From 20f2a2646cfb03b8c960500a69a9cf62232c19f8 Mon Sep 17 00:00:00 2001 From: Ales Verbic Date: Thu, 19 Dec 2024 08:59:06 -0500 Subject: [PATCH] Feat/add dynamic tolerations (#73) * feat: add support for GCP to bootstrap Signed-off-by: Ales Verbic * Implemented crdgen json output (#69) * chore: implemented crdgen json output * chore: implemented crdgen json output * fix: adjusted host regex (#70) * fix: fixed proxy api key (#71) * chore: Update Ogmios base image (#72) * feat(bootstrap): add dynamic support for tolerations Signed-off-by: Ales Verbic --------- Signed-off-by: Ales Verbic Co-authored-by: Paulo Bressan Co-authored-by: Felipe Gonzalez --- bootstrap/feature/main.tf | 7 +++--- bootstrap/instance/main.tf | 32 ++++++++++++++++++++++---- bootstrap/instance/ogmios.tf | 28 ++++++++--------------- bootstrap/main.tf | 8 ++++++- bootstrap/proxy/cert.tf | 2 +- bootstrap/proxy/main.tf | 15 ++++++++++++ bootstrap/proxy/service.tf | 44 +++++++++++++++++++++++++++++++++++- bootstrap/variables.tf | 23 +++++++++++++++---- 8 files changed, 126 insertions(+), 33 deletions(-) diff --git a/bootstrap/feature/main.tf b/bootstrap/feature/main.tf index 8d3d041..07c5290 100644 --- a/bootstrap/feature/main.tf +++ b/bootstrap/feature/main.tf @@ -31,9 +31,10 @@ variable "api_key_salt" { variable "dcu_per_frame" { type = map(string) default = { - "mainnet" = "10" - "preprod" = "5" - "preview" = "5" + "mainnet" = "10" + "preprod" = "5" + "preview" = "5" + "vector-testnet" = "5" } } diff --git a/bootstrap/instance/main.tf b/bootstrap/instance/main.tf index 97a3642..e3fb00c 100644 --- a/bootstrap/instance/main.tf +++ b/bootstrap/instance/main.tf @@ -55,7 +55,31 @@ variable "resources" { } } - -variable "compute_arch" { - type = string -} \ No newline at end of file +variable "tolerations" { + description = "List of tolerations for the instance" + type = list(object({ + effect = string + key = string + operator = string + value = optional(string) + })) + default = [ + { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Exists" + }, + { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + }, + { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + } + ] +} diff --git a/bootstrap/instance/ogmios.tf b/bootstrap/instance/ogmios.tf index 7c68f19..1bef4e9 100644 --- a/bootstrap/instance/ogmios.tf +++ b/bootstrap/instance/ogmios.tf @@ -62,7 +62,7 @@ resource "kubernetes_deployment_v1" "ogmios" { name = "main" image = local.image image_pull_policy = "IfNotPresent" - args = local.container_args + args = local.container_args resources { limits = { @@ -137,24 +137,14 @@ resource "kubernetes_deployment_v1" "ogmios" { } } - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-profile" - operator = "Exists" - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-arch" - operator = "Equal" - value = var.compute_arch - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/availability-sla" - operator = "Equal" - value = "consistent" + dynamic "toleration" { + for_each = var.tolerations + content { + effect = toleration.value.effect + key = toleration.value.key + operator = toleration.value.operator + value = toleration.value.value + } } } } diff --git a/bootstrap/main.tf b/bootstrap/main.tf index 2abf985..4ae187c 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -32,6 +32,9 @@ module "ogmios_v1_proxy" { proxy_image_tag = var.proxy_blue_image_tag extension_name = var.extension_name networks = var.networks + cloud_provider = var.cloud_provider + dns_zone = var.dns_zone + cluster_issuer = var.cluster_issuer name = "proxy" } @@ -44,6 +47,9 @@ module "ogmios_v1_proxy_green" { extension_name = var.extension_name networks = ["mainnet", "preprod", "preview", "vector-testnet"] environment = "green" + cloud_provider = var.cloud_provider + dns_zone = var.dns_zone + cluster_issuer = var.cluster_issuer