fog-view - blue/green and zone based deployments. (#4009)

* break out service and fogshardgenerator * add fog-view-fsg/fog-view-service charts * wire in fog-view-fsg to cd testing
mobilecoinfoundation · Oct 1, 2024 · da6ff85 · da6ff85
1 parent d2477f7
commit da6ff85
Show file tree

Hide file tree

Showing 30 changed files with 1,218 additions and 32 deletions.
diff --git a/.github/workflows/mobilecoin-dev-cd.yaml b/.github/workflows/mobilecoin-dev-cd.yaml
@@ -335,7 +335,8 @@ jobs:
         - mobilecoind
         - watcher
         - fog-report
-        - fog-view
+        - fog-view-service
+        - fog-view-fsg
         - fog-ledger
     steps:
     - name: Checkout

diff --git a/.github/workflows/mobilecoin-workflow-dev-deploy.yaml b/.github/workflows/mobilecoin-workflow-dev-deploy.yaml
@@ -261,10 +261,10 @@ jobs:
     - consensus-deploy
     runs-on: mcf-dev-small-x64
     steps:
-    - name: Generate fog-view values file
+    - name: Generate fog-view-service values file
       run: |
         mkdir -p "${VALUES_BASE_PATH}"
-        cat <<EOF > "${VALUES_BASE_PATH}/fog-view-values.yaml"
+        cat <<EOF > "${VALUES_BASE_PATH}/fog-view-service-values.yaml"
         image:
           org: ${{ inputs.docker_image_org }}
 
@@ -273,36 +273,103 @@ jobs:
           partner: dev
 
         fogView:
-          stackConfig:
-            network:
-              default:
-                shardSize: ${{ inputs.shard_size }}
-                exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }}
+          responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com
+          color: green
 
           router:
-            hosts:
-            - partner: a
-              responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com
-            - partner: b
-              responderID: fog-b.${{ inputs.namespace }}.development.mobilecoin.com
             ingress:
               common:
                 blocklist:
                   enabled: false
                 tls:
                   clusterIssuer: google-public-ca
         EOF
+    - name: Deploy fog-view-service
+      uses: mobilecoinofficial/gha-k8s-toolbox@v1
+      with:
+        action: helm-deploy
+        chart_repo: ${{ inputs.chart_repo }}
+        chart_name: fog-view-service
+        chart_version: ${{ inputs.version }}
+        chart_wait_timeout: 10m
+        chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-service-values.yaml
+        release_name: fog-view-service
+        namespace: ${{ inputs.namespace }}
+        rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
+        rancher_url: ${{ secrets.DEV_RANCHER_URL }}
+        rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
+
+    - name: Generate fog-view-fsg-gr-z1 values file
+      run: |
+        mkdir -p "${VALUES_BASE_PATH}"
+        cat <<EOF > "${VALUES_BASE_PATH}/fog-view-fsg-values-gr-z1.yaml"
+        image:
+          org: ${{ inputs.docker_image_org }}
+
+        mobilecoin:
+          network: ${{ inputs.namespace }}
+          partner: dev
+
+        fogView:
+          responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com
+          color: green
+          zone: westeurope-1
+
+          stackConfig:
+            network:
+              default:
+                shardSize: ${{ inputs.shard_size }}
+                exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }}
+        EOF
+
+    - name: Deploy fog-view-fsg-gr-z1
+      uses: mobilecoinofficial/gha-k8s-toolbox@v1
+      with:
+        action: helm-deploy
+        chart_repo: ${{ inputs.chart_repo }}
+        chart_name: fog-view-fsg
+        chart_version: ${{ inputs.version }}
+        chart_wait_timeout: 10m
+        chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-fsg-values-gr-z1.yaml
+        release_name: fog-view-fsg-gr-z1
+        namespace: ${{ inputs.namespace }}
+        rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
+        rancher_url: ${{ secrets.DEV_RANCHER_URL }}
+        rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
+
+    - name: Generate fog-view-fsg-gr-z2 values file
+      run: |
+        mkdir -p "${VALUES_BASE_PATH}"
+        cat <<EOF > "${VALUES_BASE_PATH}/fog-view-fsg-values-gr-z2.yaml"
+        image:
+          org: ${{ inputs.docker_image_org }}
+
+        mobilecoin:
+          network: ${{ inputs.namespace }}
+          partner: dev
+
+        fogView:
+          responderID: fog.${{ inputs.namespace }}.development.mobilecoin.com
+          color: green
+          zone: westeurope-2
+
+          stackConfig:
+            network:
+              default:
+                shardSize: ${{ inputs.shard_size }}
+                exceedBlockHeightBy: ${{ inputs.shard_exceed_block_height_by }}
+        EOF
 
