ea0d32f8cd3143e268650d6c1a8e221522ce4a7d20d62fc09783e1", + "LastKnownBlockVersion-Alt": 0, + "LastKnownBlockVersion-Major": 3, + "LastKnownBlockVersion-Minor": 0, + "MaxKnownMajorProtocolVersion": 2, + "Protocol": "Cardano", + "RequiresNetworkMagic": "RequiresNoMagic", + "ShelleyGenesisFile": "/genesis/mainnet/shelley-genesis.json", + "ShelleyGenesisHash": "1a3be38bcbb7911969283716ad7aa550250226b76a61fc51cc9a9a35d9276d81", + "TraceAcceptPolicy": true, + "TraceBlockFetchClient": false, + "TraceBlockFetchDecisions": false, + "TraceBlockFetchProtocol": false, + "TraceBlockFetchProtocolSerialised": false, + "TraceBlockFetchServer": false, + "TraceChainDb": true, + "TraceChainSyncBlockServer": false, + "TraceChainSyncClient": false, + "TraceChainSyncHeaderServer": false, + "TraceChainSyncProtocol": false, + "TraceConnectionManager": true, + "TraceDNSResolver": true, + "TraceDNSSubscription": true, + "TraceDiffusionInitialization": true, + "TraceErrorPolicy": true, + "TraceForge": true, + "TraceHandshake": false, + "TraceInboundGovernor": true, + "TraceIpSubscription": true, + "TraceLedgerPeers": true, + "TraceLocalChainSyncProtocol": false, + "TraceLocalErrorPolicy": true, + "TraceLocalHandshake": false, + "TraceLocalRootPeers": true, + "TraceLocalTxSubmissionProtocol": false, + "TraceLocalTxSubmissionServer": false, + "TraceMempool": true, + "TraceMux": false, + "TracePeerSelection": true, + "TracePeerSelectionActions": true, + "TracePublicRootPeers": true, + "TraceServer": true, + "TraceTxInbound": false, + "TraceTxOutbound": false, + "TraceTxSubmissionProtocol": false, + "TracingVerbosity": "NormalVerbosity", + "TurnOnLogMetrics": true, + "TurnOnLogging": true, + "defaultBackends": [ + "KatipBK" + ], + "defaultScribes": [ + [ + "StdoutSK", + "stdout" + ] + ], + "hasEKG": 12788, + "hasPrometheus": [ + "0.0.0.0", + 12798 + ], + "minSeverity": "Info", + "options": { + "mapBackends": { + "cardano.node.metrics": [ + "EKGViewBK" + ], + "cardano.node.resources": [ + "EKGViewBK" + ] + }, + "mapSubtrace": { + "cardano.node.metrics": { + "subtrace": "Neutral" + } + } + }, + "rotation": { + "rpKeepFilesNum": 10, + "rpLogLimitBytes": 5000000, + "rpMaxAgeHours": 24 + }, + "setupBackends": [ + "KatipBK" + ], + "setupScribes": [ + { + "scFormat": "ScText", + "scKind": "StdoutSK", + "scName": "stdout", + "scRotation": null + } + ] +} \ No newline at end of file diff --git a/bootstrap/configs/mainnet/db-sync-config.json b/bootstrap/configs/mainnet/db-sync-config.json new file mode 100644 index 0000000..be7828e --- /dev/null +++ b/bootstrap/configs/mainnet/db-sync-config.json @@ -0,0 +1,114 @@ +{ + "EnableLogMetrics": false, + "EnableLogging": true, + "NetworkName": "mainnet", + "NodeConfigFile": "config.json", + "PrometheusPort": 8080, + "RequiresNetworkMagic": "RequiresNoMagic", + "defaultBackends": [ + "KatipBK" + ], + "defaultScribes": [ + [ + "StdoutSK", + "stdout" + ] + ], + "minSeverity": "Info", + "options": { + "cfokey": { + "value": "Release-1.0.0" + }, + "mapBackends": {}, + "mapSeverity": { + "db-sync-node": "Info", + "db-sync-node.Mux": "Error", + "db-sync-node.Subscription": "Error" + }, + "mapSubtrace": { + "#ekgview": { + "contents": [ + [ + { + "contents": "cardano.epoch-validation.benchmark", + "tag": "Contains" + }, + [ + { + "contents": ".monoclock.basic.", + "tag": "Contains" + } + ] + ], + [ + { + "contents": "cardano.epoch-validation.benchmark", + "tag": "Contains" + }, + [ + { + "contents": "diff.RTS.cpuNs.timed.", + "tag": "Contains" + } + ] + ], + [ + { + "contents": "#ekgview.#aggregation.cardano.epoch-validation.benchmark", + "tag": "StartsWith" + }, + [ + { + "contents": "diff.RTS.gcNum.timed.", + "tag": "Contains" + } + ] + ] + ], + "subtrace": "FilterTrace" + }, + "#messagecounters.aggregation": { + "subtrace": "NoTrace" + }, + "#messagecounters.ekgview": { + "subtrace": "NoTrace" + }, + "#messagecounters.katip": { + "subtrace": "NoTrace" + }, + "#messagecounters.monitoring": { + "subtrace": "NoTrace" + }, + "#messagecounters.switchboard": { + "subtrace": "NoTrace" + }, + "benchmark": { + "contents": [ + "GhcRtsStats", + "MonotonicClock" + ], + "subtrace": "ObservableTrace" + }, + "cardano.epoch-validation.utxo-stats": { + "subtrace": "NoTrace" + } + } + }, + "rotation": { + "rpKeepFilesNum": 10, + "rpLogLimitBytes": 5000000, + "rpMaxAgeHours": 24 + }, + "setupBackends": [ + "AggregationBK", + "KatipBK" + ], + "setupScribes": [ + { + "scFormat": "ScText", + "scKind": "StdoutSK", + "scName": "stdout", + "scRotation": null + } + ] +} diff --git a/bootstrap/configs/preprod/config.json b/bootstrap/configs/preprod/config.json new file mode 100644 index 0000000..87c75d7 --- /dev/null +++ b/bootstrap/configs/preprod/config.json @@ -0,0 +1,107 @@ +{ + "AlonzoGenesisFile": "/genesis/preprod/alonzo-genesis.json", + "AlonzoGenesisHash": "7e94a15f55d1e82d10f09203fa1d40f8eede58fd8066542cf6566008068ed874", + "ApplicationName": "cardano-sl", + "ApplicationVersion": 0, + "ByronGenesisFile": "/genesis/preprod/byron-genesis.json", + "ByronGenesisHash": "d4b8de7a11d929a323373cbab6c1a9bdc931beffff11db111cf9d57356ee1937", + "ConwayGenesisFile": "/genesis/preprod/conway-genesis.json", + "ConwayGenesisHash": "f28f1c1280ea0d32f8cd3143e268650d6c1a8e221522ce4a7d20d62fc09783e1", + "EnableP2P": true, + "LastKnownBlockVersion-Alt": 0, + "LastKnownBlockVersion-Major": 2, + "LastKnownBlockVersion-Minor": 0, + "Protocol": "Cardano", + "RequiresNetworkMagic": "RequiresMagic", + "ShelleyGenesisFile": "/genesis/preprod/shelley-genesis.json", + "ShelleyGenesisHash": "162d29c4e1cf6b8a84f2d692e67a3ac6bc7851bc3e6e4afe64d15778bed8bd86", + "TargetNumberOfActivePeers": 20, + "TargetNumberOfEstablishedPeers": 50, + "TargetNumberOfKnownPeers": 100, + "TargetNumberOfRootPeers": 100, + "TraceAcceptPolicy": true, + "TraceBlockFetchClient": false, + "TraceBlockFetchDecisions": false, + "TraceBlockFetchProtocol": false, + "TraceBlockFetchProtocolSerialised": false, + "TraceBlockFetchServer": false, + "TraceChainDb": true, + "TraceChainSyncBlockServer": false, + "TraceChainSyncClient": false, + "TraceChainSyncHeaderServer": false, + "TraceChainSyncProtocol": false, + "TraceConnectionManager": true, + "TraceDNSResolver": true, + "TraceDNSSubscription": true, + "TraceDiffusionInitialization": true, + "TraceErrorPolicy": true, + "TraceForge": true, + "TraceHandshake": false, + "TraceInboundGovernor": true, + "TraceIpSubscription": true, + "TraceLedgerPeers": true, + "TraceLocalChainSyncProtocol": false, + "TraceLocalErrorPolicy": true, + "TraceLocalHandshake": false, + "TraceLocalRootPeers": true, + "TraceLocalTxSubmissionProtocol": false, + "TraceLocalTxSubmissionServer": false, + "TraceMempool": true, + "TraceMux": false, + "TracePeerSelection": true, + "TracePeerSelectionActions": true, + "TracePublicRootPeers": true, + "TraceServer": true, + "TraceTxInbound": false, + "TraceTxOutbound": false, + "TraceTxSubmissionProtocol": false, + "TracingVerbosity": "NormalVerbosity", + "TurnOnLogMetrics": true, + "TurnOnLogging": true, + "defaultBackends": [ + "KatipBK" + ], + "defaultScribes": [ + [ + "StdoutSK", + "stdout" + ] + ], + "hasEKG": 12788, + "hasPrometheus": [ + "0.0.0.0", + 12798 + ], + "minSeverity": "Info", + "options": { + "mapBackends": { + "cardano.node.metrics": [ + "EKGViewBK" + ], + "cardano.node.resources": [ + "EKGViewBK" + ] + }, + "mapSubtrace": { + "cardano.node.metrics": { + "subtrace": "Neutral" + } + } + }, + "rotation": { + "rpKeepFilesNum": 10, + "rpLogLimitBytes": 5000000, + "rpMaxAgeHours": 24 + }, + "setupBackends": [ + "KatipBK" + ], + "setupScribes": [ + { + "scFormat": "ScText", + "scKind": "StdoutSK", + "scName": "stdout", + "scRotation": null + } + ] +} \ No newline at end of file diff --git a/bootstrap/configs/preprod/db-sync-config.json b/bootstrap/configs/preprod/db-sync-config.json new file mode 100644 index 0000000..0976144 --- /dev/null +++ b/bootstrap/configs/preprod/db-sync-config.json @@ -0,0 +1,114 @@ +{ + "EnableLogMetrics": false, + "EnableLogging": true, + "NetworkName": "preprod", + "NodeConfigFile": "config.json", + "PrometheusPort": 8080, + "RequiresNetworkMagic": "RequiresMagic", + "defaultBackends": [ + "KatipBK" + ], + "defaultScribes": [ + [ + "StdoutSK", + "stdout" + ] + ], + "minSeverity": "Info", + "options": { + "cfokey": { + "value": "Release-1.0.0" + }, + "mapBackends": {}, + "mapSeverity": { + "db-sync-node": "Info", + "db-sync-node.Mux": "Error", + "db-sync-node.Subscription": "Error" + }, + "mapSubtrace": { + "#ekgview": { + "contents": [ + [ + { + "contents": "cardano.epoch-validation.benchmark", + "tag": "Contains" + }, + [ + { + "contents": ".monoclock.basic.", + "tag": "Contains" + } + ] + ], + [ + { + "contents": "cardano.epoch-validation.benchmark", + "tag": "Contains" + }, + [ + { + "contents": "diff.RTS.cpuNs.timed.", + "tag": "Contains" + } + ] + ], + [ + { + "contents": "#ekgview.