From c0d06efaf47fa11085ac20342f5f6bee4efb720e Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Thu, 9 Nov 2023 21:09:38 +0100 Subject: [PATCH 1/8] Staging and Alfajores switch values --- .changeset/empty-dodos-impress.md | 2 ++ .../combiner/values/values-alfajores.yaml | 14 +++++++------- .../combiner/values/values-staging.yaml | 2 +- .../values/alfajores/values-signer0-alfajores.yaml | 12 +++++++++--- .../values/alfajores/values-signer1-alfajores.yaml | 9 ++++++--- .../values/alfajores/values-signer2-alfajores.yaml | 9 ++++++--- .../values/staging/values-signer0-staging.yaml | 9 ++++++--- .../values/staging/values-signer1-staging.yaml | 9 ++++++--- .../values/staging/values-signer2-staging.yaml | 9 ++++++--- 9 files changed, 49 insertions(+), 26 deletions(-) create mode 100644 .changeset/empty-dodos-impress.md diff --git a/.changeset/empty-dodos-impress.md b/.changeset/empty-dodos-impress.md new file mode 100644 index 000000000..a845151cc --- /dev/null +++ b/.changeset/empty-dodos-impress.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml b/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml index 92585e52a..d35f575d1 100644 --- a/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml +++ b/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml @@ -17,7 +17,7 @@ image: pullPolicy: Always # -- Image tag # Overrides the image tag whose default is the chart appVersion. - tag: "odis-combiner-3.3.1" + tag: "odis-combiner-3.3.2" # -- Image pull secrets imagePullSecrets: [] @@ -62,7 +62,7 @@ env: # -- Env. Var DOMAIN_KEYS_VERSIONS domainKeysVersions: '[{"keyVersion":1,"threshold":2,"polynomial":"0200000000000000f99af1c8fbcb0a15945ff0f23f0e93b86c101f48250c911b4ab4b15004723f93eea98c8ffd4e166535757b46c0522a0167a40224c88ba43c13685bf2f159e63394416cb41432b320e69e3e0810aa8fa1e1b0c7dcc948fc5742f2b8d752b65081f10d83821b4e2cf90b56cc4fc8c98dc00e5f24f2c5b53fa8ad7c2ebd3963c9223cf95209692d267a4f8084edfc0b5f01f7a31d82bf5421c544b6258749c691b79e6f36d9ba963ead6f25b9986b6bcb7d45b5edb33a616af630b4ce17bf552c81","pubKey":"+ZrxyPvLChWUX/DyPw6TuGwQH0glDJEbSrSxUARyP5PuqYyP/U4WZTV1e0bAUioBZ6QCJMiLpDwTaFvy8VnmM5RBbLQUMrMg5p4+CBCqj6HhsMfcyUj8V0LyuNdStlCB"},{"keyVersion":2,"threshold":2,"polynomial":"0200000000000000f99af1c8fbcb0a15945ff0f23f0e93b86c101f48250c911b4ab4b15004723f93eea98c8ffd4e166535757b46c0522a0167a40224c88ba43c13685bf2f159e63394416cb41432b320e69e3e0810aa8fa1e1b0c7dcc948fc5742f2b8d752b65081f10d83821b4e2cf90b56cc4fc8c98dc00e5f24f2c5b53fa8ad7c2ebd3963c9223cf95209692d267a4f8084edfc0b5f01f7a31d82bf5421c544b6258749c691b79e6f36d9ba963ead6f25b9986b6bcb7d45b5edb33a616af630b4ce17bf552c81","pubKey":"+ZrxyPvLChWUX/DyPw6TuGwQH0glDJEbSrSxUARyP5PuqYyP/U4WZTV1e0bAUioBZ6QCJMiLpDwTaFvy8VnmM5RBbLQUMrMg5p4+CBCqj6HhsMfcyUj8V0LyuNdStlCB"}]' # -- Env. Var DOMAIN_ODIS_SERVICES_SIGNERS - domainOdisServicesSigners: '[{"url": "https://odis-alfajores-signer2.azurefd.net"},{"url": "https://odis-alfajores-signer3.azurefd.net"},{"url": "https://odis-alfajores-signer-1-b.azurefd.net"}]' + domainOdisServicesSigners: '[{"url": "http://odis-signer0-alfajores.odis-signer0-alfajores:3000"},{"url": "http://odis-signer1-alfajores.odis-signer1-alfajores:3000"},{"url": "http://odis-signer2-alfajores.odis-signer2-alfajores:3000"}]' # -- Env. Var DOMAIN_ODIS_SERVICES_TIMEOUT_MILLISECONDS domainOdisServicesTimeoutMillisecond: "5000" # -- Env. Var DOMAIN_SERVICE_NAME @@ -87,7 +87,7 @@ env: # -- Env. Var PNP_MOCK_DECK pnpMockDeck: "0xbf8a2b73baf8402f8fe906ad3f42b560bf14b39f7df7797ece9e293d6f162188" # -- Env. Var PNP_ODIS_SERVICES_SIGNERS - pnpOdisServicesSigners: '[{"url": "https://odis-alfajores-signer2.azurefd.net"},{"url": "https://odis-alfajores-signer3.azurefd.net"},{"url": "https://odis-alfajores-signer-1-b.azurefd.net"}]' + pnpOdisServicesSigners: '[{"url": "http://odis-signer0-alfajores.odis-signer0-alfajores:3000"},{"url": "http://odis-signer1-alfajores.odis-signer1-alfajores:3000"},{"url": "http://odis-signer2-alfajores.odis-signer2-alfajores:3000"}]' # -- Env. Var PNP_ODIS_SERVICES_TIMEOUT_MILLISECONDS pnpOdisServicesTimeoutMilliseconds: "5000" # -- Env. Var PNP_SERVICE_NAME @@ -143,16 +143,16 @@ ingress: # -- Liveness probe configuration livenessProbe: - timeoutSeconds: 30 - initialDelaySeconds: 60 + timeoutSeconds: 60 + initialDelaySeconds: 90 httpGet: path: /status port: http # -- Readiness probe configuration readinessProbe: - timeoutSeconds: 30 - initialDelaySeconds: 60 + timeoutSeconds: 60 + initialDelaySeconds: 