From ce4c7ec70934e9bd0379feba668512684ae5354a Mon Sep 17 00:00:00 2001 From: Chris Marslender Date: Mon, 9 Sep 2024 14:26:30 -0500 Subject: [PATCH] Build container + deploy to k8s (#53) --- .github/workflows/build-deploy.yml | 87 ++++++++++++++++++++++++++++++ cmd/crawl.go | 5 +- cmd/root.go | 14 ++--- k8s/values.yaml.j2 | 43 +++++++++++++++ 4 files changed, 138 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/build-deploy.yml create mode 100644 k8s/values.yaml.j2 diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml new file mode 100644 index 0000000..5ad92c7 --- /dev/null +++ b/.github/workflows/build-deploy.yml @@ -0,0 +1,87 @@ +name: Deploy & Configure Application + +on: + push: + branches: + - main + workflow_dispatch: + schedule: + - cron: '0 10 * * 1' + +permissions: + id-token: write + contents: read + packages: write + +concurrency: + group: "build-deploy" + +jobs: + package: + uses: Chia-Network/actions/.github/workflows/docker-build.yaml@main + + deploy: + name: Deploy + runs-on: "k8s-internal-${{ matrix.colo.region }}" + needs: + - package + container: + image: registry.gitlab.com/cmmarslender/kubectl-helm:v3 + strategy: + fail-fast: false + matrix: + colo: + - region: fmt + - region: msp + - region: ldn + - region: sin + steps: + - uses: actions/checkout@v4 + + - name: Vault Login + uses: Chia-Network/actions/vault/login@main + with: + vault_url: ${{ secrets.VAULT_URL }} + role_name: github + + - name: Get secrets from vault + uses: hashicorp/vault-action@v3 + with: + url: ${{ secrets.VAULT_URL }} + token: ${{ env.VAULT_TOKEN }} + secrets: | + secret/data/${{ matrix.colo.region }}/k8s/k8s-${{ matrix.colo.region }} api_server_url | K8S_API_SERVER_URL; + secret/data/github/ghcr_image_pull username | IMAGE_PULL_USERNAME; + secret/data/github/ghcr_image_pull password | IMAGE_PULL_PASSWORD; + + - name: Login to k8s cluster + uses: Chia-Network/actions/vault/k8s-login@main + with: + vault_url: ${{ secrets.VAULT_URL }} + vault_token: ${{ env.VAULT_TOKEN }} + backend_name: k8s-${{ matrix.colo.region }} + role_name: github-actions + cluster_url: ${{ env.K8S_API_SERVER_URL }} + + - uses: Chia-Network/actions/k8s/image-pull-secret@main + with: + secret_name: crawler-image-pull + namespace: go-chia-crawler + username: ${{ env.IMAGE_PULL_USERNAME }} + password: ${{ env.IMAGE_PULL_PASSWORD }} + docker_server: "ghcr.io" + + - name: Ensure istio injection is enabled + run: | + kubectl label namespace go-chia-crawler istio-injection=enabled + + - uses: Chia-Network/actions/helm/deploy@main + env: + DOCKER_TAG: "sha-${{ inputs.deploy_ref }}" + REGION: ${{ matrix.colo.region }} + with: + namespace: go-chia-crawler + app_name: "crawler" + helm_chart_repo: "https://chia-network.github.io/helm-charts" + helm_chart: "generic" + helm_values: "./k8s/values.yaml" diff --git a/cmd/crawl.go b/cmd/crawl.go index 20c3fb5..a345206 100644 --- a/cmd/crawl.go +++ b/cmd/crawl.go @@ -8,6 +8,7 @@ import ( "net" "net/http" "os" + "path" "sync" "time" @@ -200,7 +201,7 @@ func persist() { log.Println("Persisting peers to crawler.dat") // Iterate through the hostTimestamps, and for each host that meets the reporting threshold, save all the details about it - file, err := os.Create("crawler.dat") + file, err := os.Create(path.Join(viper.GetString("data-dir"), "crawler.dat")) if err != nil { log.Printf("Error writing data: %s\n", err.Error()) return @@ -236,7 +237,7 @@ func persist() { func load() { log.Println("Checking for peers in crawler.dat") - file, err := os.Open("crawler.dat") + file, err := os.Open(path.Join(viper.GetString("data-dir"), "crawler.dat")) if err != nil { log.Printf("Error opening data file: %s\n", err.Error()) return diff --git a/cmd/root.go b/cmd/root.go index b08233d..1e96202 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -27,21 +27,17 @@ func Execute() { } func init() { - var ( - bootstrapPeer string - metrics bool - metricsPort int - ) - cobra.OnInitialize(initConfig) - rootCmd.PersistentFlags().StringVar(&bootstrapPeer, "bootstrap-peer", "node.chia.net", "The initial bootstrap peer to try and connect to") - rootCmd.PersistentFlags().BoolVar(&metrics, "metrics", false, "Enable the metrics server") - rootCmd.PersistentFlags().IntVar(&metricsPort, "metrics-port", 9914, "The port the metrics server binds to") + rootCmd.PersistentFlags().String("bootstrap-peer", "node.chia.net", "The initial bootstrap peer to try and connect to") + rootCmd.PersistentFlags().Bool("metrics", false, "Enable the metrics server") + rootCmd.PersistentFlags().Int("metrics-port", 9914, "The port the metrics server binds to") + rootCmd.PersistentFlags().String("data-dir", "", "The directory to store crawler data in") cobra.CheckErr(viper.BindPFlag("bootstrap-peer", rootCmd.PersistentFlags().Lookup("bootstrap-peer"))) cobra.CheckErr(viper.BindPFlag("metrics", rootCmd.PersistentFlags().Lookup("metrics"))) cobra.CheckErr(viper.BindPFlag("metrics-port", rootCmd.PersistentFlags().Lookup("metrics-port"))) + cobra.CheckErr(viper.BindPFlag("data-dir", rootCmd.PersistentFlags().Lookup("data-dir"))) rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.chia-crawler.yaml)") } diff --git a/k8s/values.yaml.j2 b/k8s/values.yaml.j2 new file mode 100644 index 0000000..3dee1f9 --- /dev/null +++ b/k8s/values.yaml.j2 @@ -0,0 +1,43 @@ +image: + repository: ghcr.io/chia-network/go-chia-crawler + tag: {{ DOCKER_TAG }} + +imagePullSecrets: + - name: crawler-image-pull + +deployment: + containerPort: 9914 + containerPortName: metrics + +service: + enabled: true + type: ClusterIP + additionalLabels: + application: chia-blockchain + component: dns-introducer + network: mainnet + port: 9914 + +networkPolicy: + enabled: true + policyTypes: + - Egress + egressRules: + - to: + - namespaceSelector: + matchLabels: + name: chia-blockchain-mainnet + ports: + - protocol: TCP + port: 8444 + +configmapEnvironment: + CHIA_CRAWLER_BOOTSTRAP_PEER: node-node-all.chia-blockchain-mainnet + CHIA_CRAWLER_DATA_DIR: /crawler-data + +volumes: + - name: crawler-data + mountPath: /crawler-data + readOnly: false + size: 256Mi + storageClassName: ceph-nvme