#aggregation.cardano.epoch-validation.benchmark", + "tag": "StartsWith" + }, + [ + { + "contents": "diff.RTS.gcNum.timed.", + "tag": "Contains" + } + ] + ] + ], + "subtrace": "FilterTrace" + }, + "#messagecounters.aggregation": { + "subtrace": "NoTrace" + }, + "#messagecounters.ekgview": { + "subtrace": "NoTrace" + }, + "#messagecounters.katip": { + "subtrace": "NoTrace" + }, + "#messagecounters.monitoring": { + "subtrace": "NoTrace" + }, + "#messagecounters.switchboard": { + "subtrace": "NoTrace" + }, + "benchmark": { + "contents": [ + "GhcRtsStats", + "MonotonicClock" + ], + "subtrace": "ObservableTrace" + }, + "cardano.epoch-validation.utxo-stats": { + "subtrace": "NoTrace" + } + } + }, + "rotation": { + "rpKeepFilesNum": 10, + "rpLogLimitBytes": 5000000, + "rpMaxAgeHours": 24 + }, + "setupBackends": [ + "AggregationBK", + "KatipBK" + ], + "setupScribes": [ + { + "scFormat": "ScText", + "scKind": "StdoutSK", + "scName": "stdout", + "scRotation": null + } + ] +} diff --git a/bootstrap/configs/preview/config.json b/bootstrap/configs/preview/config.json new file mode 100644 index 0000000..57235c8 --- /dev/null +++ b/bootstrap/configs/preview/config.json @@ -0,0 +1,113 @@ +{ + "AlonzoGenesisFile": "/genesis/preview/alonzo-genesis.json", + "AlonzoGenesisHash": "7e94a15f55d1e82d10f09203fa1d40f8eede58fd8066542cf6566008068ed874", + "ApplicationName": "cardano-sl", + "ApplicationVersion": 0, + "ByronGenesisFile": "/genesis/preview/byron-genesis.json", + "ByronGenesisHash": "83de1d7302569ad56cf9139a41e2e11346d4cb4a31c00142557b6ab3fa550761", + "ConwayGenesisFile": "/genesis/preview/conway-genesis.json", + "ConwayGenesisHash": "f28f1c1280ea0d32f8cd3143e268650d6c1a8e221522ce4a7d20d62fc09783e1", + "EnableP2P": true, + "ExperimentalHardForksEnabled": false, + "ExperimentalProtocolsEnabled": false, + "LastKnownBlockVersion-Alt": 0, + "LastKnownBlockVersion-Major": 3, + "LastKnownBlockVersion-Minor": 1, + "Protocol": "Cardano", + "RequiresNetworkMagic": "RequiresMagic", + "ShelleyGenesisFile": "/genesis/preview/shelley-genesis.json", + "ShelleyGenesisHash": "363498d1024f84bb39d3fa9593ce391483cb40d479b87233f868d6e57c3a400d", + "TargetNumberOfActivePeers": 20, + "TargetNumberOfEstablishedPeers": 50, + "TargetNumberOfKnownPeers": 100, + "TargetNumberOfRootPeers": 100, + "TestAllegraHardForkAtEpoch": 0, + "TestAlonzoHardForkAtEpoch": 0, + "TestMaryHardForkAtEpoch": 0, + "TestShelleyHardForkAtEpoch": 0, + "TraceAcceptPolicy": true, + "TraceBlockFetchClient": false, + "TraceBlockFetchDecisions": false, + "TraceBlockFetchProtocol": false, + "TraceBlockFetchProtocolSerialised": false, + "TraceBlockFetchServer": false, + "TraceChainDb": true, + "TraceChainSyncBlockServer": false, + "TraceChainSyncClient": false, + "TraceChainSyncHeaderServer": false, + "TraceChainSyncProtocol": false, + "TraceConnectionManager": true, + "TraceDNSResolver": true, + "TraceDNSSubscription": true, + "TraceDiffusionInitialization": true, + "TraceErrorPolicy": true, + "TraceForge": true, + "TraceHandshake": false, + "TraceInboundGovernor": true, + "TraceIpSubscription": true, + "TraceLedgerPeers": true, + "TraceLocalChainSyncProtocol": false, + "TraceLocalErrorPolicy": true, + "TraceLocalHandshake": false, + "TraceLocalRootPeers": true, + "TraceLocalTxSubmissionProtocol": false, + "TraceLocalTxSubmissionServer": false, + "TraceMempool": true, + "TraceMux": false, + "TracePeerSelection": true, + "TracePeerSelectionActions": true, + "TracePublicRootPeers": true, + "TraceServer": true, + "TraceTxInbound": false, + "TraceTxOutbound": false, + "TraceTxSubmissionProtocol": false, + "TracingVerbosity": "NormalVerbosity", + "TurnOnLogMetrics": true, + "TurnOnLogging": true, + "defaultBackends": [ + "KatipBK" + ], + "defaultScribes": [ + [ + "StdoutSK", + "stdout" + ] + ], + "hasEKG": 12788, + "hasPrometheus": [ + "0.0.0.0", + 12798 + ], + "minSeverity": "Info", + "options": { + "mapBackends": { + "cardano.node.metrics": [ + "EKGViewBK" + ], + "cardano.node.resources": [ + "EKGViewBK" + ] + }, + "mapSubtrace": { + "cardano.node.metrics": { + "subtrace": "Neutral" + } + } + }, + "rotation": { + "rpKeepFilesNum": 10, + "rpLogLimitBytes": 5000000, + "rpMaxAgeHours": 24 + }, + "setupBackends": [ + "KatipBK" + ], + "setupScribes": [ + { + "scFormat": "ScText", + "scKind": "StdoutSK", + "scName": "stdout", + "scRotation": null + } + ] +} \ No newline