90 httpGet: path: /status port: http diff --git a/docs/kubernetes-deployment/combiner/values/values-staging.yaml b/docs/kubernetes-deployment/combiner/values/values-staging.yaml index 8f2586f74..977abb499 100644 --- a/docs/kubernetes-deployment/combiner/values/values-staging.yaml +++ b/docs/kubernetes-deployment/combiner/values/values-staging.yaml @@ -17,7 +17,7 @@ image: pullPolicy: Always # -- Image tag # Overrides the image tag whose default is the chart appVersion. - tag: "odis-combiner-3.3.1" + tag: "odis-combiner-3.3.2" # -- Image pull secrets imagePullSecrets: [] diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml index f4cab17f5..8080f076f 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml @@ -4,6 +4,9 @@ autoscaling: maxReplicas: 3 minReplicas: 1 targetCPUUtilizationPercentage: 80 +command: + - | + yarn && yarn start:docker env: api: domainsAPIEnabled: true @@ -44,8 +47,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -56,7 +59,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml index 5ba23810f..fba57573e 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml @@ -44,8 +44,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -56,7 +56,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml index 745757f45..9ce21245d 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml @@ -44,8 +44,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -56,7 +56,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml index d29ccaa3b..08c62fa53 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml @@ -44,8 +44,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -56,7 +56,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml index 3ccb61596..061bb96d8 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml @@ -44,8 +44,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -56,7 +56,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml index bb270bbae..b41e6b157 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml @@ -44,8 +44,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -56,7 +56,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 From 16690606a2436bdc65c73535db478f9f7212f2b8 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Thu, 9 Nov 2023 21:34:32 +0100 Subject: [PATCH 2/8] Mainnet signers yaml --- .../signer/values/mainnet/values-signer0-mainnet.yaml | 9 ++++++--- .../signer/values/mainnet/values-signer1-mainnet.yaml | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml index cbcc62970..38bdcb52b 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml @@ -43,8 +43,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -55,7 +55,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml index 33dca0ae3..560009bad 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml @@ -43,8 +43,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us.gcr.io/celo-testnet/celo-monorepo - tag: oblivious-decentralized-identifier-service-3.0.1 + repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer + tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: annotations: {} @@ -55,7 +55,10 @@ ingress: livenessProbe: {} nameOverride: "" nodeSelector: {} -podAnnotations: {} +podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "3000" + prometheus.io/scrape: "true" podSecurityContext: {} readinessProbe: {} replicaCount: 1 From 5da463c7174d2b9a6edc2f73044561aa274e1900 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Fri, 10 Nov 2023 03:20:21 +0100 Subject: [PATCH 3/8] traces --- .../signer/values/alfajores/values-signer0-alfajores.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml index 8080f076f..0bbb75797 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml @@ -4,9 +4,6 @@ autoscaling: maxReplicas: 3 minReplicas: 1 targetCPUUtilizationPercentage: 80 -command: - - | - yarn && yarn start:docker env: api: domainsAPIEnabled: true From d49951cd9ce4d91d4b26e34babcf29968fe924d8 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Fri, 10 Nov 2023 10:27:32 +0100 Subject: [PATCH 4/8] Timeouts --- .../signer/values/alfajores/values-signer0-alfajores.yaml | 5 ++++- .../signer/values/alfajores/values-signer1-alfajores.yaml | 5 ++++- .../signer/values/alfajores/values-signer2-alfajores.yaml | 5 ++++- .../signer/values/mainnet/values-signer0-mainnet.yaml | 5 ++++- .../signer/values/mainnet/values-signer1-mainnet.yaml | 5 ++++- .../signer/values/staging/values-signer0-staging.yaml | 5 ++++- .../signer/values/staging/values-signer1-staging.yaml | 5 ++++- .../signer/values/staging/values-signer2-staging.yaml | 3 +++ 8 files changed, 31 insertions(+), 7 deletions(-) diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml index 0bbb75797..80966242d 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer0-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: cLabs + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer0-alfajores-domains @@ -33,7 +36,7 @@ env: level: trace odis: mockDek: 0x034846bc781cacdafc66f3a77aa9fc3c56a9dadcd683c72be3c446fee8da041070 - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml index fba57573e..4b3751cf1 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer1-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: cLabs + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer1-alfajores-domains @@ -33,7 +36,7 @@ env: level: trace odis: mockDek: 0x034846bc781cacdafc66f3a77aa9fc3c56a9dadcd683c72be3c446fee8da041070 - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml index 9ce21245d..6c93d0326 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer2-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: cLabs + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer2-alfajores-domains @@ -33,7 +36,7 @@ env: level: trace odis: mockDek: 0x034846bc781cacdafc66f3a77aa9fc3c56a9dadcd683c72be3c446fee8da041070 - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml index 38bdcb52b..f3af6e0f8 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer0-forno-key blockchainProvider: https://forno.celo.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: clabs + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer0-mainnet-domains @@ -32,7 +35,7 @@ env: format: stackdriver level: trace odis: - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml index 560009bad..7dae3bda2 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer1-forno-key blockchainProvider: https://forno.celo.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: clabs + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer1-mainnet-domains @@ -32,7 +35,7 @@ env: format: stackdriver level: trace odis: - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml index 08c62fa53..0cd365fbc 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: pgpnp + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer0-staging-domains @@ -33,7 +36,7 @@ env: level: trace odis: mockDek: 0x034846bc781cacdafc66f3a77aa9fc3c56a9dadcd683c72be3c446fee8da041070 - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml index 061bb96d8..6e21f4d5c 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: pgpnp + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer1-staging-domains @@ -33,7 +36,7 @@ env: level: trace odis: mockDek: 0x034846bc781cacdafc66f3a77aa9fc3c56a9dadcd683c72be3c446fee8da041070 - odisSignerTimeout: "6000" + odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" testQuotaBypassPercentage: "50" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml index b41e6b157..d4a5ea355 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml @@ -11,6 +11,7 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org + fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -20,6 +21,8 @@ env: type: postgres useSsl: false username: pgpnp + poolMaxSize: 100 + timeout: 10000 keystore: domainsKeyLatestVersion: null domainsKeyNameBase: odis-signer2-staging-domains From 0aca8b2148a7b23efc79e0ab51861275916feb07 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Sun, 12 Nov 2023 18:52:04 +0100 Subject: [PATCH 5/8] ODIS Alfajores tuning --- .../combiner/values/values-alfajores.yaml | 17 +++++++----- .../alfajores/values-signer0-alfajores.yaml | 27 ++++++++++++++++--- .../alfajores/values-signer1-alfajores.yaml | 27 ++++++++++++++++--- .../alfajores/values-signer2-alfajores.yaml | 27 ++++++++++++++++--- 4 files changed, 80 insertions(+), 18 deletions(-) diff --git a/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml b/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml index d35f575d1..435640a9e 100644 --- a/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml +++ b/docs/kubernetes-deployment/combiner/values/values-alfajores.yaml @@ -158,7 +158,7 @@ readinessProbe: port: http # -- Container resources -resources: {} +resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -166,9 +166,9 @@ resources: {} # limits: # cpu: 100m # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + requests: + cpu: 2000m + memory: 1Gi autoscaling: # -- Enable autoscaling @@ -182,10 +182,15 @@ autoscaling: # targetMemoryUtilizationPercentage: 80 # -- Kubernetes node selector -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 # -- Kubernetes tolerations -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" # -- Kubernetes pod affinity affinity: {} diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml index 80966242d..45378bf12 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml @@ -1,4 +1,15 @@ -affinity: {} +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - odis-signer + topologyKey: kubernetes.io/hostname autoscaling: enabled: false maxReplicas: 3 @@ -58,7 +69,8 @@ ingress: tls: [] livenessProbe: {} nameOverride: "" -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 podAnnotations: prometheus.io/path: /metrics prometheus.io/port: "3000" @@ -66,11 +78,18 @@ podAnnotations: podSecurityContext: {} readinessProbe: {} replicaCount: 1 -resources: {} +resources: + requests: + cpu: 1000m + memory: 1Gi securityContext: {} serviceAccount: annotations: iam.gke.io/gcp-service-account: odis-signer0-alfajores@celo-testnet-production.iam.gserviceaccount.com create: true name: "" -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml index 4b3751cf1..a85ee74b8 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml @@ -1,4 +1,15 @@ -affinity: {} +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - odis-signer + topologyKey: kubernetes.io/hostname autoscaling: enabled: false maxReplicas: 3 @@ -58,7 +69,8 @@ ingress: tls: [] livenessProbe: {} nameOverride: "" -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 podAnnotations: prometheus.io/path: /metrics prometheus.io/port: "3000" @@ -66,11 +78,18 @@ podAnnotations: podSecurityContext: {} readinessProbe: {} replicaCount: 1 -resources: {} +resources: + requests: + cpu: 1000m + memory: 1Gi securityContext: {} serviceAccount: annotations: iam.gke.io/gcp-service-account: odis-signer1-alfajores@celo-testnet-production.iam.gserviceaccount.com create: true name: "" -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml index 6c93d0326..bc37216dc 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml @@ -1,4 +1,15 @@ -affinity: {} +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - odis-signer + topologyKey: kubernetes.io/hostname autoscaling: enabled: false maxReplicas: 3 @@ -58,7 +69,8 @@ ingress: tls: [] livenessProbe: {} nameOverride: "" -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 podAnnotations: prometheus.io/path: /metrics prometheus.io/port: "3000" @@ -66,11 +78,18 @@ podAnnotations: podSecurityContext: {} readinessProbe: {} replicaCount: 1 -resources: {} +resources: + requests: + cpu: 1000m + memory: 1Gi securityContext: {} serviceAccount: annotations: iam.gke.io/gcp-service-account: odis-signer2-alfajores@celo-testnet-production.iam.gserviceaccount.com create: true name: "" -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" From 579b9b5a2e26594275f5328b0fa7ab31aaf6b663 Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Mon, 13 Nov 2023 21:21:33 +0100 Subject: [PATCH 6/8] Set testQuotaBypassPercentage to 0 --- .../signer/values/alfajores/values-signer0-alfajores.yaml | 2 +- .../signer/values/alfajores/values-signer1-alfajores.yaml | 2 +- .../signer/values/alfajores/values-signer2-alfajores.yaml | 2 +- .../signer/values/mainnet/values-signer0-mainnet.yaml | 2 +- .../signer/values/mainnet/values-signer1-mainnet.yaml | 2 +- .../signer/values/staging/values-signer0-staging.yaml | 2 +- .../signer/values/staging/values-signer1-staging.yaml | 2 +- .../signer/values/staging/values-signer2-staging.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml index 45378bf12..6f19577be 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml @@ -50,7 +50,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml index a85ee74b8..ebced388c 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml @@ -50,7 +50,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml index bc37216dc..f8eeeb8f5 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml @@ -50,7 +50,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml index f3af6e0f8..2ebf893f3 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml @@ -38,7 +38,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml index 7dae3bda2..61b6629b5 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml @@ -38,7 +38,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml index 0cd365fbc..670794d0a 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml @@ -39,7 +39,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml index 6e21f4d5c..7154b62be 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml @@ -39,7 +39,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml index d4a5ea355..369084791 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml @@ -39,7 +39,7 @@ env: odisSignerTimeout: "6000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "50" + testQuotaBypassPercentage: "0" tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" From 139164bb6b4595a46820ff150f3603bbf31ac88b Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Tue, 14 Nov 2023 09:09:26 +0100 Subject: [PATCH 7/8] Docs for Azure - GCP signer equivalence --- docs/kubernetes-deployment/signer/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/kubernetes-deployment/signer/README.md b/docs/kubernetes-deployment/signer/README.md index 41572d727..058b3d615 100644 --- a/docs/kubernetes-deployment/signer/README.md +++ b/docs/kubernetes-deployment/signer/README.md @@ -42,9 +42,9 @@ ODIS signer is deployed in the following clusters: - Signer2 in namespace `odis-signer2-alfajores` with this [`values-signer2-alfajores.yaml` file](./values/alfajores/values-signer2-alfajores.yaml). - URL: `http://odis-signer2-alfajores.odis-signer2-alfajores:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! - Mainnet: cluster `rc1-europe-west1` - - Signer0 in namespace `odis-signer0-mainnet` with this [`values-signer0-mainnet.yaml` file](./values/mainnet/values-signer0-mainnet.yaml). + - Signer0 in namespace `odis-signer0-mainnet` with this [`values-signer0-mainnet.yaml` file](./values/mainnet/values-signer0-mainnet.yaml). **This signer has the same key as `odis-mainnet-brazilsouth-a-v2`.** - URL: `http://odis-signer0-mainnet.odis-signer0-mainnet:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! - - Signer1 in namespace `odis-signer1-mainnet` with this [`values-signer1-mainnet.yaml` file](./values/mainnet/values-signer1-mainnet.yaml). + - Signer1 in namespace `odis-signer1-mainnet` with this [`values-signer1-mainnet.yaml` file](./values/mainnet/values-signer1-mainnet.yaml). **This signer has the same key as `odis-mainnet-eastasia-a-v2`.** - URL: `http://odis-signer1-mainnet.odis-signer1-mainnet:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! ### Modifying the deployment From 799ce13ca4ad8dff9f2737bab0577f4f1b2007ee Mon Sep 17 00:00:00 2001 From: alvarof2 Date: Tue, 14 Nov 2023 18:45:16 +0100 Subject: [PATCH 8/8] Values after switch --- .../combiner/values/values-mainnet.yaml | 25 ++++++---- docs/kubernetes-deployment/signer/README.md | 10 +++- .../alfajores/values-signer0-alfajores.yaml | 21 +++++--- .../alfajores/values-signer1-alfajores.yaml | 21 +++++--- .../alfajores/values-signer2-alfajores.yaml | 21 +++++--- .../mainnet/values-signer0-mainnet.yaml | 48 ++++++++++++++----- .../mainnet/values-signer1-mainnet.yaml | 48 ++++++++++++++----- .../staging/values-signer0-staging.yaml | 21 +++++--- .../staging/values-signer1-staging.yaml | 21 +++++--- .../staging/values-signer2-staging.yaml | 21 +++++--- 10 files changed, 182 insertions(+), 75 deletions(-) diff --git a/docs/kubernetes-deployment/combiner/values/values-mainnet.yaml b/docs/kubernetes-deployment/combiner/values/values-mainnet.yaml index 8bd00b8ad..ecf634ba3 100644 --- a/docs/kubernetes-deployment/combiner/values/values-mainnet.yaml +++ b/docs/kubernetes-deployment/combiner/values/values-mainnet.yaml @@ -17,7 +17,7 @@ image: pullPolicy: Always # -- Image tag # Overrides the image tag whose default is the chart appVersion. - tag: "odis-combiner-3.3.1" + tag: "odis-combiner-3.3.2" # -- Image pull secrets imagePullSecrets: [] @@ -35,7 +35,7 @@ env: # -- Enable tracing enabled: true # -- Env. Var TRACER_ENDPOINT. If enabled is false, will not be added to the deployment. - endpoint: "https://grafana-agent.odis-mainnet-signer-westus2.celo-networks-dev.org/api/traces" + endpoint: "http://grafana-agent.monitoring:14268/api/traces" # -- Env. Var TRACING_SERVICE_NAME. If enabled is false, will not be added to the deployment. serviceName: "odis-combiner-mainnet-k8s" log: @@ -62,7 +62,7 @@ env: # -- Env. Var DOMAIN_KEYS_VERSIONS domainKeysVersions: '[{"keyVersion":1,"threshold":5,"polynomial":"05000000000000002d7e2d2e2b989bc81e677ced987ee8216cf8a215eddde3d14ddf416c6f513bce8d32b0297e58a888ecca62d22cca3100d2e6ab9d7f049a8fa5b936386f0116a60643c8f604e9431602805a641772e8d0cc800c526dd36d69012ae757c18c250029d97c8a3d4b81e305780b49d511c80dc3009c02b8f651a06c8ec2d5530937a1f7eadf730ad46762a4c089bbd973a000ba77717ec36ebb6fd58904b444a6cde7dd3b3b7ac6fa37f9cd8d00aa67e7cfe81adee5ed45218f7f78b4f8473b564601f4361d228dc6dabf7decd3f61f5bb0ad2c7bd7fe5b7a88054959543e82f4deb08d4fe9af4ac775c9353e038e79f82200863ac9cb7fd6b5fa263eb9d1dead51002607f3eadac153596b671b854715bdb07bee1b0bc8d5178f0dac1b4d00ed0700f46e37135e96604d389f3a323028e29b07f36279e829da00eee1794f3ad6e5dca24eba65a7821755cc464add27c7a601c7e187756e79a5ec3c847f4d91b037fe3cd40590fc1a46b46c2f68c0edcbe5cd7727162a195a711008e4e956eb8a81011b290057cee3f14b9a4198a3e9909cac69a9e7d648fa3dd185794acc4c1e4b994637dca36621d463b42e015115ac2c015fc176d8f143bf99cca654ae95a3101afbdc0c5026f95fbf31af1ac115399f5b6b6d1de09af367745415be9533f8c080","pubKey":"LX4tLiuYm8geZ3ztmH7oIWz4ohXt3ePRTd9BbG9RO86NMrApflioiOzKYtIsyjEA0uarnX8Emo+luTY4bwEWpgZDyPYE6UMWAoBaZBdy6NDMgAxSbdNtaQEq51fBjCUA"}]' # -- Env. Var DOMAIN_ODIS_SERVICES_SIGNERS - domainOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "https://mainnet-pgpnp-brazilsouth.azurefd.net"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]' + domainOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "http://odis-signer0-mainnet.odis-signer0-mainnet:3000"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]' # -- Env. Var DOMAIN_ODIS_SERVICES_TIMEOUT_MILLISECONDS domainOdisServicesTimeoutMillisecond: "5000" # -- Env. Var DOMAIN_SERVICE_NAME @@ -87,7 +87,7 @@ env: # -- Env. Var PNP_MOCK_DECK pnpMockDeck: "0xbf8a2b73baf8402f8fe906ad3f42b560bf14b39f7df7797ece9e293d6f162188" # -- Env. Var PNP_ODIS_SERVICES_SIGNERS - pnpOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "https://mainnet-pgpnp-brazilsouth.azurefd.net"},{"url": "https://mainnet-pgpnp-eastasia.azurefd.net"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]' + pnpOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "http://odis-signer0-mainnet.odis-signer0-mainnet:3000"},{"url": "http://odis-signer1-mainnet.odis-signer1-mainnet:3000"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]' # -- Env. Var PNP_ODIS_SERVICES_TIMEOUT_MILLISECONDS pnpOdisServicesTimeoutMilliseconds: "5000" # -- Env. Var PNP_SERVICE_NAME @@ -158,7 +158,7 @@ readinessProbe: port: http # -- Container resources -resources: {} +resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -166,9 +166,9 @@ resources: {} # limits: # cpu: 100m # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + requests: + cpu: 2000m + memory: 1Gi autoscaling: # -- Enable autoscaling @@ -182,10 +182,15 @@ autoscaling: # targetMemoryUtilizationPercentage: 80 # -- Kubernetes node selector -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 # -- Kubernetes tolerations -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" # -- Kubernetes pod affinity affinity: {} diff --git a/docs/kubernetes-deployment/signer/README.md b/docs/kubernetes-deployment/signer/README.md index 058b3d615..edce76293 100644 --- a/docs/kubernetes-deployment/signer/README.md +++ b/docs/kubernetes-deployment/signer/README.md @@ -29,23 +29,31 @@ ODIS signer is deployed in the following clusters: - Staging: cluster `integration-tests` - Signer0 in namespace `odis-signer0-staging` with this [`values-signer0-staging.yaml` file](./values/staging/values-signer0-staging.yaml). - - URL: `http://odis-signer0-staging.odis-signer0-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL internal: `http://odis-signer0-staging.odis-signer0-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer0-staging.integration-tests.celo-networks-dev.org`. - Signer1 in namespace `odis-signer1-staging` with this [`values-signer1-staging.yaml` file](./values/staging/values-signer1-staging.yaml). - URL: `http://odis-signer1-staging.odis-signer1-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer1-staging.integration-tests.celo-networks-dev.org`. - Signer2 in namespace `odis-signer2-staging` with this [`values-signer2-staging.yaml` file](./values/staging/values-signer2-staging.yaml). - URL: `http://odis-signer2-staging.odis-signer2-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer2-staging.integration-tests.celo-networks-dev.org`. - Alfajores: cluster `alfajores` - Signer0 in namespace `odis-signer0-alfajores` with this [`values-signer0-alfajores.yaml` file](./values/alfajores/values-signer0-alfajores.yaml). - URL: `http://odis-signer0-alfajores.odis-signer0-alfajores:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer0-alfajores.alfajores.celo-testnet.org`. - Signer1 