Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: terraform configuration #170

Merged
merged 2 commits into from
Jun 7, 2023
Merged

feat: terraform configuration #170

merged 2 commits into from
Jun 7, 2023

Conversation

itegulov
Copy link
Contributor

Relates to #147

Adds and e2e terraform configuration that:

  1. Creates secrets in Secret Manager and populates them with values from the provided variables
  2. Builds a docker image and pushes it to an Artifact Registry repository
  3. Creates a dedicated service account with the minimum amount of roles needed to run our services
  4. Creates N signer nodes (depends on how many secret keys you provide in the variables) + leader node as Cloud Run services

I used this PR to create a testnet environment in pagoda-discovery-platform-prod from scratch. See https://console.cloud.google.com/run/detail/us-east1/mpc-recovery-leader-testnet/metrics?project=pagoda-discovery-platform-prod.

I propose we host mainnet and testnet in pagoda-discovery-platform-prod, while pagoda-discovery-platform-dev will be used exclusively for our internal dev environments (something long-lived for the develop branch and short-lived environments for PRs).

volovyks
volovyks approved these changes Jun 4, 2023
View reviewed changes
Copy link
Collaborator

@volovyks volovyks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Creates secrets in Secret Manager and populates them with values from the provided variables - any change it can override current setup? Especially what is stored in secret manager.

Creates N signer nodes (depends on how many secret keys you provide in the variables) + leader node as Cloud Run services - so, it's possible to specify, that we want to have 1 signing node + 2 signing nodes managed by other parties in config?

I propose we host mainnet and testnet in pagoda-discovery-platform-prod, while pagoda-discovery-platform-dev will be used exclusively for our internal dev environments (something long-lived for the develop branch and short-lived environments for PRs). - I agree, that short lived dev env should be separated completely. Not strong opinion on testnet + mainnet in one env. If it's a small effort, we can create a separate one for testnet.

@itegulov
Copy link
Contributor Author

itegulov commented Jun 6, 2023

any change it can override current setup? Especially what is stored in secret manager.

Secrets are versioned and I don't think you can delete old revisions, just add new ones

so, it's possible to specify, that we want to have 1 signing node + 2 signing nodes managed by other parties in config?

Yep

Not strong opinion on testnet + mainnet in one env. If it's a small effort, we can create a separate one for testnet.

The reason I am advocating for this is that everyone else (relayer, discovery etc) are hosting testnet services in the *-prod env, so I think we should follow suit

@volovyks
Copy link
Collaborator

volovyks commented Jun 6, 2023

@itegulov ok, I agree with your reasoning.

@itegulov itegulov merged commit 5bb0927 into develop Jun 7, 2023
@itegulov itegulov deleted the daniyar/terraform branch June 7, 2023 12:36
itegulov added a commit that referenced this pull request Jun 27, 2023
@itegulov
feat: terraform configuration (#170)
5f45d21
volovyks added a commit that referenced this pull request Sep 21, 2023
@volovyks @itegulov
@DavidM-D @ChaoticTempest
Main -> Develop (solved conflicts) (#297)
a4a0825 
* feat: terraform configuration (#170)

* feat: add terraform module for partners (#294)

* redundant variables deleted

* terraform fmt

* redundant parameters deleted

* lookup_url deleted from setup

* fmt

* redundant dep deleted

* duplicated service-account-datastore-user deleted

* unused terraform value firebase_audience_id deleted

* terraform fmt

---------

Co-authored-by: Daniyar Itegulov <ditegulov@gmail.com>
Co-authored-by: DavidM-D <dmillardurrant@gmail.com>
Co-authored-by: Phuong Nguyen <ChaoticTempest@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@volovyks volovyks volovyks approved these changes

@ChaoticTempest ChaoticTempest Awaiting requested review from ChaoticTempest

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@itegulov @volovyks