deploy: websocket service in production (#106)

Co-authored-by: Mauro <[email protected]>

.github/workflows/chicmoz-prod.yml

@@ -35,8 +35,7 @@ jobs:
 
       - name: Cleanup old images
         run: |
-          chmod +x ".github/workflows/cleanup-script.sh"
-          bash -x ".github/workflows/cleanup-script.sh"
+          bash -x "scripts/production/cleanup-registry.sh"
 
       - name: Save DigitalOcean kubeconfig
         run: doctl kubernetes cluster kubeconfig save "chicmoz-prod"
@@ -47,7 +46,7 @@ jobs:
           RETRY_DELAY=10
 
           for i in $(seq 1 $MAX_RETRIES); do
-            if skaffold run --filename "k8s/production/skaffold.production.light.yaml" --default-repo=registry.digitalocean.com/aztlan-containers; then
+            if bash -x scripts/production/deploy.sh; then
               echo "Deployment successful"
               exit 0
             fi

k8s/local/explorer-api/deployment.yaml

@@ -37,8 +37,8 @@ spec:
         - image: explorer-api:latest
           resources:
             limits:
-              memory: 4096Mi
-              cpu: 350m
+              memory: 2048Mi
+              cpu: 250m
           ports:
             - name: http-app
               containerPort: 80

k8s/local/websocket-event-publisher/ingress.yaml

@@ -7,7 +7,6 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
     nginx.ingress.kubernetes.io/websocket-services: "websocket-event-publisher"
-    nginx.ingress.kubernetes.io/backend-protocol: "WS"
 spec:
   ingressClassName: nginx
   rules:

k8s/production/explorer-api/deployment.yaml

@@ -40,8 +40,8 @@ spec:
           name: explorer-api
           resources:
             limits:
-              memory: 4096Mi
-              cpu: 350m
+              memory: 2048Mi
+              cpu: 250m
           ports:
             - name: http-app
               containerPort: 80

k8s/production/explorer-api/ingress.yaml

@@ -8,7 +8,6 @@ metadata:
     nginx.ingress.kubernetes.io/rewrite-target: /$2
     nginx.ingress.kubernetes.io/auth-url: http://auth.chicmoz-prod.svc.cluster.local
     nginx.ingress.kubernetes.io/auth-response-headers: x-api-key
-    kubernetes.io/ingress.class: "nginx"
     cert-manager.io/cluster-issuer: "chicmoz-issuer-production"
 spec:
   ingressClassName: nginx

k8s/production/explorer-ui/ingress.yaml

@@ -4,7 +4,6 @@ metadata:
   name: ingress-explorer-ui
   namespace: chicmoz-prod
   annotations:
-    kubernetes.io/ingress.class: "nginx"
     cert-manager.io/cluster-issuer: "chicmoz-issuer-production"
 spec:
   ingressClassName: nginx

k8s/production/skaffold.production.full.yaml

@@ -3,41 +3,51 @@ kind: Config
 metadata:
   name: chicmoz-prod
 build:
+  local:
+    push: false
   artifacts:
-    - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+    - image: chicmoz-base
       context: .
       docker:
         dockerfile: Dockerfile
-    - image: registry.digitalocean.com/aztlan-containers/explorer-ui
+    - image: explorer-ui
       context: services/explorer-ui
       docker:
         dockerfile: Dockerfile
         buildArgs:
           NODE_ENV: "production"
           VITE_API_URL: "https://api.chicmoz.info/v1/d1e2083a-660c-4314-a6f2-1d42f4b944f4" # TODO: change the api key
+          VITE_WS_URL: "wss://ws.chicmoz.info"
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
           alias: BASE
-    - image: registry.digitalocean.com/aztlan-containers/auth
+    - image: auth
       context: services/auth
       docker:
         dockerfile: Dockerfile
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
           alias: BASE
-    - image: registry.digitalocean.com/aztlan-containers/aztec-listener
+    - image: aztec-listener
       context: services/aztec-listener
       docker:
         dockerfile: Dockerfile
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
           alias: BASE
-    - image: registry.digitalocean.com/aztlan-containers/explorer-api
+    - image: explorer-api
       context: services/explorer-api
       docker:
         dockerfile: Dockerfile
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
+          alias: BASE
+    - image: websocket-event-publisher
+      context: services/websocket-event-publisher
+      docker:
+        dockerfile: Dockerfile
+      requires:
+        - image: chicmoz-base
           alias: BASE
 manifests:
   rawYaml:
@@ -52,6 +62,12 @@ manifests:
     - k8s/production/auth/service.yaml
     - k8s/production/aztec-listener/deployment.yaml
     - k8s/production/aztec-listener/service.yaml
+    - k8s/production/websocket-event-publisher/ingress.yaml
+    - k8s/production/websocket-event-publisher/deployment.yaml
+    - k8s/production/websocket-event-publisher/service.yaml
+    - k8s/production/cert-manager/cert-staging-issuer.yaml
+    - k8s/production/cert-manager/cert-production-issuer.yaml
+    - k8s/production/cert-manager/ingress_nginx_svc.yaml
   helm:
     releases:
       - name: cert-manager