in namespace `odis-signer1-alfajores` with this [`values-signer1-alfajores.yaml` file](./values/alfajores/values-signer1-alfajores.yaml). - URL: `http://odis-signer1-staging.odis-signer1-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer1-alfajores.alfajores.celo-testnet.org`. - Signer2 in namespace `odis-signer2-alfajores` with this [`values-signer2-alfajores.yaml` file](./values/alfajores/values-signer2-alfajores.yaml). - URL: `http://odis-signer2-alfajores.odis-signer2-alfajores:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer2-alfajores.alfajores.celo-testnet.org`. - Mainnet: cluster `rc1-europe-west1` - Signer0 in namespace `odis-signer0-mainnet` with this [`values-signer0-mainnet.yaml` file](./values/mainnet/values-signer0-mainnet.yaml). **This signer has the same key as `odis-mainnet-brazilsouth-a-v2`.** - URL: `http://odis-signer0-mainnet.odis-signer0-mainnet:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer0-mainnet.rc1-europe-west1.celo-testnet.org`. - Signer1 in namespace `odis-signer1-mainnet` with this [`values-signer1-mainnet.yaml` file](./values/mainnet/values-signer1-mainnet.yaml). **This signer has the same key as `odis-mainnet-eastasia-a-v2`.** - URL: `http://odis-signer1-mainnet.odis-signer1-mainnet:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!! + - URL external: `https://odis-signer1-mainnet.rc1-europe-west1.celo-testnet.org`. ### Modifying the deployment diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml index 6f19577be..a3dead4ce 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer0-alfajores.yaml @@ -22,7 +22,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer0-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -50,7 +49,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -62,11 +61,19 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer0-alfajores.alfajores.celo-testnet.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer0-alfajores.alfajores.celo-testnet.org-tls + hosts: + - odis-signer0-alfajores.alfajores.celo-testnet.org livenessProbe: {} nameOverride: "" nodeSelector: diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml index ebced388c..df9f2901c 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer1-alfajores.yaml @@ -22,7 +22,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer1-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -50,7 +49,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -62,11 +61,19 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer1-alfajores.alfajores.celo-testnet.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer1-alfajores.alfajores.celo-testnet.org-tls + hosts: + - odis-signer1-alfajores.alfajores.celo-testnet.org livenessProbe: {} nameOverride: "" nodeSelector: diff --git a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml index f8eeeb8f5..578155bc9 100644 --- a/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml +++ b/docs/kubernetes-deployment/signer/values/alfajores/values-signer2-alfajores.yaml @@ -22,7 +22,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer2-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -50,7 +49,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -62,11 +61,19 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer2-alfajores.alfajores.celo-testnet.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer2-alfajores.alfajores.celo-testnet.org-tls + hosts: + - odis-signer2-alfajores.alfajores.celo-testnet.org livenessProbe: {} nameOverride: "" nodeSelector: diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml index 2ebf893f3..5826f784f 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer0-mainnet.yaml @@ -1,4 +1,15 @@ -affinity: {} +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - odis-signer + topologyKey: kubernetes.io/hostname autoscaling: enabled: false maxReplicas: 3 @@ -11,7 +22,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer0-forno-key blockchainProvider: https://forno.celo.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -38,7 +48,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -50,14 +60,23 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer0-mainnet.rc1-europe-west1.celo-testnet.