Revert "Remove storetheindex as a tenant of production EKS cluster"

This reverts commit c07c252.
ipni · Dec 25, 2024 · 2407619 · 2407619
1 parent c07c252
commit 2407619
Show file tree

Hide file tree

Showing 88 changed files with 2,110 additions and 9 deletions.
diff --git a/deploy/manifests/prod/us-east-2/cluster/aws-ebs-csi-driver/kustomization.yaml b/deploy/manifests/prod/us-east-2/cluster/aws-ebs-csi-driver/kustomization.yaml
@@ -6,7 +6,3 @@ resources:
 
 patchesStrategicMerge:
   - patch.yaml
-
-replicas:
-  - count: 0
-    name: ebs-csi-controller
diff --git a/deploy/manifests/prod/us-east-2/cluster/external-snapshotter/kustomization.yaml b/deploy/manifests/prod/us-east-2/cluster/external-snapshotter/kustomization.yaml
@@ -3,7 +3,3 @@ kind: Kustomization
 
 resources:
   - ../../../../base/external-snapshotter
-
-replicas:
-  - count: 0
-    name: snapshot-controller
diff --git a/deploy/manifests/prod/us-east-2/cluster/ingress-nginx/kustomization.yaml b/deploy/manifests/prod/us-east-2/cluster/ingress-nginx/kustomization.yaml
@@ -10,4 +10,4 @@ patchesStrategicMerge:
 