k8s/production/skaffold.production.light.yaml

@@ -3,41 +3,51 @@ kind: Config
 metadata:
   name: chicmoz-prod
 build:
+  local:
+    push: false
   artifacts:
-    - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+    - image: chicmoz-base
       context: .
       docker:
         dockerfile: Dockerfile
-    - image: registry.digitalocean.com/aztlan-containers/explorer-ui
+    - image: explorer-ui
       context: services/explorer-ui
       docker:
         dockerfile: Dockerfile
         buildArgs:
           NODE_ENV: "production"
           VITE_API_URL: "https://api.chicmoz.info/v1/d1e2083a-660c-4314-a6f2-1d42f4b944f4" # TODO: change the api key
+          VITE_WS_URL: "wss://ws.chicmoz.info"
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
           alias: BASE
-    - image: registry.digitalocean.com/aztlan-containers/auth
+    - image: auth
       context: services/auth
       docker:
         dockerfile: Dockerfile
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
           alias: BASE
-    - image: registry.digitalocean.com/aztlan-containers/aztec-listener
+    - image: aztec-listener
       context: services/aztec-listener
       docker:
         dockerfile: Dockerfile
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
           alias: BASE
-    - image: registry.digitalocean.com/aztlan-containers/explorer-api
+    - image: explorer-api
       context: services/explorer-api
       docker:
         dockerfile: Dockerfile
       requires:
-        - image: registry.digitalocean.com/aztlan-containers/chicmoz-base
+        - image: chicmoz-base
+          alias: BASE
+    - image: websocket-event-publisher
+      context: services/websocket-event-publisher
+      docker:
+        dockerfile: Dockerfile
+      requires:
+        - image: chicmoz-base
           alias: BASE
 manifests:
   rawYaml:
@@ -52,6 +62,9 @@ manifests:
     - k8s/production/auth/service.yaml
     - k8s/production/aztec-listener/deployment.yaml
     - k8s/production/aztec-listener/service.yaml
+    - k8s/production/websocket-event-publisher/ingress.yaml
+    - k8s/production/websocket-event-publisher/deployment.yaml
+    - k8s/production/websocket-event-publisher/service.yaml
   helm:
     releases:
       - name: ingress-nginx

k8s/production/websocket-event-publisher/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: websocket-event-publisher
+  name: websocket-event-publisher
+  namespace: chicmoz-prod
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: websocket-event-publisher
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: websocket-event-publisher
+    spec:
+      containers:
+        - image: registry.digitalocean.com/aztlan-containers/websocket-event-publisher:latest
+          name: websocket-event-publisher
+          resources:
+            limits:
+              memory: 2048Mi
+              cpu: 250m
+          ports:
+            - name: websocket-port
+              containerPort: 3000
+              protocol: TCP
+          env:
+            - name: PORT
+              value: "3000"
+status: {}

k8s/production/websocket-event-publisher/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-websocket-event-publisher
+  namespace: chicmoz-prod
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    cert-manager.io/cluster-issuer: "chicmoz-issuer-production"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - ws.chicmoz.info
+      secretName: chicmoz-ws-tls
+  rules:
+    - host: ws.chicmoz.info
+      http:
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: websocket-event-publisher
+                port:
+                  name: websocket-port
+status:
+  loadBalancer: {}

k8s/production/websocket-event-publisher/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: websocket-event-publisher
+  namespace: chicmoz-prod
+spec:
+  selector:
+    app: websocket-event-publisher
+  ports:
+    - name: websocket
+      protocol: TCP
+      port: 80
+      targetPort: websocket-port

scripts/production/0_chicmoz_services.sh

@@ -0,0 +1,4 @@
+kubectl scale --replicas 0 -n chicmoz-prod deployment aztec-listener
+kubectl scale --replicas 0 -n chicmoz-prod deployment explorer-api
+kubectl scale --replicas 0 -n chicmoz-prod deployment auth
+kubectl scale --replicas 0 -n chicmoz-prod deployment websocket-event-publisher

scripts/production/0_other_services.sh

@@ -0,0 +1,4 @@
+kubectl scale statefulset --replicas 0 -n chicmoz-prod kafka-controller
+kubectl scale statefulset --replicas 0 -n chicmoz-prod redis-master
+kubectl scale statefulset --replicas 0 -n chicmoz-prod redis-replicas
+kubectl scale statefulset --replicas 0 -n chicmoz-prod postgresql

scripts/production/1_chicmoz_services.sh

@@ -0,0 +1,4 @@
+kubectl scale --replicas 1 -n chicmoz-prod deployment aztec-listener
+kubectl scale --replicas 1 -n chicmoz-prod deployment explorer-api
+kubectl scale --replicas 1 -n chicmoz-prod deployment auth
+kubectl scale --replicas 1 -n chicmoz-prod deployment websocket-event-publisher

scripts/production/1_other_services.sh

@@ -0,0 +1,4 @@
+kubectl scale statefulset --replicas 1 -n chicmoz-prod kafka-controller
+kubectl scale statefulset --replicas 1 -n chicmoz-prod redis-master
+kubectl scale statefulset --replicas 1 -n chicmoz-prod redis-replicas
+kubectl scale statefulset --replicas 1 -n chicmoz-prod postgresql