name = "proxy-green" } @@ -69,7 +75,7 @@ module "ogmios_instances" { ogmios_image = each.value.ogmios_image node_private_dns = each.value.node_private_dns ogmios_version = each.value.ogmios_version - compute_arch = each.value.compute_arch + tolerations = each.value.tolerations replicas = each.value.replicas } diff --git a/bootstrap/proxy/cert.tf b/bootstrap/proxy/cert.tf index 92decbb..c5084c6 100644 --- a/bootstrap/proxy/cert.tf +++ b/bootstrap/proxy/cert.tf @@ -25,7 +25,7 @@ resource "kubernetes_manifest" "certificate_cluster_wildcard_tls" { "issuerRef" = { "kind" = "ClusterIssuer" - "name" = "letsencrypt" + "name" = var.cluster_issuer } "secretName" = local.cert_secret_name } diff --git a/bootstrap/proxy/main.tf b/bootstrap/proxy/main.tf index 5772e8f..16abb21 100644 --- a/bootstrap/proxy/main.tf +++ b/bootstrap/proxy/main.tf @@ -80,3 +80,18 @@ variable "dns_zone" { type = string default = "demeter.run" } + +variable "cluster_issuer" { + type = string + default = "letsencrypt" +} + +variable "cloud_provider" { + type = string + default = "aws" +} + +variable "healthcheck_port" { + type = number + default = null +} diff --git a/bootstrap/proxy/service.tf b/bootstrap/proxy/service.tf index a3bc0fd..10be1c9 100644 --- a/bootstrap/proxy/service.tf +++ b/bootstrap/proxy/service.tf @@ -1,4 +1,5 @@ -resource "kubernetes_service_v1" "proxy_service" { +resource "kubernetes_service_v1" "proxy_service_aws" { + for_each = toset([for n in toset(["loadbalancer"]) : n if var.cloud_provider == "aws"]) metadata { name = local.name namespace = var.namespace @@ -8,6 +9,7 @@ resource "kubernetes_service_v1" "proxy_service" { "service.beta.kubernetes.io/aws-load-balancer-type" : "external" "service.beta.kubernetes.io/aws-load-balancer-healthcheck-protocol" : "HTTPS" "service.beta.kubernetes.io/aws-load-balancer-healthcheck-path" : "/healthz" + "service.beta.kubernetes.io/aws-load-balancer-healthcheck-port" : var.healthcheck_port != null ? var.healthcheck_port : "traffic-port" } } @@ -22,6 +24,46 @@ resource "kubernetes_service_v1" "proxy_service" { protocol = "TCP" } + + port { + name = "health" + port = 80 + target_port = local.prometheus_port + protocol = "TCP" + } + + type = "LoadBalancer" + } +} + +resource "kubernetes_service_v1" "proxy_service_gcp" { + for_each = toset([for n in toset(["loadbalancer"]) : n if var.cloud_provider == "gcp"]) + metadata { + name = local.name + namespace = var.namespace + annotations = { + "cloud.google.com/l4-rbs" : "enabled" + } + } + + spec { + external_traffic_policy = "Local" + selector = local.proxy_labels + + port { + name = "proxy" + port = 443 + target_port = local.proxy_port + protocol = "TCP" + } + + port { + name = "health" + port = 80 + target_port = local.prometheus_port + protocol = "TCP" + } + type = "LoadBalancer" } } diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf index 4284e37..800794e 100644 --- a/bootstrap/variables.tf +++ b/bootstrap/variables.tf @@ -7,11 +7,20 @@ variable "dns_zone" { default = "demeter.run" } +variable "cluster_issuer" { + type = string + default = "letsencrypt" +} + variable "extension_name" { type = string default = "ogmios-m1" } +variable "cloud_provider" { + type = string + default = "aws" +} variable "networks" { type = list(string) @@ -37,9 +46,10 @@ variable "api_key_salt" { variable "dcu_per_frame" { type = map(string) default = { - "mainnet" = "10" - "preprod" = "5" - "preview" = "5" + "mainnet" = "10" + "preprod" = "5" + "preview" = "5" + "vector-testnet" = "5" } } @@ -128,7 +138,6 @@ variable "proxy_resources" { } } - variable "instances" { type = map(object({ salt = string @@ -148,5 +157,11 @@ variable "instances" { memory = string }) })) + tolerations = optional(list(object({ + effect = string + key = string + operator = string + value = optional(string) + }))) })) }