k8s, terraform: Update infrastructure for new payments

Changes in this commit:

- Split up the terraform configuration into separate files,
  grouping private information under new secrets.
- Make indexer-agent and indexer-service stateful sets.
- Add Vector node configuration and stateful set.

Author: Jannis

k8s/base/index-node/stateful_set.yaml

@@ -27,10 +27,10 @@ spec:
           operator: "Exists"
           effect: "NoSchedule"
       volumes:
-         - name: nfs-shared
-           persistentVolumeClaim:
-             claimName: nfs-shared
-             readOnly: false
+        - name: nfs-shared
+          persistentVolumeClaim:
+            claimName: nfs-shared
+            readOnly: false
       containers:
         - name: graph-node
           image: graph-node-image
@@ -52,7 +52,7 @@ spec:
             - name: BLOCK_INGESTOR
               value: index-node-0
             - name: GRAPH_KILL_IF_UNRESPONSIVE
-              value: 'true'
+              value: "true"
             - name: postgres_host
               valueFrom:
                 secretKeyRef:
@@ -69,7 +69,10 @@ spec:
                   name: postgres-credentials
                   key: password
             - name: postgres_db
-              value: graph
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: graph_db
             - name: node_role
               value: index-node
             - name: node_id
@@ -82,4 +85,4 @@ spec:
                   name: ethereum-networks
                   key: networks
             - name: ipfs
-              value: https://ipfs.network.thegraph.com
+              value: https://ipfs.network.thegraph.com

k8s/base/indexer-agent/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: indexer-agent
+spec:
+  type: NodePort
+  selector:
+    app: indexer-agent
+  ports:
+    - name: vector-events
+      protocol: TCP
+      port: 8001
+      targetPort: 8001

k8s/base/indexer-agent/deployment.yaml renamed to k8s/base/indexer-agent/statefulset.yaml

@@ -1,8 +1,9 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: indexer-agent
 spec:
+  serviceName: indexer-agent
   selector:
     matchLabels:
       app: indexer-agent
@@ -34,8 +35,23 @@ spec:
             - name: INDEXER_AGENT_MNEMONIC
               valueFrom:
                 secretKeyRef:
-                  name: indexer-mnemonic
+                  name: indexer
                   key: mnemonic
+            - name: INDEXER_AGENT_INDEXER_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  name: indexer
+                  key: indexer_address
+            - name: INDEXER_AGENT_ETHEREUM_NETWORK
+              valueFrom:
+                secretKeyRef:
+                  name: ethereum
+                  key: network_name
+            - name: INDEXER_AGENT_ETHEREUM
+              valueFrom:
+                secretKeyRef:
+                  name: ethereum
+                  key: url
             - name: INDEXER_AGENT_INDEX_NODE_IDS
               value: index-node-0
             - name: INDEXER_AGENT_GRAPH_NODE_QUERY_ENDPOINT
@@ -60,4 +76,16 @@ spec:
                   name: postgres-credentials
                   key: password
             - name: INDEXER_AGENT_POSTGRES_DATABASE
-              value: indexer-service
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: indexer_db
+            - name: INDEXER_AGENT_VECTOR_NODE
+              value: http://vector-node.default.svc.cluster.local
+            - name: INDEXER_AGENT_VECTOR_ROUTER
+              valueFrom:
+                secretKeyRef:
+                  name: vector-env
+                  key: router
+            - name: INDEXER_AGENT_VECTOR_EVENT_SERVER
+              value: http://indexer-agent.default.svc.cluster.local:8001/

k8s/base/indexer-service/deployment.yaml renamed to k8s/base/indexer-service/statefulset.yaml

@@ -1,8 +1,9 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: indexer-service
 spec:
+  serviceName: indexer-service
   selector:
     matchLabels:
       app: indexer-service
@@ -29,15 +30,33 @@ spec:
             - name: metrics
               containerPort: 7300
           env:
+            - name: INDEXER_SERVICE_PORT
+              value: "7600"
             - name: INDEXER_SERVICE_MNEMONIC
               valueFrom:
                 secretKeyRef:
-                  name: indexer-mnemonic
+                  name: indexer
                   key: mnemonic
-            - name: INDEXER_SERVICE_PORT
-              value: "7600"
+            - name: INDEXER_SERVICE_INDEXER_ADDRESS
+              valueFrom:
+                secretKeyRef:
+                  name: indexer
+                  key: indexer_address
+            - name: INDEXER_SERVICE_ETHEREUM_NETWORK
+              valueFrom:
+                secretKeyRef:
+                  name: ethereum
+                  key: network_name
             - name: INDEXER_SERVICE_ETHEREUM
-              value: https://kovan.alchemyapi.io/jsonrpc/demo/
+              valueFrom:
+                secretKeyRef:
+                  name: ethereum
+                  key: url
+            - name: INDEXER_SERVICE_NETWORK_SUBGRAPH_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: network-subgraph
+                  key: endpoint
             - name: INDEXER_SERVICE_GRAPH_NODE_QUERY_ENDPOINT
               value: http://query-node.default.svc.cluster.local/
             - name: INDEXER_SERVICE_GRAPH_NODE_STATUS_ENDPOINT
@@ -60,11 +79,19 @@ spec:
                   name: postgres-credentials
                   key: password
             - name: INDEXER_SERVICE_POSTGRES_DATABASE
-              value: indexer-service
-            - name: INDEXER_SERVICE_WALLET_SKIP_EVM_VALIDATION
-              value: "true"
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: indexer_db
             - name: INDEXER_SERVICE_FREE_QUERY_AUTH_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: free-query-auth-token
                   key: token
+            - name: INDEXER_SERVICE_VECTOR_NODE
+              value: http://vector-node.default.svc.cluster.local
+            - name: INDEXER_SERVICE_VECTOR_ROUTER
+              valueFrom:
+                secretKeyRef:
+                  name: vector-env
+                  key: router

