Skip to content

Commit

Permalink
Merge pull request #300 from helium/feat/cloudflare-prod
Browse files Browse the repository at this point in the history
Updating web-prod to use Cloudflare
  • Loading branch information
deasydoesit authored Jan 10, 2024
2 parents 4009767 + 32d4ce2 commit 55fd68b
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 9 deletions.
18 changes: 14 additions & 4 deletions manifests/web-cluster/prod/helium/entity-invalidator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 3
backoffLimit: 10
template:
metadata:
labels:
Expand All @@ -21,7 +21,7 @@ spec:
serviceAccountName: invalidation-role
containers:
- name: entity-invalidator
image: public.ecr.aws/v0j6k5v6/entity-invalidator:0.0.7
image: public.ecr.aws/v0j6k5v6/entity-invalidator:0.0.8
imagePullPolicy: IfNotPresent
env:
- name: PGHOST
Expand All @@ -36,5 +36,15 @@ spec:
value: monitoring
- name: PGSSLMODE
value: no-verify
- name: CLOUDFRONT_DISTRIBUTION
value: EO5ODEGCJ6FK
- name: DOMAIN
value: https://entities.nft.helium.io
- name: CLOUDFLARE_API_TOKEN
valueFrom:
secretKeyRef:
name: cloudflare-secrets
key: CLOUDFLARE_API_TOKEN
- name: CLOUDFLARE_ZONE_ID
valueFrom:
secretKeyRef:
name: cloudflare-secrets
key: CLOUDFLARE_ZONE_ID
7 changes: 3 additions & 4 deletions manifests/web-cluster/prod/helium/metadata.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
serviceAccountName: public-monitoring-rds-read-replica-monitoring-user-access
containers:
- name: metadata
image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.25
image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.29
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8081
Expand Down Expand Up @@ -98,8 +98,7 @@ metadata:
annotations:
nginx.ingress.kubernetes.io/limit-rps: "50"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "50"
external-dns.alpha.kubernetes.io/hostname: "d2sqvm859jhkhq.cloudfront.net"
external-dns.alpha.kubernetes.io/ingress-hostname-source: "annotation-only"
external-dns.alpha.kubernetes.io/exclude: "true" # Tell external-dns not to manage DNS for metadata ingress since it's being handled out of band in Cloudflare
spec:
ingressClassName: nginx
rules:
Expand All @@ -124,7 +123,7 @@ spec:
apiVersion: apps/v1
kind: Deployment
name: metadata
minReplicas: 2
minReplicas: 4
maxReplicas: 15
metrics:
- type: Resource
Expand Down
16 changes: 16 additions & 0 deletions manifests/web-cluster/prod/helium/sealed-cloudflare-secrets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cloudflare-secrets
namespace: helium
spec:
encryptedData:
CLOUDFLARE_API_TOKEN: AgAj97/MLN+98MR9ucSoeLP1PGnGJYI7s2xlbb6cU0Gd5nx6sphDvxY0Y5kv9MiIkwDkN76dfXyqPulQSObB+1RLErMRr72230cQWVzZeLokO0HRupP9jDVkVB3OoK/G0NCwbM7kNz9K88hdVXXI1ujo+wBMhTsede+EKbj5mgYTrYVnlQG7suGaT8BPqRJUnYfcHnmbymJmE5E9RQILoTZPOCKgXwLIs7d2Azzg0OmR2eTYdtKMa6xYb4yEbtRao5se9MKi4tXukA6/1eA04LidfmbOcpTbkVLJDKCVmO98j6TGUjHZLKKOIIRZax5Y9LvaGc2eA4f4+nJh7mZGPwWccyLELYr5L/VwZr4g6FCbRtGewa9+wH6cT+rH3C8AjiJvPAyatZjx6skovN81Bh+cUS4nmB4Yt4Zdto26rr5n7yBz9S/XahRl/eMf96XY44leeQ1MzJzNohMuFFU7guqB50qpEPsfZGez4aN7ljSH7nivUPAGI6mq+YclqxS2zkTOZZUsaO0rNfOzOVZtJezyl27TsprkjJmcgMIS/xyfst4sxkDzPBoEaaAZXNOb3ZQQjh/CIMUSfXS0RNZNMIByFMG0J5G8NIyivohU3DjjrqkPmIvdMqHK/hydofKJnSUwsSvMIc8KG2JGeOpvlhRc70LNfrzelPyT0Z/RCvqR2DUoG2CSB2tA+cT02JKaNkc10SC2jPdfgBeIIAAxlHtfFZiv7372oEKBJefnkpm+/iNFr0svYSRg
CLOUDFLARE_ZONE_ID: AgA1+j7amtBq5eVvxXwkFfFPm93upKxViJZIoGdfcn8g9QMIAP0dg5LhXG/AyXGiNyik2Pwviapa4YPn7D1N5IKaYIHcyI4Xt9GrFEvRl5BpZQvZzpVl88EXpJTwuFZZEPa/2CUGRYM/tBE3XmH3wyGG3k98u7gW/1bjrOGsHYlMrWK4T53c1qM3mI5aBIXmomL3Y61SvE3fAbKxsDoyRFX4tghK42Fcd3qgDnnv+Fm4usU/ZUo8Kx7KOE2QZAAN9WETbPXeq/X38lssObTKQ+tRMEn+aNK0rtmP8DGpLXfs5BThnqpGiIlKHqIsyHW32JB4bqnal6/KfsmunDrm7l9zS7hYerEWkoT9NksdOQhb7uhgJS0gheFnsmv7OXNONlW6hQ2g/U+Ui4hfpcy43yK7/ZHhIUBhs+GHENP65unn/7x0g63NQjk3YOq7uwVbN1/RpNcXg8m7j/nFlSQ3ZJ8ayMtv7OXjcbAfDOpbJa/aeL9Qnd9ef9nolDsYbr590Po6n++TgIepUvC4US8OH+yX/3JS6Zhmp78DTPGaQfKj60+OwxDb90XdD2QSr9BaBVPkJHx/v+wC8eF34yUiScd40j9ytGyj7uRvUestkCSXGLxa4Gw66IIZQVnKhKiCXkyijt2T2vAcDM+B7dlRXcupKwXMiLP8r5iF7c0PvspVSMwZMfN9hZike2DbtKIATCzsjUh28zrzLS6NcpUGKswvY+WIFNfTH/LELdnaOSuUUg==
template:
metadata:
creationTimestamp: null
name: cloudflare-secrets
namespace: helium
type: Opaque
2 changes: 1 addition & 1 deletion manifests/web-cluster/sdlc/helium/entity-invalidator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 3
backoffLimit: 10
template:
metadata:
labels:
Expand Down

0 comments on commit 55fd68b

Please sign in to comment.