-    - name: Deploy fog-view
+    - name: Deploy fog-view-fsg-gr-z2
       uses: mobilecoinofficial/gha-k8s-toolbox@v1
       with:
         action: helm-deploy
         chart_repo: ${{ inputs.chart_repo }}
-        chart_name: fog-view
+        chart_name: fog-view-fsg
         chart_version: ${{ inputs.version }}
         chart_wait_timeout: 10m
-        chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-values.yaml
-        release_name: fog-view
+        chart_values: ${{ env.VALUES_BASE_PATH }}/fog-view-fsg-values-gr-z2.yaml
+        release_name: fog-view-fsg-gr-z2
         namespace: ${{ inputs.namespace }}
         rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
         rancher_url: ${{ secrets.DEV_RANCHER_URL }}

diff --git a/.github/workflows/mobilecoin-workflow-dev-test.yaml b/.github/workflows/mobilecoin-workflow-dev-test.yaml
@@ -314,18 +314,3 @@ jobs:
             --token-ids 0,8192 \
             --fog-hostname fog.${{ inputs.namespace }}.development.mobilecoin.com
 
-    - name: Test - block-v3 - fog-test-client fog-b, token ids 0,8192
-      if: inputs.testing_block_v3
-      uses: mobilecoinofficial/gha-k8s-toolbox@v1
-      with:
-        action: toolbox-exec
-        ingest_color: ${{ inputs.ingest_color }}
-        namespace: ${{ inputs.namespace }}
-        rancher_cluster: ${{ secrets.DEV_RANCHER_CLUSTER }}
-        rancher_url: ${{ secrets.DEV_RANCHER_URL }}
-        rancher_token: ${{ secrets.DEV_RANCHER_TOKEN }}
-        command: |
-          /test/fog-test-client.sh \
-            --key-dir ${{ env.V3_DST_FOG_B_KEYS_DIR }} \
-            --token-ids 0,8192 \
-            --fog-hostname fog-b.${{ inputs.namespace }}.development.mobilecoin.com
diff --git a/.gitignore b/.gitignore
@@ -97,3 +97,5 @@ minting-trust-root*
 