k8s/base/kustomization.yaml

@@ -8,14 +8,16 @@ resources:
   - query-node/deployment.yaml
   - query-node/proxy.yaml
   - query-node/service.yaml
-  - indexer-agent/deployment.yaml
+  - indexer-agent/service.yaml
+  - indexer-agent/statefulset.yaml
   - indexer-service/backend_config.yaml
-  - indexer-service/deployment.yaml
+  - indexer-service/statefulset.yaml
   - indexer-service/service.yaml
   - shell.yaml
   - nfs.yaml
   - prometheus.yaml
   - grafana.yaml
   - ingress.yaml
+  - vector.yaml
 
 namespace: default

k8s/base/vector.yaml

@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vector-node
+spec:
+  selector:
+    app: vector-node
+  ports:
+    - name: api
+      protocol: TCP
+      port: 80
+      targetPort: api
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: vector-node
+  labels:
+    app: vector-node
+spec:
+  serviceName: vector-node
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vector-node
+  template:
+    metadata:
+      labels:
+        app: vector-node
+    spec:
+      containers:
+        - name: node
+          image: vector-node
+          ports:
+            - name: api
+              containerPort: 8000
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8000
+          env:
+            - name: VECTOR_CONFIG
+              valueFrom:
+                secretKeyRef:
+                  name: vector-env
+                  key: config
+            - name: VECTOR_PROD
+              value: 'true'
+            - name: VECTOR_MNEMONIC
+              valueFrom:
+                secretKeyRef:
+                  name: vector-env
+                  key: mnemonic
+            - name: VECTOR_PG_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: host
+            - name: VECTOR_PG_PORT
+              value: '5432'
+            - name: VECTOR_PG_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: vector_db
+            - name: VECTOR_PG_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: user
+            - name: VECTOR_PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-credentials
+                  key: password

k8s/overlays/indexer_agent.yaml

@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: indexer-agent
 spec:
@@ -11,11 +11,11 @@ spec:
             # Set this so it matches the index node pods
             - name: INDEXER_AGENT_INDEX_NODE_IDS
               value: index_node_0,index_node_1
-            # Set this to your Ethereum node/provider
-            - name: INDEXER_AGENT_ETHEREUM
-              value: https://eth-mainnet.node/
+
+            # Set this to your indexer's geo location
+            - name: INDEXER_AGENT_INDEXER_GEO_COORDINATES
+              value: "0.00 0.00"
+
             # Set this to the public URL that your indexer serves from
             - name: INDEXER_AGENT_PUBLIC_INDEXER_URL
               value: http://not.localhost/
-            - name: INDEXER_AGENT_NETWORK_SUBGRAPH_ENDPOINT
-              value: https://gateway.network.thegraph.com/network

k8s/overlays/indexer_service.yaml

@@ -1,13 +1,10 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: indexer-service
 spec:
+  replicas: 4
   template:
     spec:
       containers:
         - name: indexer-service
-          env:
-            # Set this to your Ethereum node/provider
-            - name: INDEXER_SERVICE_ETHEREUM
-              value: https://kovan.alchemyapi.io/jsonrpc/demo/

terraform/database.tf

@@ -0,0 +1,66 @@
+#
+# CloudSQL Postgres Database
+#
+
+# CloudSQL requires that a fairly long, unspecified amount of time
+# passes before a database name can be reused. To ease testing where
+# we create and destroy databases a lot, we append 4 random digits to
+# the database name.
+resource "random_integer" "dbname" {
+  min = 1000
+  max = 9999
+  keepers = {
+    indexer = "${var.indexer}"
+  }
+}
+
+resource "google_sql_database_instance" "graph" {
+  database_version = "POSTGRES_12"
+  name             = "${var.indexer}-${random_integer.dbname.result}"
+  settings {
+    activation_policy = "ALWAYS"
+    availability_type = "ZONAL"
+    disk_autoresize   = true
+    disk_size         = 100
+    disk_type         = "PD_SSD"
+    tier              = var.database_tier
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = "projects/${var.project}/global/networks/default"
+    }
+    backup_configuration {
+      binary_log_enabled = false
+      enabled            = true
+      start_time         = "02:00"
+    }
+    database_flags {
+      name  = "log_temp_files"
+      value = "-1"
+    }
+    database_flags {
+      name  = "log_lock_waits"
+      value = "on"
+    }
+  }
+}
+
+resource "google_sql_database" "graph" {
+  name     = "graph"
+  instance = google_sql_database_instance.graph.name
+}
+
+resource "google_sql_database" "indexer-service" {
+  name     = "indexer-service"
+  instance = google_sql_database_instance.graph.name
+}
+
+resource "google_sql_database" "vector" {
+  name     = "vector"
+  instance = google_sql_database_instance.graph.name
+}
+
+resource "google_sql_user" "graph" {
+  name     = "graph"
+  instance = google_sql_database_instance.graph.name
+  password = var.database_password
+}