at end of file diff --git a/bootstrap/configs/preview/db-sync-config.json b/bootstrap/configs/preview/db-sync-config.json new file mode 100644 index 0000000..78aba84 --- /dev/null +++ b/bootstrap/configs/preview/db-sync-config.json @@ -0,0 +1,114 @@ +{ + "EnableLogMetrics": false, + "EnableLogging": true, + "NetworkName": "preview", + "NodeConfigFile": "config.json", + "PrometheusPort": 8080, + "RequiresNetworkMagic": "RequiresMagic", + "defaultBackends": [ + "KatipBK" + ], + "defaultScribes": [ + [ + "StdoutSK", + "stdout" + ] + ], + "minSeverity": "Info", + "options": { + "cfokey": { + "value": "Release-1.0.0" + }, + "mapBackends": {}, + "mapSeverity": { + "db-sync-node": "Info", + "db-sync-node.Mux": "Error", + "db-sync-node.Subscription": "Error" + }, + "mapSubtrace": { + "#ekgview": { + "contents": [ + [ + { + "contents": "cardano.epoch-validation.benchmark", + "tag": "Contains" + }, + [ + { + "contents": ".monoclock.basic.", + "tag": "Contains" + } + ] + ], + [ + { + "contents": "cardano.epoch-validation.benchmark", + "tag": "Contains" + }, + [ + { + "contents": "diff.RTS.cpuNs.timed.", + "tag": "Contains" + } + ] + ], + [ + { + "contents": "#ekgview.#aggregation.cardano.epoch-validation.benchmark", + "tag": "StartsWith" + }, + [ + { + "contents": "diff.RTS.gcNum.timed.", + "tag": "Contains" + } + ] + ] + ], + "subtrace": "FilterTrace" + }, + "#messagecounters.aggregation": { + "subtrace": "NoTrace" + }, + "#messagecounters.ekgview": { + "subtrace": "NoTrace" + }, + "#messagecounters.katip": { + "subtrace": "NoTrace" + }, + "#messagecounters.monitoring": { + "subtrace": "NoTrace" + }, + "#messagecounters.switchboard": { + "subtrace": "NoTrace" + }, + "benchmark": { + "contents": [ + "GhcRtsStats", + "MonotonicClock" + ], + "subtrace": "ObservableTrace" + }, + "cardano.epoch-validation.utxo-stats": { + "subtrace": "NoTrace" + } + } + }, + "rotation": { + "rpKeepFilesNum": 10, + "rpLogLimitBytes": 5000000, + "rpMaxAgeHours": 24 + }, + "setupBackends": [ + "AggregationBK", + "KatipBK" + ], + "setupScribes": [ + { + "scFormat": "ScText", + "scKind": "StdoutSK", + "scName": "stdout", + "scRotation": null + } + ] +} diff --git a/bootstrap/feature/main.tf b/bootstrap/feature/main.tf new file mode 100644 index 0000000..d1d2980 --- /dev/null +++ b/bootstrap/feature/main.tf @@ -0,0 +1,19 @@ +variable "db_volume_claim" { + type = string +} + +variable "namespace" { + type = string +} + +variable "instance_name" { + type = string +} + +variable "topology_zone" { + type = string +} + +variable "image_tag" { + type = string +} \ No newline at end of file diff --git a/bootstrap/feature/monitor.tf b/bootstrap/feature/monitor.tf new file mode 100644 index 0000000..e714abe --- /dev/null +++ b/bootstrap/feature/monitor.tf @@ -0,0 +1,27 @@ +resource "kubernetes_manifest" "postgres_podmonitor" { + manifest = { + "apiVersion" = "monitoring.coreos.com/v1" + "kind" = "PodMonitor" + "metadata" = { + "labels" = { + "app.kubernetes.io/component" = "o11y" + "app.kubernetes.io/part-of" = "demeter" + } + "name" = var.instance_name + "namespace" = var.namespace + } + "spec" = { + podMetricsEndpoints = [ + { + port = "metrics", + path = "/metrics" + } + ] + "selector" = { + "matchLabels" = { + "demeter.run/instance" = var.instance_name + } + } + } + } +} diff --git a/bootstrap/feature/postgres.tf b/bootstrap/feature/postgres.tf new file mode 100644 index 0000000..9c72bee --- /dev/null +++ b/bootstrap/feature/postgres.tf @@ -0,0 +1,263 @@ +locals { + node_affinity = { + "requiredDuringSchedulingIgnoredDuringExecution" = { + "nodeSelectorTerms" = [ + { + "matchExpressions" = [ + { + "key" = "topology.kubernetes.io/zone" + "operator" = "In" + "values" = [var.topology_zone] + } + ] + } + ] + } + } +} + +resource "kubernetes_stateful_set_v1" "postgres" { + wait_for_rollout = "false" + metadata { + name = var.instance_name + namespace = var.namespace + labels = { + "demeter.run/kind" = "DbsyncPostgres" + } + } + spec { + replicas = 1 + service_name = "postgres" + selector { + match_labels = { + "demeter.run/instance" = var.instance_name + } + } + template { + metadata { + labels = { + "demeter.run/instance" = var.instance_name + } + } + spec { + security_context { + fs_group = 1000 + } + + container { + name = "main" + image = "postgres:${var.image_tag}" + image_pull_policy = "Always" + + port { + container_port = 1442 + name = "http" + protocol = "TCP" + } + + env { + name = "POSTGRES_PASSWORD" + value_from { + secret_key_ref { + name = "postgres-${var.instance_name}" + key = "password" + } + } + } + + env { + name = "PGDATA" + value = "/var/lib/postgresql/data/${var.namespace}/${var.instance_name}/pgdata" + } + + resources { + limits = { + cpu = var.resources.limits.cpu + memory = var.resources.limits.memory + } + requests = { + cpu = var.resources.requests.cpu + memory = var.resources.requests.memory + } + } + + volume_mount { + mount_path = "/var/lib/postgresql/data" + name = "data" + } + + } + + container { + name = "exporter" + image = "quay.io/prometheuscommunity/postgres-exporter:v0.12.0" + env { + name = "DATA_SOURCE_URI" + value = "localhost:5432/dbsync-mainnet?sslmode=disable,localhost:5432/dbsync-preview?sslmode=disable,localhost:5432/dbsync-preprod?sslmode=disable" + } + env { + name = "DATA_SOURCE_USER" + value = "$(POSTGRES_USER)" + } + env { + name = "DATA_SOURCE_PASS" + value = "$(POSTGRES_PASSWORD)" + } + env { + name = "PG_EXPORTER_CONSTANT_LABELS" + value = "service=dbsync-${var.instance_name}" + } + port { + name = "metrics" + container_port = 9187 + } + } + + volume { + name = "data" + persistent_volume_claim { + claim_name = var.db_volume_claim + } + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Equal" + value = "disk-intensive" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + } + } + } + } +} + + + +# resource "kubernetes_manifest" "postgres" { +# field_manager { +# force_conflicts = true +# } +# manifest = { +# "apiVersion" = "acid.zalan.do/v1" +# "kind" = "postgresql" +# "metadata" = { +# "name" = local.postgres_host +# "namespace" = var.namespace +# "labels" = { +# "dbsync-status" = "ready" +# } +# } +# "spec" = { +# "env" : [ +# { +# "name" : "ALLOW_NOSSL" +# "value" : "true" +# } +# ] +# "numberOfInstances" = var.postgres_replicas +# "enableMasterLoadBalancer" = var.enable_master_load_balancer +# "enableReplicaLoadBalancer" = var.enable_replica_load_balancer +# "allowedSourceRanges" = [ +# "0.0.0.0/0" +# ] +# "dockerImage" : "ghcr.io/zalando/spilo-15:3.0-p1" +# "teamId" = "dmtr" +# "tolerations" = [ +# { +# "effect" = "NoSchedule" +# "key" = "demeter.run/compute-profile" +# "operator" = "Equal" +# "value" = "disk-intesive" +# }, +# { +# "effect" = "NoSchedule" +# "key" = "demeter.run/compute-arch" +# "operator" = "Equal" +# "value" = "x86" +# }, +# { +# "effect" = "NoSchedule" +# "key" = "demeter.run/availability-sla" +# "operator" = "Equal" +# "value" = "consistent" +# } +# ] +# "nodeAffinity" = var.topology_zone != null ? local.node_affinity : null +# "serviceAnnotations" : { +# "service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" = "instance" +# "service.beta.kubernetes.io/aws-load-balancer-scheme" = "internet-facing" +# "service.beta.kubernetes.io/aws-load-balancer-type" = "external" +# } +# "databases" = { +# "cardanodbsync" = "dmtrdb" +# } +# "postgresql" = { +# "version" = "14" +# "parameters" = var.postgres_params +# } +# "users" = { +# "dmtrdb" = [ +# "superuser", +# "createdb", +# "login" +# ], +# "dmtrro" = [ +# "login" +# ] +# } +# "resources" = { +# "limits" = var.postgres_resources.limits +# "requests" = var.postgres_resources.requests +# } +# "volume" = { +# "storageClass" = var.postgres_volume.storage_class +# "size" = var.postgres_volume.size +# } +# "" +# sidecars = [ +# { +# name : "exporter" +# image : "quay.io/prometheuscommunity/postgres-exporter:v0.12.0" +# env : [ +# { +# name : "DATA_SOURCE_URI" +# value : "localhost:5432/cardanodbsync?sslmode=disable" +# }, +# { +# name : "DATA_SOURCE_USER" +# value : "$(POSTGRES_USER)" +# }, +# { +# name : "DATA_SOURCE_PASS" +# value : "$(POSTGRES_PASSWORD)" +# }, +# { +# name : "PG_EXPORTER_CONSTANT_LABELS" +# value : "service=dbsync-${local.postgres_host}" +# } +# ] +# ports : [ +# { +# name : "metrics" +# containerPort : 9187 +# } +# ] +# } +# ] +# } +# } +# } diff --git a/bootstrap/feature/secret.tf b/bootstrap/feature/secret.tf new file mode 100644 index 0000000..c74beec --- /dev/null +++ b/bootstrap/feature/secret.tf @@ -0,0 +1,33 @@ +resource "random_password" "postgres" { + length = 32 + special = true + override_special = "!#$%&*()-_=+[]{}<>:?" +} + +resource "random_password" "dmtrro" { + length = 32 + special = true + override_special = "!