 replicas:
   - name: ingress-nginx-controller
-    count: 0
+    count: 2
diff --git a/deploy/manifests/prod/us-east-2/cluster/kustomization.yaml b/deploy/manifests/prod/us-east-2/cluster/kustomization.yaml
@@ -7,8 +7,10 @@ resources:
   - flux-system
   - external-dns
   - cert-manager
+  - storetheindex
   - cluster-autoscaler
   - monitoring
   - aws-ebs-csi-driver
   - promtail
   - external-snapshotter
+  - ../../../base/foundationdb/crds
diff --git a/deploy/manifests/prod/us-east-2/cluster/storetheindex/.sops.yaml b/deploy/manifests/prod/us-east-2/cluster/storetheindex/.sops.yaml
@@ -0,0 +1,6 @@
+creation_rules:
+  - path_regex: '.+\.env'
+    kms: 'arn:aws:kms:us-east-2:407967248065:alias/prod/us-east-2/cluster'
+  - path_regex: '.+\.y(a)?ml'
+    encrypted_regex: '^(data|stringData)$'
+    kms: 'arn:aws:kms:us-east-2:407967248065:alias/prod/us-east-2/cluster'
diff --git a/deploy/manifests/prod/us-east-2/cluster/storetheindex/flux-cd.yaml b/deploy/manifests/prod/us-east-2/cluster/storetheindex/flux-cd.yaml
@@ -0,0 +1,92 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: storetheindex
+spec:
+  interval: 5m
+  url: https://github.com/filecoin-project/storetheindex.git
+  ref:
+    branch: main
+  secretRef:
+    name: github-auth
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: storetheindex
+spec:
+  serviceAccountName: flux
+  decryption:
+    provider: sops
+  interval: 5m
+  path: "./deploy/manifests/prod/us-east-2/tenant/storetheindex"
+  sourceRef:
+    kind: GitRepository
+    name: storetheindex
+  prune: true
+
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: storetheindex
+spec:
+  interval: 5m
+  image: 407967248065.dkr.ecr.us-east-2.amazonaws.com/storetheindex/storetheindex
+
+---
+apiVersion: image.toolkit.fluxcd.io/v1alpha1
+kind: ImagePolicy
+metadata:
+  name: storetheindex
+spec:
+  # Filter tags that match a concrete semver format.
+  filterTags:
+    pattern: '^\d+\.\d+\.\d+$'
+  policy:
+    # Select the latest semver in any range.
+    semver:
+      range: '*'
+  imageRepositoryRef:
+    name: storetheindex
+
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageUpdateAutomation
+metadata:
+  name: storetheindex
+spec:
+  interval: 5m
+  sourceRef:
+    kind: GitRepository
+    name: storetheindex
+  git:
+    checkout:
+      ref:
+        branch: main
+    commit:
+      author:
+        name: sti-bot
+        email: sti-bot@protocol.ai
+      messageTemplate: |
+        Update {{ .AutomationObject.Namespace }}/{{ .AutomationObject.Name }} in `prod` environment
+        
+        Files:
+        {{ range $filename, $_ := .Updated.Files -}}
+        - {{ $filename }}
+        {{ end -}}
+        
+        Objects:
+        {{ range $resource, $_ := .Updated.Objects -}}
+        - {{ $resource.Kind }} {{ $resource.Name }}
+        {{ end -}}
+        
+        Images:
+        {{ range .Updated.Images -}}
+        - {{.}}
+        {{ end -}}
+    push:
+      branch: 'cd/prod'
+  update:
+    strategy: Setters
+    path: "./deploy/manifests/prod/us-east-2/tenant/storetheindex"
diff --git a/deploy/manifests/prod/us-east-2/cluster/storetheindex/flux-rbac.yaml b/deploy/manifests/prod/us-east-2/cluster/storetheindex/flux-rbac.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flux
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: flux
+rules:
+  - apiGroups: [ '*' ]
+    resources: [ '*' ]
+    verbs: [ '*' ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: flux
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: flux
+subjects:
+  - kind: ServiceAccount
+    name: flux
+    namespace: storetheindex
diff --git a/deploy/manifests/prod/us-east-2/cluster/storetheindex/github-auth.yaml b/deploy/manifests/prod/us-east-2/cluster/storetheindex/github-auth.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: github-auth
+    namespace: storetheindex
+type: Opaque
+stringData:
+    username: ENC[AES256_GCM,data:PIzP32ie7g==,iv:7RftLnboJLG7qgrzaF4egbZ+T/7jG3UumAfpcWXdOG4=,tag:bMSZ8Cbn+9lGVels+fK/kQ==,type:str]
+    password: ENC[AES256_GCM,data:r+qtwVNJH/hqFjOqvM74smGzoz1R1f+P4lP21Fb+SfYK+J/QExNhog==,iv:Ex6lNi4AocQ7rpvhgXUKgDyucHzRGIqixcMVM9W+ng0=,tag:idg0jvsAe6anpsHYEMV/WA==,type:str]
+sops:
+    kms:
+        - arn: arn:aws:kms:us-east-2:407967248065:alias/prod/us-east-2/cluster
+          created_at: "2022-11-16T18:02:15Z"
+          enc: AQICAHgL6WvsvxWJrxwLulz1m91xJ5UUqyeBQVrWxG7xLPkddQHo3KvXA8OPvGw9nSUNYJvVAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMFug8KK/HsQ597pBSAgEQgDtV5Z3lmPlUXJkJE43HmAdHdGEzkSfgWaZ2jlYBgnGc3WE1fmSGmdOT/bq6LFdf+nYoJT6eWNR3D3AzEw==
+          aws_profile: ""
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-08-04T11:32:47Z"
+    mac: ENC[AES256_GCM,data:HwH5+ngadFcJhgelKY+f2IKrHXeN4b7AHz9TZ5Fdl4R3jf9eG9HyA2xG87pY7rG0kOLSG23lqlkVBHr/d5atLjNNEuKw6zCjaK2swPk7yrBFs6nVvYY+EaKKcTbDhqwXsRE4cOhK9cDLVkNG3PJ101DH3U3CuiavSSA8TSBvzKg=,iv:VrG+KCnvGQ5OjyxDR+/WDf8Okz1/Uzgf1CzGxl4U1lM=,tag:iVOL2qAMEgtONr5MH31N+w==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0
diff --git a/deploy/manifests/prod/us-east-2/cluster/storetheindex/kustomization.yaml b/deploy/manifests/prod/us-east-2/cluster/storetheindex/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: storetheindex
+
+commonLabels:
+  toolkit.fluxcd.io/tenant: storetheindex
+
+resources:
+  - namespace.yaml
+  - flux-cd.yaml
+  - flux-rbac.yaml
+  - github-auth.yaml
diff --git a/deploy/manifests/prod/us-east-2/cluster/storetheindex/namespace.yaml b/deploy/manifests/prod/us-east-2/cluster/storetheindex/namespace.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+