 # new cache dir for mob prompt with user sccache
 .mob/
+
+.devcontainer/
diff --git a/.internal-ci/helm/fog-view-fsg/.helmignore b/.internal-ci/helm/fog-view-fsg/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/.internal-ci/helm/fog-view-fsg/Chart.yaml b/.internal-ci/helm/fog-view-fsg/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: fog-view-fsg
+description: fog-view fogShardGenerator chart
+type: application
+version: 0.0.0
+appVersion: "0.0.0"
diff --git a/.internal-ci/helm/fog-view-fsg/README.md b/.internal-ci/helm/fog-view-fsg/README.md
@@ -0,0 +1,67 @@
+# Fog-View-FSG
+
+Run a MobileCoin fog-view fogShardGenerator chart
+
+### Required Values
+
+You must set the fog view service hostnames and mobilecoin network and partner ids.
+
+```yaml
+mobilecoin:
+  network: main
+  partner: mc
+
+fogView:
+  color: (blue|green)
+  zone: <azure region + AZ number>
+  responderID: fog.prod.mobilecoinww.com
+```
+
+Install chart:
+
+```bash
+helm upgrade fog-view-fsg-blue-z1 mcf-public/fog-view-fsg -i -f values.yaml
+```
+
+### Required ConfigMaps
+
+postgresReader example:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fog-recovery-reader-0-postgresql
+data:
+  postgresql-database: recovery
+  postgresql-hostname: <hostname>
+  postgresql-port: "5432"
+  postgresql-ssl-options: "?sslmode=verify-full&sslrootcert=/etc/ssl/certs/ca-certificates.crt"
+  postgresql-username: <user>
+```
+
+### Required Secrets
+
+postgresReader example:
+
+```yaml
+apiVersion: v1
+metadata:
+  name: fog-recovery-reader-0-postgresql
+kind: Secret
+type: Opaque
+stringData:
+  postgresql-password: <password>
+```
+### Optional ConfigMaps
+
+sentry:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sentry
+data:
+  fog-report-sentry-dsn: <sentry dsn>
+```
diff --git a/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt b/.internal-ci/helm/fog-view-fsg/templates/NOTES.txt
@@ -0,0 +1,16 @@
+::::    ::::   ::::::::  ::::::::: ::::::::::: :::        ::::::::::
++:+:+: :+:+:+ :+:    :+: :+:    :+:    :+:     :+:        :+:
++:+ +:+:+ +:+ +:+    +:+ +:+    +:+    +:+     +:+        +:+
++#+  +:+  +#+ +#+    +:+ +#++:++#+     +#+     +#+        +#++:++#
++#+       +#+ +#+    +#+ +#+    +#+    +#+     +#+        +#+
+#+#       #+# #+#    #+# #+#    #+#    #+#     #+#        #+#
+###       ###  ########  ######### ########### ########## ##########
+ ::::::::   :::::::: ::::::::::: ::::    :::
+:+:    :+: :+:    :+:    :+:     :+:+:   :+:
++:+        +:+    +:+    +:+     :+:+:+  +:+
++#+        +#+    +:+    +#+     +#+ +:+ +#+
++#+        +#+    +#+    +#+     +#+  +#+#+#
+#+#    #+# #+#    #+#    #+#     #+#   #+#+#
+ ########   ######## ########### ###    ####
+
+fog-view fogShardGenerator has been deployed.
diff --git a/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl b/.internal-ci/helm/fog-view-fsg/templates/_containers.tpl
@@ -0,0 +1,58 @@
+{{- define "containers.sysctl" -}}
+- name: sysctl
+  image: ubuntu:20.04
+  command:
+  - sysctl
+  - -w
+  - net.ipv4.tcp_retries2=5
+  - net.core.somaxconn=65535
+  securityContext:
+    privileged: true
+    runAsUser: 0
+    runAsNonRoot: False
+    readOnlyRootFilesystem: true
+{{- end -}}
+
+{{- define "containers.admin-http-gateway" -}}
+- name: admin-http-gateway
+  image: "{{ .Values.image.org }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+  imagePullPolicy: Always
+  args:
+  - /usr/bin/mc-admin-http-gateway
+  - --listen-host=0.0.0.0
+  - --listen-port=8000
+  - --admin-uri=insecure-mca://127.0.0.1:8001/
+  ports:
+  - name: mgmt-http
+    containerPort: 8000
+  # securityContext:
+  #   runAsUser: 1000
+  #   runAsGroup: 1000
+  #   runAsNonRoot: true
+  #   capabilities:
+  #     drop:
+  #     - ALL
+  #   readOnlyRootFilesystem: true
+{{- end -}}
+
+{{- define "containers.go-grpc-gateway" -}}
+- name: grpc-gateway
+  image: "{{ .Values.image.org }}/go-grpc-gateway:{{ .Values.image.tag | default .Chart.AppVersion }}"
+  imagePullPolicy: Always
+  command:
+  - /usr/bin/go-grpc-gateway
+  - -grpc-server-endpoint=127.0.0.1:{{ .Values.grpcGateway.grpcServicePort }}
+  - -grpc-insecure
+  - -http-server-listen=:8200
+  - -logtostderr
+  ports:
+  - name: gateway-http
+    containerPort: 8200
+  resources:
+    limits:
+      cpu: 1
+      memory: 256Mi
+    requests:
+      cpu: 256m
+      memory: 256Mi
+{{- end -}}