From 83401d4abe9d62afa55ac559efa1484f79e3efbb Mon Sep 17 00:00:00 2001 From: incubator4 Date: Mon, 15 Jan 2024 15:23:02 +0800 Subject: [PATCH] migrate to gcp --- deploy/prod/kustomization.yaml | 9 ++ deploy/prod/secret/cfg.yaml | 28 ++++ deploy/prod/secret/cgw.yaml | 24 ++++ deploy/prod/secret/kustomization.yaml | 10 ++ deploy/prod/secret/txs.yaml | 19 +++ deploy/prod/txs/kustomization.yaml | 9 ++ deploy/prod/txs/txs-scheduler-deployment.yaml | 32 +++++ deploy/prod/txs/txs-web-deployment.yaml | 130 ++++++++++++++++++ ...xs-worker-contracts-tokens-deployment.yaml | 30 ++++ .../txs/txs-worker-indexer-deployment.yaml | 38 +++++ ...ker-notifications-webhooks-deployment.yaml | 30 ++++ 11 files changed, 359 insertions(+) create mode 100644 deploy/prod/kustomization.yaml create mode 100644 deploy/prod/secret/cfg.yaml create mode 100644 deploy/prod/secret/cgw.yaml create mode 100644 deploy/prod/secret/kustomization.yaml create mode 100644 deploy/prod/secret/txs.yaml create mode 100644 deploy/prod/txs/kustomization.yaml create mode 100644 deploy/prod/txs/txs-scheduler-deployment.yaml create mode 100644 deploy/prod/txs/txs-web-deployment.yaml create mode 100644 deploy/prod/txs/txs-worker-contracts-tokens-deployment.yaml create mode 100644 deploy/prod/txs/txs-worker-indexer-deployment.yaml create mode 100644 deploy/prod/txs/txs-worker-notifications-webhooks-deployment.yaml diff --git a/deploy/prod/kustomization.yaml b/deploy/prod/kustomization.yaml new file mode 100644 index 0000000..c30e530 --- /dev/null +++ b/deploy/prod/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - txs + - cfg-web-deployment.yaml + - cgw-web-deployment.yaml + - ui-deployment.yaml + - secret diff --git a/deploy/prod/secret/cfg.yaml b/deploy/prod/secret/cfg.yaml new file mode 100644 index 0000000..9ee514e --- /dev/null +++ b/deploy/prod/secret/cfg.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: safe-cfg + namespace: crossbell +type: Opaque +stringData: + # CGW_FLUSH_TOKEN and WEBHOOK_TOKEN must be the same + CGW_FLUSH_TOKEN: "" + CGW_URL: "https://safe-client.crossbell.io" + CSRF_TRUSTED_ORIGINS: "http://localhost:8000,https://*.crossbell.io,https://crossbell.io,https://xlog.app,https://*.xlog.app" + DEBUG: "false" + DEFAULT_FILE_STORAGE: "django.core.files.storage.FileSystemStorage" + DJANGO_ALLOWED_HOSTS: "*" + DOCKER_NGINX_VOLUME_ROOT: "/nginx" + DOCKER_WEB_VOLUME: ".:/app" + FORCE_SCRIPT_NAME: "/cfg/" + GUNICORN_BIND_PORT: "8001" + GUNICORN_BIND_SOCKET: "unix:/nginx/gunicorn.socket" + GUNICORN_WEB_RELOAD: "false" + NGINX_ENVSUBST_OUTPUT_DIR: "/etc/nginx/" + POSTGRES_HOST: "" + POSTGRES_NAME: "safe_cfg" + POSTGRES_PASSWORD: "" + POSTGRES_PORT: "5432" + POSTGRES_USER: "postgres" + ROOT_LOG_LEVEL: "WARNING" + SECRET_KEY: "" diff --git a/deploy/prod/secret/cgw.yaml b/deploy/prod/secret/cgw.yaml new file mode 100644 index 0000000..a1f18eb --- /dev/null +++ b/deploy/prod/secret/cgw.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +stringData: + CHAIN_INFO_REQUEST_TIMEOUT: "15000" + CONFIG_SERVICE_URI: "https://safe.crossbell.io/cfg" + EXCHANGE_API_BASE_URI: "http://api.exchangeratesapi.io/latest" + EXCHANGE_API_KEY: "" + FEATURE_FLAG_NESTED_DECODING: "true" + INTERNAL_CLIENT_CONNECT_TIMEOUT: "10000" + LOG_ALL_ERROR_RESPONSES: "true" + REDIS_URI: "/0" + REDIS_URI_MAINNET: "/0" + ROCKET_ADDRESS: "0.0.0.0" + ROCKET_LOG_LEVEL: "normal" + ROCKET_PORT: "3666" + ROCKET_SECRET_KEY: "" + RUST_LOG: "warn" + SAFE_APP_INFO_REQUEST_TIMEOUT: "10000" + SCHEME: "http" + WEBHOOK_TOKEN: "" +kind: Secret +metadata: + name: safe-cgw + namespace: crossbell +type: Opaque diff --git a/deploy/prod/secret/kustomization.yaml b/deploy/prod/secret/kustomization.yaml new file mode 100644 index 0000000..d7db7df --- /dev/null +++ b/deploy/prod/secret/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - cfg.yaml + - cgw.yaml + - txs.yaml + +commonAnnotations: + avp.kubernetes.io/path: "kv/data/crossbell/safe" \ No newline at end of file diff --git a/deploy/prod/secret/txs.yaml b/deploy/prod/secret/txs.yaml new file mode 100644 index 0000000..5f4c0c8 --- /dev/null +++ b/deploy/prod/secret/txs.