-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into chore/auto-snap-release
- Loading branch information
Showing
65 changed files
with
4,732 additions
and
4,777 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@celo/odis-identifiers': major | ||
--- | ||
|
||
Initial Release. Move functions Enum from @celo/base |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@celo/odis-identifiers': minor | ||
--- | ||
|
||
Add Github Prefix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
name: Build ODIS combiner image | ||
|
||
on: | ||
push: | ||
paths: | ||
- 'dockerfiles/phone-number-privacy/Dockerfile-combiner' | ||
- 'packages/phone-number-privacy/combiner/**' | ||
branches: | ||
- main | ||
pull_request: | ||
paths: | ||
- 'dockerfiles/phone-number-privacy/Dockerfile-combiner' | ||
- 'packages/phone-number-privacy/combiner/**' | ||
workflow_dispatch: | ||
|
||
jobs: | ||
odis-combiner-build-dev: | ||
uses: celo-org/reusable-workflows/.github/workflows/[email protected] | ||
name: Build us-west1-docker.pkg.dev/devopsre/dev-images/odis-combiner | ||
if: | | ||
github.ref != 'refs/heads/main' | ||
with: | ||
workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-social-connect/providers/github-by-repos | ||
service-account: '[email protected]' | ||
artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/odis-combiner | ||
tag: ${{ github.sha }} | ||
context: . | ||
file: dockerfiles/phone-number-privacy/Dockerfile-combiner | ||
trivy: true | ||
|
||
odis-combiner-build: | ||
uses: celo-org/reusable-workflows/.github/workflows/[email protected] | ||
name: Build us-west1-docker.pkg.dev/devopsre/social-connect/odis-combiner | ||
if: | | ||
github.ref == 'refs/heads/main' | ||
with: | ||
workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-social-connect-main/providers/github-by-repos | ||
service-account: '[email protected]' | ||
artifact-registry: us-west1-docker.pkg.dev/devopsre/social-connect/odis-combiner | ||
tag: ${{ github.sha }} | ||
context: . | ||
file: dockerfiles/phone-number-privacy/Dockerfile-combiner | ||
trivy: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -107,3 +107,4 @@ scripts/failedSDKs.json | |
|
||
packages/protocol/types/typechain-mento/*.d.ts | ||
tmp | ||
packages/odis-identifiers/lib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
##### Gathering dependencies | ||
FROM scratch AS packages | ||
|
||
# Copy phone-number-privacy package and its dependency closure. | ||
# Assemble all dependencies into the packages folder so the second stage can select whether to | ||
# include all packages, or just the phone-number-privacy packages. | ||
WORKDIR /celo-phone-number-privacy/ | ||
COPY packages/phone-number-privacy/combiner packages/phone-number-privacy/combiner | ||
COPY packages/phone-number-privacy/common packages/phone-number-privacy/common | ||
COPY packages/sdk/encrypted-backup packages/sdk/encrypted-backup | ||
COPY packages/sdk/identity packages/sdk/identity | ||
|
||
##### Main stage | ||
FROM node:18 | ||
LABEL org.opencontainers.image.authors="[email protected]" | ||
|
||
WORKDIR /celo-phone-number-privacy/ | ||
|
||
# Copy monorepo settings | ||
COPY lerna.json package.json yarn.lock ./ | ||
|
||
# Makes build fail if it doesn't copy git, will be removed after build | ||
COPY .git .git | ||
|
||
# Setting ONLY_PUBLISHED_DEPENDENCIES to true or any non-empty string results in only the | ||
# phone-number-privacy package being copied into the image, and therefore it will only build using | ||
# published dependencies. Setting ONLY_PUBLISHED_DEPENDENCIES to "" will copy in all dependecies. | ||
ARG ONLY_PUBLISHED_DEPENDENCIES="" | ||