+metadata:
+  name: storetheindex
diff --git a/deploy/manifests/prod/us-east-2/tenant/storetheindex/.sops.yaml b/deploy/manifests/prod/us-east-2/tenant/storetheindex/.sops.yaml
@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: .*
+    encrypted_regex: '^(data|stringData)$'
+    kms: 'arn:aws:kms:us-east-2:407967248065:alias/prod/us-east-2/sti'
diff --git a/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/config.json b/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/config.json
@@ -0,0 +1,45 @@
+{
+  "Version": 1,
+  "Identity": {
+    "PeerID": "",
+    "PrivKey": ""
+  },
+  "Assignment": {
+    "FilterIPs": false,
+    "IndexerPool": [],
+    "Policy": {
+      "Allow": true,
+      "Except": null
+    },
+    "PubSubTopic": "/indexer/ingest/mainnet",
+    "Replication": 1
+  },
+  "Bootstrap": {
+    "Peers": [
+      "/dns4/node.glif.io/tcp/1235/p2p/12D3KooWBF8cpp65hp2u9LK5mh19x67ftAam84z9LsfaquTDSBpt",
+      "/dns4/lotus-bootstrap.ipfsforce.com/tcp/41778/p2p/12D3KooWGhufNmZHF3sv48aQeS13ng5XVJZ9E6qy2Ms4VzqeUsHk",
+      "/dns4/bootstrap-1.starpool.in/tcp/12757/p2p/12D3KooWQZrGH1PxSNZPum99M1zNvjNFM33d1AAu5DcvdHptuU7u",
+      "/dns4/bootstrap-0.ipfsmain.cn/tcp/34721/p2p/12D3KooWQnwEGNqcM2nAcPtRR9rAX8Hrg4k9kJLCHoTR5chJfz6d",
+      "/dns4/bootstrap-0.starpool.in/tcp/12757/p2p/12D3KooWGHpBMeZbestVEWkfdnC9u7p6uFHXL1n7m1ZBqsEmiUzz",
+      "/dns4/bootstrap-1.ipfsmain.cn/tcp/34723/p2p/12D3KooWMKxMkD5DMpSWsW7dBddKxKT7L2GgbNuckz9otxvkvByP"
+    ],
+    "MinimumPeers": 4
+  },
+  "Daemon": {
+    "HTTPAddr": "/ip4/0.0.0.0/tcp/3001",
+    "P2PAddr": "/ip4/0.0.0.0/tcp/3003",
+    "NoResourceManager": false
+  },
+  "Logging": {
+    "Level": "info",
+    "Loggers": {
+      "basichost": "warn",
+      "bootstrap": "warn"
+    }
+  },
+  "Peering": {
+    "Peers": [
+      "/dns4/inga-indexer/tcp/3003/p2p/12D3KooWGRNQLAeMZ658jcuCkVBcVnCkxVYT4GqknQV2tRwDXfRT"
+    ]
+  }
+}
diff --git a/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/deployment.yaml b/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: assigner
+spec:
+  template:
+    spec:
+      containers:
+        - name: assigner
+          resources:
+            limits:
+              cpu: "3"
+              memory: 2Gi
+            requests:
+              cpu: "3"
+              memory: 2Gi
+          volumeMounts:
+            - name: config
+              mountPath: /config
+            - name: identity
+              mountPath: /identity
+      volumes:
+        - name: config
+          configMap:
+            name: config
+        - name: identity
+          secret:
+            secretName: identity
diff --git a/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/identity.key.encrypted b/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/identity.key.encrypted
@@ -0,0 +1,22 @@
+{
+	"data": "ENC[AES256_GCM,data:F+PbmodW5HPQufuPbnEi3f+CMHDtd2WBgegjKK19g3maH4gh/gjvA4kdmY+Q0o6mgLomUFXKsljLDFjf6btqik6B4VU=,iv:fwaWp7pDw5DtqUUVI4dLedJKk8qhlGs6dzAzNu9CiBE=,tag:ez8VyqaqU7asqDBJ5+NLnA==,type:str]",
+	"sops": {
+		"kms": [
+			{
+				"arn": "arn:aws:kms:us-east-2:407967248065:alias/prod/us-east-2/sti",
+				"created_at": "2022-04-08T13:58:40Z",
+				"enc": "AQICAHjmLCaDZ4fRYyty7669VvFjJmy9C7/Y4dwd6seUJHRobwESImggCcGK7u50WYmdSbCnAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMjYpcZD7kdHNXuK9rAgEQgDtV7FuOvcsWmi+/uDQh+2xSp74Z4PRa6bI+XivH+3FAbwU8kHvZlspfbqzCUmZXjOoDSTuJcX59GBqy2Q==",
+				"aws_profile": ""
+			}
+		],
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2022-04-08T13:58:41Z",
+		"mac": "ENC[AES256_GCM,data:LvsK2JjW1l04AgIC9O01/f+hRPbnT9JkJZmUK6pcdUl5gvsXJZOhsBdNlHV1bQB05fcqLnR8kvgLsMUSYXUz46qh/81k5nGYFzFyADqGiwrWwJcQtv0GsjeUQUe0bJLK9iVF5kf+hlxp9fuiWeX+h4eI7TOKRaX7J9UNW5HQOgA=,iv:4je01vaQdJ8oIS1GjGNL6kHF4U0z/6JllxOEzry7lSM=,tag:RFyMsCVgodNoYaKmBHICsA==,type:str]",
+		"pgp": null,
+		"encrypted_regex": "^(data|stringData)$",
+		"version": "3.7.2"
+	}
+}
diff --git a/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/ingress.yaml b/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: assigner
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/cluster-issuer: "letsencrypt"
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+spec:
+  tls:
+    - hosts:
+        - assigner.prod.cid.contact
+      secretName: assigner-ingress-tls
+  rules:
+    - host: assigner.prod.cid.contact
+      http:
+        paths:
+          - path: /ingest
+            pathType: Prefix
+            backend:
+              service:
+                name: assigner
+                port:
+                  number: 3001
diff --git a/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/kustomization.yaml b/deploy/manifests/prod/us-east-2/tenant/storetheindex/assigner/kustomization.yaml
@@ -0,0 +1,32 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: storetheindex
+
+resources:
+  - ../../../../../base/assigner
+  - ingress.yaml
+
+patchesStrategicMerge:
+  - deployment.yaml
+
+secretGenerator:
+  - name: identity
+    behavior: create
+    files:
+      - identity.key=identity.key.encrypted # 12D3KooWQAymjDKMivbkUNiJP7ChRsvsDuazerHW4wERRvQMWNor
+
+configMapGenerator:
+  - name: config
+    behavior: create
+    files:
+      - config=config.json
+
+replicas:
+  - name: assigner
+    count: 0
+
+images:
+- name: storetheindex
+  newName: 407967248065.dkr.ecr.us-east-2.amazonaws.com/storetheindex/storetheindex
+  newTag: 0.8.35