#$%&*()-_=+[]{}<>:?" +} + +resource "kubernetes_secret" "postgres" { + metadata { + name = "postgres-${var.instance_name}" + namespace = var.namespace + } + data = { + "password" = random_password.postgres.result + } + type = "Opaque" +} + +resource "kubernetes_secret" "dmtrro" { + metadata { + name = "dmtrro-${var.instance_name}" + namespace = var.namespace + } + data = { + "password" = random_password.dmtrro.result + } + type = "Opaque" +} \ No newline at end of file diff --git a/bootstrap/instance/dbsync.tf b/bootstrap/instance/dbsync.tf new file mode 100644 index 0000000..bd09e40 --- /dev/null +++ b/bootstrap/instance/dbsync.tf @@ -0,0 +1,219 @@ +resource "kubernetes_persistent_volume_claim" "state" { + count = var.manual_dbsync_volume == true ? 0 : 1 + + wait_until_bound = false + + metadata { + name = "state-${local.instance_name}" + namespace = var.namespace + } + + spec { + access_modes = ["ReadWriteOnce"] + storage_class_name = var.dbsync_volume.storage_class + + resources { + requests = { + storage = var.dbsync_volume.size + } + } + } +} + +resource "kubernetes_deployment_v1" "db_sync" { + metadata { + labels = { + salt = var.salt + network = var.network + role = "dbsync" + } + name = "${local.instance_name}-dbsync" + namespace = var.namespace + } + + spec { + replicas = 1 + + strategy { + type = "Recreate" + } + + selector { + match_labels = { + salt = var.salt + network = var.network + role = "dbsync" + } + } + + template { + metadata { + labels = { + salt = var.salt + network = var.network + role = "dbsync" + } + } + + spec { + dynamic "affinity" { + for_each = var.topology_zone != null ? toset([1]) : toset([]) + + content { + node_affinity { + required_during_scheduling_ignored_during_execution { + node_selector_term { + match_expressions { + key = "topology.kubernetes.io/zone" + operator = "In" + values = [var.topology_zone] + } + } + } + } + } + } + + container { + args = [ + "-d", + "UNIX-LISTEN:/node-ipc/node.socket,fork,reuseaddr,unlink-early", + "TCP:${var.node_n2n_tcp_endpoint}", + ] + + image = "alpine/socat:latest" + + name = "socat" + + volume_mount { + mount_path = "/node-ipc" + name = "cardanoipc" + } + } + + container { + name = "dbsync" + + image = "ghcr.io/demeter-run/dbsync:${var.dbsync_image_tag}" + + resources { + limits = var.dbsync_resources.limits + requests = var.dbsync_resources.requests + } + + args = [ + "--config /etc/dbsync/db-sync-config.json", + "--socket-path /node-ipc/node.socket" + ] + + env { + name = "POSTGRES_USER" + value = "postgres" + } + + env { + name = "POSTGRES_PASSWORD" + value_from { + secret_key_ref { + key = "password" + name = "postgres.${var.postgres_instance_name}" + } + } + } + + env { + name = "POSTGRES_DB" + value = var.postgres_database + } + + env { + name = "POSTGRES_HOST" + value = local.postgres_host + } + + env { + name = "POSTGRES_PORT" + value = "5432" + } + + env { + name = "RESTORE_RECREATE" + value = "N" + } + + env { + name = "NETWORK" + value = "" + } + + volume_mount { + mount_path = "/etc/dbsync" + name = "config" + } + + volume_mount { + mount_path = "/node-ipc" + name = "cardanoipc" + } + + volume_mount { + mount_path = "/var/lib/cexplorer" + name = "state" + } + + port { + container_port = 8080 + name = "metrics" + } + } + + volume { + name = "config" + config_map { + name = local.config_map_name + } + } + + volume { + name = "cardanoipc" + empty_dir {} + } + + volume { + name = "state" + persistent_volume_claim { + claim_name = "state-${local.instance_name}" + } + } + + toleration { + key = "demeter.run/workload" + operator = "Equal" + value = "mem-intensive" + effect = "NoSchedule" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Equal" + value = "mem-intensive" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Equal" + value = "arm64" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + } + } + } + } +} diff --git a/bootstrap/instance/main.tf b/bootstrap/instance/main.tf new file mode 100644 index 0000000..d1ca2ed --- /dev/null +++ b/bootstrap/instance/main.tf @@ -0,0 +1,149 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + } + } +} + +variable "namespace" {} + +variable "dbsync_image_tag" { + default = "132ffd0007054bfadd17b23ed608529447833b99" +} + +variable "network" {} + +variable "salt" { + type = string +} + +variable "topology_zone" {} + +variable "node_n2n_tcp_endpoint" { + type = string +} + +variable "postgres_resources" { + type = object({ + requests = map(string) + limits = map(string) + }) + + default = { + "limits" = { + memory = "2Gi" + cpu = "4000m" + } + "requests" = { + memory = "2Gi" + cpu = "100m" + } + } +} + +variable "postgres_params" { + default = { + "max_standby_archive_delay" = "900s" + "max_standby_streaming_delay" = "900s" + } +} + +variable "postgres_volume" { + type = object({ + storage_class = string + size = string + }) + + default = { + storage_class = "fast" + size = "30Gi" + } +} + +variable "postgres_replicas" { + type = number + default = 2 +} + +variable "dbsync_resources" { + type = object({ + requests = map(string) + limits = map(string) + }) + + default = { + "limits" = { + "memory" = "4Gi" + } + "requests" = { + "memory" = "4Gi" + "cpu" = "100m" + } + } +} + +variable "manual_dbsync_volume" { + type = bool + default = false +} + +variable "dbsync_volume" { + type = object({ + storage_class = string + size = string + }) + + default = { + manual = false + storage_class = "fast" + size = "10Gi" + } +} + +variable "enable_master_load_balancer" { + type = bool + default = false +} + +variable "enable_replica_load_balancer" { + type = bool + default = false +} + +variable "enable_postgrest" { + type = bool + default = false +} + +variable "release" { + type = string +} + +variable "sync_status" { + type = string +} + +variable "postgres_instance_name" { + type = string +} + +variable "postgres_database" { + type = string +} + +module "configs" { + source = "../configs" + network = var.network + namespace = var.namespace + salt = var.salt +} + +locals { + instance_name = "${var.network}-${var.salt}" + postgres_host = "dmtr-postgres-${local.instance_name}" + postgres_replica_service = "${local.postgres_host}-repl" + users_job_name = "setusers-${local.instance_name}" + secrets_name = "${local.postgres_host}.credentials.postgresql.acid.zalan.do" + config_map_name = module.configs.cm_name +} diff --git a/bootstrap/instance/monitor.tf b/bootstrap/instance/monitor.tf new file mode 100644 index 0000000..0d464d9 --- /dev/null +++ b/bootstrap/instance/monitor.tf @@ -0,0 +1,57 @@ +resource "kubernetes_manifest" "podmonitor" { + manifest = { + "apiVersion" = "monitoring.coreos.com/v1" + "kind" = "PodMonitor" + "metadata" = { + "labels" = { + "app.kubernetes.io/component" = "o11y" + "app.kubernetes.io/part-of" = "demeter" + } + "name" = "dbsync-${var.network}-${var.salt}" + "namespace" = var.namespace + } + "spec" = { + podMetricsEndpoints = [ + { + port = "metrics", + path = "/" + } + ] + "selector" = { + "matchLabels" = { + salt = var.salt + network = var.network + role = "dbsync" + } + } + } + } +} + +resource "kubernetes_manifest" "postgres_podmonitor" { + manifest = { + "apiVersion" = "monitoring.coreos.com/v1" + "kind" = "PodMonitor" + "metadata" = { + "labels" = { + "app.kubernetes.io/component" = "o11y" + "app.kubernetes.io/part-of" = "demeter" + } + "name" = local.postgres_host + "namespace" = var.namespace + } + "spec" = { + podMetricsEndpoints = [ + { + port = "metrics", + path = "/metrics" + } + ] + "selector" = { + "matchLabels" = { + "cluster-name" = local.postgres_host + } + } + } + } +} diff --git a/bootstrap/instance/postgrest.tf b/bootstrap/instance/postgrest.tf new file mode 100644 index 0000000..aae60fd --- /dev/null +++ b/bootstrap/instance/postgrest.tf @@ -0,0 +1,152 @@ +resource "kubernetes_deployment_v1" "postgrest" { + count = var.enable_postgrest == true ? 1 : 0 + wait_for_rollout = false + + metadata { + namespace = var.namespace + name = "postgrest-${local.instance_name}" + labels = { + role = "postgrest" + network = var.network + salt = var.salt + } + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "postgrest" + network = var.network + salt = var.salt + } + } + + template { + metadata { + labels = { + role = "postgrest" + network = var.network + salt = var.salt + } + } + + spec { + container { + image = "postgrest/postgrest" + name = "main" + + env { + name = "PGRST_DB_URI" + value = "postgres://" + } + + env { + name = "PGRST_DB_SCHEMA" + value = "public" + } + + env { + name = "PGRST_DB_ANON_ROLE" + value = "dmtrro" + } + + env { + name = "PGUSER" + value_from { + secret_key_ref { + key = "username" + name = "postgres.${local.postgres_host}.credentials.postgresql.acid.zalan.do" + } + } + } + + env { + name = "PGPASSWORD" + value_from { + secret_key_ref { + key = "password" + name = "postgres.