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer0-mainnet.rc1-europe-west1.celo-testnet.org-tls + hosts: + - odis-signer0-mainnet.rc1-europe-west1.celo-testnet.org livenessProbe: {} nameOverride: "" -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 podAnnotations: prometheus.io/path: /metrics prometheus.io/port: "3000" @@ -65,11 +84,18 @@ podAnnotations: podSecurityContext: {} readinessProbe: {} replicaCount: 1 -resources: {} +resources: + requests: + cpu: 1000m + memory: 1Gi securityContext: {} serviceAccount: annotations: iam.gke.io/gcp-service-account: odis-signer0-mainnet@celo-testnet-production.iam.gserviceaccount.com create: true name: "" -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" diff --git a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml index 61b6629b5..b3332f1cf 100644 --- a/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml +++ b/docs/kubernetes-deployment/signer/values/mainnet/values-signer1-mainnet.yaml @@ -1,4 +1,15 @@ -affinity: {} +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - odis-signer + topologyKey: kubernetes.io/hostname autoscaling: enabled: false maxReplicas: 3 @@ -11,7 +22,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer1-forno-key blockchainProvider: https://forno.celo.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -38,7 +48,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -50,14 +60,23 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer1-mainnet.rc1-europe-west1.celo-testnet.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer1-mainnet.rc1-europe-west1.celo-testnet.org-tls + hosts: + - odis-signer1-mainnet.rc1-europe-west1.celo-testnet.org livenessProbe: {} nameOverride: "" -nodeSelector: {} +nodeSelector: + node.kubernetes.io/instance-type: e2-standard-4 podAnnotations: prometheus.io/path: /metrics prometheus.io/port: "3000" @@ -65,11 +84,18 @@ podAnnotations: podSecurityContext: {} readinessProbe: {} replicaCount: 1 -resources: {} +resources: + requests: + cpu: 1000m + memory: 1Gi securityContext: {} serviceAccount: annotations: iam.gke.io/gcp-service-account: odis-signer1-mainnet@celo-testnet-production.iam.gserviceaccount.com create: true name: "" -tolerations: [] +tolerations: + - key: "service" + operator: "Equal" + value: "odis" + effect: "NoSchedule" diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml index 670794d0a..f5d22c075 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml @@ -11,7 +11,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -39,7 +38,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -51,11 +50,19 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer0-staging.integration-tests.celo-networks-dev.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer0-staging.integration-tests.celo-networks-dev.org-tls + hosts: + - odis-signer0-staging.integration-tests.celo-networks-dev.org livenessProbe: {} nameOverride: "" nodeSelector: {} diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml index 7154b62be..20cbbc7ac 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml @@ -11,7 +11,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -39,7 +38,7 @@ env: odisSignerTimeout: "10000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -51,11 +50,19 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer1-staging.integration-tests.celo-networks-dev.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer1-staging.integration-tests.celo-networks-dev.org-tls + hosts: + - odis-signer1-staging.integration-tests.celo-networks-dev.org livenessProbe: {} nameOverride: "" nodeSelector: {} diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml index 369084791..9bcd36001 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml @@ -11,7 +11,6 @@ env: blockchain: blockchainApiKeyExistingSecret: odis-signer-forno-key blockchainProvider: https://alfajores-forno.celo-testnet.org - fullNodeTimeoutMs: 10000 db: cloudSqlProxy: false database: phoneNumberPrivacy @@ -39,7 +38,7 @@ env: odisSignerTimeout: "6000" shouldMockAccountService: "false" shouldMockRequestService: "false" - testQuotaBypassPercentage: "0" + fullNodeTimeoutMs: 10000 tracing: enabled: true endpoint: "http://grafana-agent.monitoring:14268/api/traces" @@ -51,11 +50,19 @@ image: tag: "odis-signer-3.1.1" imagePullSecrets: [] ingress: - annotations: {} - className: nginx - enabled: false - hosts: [] - tls: [] + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: odis-signer2-staging.integration-tests.celo-networks-dev.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: odis-signer2-staging.integration-tests.celo-networks-dev.org-tls + hosts: + - odis-signer2-staging.integration-tests.celo-networks-dev.org livenessProbe: {} nameOverride: "" nodeSelector: {}