ARG PACKAGE_SELECTOR=${ONLY_PUBLISHED_DEPENDENCIES:+phone-number-privacy/combiner} | ||
COPY --from=packages celo-phone-number-privacy/packages/${PACKAGE_SELECTOR} packages/${PACKAGE_SELECTOR} | ||
|
||
# Install dependencies and build. | ||
RUN yarn install --network-timeout 100000 --frozen-lockfile && yarn cache clean | ||
RUN yarn build | ||
|
||
RUN rm -r .git | ||
|
||
# Setup and run the combiner application. | ||
ENV NODE_ENV production | ||
WORKDIR /celo-phone-number-privacy/packages/phone-number-privacy/combiner | ||
EXPOSE 8080 | ||
ENTRYPOINT ["yarn", "start:docker"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# Kubernetes Deployment | ||
|
||
ODIS Combiner can be deployed in Kubernetes with a Helm chart. | ||
|
||
## Helm chart | ||
|
||
ODIS combiner Helm chart templates are available [here](https://github.com/celo-org/charts/tree/main/charts/odis-combiner). The chart is available through a public GCP Artifact Registry `oci://us-west1-docker.pkg.dev/devopsre/clabs-public-oci/odis-combiner`. | ||
|
||
Hence the ODIS combiner can be deployed as follows in your Kubernetes cluster: | ||
|
||
```bash | ||
helm upgrade -install <RELEASE_NAME> oci://us-west1-docker.pkg.dev/devopsre/clabs-public-oci/odis-combiner -n <NAMESPACE> --create-namespace -f <VALUES_FILE_PATH> [--version <VERSION>] | ||
``` | ||
|
||
Notice the following: | ||
|
||
- `<RELEASE_NAME>`: Name of the Helm release. | ||
- `<NAMESPACE>`: Kubernetes namespace to deploy the Helm chart. | ||
- `<VALUES_FILE_PATH>`: Path to your `values.yaml` file that define the Helm deployment. You can use the examples under [./values] as a guide, but you will have to modify it according to your needs. You can find a table defining the values file [here](https://github.com/celo-org/charts/tree/main/charts/odis-combiner#values). | ||
- `<VERSION>`: The version of the Helm chart. If omitted, it will use the latest version (available at the [chart's README](https://github.com/celo-org/charts/tree/main/charts/odis-combiner#odis-combiner) as a GitHub badge). | ||
|
||
## cLabs Developers | ||
|
||
For cLabs developers, this section contains links and information for useful deployments. | ||
|
||
> :warning: You will need to be a cLabs employee with appropiate permissions to access these links. | ||
ODIS combiner is deployed in the following clusters: | ||
|
||
- Staging: cluster `integration-tests`, namespace `odis-combiner-staging` with this [`values-staging.yaml` file](./values/values-staging.yaml). | ||
- URL: `https://odis-combiner-staging.integration-tests.celo-networks-dev.org` | ||
- Alfajores: cluster `alfajores`, namespace `odis-combiner-alfajores` with this [`values-alfajores.yaml` file](./values/values-alfajores.yaml). | ||
- URL: `https://odis-combiner-alfajores.alfajores.celo-testnet.org` | ||
- Mainnet: cluster `mainnet`, namespace `odis-combiner-mainnet` with this [`values-mainnet.yaml` file](./values/values-mainnet.yaml). | ||
- URL: `https://odis-combiner-mainnet.mainnet.celo-testnet.org` | ||
|
||
### Modifying the deployment | ||
|
||
There are 2 main ways to modify the ODIS combiner deployment in Kubernetes. | ||
|
||
- Directly modify the deployment in GCP console. | ||
- Use [Helm](https://helm.sh/). | ||
|
||
#### Directly modify the deployment in GCP console | ||
|
||
You can access the ODIS deployment following these links. There you can edit the deployment and modify any value as needed (image, Env. Vars., etc.). | ||