.github/workflows/cleanup-script.sh → scripts/production/cleanup-registry.sh

@@ -9,7 +9,7 @@ delete_old_tags() {
     echo "Processing repository: $repo"
 
     # List tags and filter for SHA-based tags, excluding the most recent 5
-    SHA_TAGS=$(doctl registry repository list-tags "$repo"  --format "Manifest Digest" --no-header | grep -E '^sha' | sort -r | tail -n +2) || true
+    SHA_TAGS=$(doctl registry repository list-tags auth --no-header | awk '{print $4, $5, $8}' | sort -r | tail -n +6 | awk '{print $3}') || true
 
     if [ -z "$SHA_TAGS" ]; then
         echo "No old SHA tags found for repository: $repo"

scripts/production/deploy.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+
+# NOTE: all this hassle just to *only* use 5 images on the registry...
+
+set -e
+
+# List of images to push
+IMAGES_TO_PUSH=(
+  "explorer-ui"
+  "auth"
+  "aztec-listener"
+  "explorer-api"
+  "websocket-event-publisher"
+)
+
+echo "⚠  Building images - this may take a while..."
+# Build images and get the build output
+BUILD_OUTPUT=$(skaffold build --filename "k8s/production/skaffold.production.light.yaml" --quiet)
+
+# Function to extract tag for a specific image
+get_tag() {
+  local image=$1
+  echo "$BUILD_OUTPUT" | grep "$image" | sed -E 's/.*:([^}]+)\}.*/\1/' | tr -d '"'
+}
+
+# Function to find the latest image
+find_latest_image() {
+  local image=$1
+  docker images --format "{{.Repository}}:{{.Tag}}" | grep "^$image:" | head -n 1
+}
+
+# Tag and push each image
+for image in "${IMAGES_TO_PUSH[@]}"
+do
+  TAG=$(get_tag "$image")
+  if [ -n "$TAG" ]; then
+    LATEST_IMAGE=$(find_latest_image "$image")
+    if [ -n "$LATEST_IMAGE" ]; then
+      echo "Tagging and pushing $LATEST_IMAGE as registry.digitalocean.com/aztlan-containers/$image:$TAG"
+      docker tag "$LATEST_IMAGE" "registry.digitalocean.com/aztlan-containers/$image:$TAG"
+      echo "Tagging and pushing $LATEST_IMAGE as registry.digitalocean.com/aztlan-containers/$image:latest"
+      docker tag "$LATEST_IMAGE" "registry.digitalocean.com/aztlan-containers/$image:latest"
+      docker push "registry.digitalocean.com/aztlan-containers/$image:$TAG"
+      docker push "registry.digitalocean.com/aztlan-containers/$image:latest"
+    else
+      echo "Failed to find latest image for $image"
+      exit 1
+    fi
+  else
+    echo "Failed to get tag for $image"
+    exit 1
+  fi
+done
+
+# Get the tag for chicmoz-base
+CHICMOZ_BASE_TAG=$(get_tag "chicmoz-base")
+
+# Prepare the --images argument for skaffold deploy
+DEPLOY_IMAGES_ARG="chicmoz-base=chicmoz-base:$CHICMOZ_BASE_TAG,"
+for image in "${IMAGES_TO_PUSH[@]}"
+do
+  TAG=$(get_tag "$image")
+  if [ -n "$TAG" ]; then
+    DEPLOY_IMAGES_ARG+="$image=registry.digitalocean.com/aztlan-containers/$image:$TAG,"
+  else
+    echo "Failed to get tag for $image"
+    exit 1
+  fi
+done
+DEPLOY_IMAGES_ARG=${DEPLOY_IMAGES_ARG%,}  # Remove trailing comma
+
+# Deploy using Skaffold
+echo "Deploying with images: $DEPLOY_IMAGES_ARG"
+skaffold deploy --filename "k8s/production/skaffold.production.light.yaml" --images "$DEPLOY_IMAGES_ARG"

scripts/production/full_other_services.sh

@@ -0,0 +1,4 @@
+kubectl scale statefulset --replicas 3 -n chicmoz-prod kafka-controller
+kubectl scale statefulset --replicas 1 -n chicmoz-prod redis-master
+kubectl scale statefulset --replicas 3 -n chicmoz-prod redis-replicas
+kubectl scale statefulset --replicas 1 -n chicmoz-prod postgresql