Updating Policy Engine helm chart for MPC cluster

.github/workflows/policy-engine.yml

@@ -168,10 +168,25 @@ jobs:
         uses: fjogeleit/yaml-update-action@master
         with:
           valueFile: 'deploy/charts/policy-engine/values.yaml'
-          propertyPath: 'image.tag'
-          value: ${{ env.sha7 }}
+          # propertyPath: 'image.tag'
+          # value: ${{ env.sha7 }}
           branch: main
           message: 'Update policy-engine Image Version to ${{ env.sha7 }}'
+          changes: |
+            {
+              "deploy/charts/policy-engine/values.yaml": {
+                "image.tag": "${{ env.sha7 }}"
+              },
+              "deploy/charts/policy-engine/values-node-0.yaml": {
+                "image.tag": "${{ env.sha7 }}"
+              },
+              "deploy/charts/policy-engine/values-node-1.yaml": {
+                "image.tag": "${{ env.sha7 }}"
+              },
+              "deploy/charts/policy-engine/values-node-2.yaml": {
+                "image.tag": "${{ env.sha7 }}"
+              }
+            }
 
       - name: Send Slack notification on failure
         if: failure() && github.ref == 'refs/heads/main'

deploy/charts/armory/templates/secret.yaml

@@ -13,6 +13,14 @@ spec:
       key: {{ .Values.secretRemoteRef }}
       property: APP_DATABASE_URL
     secretKey: APP_DATABASE_URL
+  - remoteRef:
+      key: {{ .Values.secretRemoteRef }}
+      property: ADMIN_API_KEY
+    secretKey: ADMIN_API_KEY
+  - remoteRef:
+      key: {{ .Values.secretRemoteRef }}
+      property: POLICY_ENGINE_ADMIN_API_KEYS
+    secretKey: POLICY_ENGINE_ADMIN_API_KEYS
   secretStoreRef:
     kind: SecretStore
     name: aws-secretsmanager

deploy/charts/armory/values.yaml

@@ -23,6 +23,11 @@ env:
   REDIS_PORT: 6379
   PRICE_FEED_PRIVATE_KEY: '0xc7a1b8ba040a238e36058fc5693f801d129aca9f10ed30d0133878f1b9147c01'
   HISTORICAL_TRANSFER_FEED_PRIVATE_KEY: '0xf5c8f17cc09215c5038f6b8d5e557c0d98d341236307fe831efdcdd7faeef134'
+  POLICY_ENGINE_URLS: 'http://policy-engine-0,http://policy-engine-1,http://policy-engine-2'
+  # ADMIN_API_KEY: secret
+  # APP_DATABASE_URL: secret
+  # MASTER_PASSWORD: secret
+  # POLICY_ENGINE_ADMIN_API_KEYS: secret
 service:
   type: ClusterIP
   port: 80

deploy/charts/policy-engine/templates/secret.yaml

@@ -13,6 +13,13 @@ spec:
       key: {{ .Values.secretRemoteRef }}
       property: APP_DATABASE_URL
     secretKey: APP_DATABASE_URL
+  - remoteRef:
+      key: {{ .Values.secretRemoteRef }}
+      property: ADMIN_API_KEY
+    secretKey: ADMIN_API_KEY
+  - remoteRef:
+      key: {{ .Values.tsmApiSecretRemoteRef }}
+    secretKey: TSM_API_KEY
   secretStoreRef:
     kind: SecretStore
     name: aws-secretsmanager

deploy/charts/policy-engine/values-node-0.yaml

@@ -0,0 +1,66 @@
+replicaCount: 1
+image:
+  repository: 728783560968.dkr.ecr.us-east-2.amazonaws.com/armory/policy-engine
+  pullPolicy: IfNotPresent
+  tag: 2c723f9
+imagePullSecrets: []
+nameOverride: 'policy-engine-0'
+fullnameOverride: ''
+serviceAccount:
+  create: true
+  automount: true
+  annotations: {}
+  name: ''
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+securityContext: {}
+env:
+  APP_UID: dev-policy-engine-node-0
+  KEYRING_TYPE: raw
+  SIGNING_PROTOCOL: mpc
+  TSM_URL: http://tsm-node-0
+  TSM_PLAYER_COUNT: 3
+  # APP_DATABASE_URL: secret
+  # MASTER_PASSWORD: secret
+  # TSM_API_KEY: secret
+  # ADMIN_API_KEY: secret
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 3010
+ingress:
+  enabled: false
+resources: {}
+livenessProbe:
+  httpGet:
+    path: /
+    port: http
+readinessProbe:
+  httpGet:
+    path: /
+    port: http
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+volumes: []
+volumeMounts: []
+nodeSelector: {}
+tolerations: []
+affinity: {}
+database:
+  username:
+    secretKeyRef:
+      name: db-master-credentials
+      key: username
+  password:
+    secretKeyRef:
+      name: db-master-credentials
+      key: password
+  host: armory-dev-db.caenfnzrkfmg.us-east-2.rds.amazonaws.com
+  port: 5432
+  databaseName: engine_node_0
+secretRemoteRef: dev/policy-engine-0/config
+tsmApiSecretRemoteRef: dev/tsm-node-0/api-key