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Secret +metadata: + name: safe-txs + namespace: crossbell +type: Opaque +stringData: + CELERY_BROKER_URL: "" + CSRF_TRUSTED_ORIGINS: "http://localhost:8000,https://*.crossbell.io,https://crossbell.io,https://xlog.app,https://*.xlog.app" + DATABASE_URL: "psql://postgres:@:5432/safe_txs" + DEBUG: "0" + DJANGO_ALLOWED_HOSTS: "*" + DJANGO_SECRET_KEY: "" + DJANGO_SETTINGS_MODULE: "config.settings.production" + ETHEREUM_NODE_URL: "https://rpc.crossbell.io" + ETH_L2_NETWORK: "1" + FORCE_SCRIPT_NAME: "/txs/" + PYTHONPATH: "/app/" + REDIS_URL: "/1" diff --git a/deploy/prod/txs/kustomization.yaml b/deploy/prod/txs/kustomization.yaml new file mode 100644 index 0000000..3f2eb16 --- /dev/null +++ b/deploy/prod/txs/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - txs-scheduler-deployment.yaml + - txs-web-deployment.yaml + - txs-worker-contracts-tokens-deployment.yaml + - txs-worker-indexer-deployment.yaml + - txs-worker-notifications-webhooks-deployment.yaml diff --git a/deploy/prod/txs/txs-scheduler-deployment.yaml b/deploy/prod/txs/txs-scheduler-deployment.yaml new file mode 100644 index 0000000..488f6dc --- /dev/null +++ b/deploy/prod/txs/txs-scheduler-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: safe-txs-scheduler + name: safe-txs-scheduler + namespace: crossbell +spec: + replicas: 1 + selector: + matchLabels: + app: safe-txs-scheduler + template: + metadata: + labels: + app: safe-txs-scheduler + spec: + containers: + - args: + - docker/web/celery/scheduler/run.sh + envFrom: + - secretRef: + name: safe-txs + env: + - name: RUN_MIGRATIONS + value: "1" + - name: WORKER_QUEUES + value: default,indexing + image: safeglobal/safe-transaction-service:latest + name: txs-scheduler + resources: {} + restartPolicy: Always diff --git a/deploy/prod/txs/txs-web-deployment.yaml b/deploy/prod/txs/txs-web-deployment.yaml new file mode 100644 index 0000000..0154230 --- /dev/null +++ b/deploy/prod/txs/txs-web-deployment.yaml @@ -0,0 +1,130 @@ +apiVersion: v1 +kind: Service +metadata: + name: safe-txs-web + namespace: crossbell +spec: + selector: + app: safe-txs-web + ports: + - name: http + protocol: TCP + port: 8000 + targetPort: 8000 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: safe-txs-web + name: safe-txs-web + namespace: crossbell +spec: + replicas: 1 + serviceName: "safe-txs-web" + selector: + matchLabels: + app: safe-txs-web + template: + metadata: + labels: + app: safe-txs-web + spec: + containers: + - image: nginx:alpine + name: txs-web-nginx + ports: + - containerPort: 8000 + volumeMounts: + - mountPath: /etc/nginx/nginx.conf + name: nginx-txs-web + subPath: nginx.conf + readOnly: true + - mountPath: /nginx-txs + name: nginx-shared-txs + - args: + - docker/web/run_web.sh + envFrom: + - secretRef: + name: safe-txs + image: safeglobal/safe-transaction-service:latest + name: txs-web + resources: {} + volumeMounts: + - mountPath: /nginx + name: nginx-shared-txs + workingDir: /app + restartPolicy: Always + volumes: + - name: nginx-txs-web + configMap: + name: nginx-txs-web + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: nginx-shared-txs + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "standard" + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-txs-web + namespace: crossbell +data: + nginx.conf: | + worker_processes 1; + + events { + worker_connections 2000; # increase if you have lots of clients + accept_mutex off; # set to 'on' if nginx worker_processes > 1 + use epoll; # Enable epoll for Linux 2.6+ + } + + http { + include mime.types; + default_type application/octet-stream; + sendfile on; + + upstream txs_app_server { + server unix:/nginx-txs/gunicorn.socket fail_timeout=0; + keepalive 32; + } + + server { + access_log off; + listen 8000 deferred; + charset utf-8; + keepalive_timeout 75s; + + gzip on; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml; + gzip_disable "MSIE [1-6]\."; + + location /txs/static { + alias /nginx-txs/staticfiles; + expires 365d; + } + + location /txs/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://txs_app_server/; + + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Real-IP $remote_addr; + add_header Front-End-Https on; + } + } + } diff --git a/deploy/prod/txs/txs-worker-contracts-tokens-deployment.yaml b/deploy/prod/txs/txs-worker-contracts-tokens-deployment.yaml new file mode 100644 index 0000000..8b48ef2 --- /dev/null +++ b/deploy/prod/txs/txs-worker-contracts-tokens-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: safe-txs-worker-contracts-tokens + name: safe-txs-worker-contracts-tokens + namespace: crossbell +spec: + replicas: 1 + selector: + matchLabels: + app: safe-txs-worker-contracts-tokens + template: + metadata: + labels: + app: safe-txs-worker-contracts-tokens + spec: + containers: + - args: + - docker/web/celery/worker/run.sh + envFrom: + - secretRef: + name: safe-txs + env: + - name: WORKER_QUEUES + value: contracts,tokens + image: safeglobal/safe-transaction-service:latest + name: txs-worker-contracts-tokens + resources: {} + restartPolicy: Always diff --git a/deploy/prod/txs/txs-worker-indexer-deployment.yaml b/deploy/prod/txs/txs-worker-indexer-deployment.yaml new file mode 100644 index 0000000..efd9498 --- /dev/null +++ b/deploy/prod/txs/txs-worker-indexer-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: safe-txs-worker-indexer + name: safe-txs-worker-indexer + namespace: crossbell +spec: + replicas: 1 + selector: + matchLabels: + app: safe-txs-worker-indexer + template: + metadata: + labels: + app: safe-txs-worker-indexer + spec: + containers: + - args: + - docker/web/celery/worker/run.sh + envFrom: + - secretRef: + name: safe-txs + env: + - name: RUN_MIGRATIONS + value: "1" + - name: WORKER_QUEUES + value: default,indexing + image: safeglobal/safe-transaction-service:latest + name: txs-worker-indexer + resources: + requests: + cpu: "1000m" + memory: "4000Mi" + limits: + cpu: "2000m" + memory: "8000Mi" + restartPolicy: Always diff --git a/deploy/prod/txs/txs-worker-notifications-webhooks-deployment.yaml b/deploy/prod/txs/txs-worker-notifications-webhooks-deployment.yaml new file mode 100644 index 0000000..46517fc --- /dev/null +++ b/deploy/prod/txs/txs-worker-notifications-webhooks-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: safe-txs-worker-notifications-webhooks + name: safe-txs-worker-notifications-webhooks + namespace: crossbell +spec: + replicas: 1 + selector: + matchLabels: + app: safe-txs-worker-notifications-webhooks + template: + metadata: + labels: + app: safe-txs-worker-notifications-webhooks + spec: + containers: + - args: + - docker/web/celery/worker/run.sh + envFrom: + - secretRef: + name: safe-txs + env: + - name: WORKER_QUEUES + value: notifications,webhooks + image: safeglobal/safe-transaction-service:latest + name: txs-worker-notifications-webhooks + resources: {} + restartPolicy: Always