|
||
- [Staging](https://console.cloud.google.com/kubernetes/deployment/us-west1-b/integration-tests/odis-combiner-staging/odis-combiner-staging/yaml/view?project=celo-testnet&supportedpurview=project) | ||
- [Alfajores](https://console.cloud.google.com/kubernetes/deployment/us-west1-a/alfajores/odis-combiner-alfajores/odis-combiner-alfajores/yaml/view?project=celo-testnet-production&supportedpurview=project) | ||
- [Mainnet](https://console.cloud.google.com/kubernetes/deployment/us-west1-a/mainnet/odis-combiner-mainnet/odis-combiner-mainnet/overview?project=celo-testnet-production&supportedpurview=project) | ||
|
||
#### Use Helm | ||
|
||
1. Ensure you are connected to the correct Kubernetes cluster (staging, alfajores or mainnet). | ||
2. Get the currently deployed Helm chart values: | ||
|
||
```bash | ||
helm get values -n odis-combiner-<staging|alfajores|mainnet> odis-combiner-<staging|alfajores|mainnet> -o yaml > ./values/values-<staging|alfajores|mainnet>.yaml | ||
``` | ||
|
||
3. Modify the values file accordingly | ||
4. Deploy the new release: | ||
|
||
```bash | ||
helm upgrade -install odis-combiner-<staging|alfajores|mainnet> oci://us-west1-docker.pkg.dev/devopsre/clabs-public-oci/odis-combiner -n odis-combiner-<staging|alfajores|mainnet> -f ./values/values-<staging|alfajores|mainnet>.yaml --create-namespace --version <VERSION> | ||
``` | ||
|
||
5. Ensure there are no sensitive values in the `./values/values-<staging|alfajores|mainnet>.yaml` file and commit it to this repo. |
92 changes: 92 additions & 0 deletions
92
docs/kubernetes-deployment/combiner/values/values-alfajores.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
nameOverride: "" | ||
fullnameOverride: "" | ||
replicaCount: 1 | ||
image: | ||
repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-combiner | ||
pullPolicy: Always | ||
tag: "85baf6c3854aff588d88332addd709d544ebd6c4" | ||
imagePullSecrets: [] | ||
serviceAccount: | ||
create: true | ||
annotations: {} | ||
name: "" | ||
env: | ||
tracing: | ||
enabled: true | ||
endpoint: "https://grafana-agent.odis-alfajores-signer-3.celo-networks-dev.org/api/traces" | ||
serviceName: "odis-combiner-alfajores-k8s" | ||
log: | ||
format: stackdriver | ||
level: trace | ||
blockchain: | ||
blockchainProvider: "https://alfajores-forno.celo-testnet.org" | ||
blockchainApiKeyExistingSecret: "odis-combiner-forno-key" | ||
domain: | ||
domainEnabled: true | ||
domainFullNodeDelayMs: "100" | ||
domainFullNodeRetryCount: "5" | ||
domainFullNodeTimeoutMs: "1000" | ||
domainKeysCurrentVersion: "1" | ||
domainKeysVersions: '[{"keyVersion":1,"threshold":2,"polynomial":"0200000000000000f99af1c8fbcb0a15945ff0f23f0e93b86c101f48250c911b4ab4b15004723f93eea98c8ffd4e166535757b46c0522a0167a40224c88ba43c13685bf2f159e63394416cb41432b320e69e3e0810aa8fa1e1b0c7dcc948fc5742f2b8d752b65081f10d83821b4e2cf90b56cc4fc8c98dc00e5f24f2c5b53fa8ad7c2ebd3963c9223cf95209692d267a4f8084edfc0b5f01f7a31d82bf5421c544b6258749c691b79e6f36d9ba963ead6f25b9986b6bcb7d45b5edb33a616af630b4ce17bf552c81","pubKey":"+ZrxyPvLChWUX/DyPw6TuGwQH0glDJEbSrSxUARyP5PuqYyP/U4WZTV1e0bAUioBZ6QCJMiLpDwTaFvy8VnmM5RBbLQUMrMg5p4+CBCqj6HhsMfcyUj8V0LyuNdStlCB"},{"keyVersion":2,"threshold":2,"polynomial":"0200000000000000f99af1c8fbcb0a15945ff0f23f0e93b86c101f48250c911b4ab4b15004723f93eea98c8ffd4e166535757b46c0522a0167a40224c88ba43c13685bf2f159e63394416cb41432b320e69e3e0810aa8fa1e1b0c7dcc948fc5742f2b8d752b65081f10d83821b4e2cf90b56cc4fc8c98dc00e5f24f2c5b53fa8ad7c2ebd3963c9223cf95209692d267a4f8084edfc0b5f01f7a31d82bf5421c544b6258749c691b79e6f36d9ba963ead6f25b9986b6bcb7d45b5edb33a616af630b4ce17bf552c81","pubKey":"+ZrxyPvLChWUX/DyPw6TuGwQH0glDJEbSrSxUARyP5PuqYyP/U4WZTV1e0bAUioBZ6QCJMiLpDwTaFvy8VnmM5RBbLQUMrMg5p4+CBCqj6HhsMfcyUj8V0LyuNdStlCB"}]' | ||