deploy/charts/policy-engine/values-node-1.yaml

@@ -0,0 +1,66 @@
+replicaCount: 1
+image:
+  repository: 728783560968.dkr.ecr.us-east-2.amazonaws.com/armory/policy-engine
+  pullPolicy: IfNotPresent
+  tag: 2c723f9
+imagePullSecrets: []
+nameOverride: 'policy-engine-1'
+fullnameOverride: ''
+serviceAccount:
+  create: true
+  automount: true
+  annotations: {}
+  name: ''
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+securityContext: {}
+env:
+  APP_UID: dev-policy-engine-node-1
+  KEYRING_TYPE: raw
+  SIGNING_PROTOCOL: mpc
+  TSM_URL: http://tsm-node-1
+  TSM_PLAYER_COUNT: 3
+  # APP_DATABASE_URL: secret
+  # MASTER_PASSWORD: secret
+  # TSM_API_KEY: secret
+  # ADMIN_API_KEY: secret
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 3010
+ingress:
+  enabled: false
+resources: {}
+livenessProbe:
+  httpGet:
+    path: /
+    port: http
+readinessProbe:
+  httpGet:
+    path: /
+    port: http
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+volumes: []
+volumeMounts: []
+nodeSelector: {}
+tolerations: []
+affinity: {}
+database:
+  username:
+    secretKeyRef:
+      name: db-master-credentials
+      key: username
+  password:
+    secretKeyRef:
+      name: db-master-credentials
+      key: password
+  host: armory-dev-db.caenfnzrkfmg.us-east-2.rds.amazonaws.com
+  port: 5432
+  databaseName: engine_node_1
+secretRemoteRef: dev/policy-engine-1/config
+tsmApiSecretRemoteRef: dev/tsm-node-1/api-key

deploy/charts/policy-engine/values-node-2.yaml

@@ -0,0 +1,66 @@
+replicaCount: 1
+image:
+  repository: 728783560968.dkr.ecr.us-east-2.amazonaws.com/armory/policy-engine
+  pullPolicy: IfNotPresent
+  tag: 2c723f9
+imagePullSecrets: []
+nameOverride: 'policy-engine-2'
+fullnameOverride: ''
+serviceAccount:
+  create: true
+  automount: true
+  annotations: {}
+  name: ''
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+securityContext: {}
+env:
+  APP_UID: dev-policy-engine-node-2
+  KEYRING_TYPE: raw
+  SIGNING_PROTOCOL: mpc
+  TSM_URL: http://tsm-node-2
+  TSM_PLAYER_COUNT: 3
+  # APP_DATABASE_URL: secret
+  # MASTER_PASSWORD: secret
+  # TSM_API_KEY: secret
+  # ADMIN_API_KEY: secret
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 3010
+ingress:
+  enabled: false
+resources: {}
+livenessProbe:
+  httpGet:
+    path: /
+    port: http
+readinessProbe:
+  httpGet:
+    path: /
+    port: http
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+volumes: []
+volumeMounts: []
+nodeSelector: {}
+tolerations: []
+affinity: {}
+database:
+  username:
+    secretKeyRef:
+      name: db-master-credentials
+      key: username
+  password:
+    secretKeyRef:
+      name: db-master-credentials
+      key: password
+  host: armory-dev-db.caenfnzrkfmg.us-east-2.rds.amazonaws.com
+  port: 5432
+  databaseName: engine_node_2
+secretRemoteRef: dev/policy-engine-2/config
+tsmApiSecretRemoteRef: dev/tsm-node-2/api-key

deploy/charts/vault/templates/secret.yaml

@@ -13,6 +13,10 @@ spec:
       key: {{ .Values.secretRemoteRef }}
       property: APP_DATABASE_URL
     secretKey: APP_DATABASE_URL
+  - remoteRef:
+      key: {{ .Values.secretRemoteRef }}
+      property: ADMIN_API_KEY
+    secretKey: ADMIN_API_KEY
   secretStoreRef:
     kind: SecretStore
     name: aws-secretsmanager

deploy/charts/vault/values.yaml

@@ -19,6 +19,9 @@ env:
   APP_UID: staging-vault-instance-1
   KEYRING_TYPE: raw
   BASE_URL: https://vault.armory.narval.xyz
+  # ADMIN_API_KEY: secret
+  # APP_DATABASE_URL: secret
+  # MASTER_PASSWORD: secret
 service:
   type: ClusterIP
   port: 80