Merge pull request #278 from desci-labs/m0ar/ceramic-prod-deployment

Ceramic prod deployment
desci-labs · Apr 17, 2024 · fc92e59 · fc92e59
2 parents 5be4f56 + db08e34
commit fc92e59
Show file tree

Hide file tree

Showing 2 changed files with 112 additions and 19 deletions.
diff --git a/ceramic-k8s/ceramic_deployment_dev.yaml b/ceramic-k8s/ceramic_deployment_dev.yaml
@@ -48,26 +48,19 @@ spec:
               cpu: "0.6"
               memory: 4Gi
           # # restart pod after failureThreshold*periodSeconds total seconds
-          # livenessProbe:
-          #   httpGet:
-          #     path: /
-          #     port: server-api
-          #   failureThreshold: 80
-          #   periodSeconds: 3
-          # # temporarily stop sending traffic to pod after failureThreshold*periodSeconds total seconds
-          # readinessProbe:
-          #   httpGet:
-          #     path: /
-          #     port: server-api
-          #   failureThreshold: 3
-          #   periodSeconds: 1
+          livenessProbe:
+            httpGet:
+              path: /api/v0/node/healthcheck
+              port: http-api
+            failureThreshold: 10
+            periodSeconds: 5
           # # wait for pod to start for failureThreshold*periodSeconds total seconds
-          # startupProbe:
-          #   httpGet:
-          #     path: /
-          #     port: server-api
-          #   failureThreshold: 200
-          #   periodSeconds: 1
+          startupProbe:
+            httpGet:
+              path: /api/v0/node/healthcheck
+              port: http-api
+            failureThreshold: 60
+            periodSeconds: 1
 
       serviceAccountName: "vault-auth"
 ---

diff --git a/ceramic-k8s/ceramic_deployment_prod.yaml b/ceramic-k8s/ceramic_deployment_prod.yaml
@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: js-ceramic-prod
+  labels:
+    App: JsCeramicProd
+spec:
+  replicas: 1
+  revisionHistoryLimit: 8
+  selector:
+    matchLabels:
+      App: JsCeramicProd
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        vault.hashicorp.com/agent-inject: "true"
+        vault.hashicorp.com/agent-inject-status: "update"
+        vault.hashicorp.com/role: app-vault-reader
+        vault.hashicorp.com/agent-inject-secret-config: secrets/desci-server/production/db
+        vault.hashicorp.com/agent-inject-template-config: |
+          {{- with secret "secrets/desci-server/production/db" -}}
+          echo "{\"anchor\":{\"auth-method\":\"did\",\"ethereum-rpc-url\":\"{{ .Data.ceramic_rpc }}\"},\"node\":{\"privateSeedUrl\":\"inplace:ed25519#{{ .Data.ceramic_cas_pkey }}\"},\"http-api\":{\"cors-allowed-origins\":[\".*\"],\"admin-dids\":[\"did:key:z6MktbKJrMnhVJ37QFTo12911ycm2juKDUzWHDVETu9s5a9T\"]},\"ipfs\":{\"mode\":\"remote\",\"host\":\"http://public-ceramic-ipfs-prod-service-internal.default.svc.cluster.local:5001\"},\"logger\":{\"log-level\":0},\"metrics\":{\"metrics-exporter-enabled\":false,\"metrics-port\":9090},\"network\":{\"name\":\"mainnet\"},\"state-store\":{\"mode\":\"fs\",\"local-directory\":\"/root/.ceramic/statestore\"},\"indexing\":{\"db\":\"{{ .Data.ceramic_url }}\",\"allow-queries-before-historical-sync\":true,\"models\":[]}}" > daemon.config.json
+          export NODE_ENV=production
+          echo "envset"; 
+          {{- end -}}
+      labels:
+        App: JsCeramicProd
+    spec:
+      containers:
+        - image: ceramicnetwork/js-ceramic:5.3.0
+          name: js-ceramic-prod
+          command: ["/bin/bash", "-c"]
+          args:
+            - echo "SOURCING ENV"; source /vault/secrets/config; ./packages/cli/bin/ceramic.js daemon --config daemon.config.json;
+          ports:
+            - containerPort: 7007
+              name: http-api
+          resources:
+            limits:
+              cpu: "0.7"
+              memory: 4Gi
+            requests:
+              cpu: "0.6"
+              memory: 4Gi
+          # # restart pod after failureThreshold*periodSeconds total seconds
+          livenessProbe:
+            httpGet:
+              path: /api/v0/node/healthcheck
+              port: http-api
+            failureThreshold: 10
+            periodSeconds: 5
+          # # wait for pod to start for failureThreshold*periodSeconds total seconds
+          startupProbe:
+            httpGet:
+              path: /api/v0/node/healthcheck
+              port: http-api
+            failureThreshold: 60
+            periodSeconds: 1
+
+      serviceAccountName: "vault-auth"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ceramic-prod-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+    - host: ceramic-prod.desci.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: public-js-ceramic-prod-service
+                port:
+                  number: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: public-js-ceramic-prod-service
+  labels:
+    App: JsCeramicProd
+spec:
+  type: LoadBalancer
+  selector:
+    App: JsCeramicProd
+  ports:
+    - protocol: TCP
+      name: http
+      port: 80
+      targetPort: 7007