domainOdisServicesSigners: '[{"url": "https://odis-alfajores-signer2.azurefd.net"},{"url": "https://odis-alfajores-signer3.azurefd.net"},{"url": "https://odis-alfajores-signer-1-b.azurefd.net"}]' | ||
domainOdisServicesTimeoutMillisecond: "5000" | ||
domainServiceName: "odis_combiner" | ||
domainShouldAuthenticate: true | ||
domainShouldCheckQuota: false | ||
pnp: | ||
pnpEnabled: true | ||
pnpFullNodeDelayMs: "100" | ||
pnpFullNodeRetryCount: "5" | ||
pnpFullNodeTimeoutMs: "1000" | ||
pnpKeysCurrentVersion: "1" | ||
pnpKeysVersions: '[{"keyVersion":1,"threshold":2,"polynomial":"0200000000000000ec5b161ac167995bd17cc0e9cf3f79369efac1fff5b0f68ad0e83dca207e3fc41b8e20bc155ebb3416a7b3d87364490169032189aa7380c47a0a464864fbe0c106e803197ae4959165e7067b95775cee2c74a78d7a67406764f342e5a4b99a003a510287524c9437b12ebb0bfdc7ea46078b807d1b665966961784bd71c4227c272b01c0fcd19c5b92226c1aac324b010abef36192e8ff3abb25686b3e6707bc747b129c32e572b5850db8446bd8f0af9a3fbf6b579793002b1b68528ca4ac00","pubKey":"kPoRxWdEdZ/Nd3uQnp3FJFs54zuiS+ksqvOm9x8vY6KHPG8jrfqysvIRU0wtqYsBKA7SoAsICMBv8C/Fb2ZpDOqhSqvr/sZbZoHmQfvbqrzbtDIPvUIrHgRS0ydJCMsA"},{"keyVersion":2,"threshold":2,"polynomial":"0200000000000000ec5b161ac167995bd17cc0e9cf3f79369efac1fff5b0f68ad0e83dca207e3fc41b8e20bc155ebb3416a7b3d87364490169032189aa7380c47a0a464864fbe0c106e803197ae4959165e7067b95775cee2c74a78d7a67406764f342e5a4b99a003a510287524c9437b12ebb0bfdc7ea46078b807d1b665966961784bd71c4227c272b01c0fcd19c5b92226c1aac324b010abef36192e8ff3abb25686b3e6707bc747b129c32e572b5850db8446bd8f0af9a3fbf6b579793002b1b68528ca4ac00","pubKey":"kPoRxWdEdZ/Nd3uQnp3FJFs54zuiS+ksqvOm9x8vY6KHPG8jrfqysvIRU0wtqYsBKA7SoAsICMBv8C/Fb2ZpDOqhSqvr/sZbZoHmQfvbqrzbtDIPvUIrHgRS0ydJCMsA"}]' | ||
pnpMockDeck: "0xbf8a2b73baf8402f8fe906ad3f42b560bf14b39f7df7797ece9e293d6f162188" | ||
pnpOdisServicesSigners: '[{"url": "https://odis-alfajores-signer2.azurefd.net"},{"url": "https://odis-alfajores-signer3.azurefd.net"},{"url": "https://odis-alfajores-signer-1-b.azurefd.net"}]' | ||
pnpOdisServicesTimeoutMilliseconds: "5000" | ||
pnpServiceName: "odis_combiner" | ||
pnpShouldAuthenticate: true | ||
pnpShouldCheckQuota: false | ||
pnpShouldMockAccountService: false | ||
service: | ||
serviceName: "odis-combiner-k8s" | ||
podAnnotations: | ||
prometheus.io/path: /metrics | ||
prometheus.io/port: "8080" | ||
prometheus.io/scrape: "true" | ||
podSecurityContext: {} | ||
securityContext: {} | ||
ingress: | ||
enabled: true | ||
className: "nginx" | ||
annotations: | ||
kubernetes.io/tls-acme: "true" | ||
hosts: | ||
- host: odis-combiner-alfajores.alfajores.celo-testnet.org | ||
paths: | ||
- path: / | ||
pathType: ImplementationSpecific | ||
tls: | ||
- secretName: odis-combiner-alfajores.alfajores.celo-testnet.org-tls | ||
hosts: | ||
- odis-combiner-alfajores.alfajores.celo-testnet.org | ||
livenessProbe: | ||
timeoutSeconds: 30 | ||
initialDelaySeconds: 60 | ||
httpGet: | ||
path: /status | ||
port: http | ||
readinessProbe: | ||
timeoutSeconds: 30 | ||
initialDelaySeconds: 60 | ||
httpGet: | ||
path: /status | ||
port: http | ||
resources: {} | ||
autoscaling: | ||
enabled: false | ||
minReplicas: 1 | ||
maxReplicas: 3 | ||
targetCPUUtilizationPercentage: 80 | ||
nodeSelector: {} | ||
tolerations: [] | ||
affinity: {} |
Oops, something went wrong.