${local.postgres_host}.credentials.postgresql.acid.zalan.do" + } + } + } + + env { + name = "PGHOST" + value = local.postgres_replica_service + } + + env { + name = "PGPORT" + value = "5432" + } + + env { + name = "PGDATABASE" + value = "cardanodbsync" + } + + resources { + limits = { + memory = "500Mi" + } + requests = { + cpu = "100m" + memory = "50Mi" + } + } + + port { + name = "http" + container_port = 3000 + } + } + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Exists" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Exists" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + } + } + } + } +} + +resource "kubernetes_service_v1" "postgrest" { + count = var.enable_postgrest == true ? 1 : 0 + + metadata { + namespace = var.namespace + name = "postgrest-${local.instance_name}" + } + spec { + selector = { + role = "postgrest" + network = var.network + salt = var.salt + } + + port { + name = "http" + port = 3000 + target_port = 3000 + protocol = "TCP" + } + + type = "ClusterIP" + } +} + diff --git a/bootstrap/operator/main.tf b/bootstrap/operator/main.tf new file mode 100644 index 0000000..3971348 --- /dev/null +++ b/bootstrap/operator/main.tf @@ -0,0 +1,135 @@ +variable "namespace" {} + +variable "image_tag" {} + +variable "per_min_dcus" { + default = { + "mainnet" : 84 + "default" : 53 + } +} + +variable "scrape_interval" { + description = "the inverval for polling workspaces data (in seconds)" + default = "30" +} + +resource "kubernetes_cluster_role" "cluster-role" { + metadata { + name = "dbsync-operator" + } + + rule { + api_groups = ["", "demeter.run", "apps", "networking.k8s.io"] + resources = ["*"] + verbs = ["*"] + } +} + +resource "kubernetes_cluster_role_binding" "cluster-role-binding" { + metadata { + name = "dbsync-operator" + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "dbsync-operator" + } + subject { + kind = "ServiceAccount" + name = "default" + namespace = var.namespace + } +} + +resource "kubernetes_deployment_v1" "deployment" { + metadata { + labels = { + role = "operator" + } + name = "operator" + namespace = var.namespace + } + + spec { + replicas = 1 + + strategy { + rolling_update { + max_surge = 1 + max_unavailable = 0 + } + } + + selector { + match_labels = { + role = "operator" + } + } + + template { + metadata { + labels = { + role = "operator" + } + } + + spec { + container { + name = "main" + + image = "ghcr.io/demeter-run/cardano-dbsync-operator:${var.image_tag}" + + resources { + limits = { + memory = "250Mi" + } + requests = { + cpu = "100m" + memory = "250Mi" + } + } + + port { + container_port = 9946 + name = "metrics" + protocol = "TCP" + } + + env { + name = "SHARED_PER_MIN_MAINNET_DCUS" + value = var.per_min_dcus.mainnet + } + + env { + name = "SHARED_PER_MIN_DEFAULT_DCUS" + value = var.per_min_dcus.default + } + + env { + name = "SCRAPE_INTERVAL_S" + value = var.scrape_interval + } + } + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Exists" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Exists" + } + + toleration { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + } + } + } + } +} diff --git a/bootstrap/operator/monitor.tf b/bootstrap/operator/monitor.tf new file mode 100644 index 0000000..7b4dd42 --- /dev/null +++ b/bootstrap/operator/monitor.tf @@ -0,0 +1,27 @@ +resource "kubernetes_manifest" "monitor" { + manifest = { + apiVersion = "monitoring.coreos.com/v1" + kind = "PodMonitor" + metadata = { + labels = { + "app.kubernetes.io/component" = "o11y" + "app.kubernetes.io/part-of" = "demeter" + } + name = "operator" + namespace = var.namespace + } + spec = { + selector = { + matchLabels = { + role = "operator" + } + } + podMetricsEndpoints = [ + { + port = "metrics", + path = "/metrics" + } + ] + } + } +} diff --git a/bootstrap/pvc/main.tf b/bootstrap/pvc/main.tf new file mode 100644 index 0000000..fd887a6 --- /dev/null +++ b/bootstrap/pvc/main.tf @@ -0,0 +1,35 @@ +variable "namespace" { + description = "the namespace where the resources will be created" +} + +variable "volume_name" { + description = "the name of the volume" +} + +variable "name" { + description = "the name of the pvc" +} + +variable "storage_size" { + description = "the size of the volume" +} + +resource "kubernetes_persistent_volume_claim" "shared_disk" { + wait_until_bound = false + + metadata { + name = var.name + namespace = var.namespace + } + + spec { + access_modes = ["ReadWriteMany"] + resources { + requests = { + storage = var.storage_size + } + } + storage_class_name = "nvme" + volume_name = var.volume_name + } +} \ No newline at end of file