From 338e6e57e1ac8d2ccd5b2698153cc2fb216f0765 Mon Sep 17 00:00:00 2001 From: Darwin Rinderer Date: Wed, 8 Nov 2023 14:24:32 -0500 Subject: [PATCH 1/2] Adding cloudfront config to prod --- ...tadata-cloudfront-invalidation-action.yaml | 28 +++++++++++++ ...adata-cloudfront-invalidation-action.yaml} | 0 .../helium/account-postgres-sink-service.yaml | 7 +++- .../prod/helium/entity-invalidator.yaml | 42 +++++++++++++++++++ .../web-cluster/prod/helium/metadata.yaml | 11 +++-- .../web-cluster/sdlc/helium/metadata.yaml | 2 +- 6 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/web-prod-metadata-cloudfront-invalidation-action.yaml rename .github/workflows/{web-metadata-cloudfront-invalidation-action.yaml => web-sdlc-metadata-cloudfront-invalidation-action.yaml} (100%) create mode 100644 manifests/web-cluster/prod/helium/entity-invalidator.yaml diff --git a/.github/workflows/web-prod-metadata-cloudfront-invalidation-action.yaml b/.github/workflows/web-prod-metadata-cloudfront-invalidation-action.yaml new file mode 100644 index 00000000..9fd5f922 --- /dev/null +++ b/.github/workflows/web-prod-metadata-cloudfront-invalidation-action.yaml @@ -0,0 +1,28 @@ +name: Invalidate CloudFront Distribution + +on: + push: + branches: + - main + paths: + - 'manifests/web-cluster/prod/helium/metadata.yaml' + +jobs: + cloudfront-invalidation: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Invalidate CloudFront distribution + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_WEB_PROD_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_WEB_PROD_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Create CloudFront Invalidation + run: | + DISTRIBUTION_ID=${{ secrets.AWS_WEB_PROD_CLOUDFRONT_DISTRIBUTION_ID }} + + aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths "/*" diff --git a/.github/workflows/web-metadata-cloudfront-invalidation-action.yaml b/.github/workflows/web-sdlc-metadata-cloudfront-invalidation-action.yaml similarity index 100% rename from .github/workflows/web-metadata-cloudfront-invalidation-action.yaml rename to .github/workflows/web-sdlc-metadata-cloudfront-invalidation-action.yaml diff --git a/manifests/web-cluster/prod/helium/account-postgres-sink-service.yaml b/manifests/web-cluster/prod/helium/account-postgres-sink-service.yaml index 309f43c3..53f1b9ec 100644 --- a/manifests/web-cluster/prod/helium/account-postgres-sink-service.yaml +++ b/manifests/web-cluster/prod/helium/account-postgres-sink-service.yaml @@ -122,6 +122,11 @@ data: { "type": "RecipientV0", "table": "recipients", "schema": "public" } ] } + ], + "indexConfigs": [ + "CREATE UNIQUE INDEX IF NOT EXISTS key_to_asset_asset_index ON key_to_assets(asset);", + "CREATE UNIQUE INDEX IF NOT EXISTS iot_hotspot_infos_asset_index ON iot_hotspot_infos(asset);", + "CREATE UNIQUE INDEX IF NOT EXISTS mobile_hotspot_infos_asset_index ON mobile_hotspot_infos(asset);" ] } --- @@ -146,7 +151,7 @@ spec: serviceAccountName: public-monitoring-rds-monitoring-user-access containers: - name: account-postgres-sink-service - image: public.ecr.aws/v0j6k5v6/account-postgres-sink-service:0.0.62 + image: public.ecr.aws/v0j6k5v6/account-postgres-sink-service:0.0.63 imagePullPolicy: IfNotPresent ports: - containerPort: 3000 diff --git a/manifests/web-cluster/prod/helium/entity-invalidator.yaml b/manifests/web-cluster/prod/helium/entity-invalidator.yaml new file mode 100644 index 00000000..107bd46b --- /dev/null +++ b/manifests/web-cluster/prod/helium/entity-invalidator.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: entity-invalidator + namespace: helium +spec: + schedule: "0 2 * * *" + concurrencyPolicy: "Forbid" + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + backoffLimit: 3 + template: + metadata: + labels: + app: 'entity-invalidator' + security-group: public-rds-access + spec: + restartPolicy: OnFailure + serviceAccountName: invalidation-role + containers: + - name: entity-invalidator + image: public.ecr.aws/v0j6k5v6/entity-invalidator:0.0.4 + imagePullPolicy: IfNotPresent + env: + - name: PGHOST + value: monitoring-rds-read-replica.cbhihwhsofyu.us-west-2.rds.amazonaws.com + - name: PGPORT + value: "5432" + - name: PGUSER + value: monitoring + - name: AWS_REGION + value: us-west-2 + - name: PGDATABASE + value: monitoring + - name: PGSSLMODE + value: no-verify + - name: CLOUDFRONT_DISTRIBUTION + value: EO5ODEGCJ6FK + - name: DOMAIN + value: entities.nft.helium.io diff --git a/manifests/web-cluster/prod/helium/metadata.yaml b/manifests/web-cluster/prod/helium/metadata.yaml index 7e47025e..46df9b66 100644 --- a/manifests/web-cluster/prod/helium/metadata.yaml +++ b/manifests/web-cluster/prod/helium/metadata.yaml @@ -15,10 +15,10 @@ spec: app: metadata security-group: public-rds-access spec: - serviceAccountName: public-monitoring-rds-monitoring-user-access + serviceAccountName: public-monitoring-rds-read-replica-monitoring-user-access containers: - name: metadata - image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.20 + image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.21 imagePullPolicy: IfNotPresent ports: - containerPort: 8081 @@ -38,7 +38,7 @@ spec: name: globals key: solana_url - name: PGHOST - value: monitoring-rds.cbhihwhsofyu.us-west-2.rds.amazonaws.com + value: monitoring-rds-read-replica.cbhihwhsofyu.us-west-2.rds.amazonaws.com - name: PGPORT value: "5432" - name: PGUSER @@ -69,9 +69,10 @@ spec: timeoutSeconds: 1 resources: requests: - cpu: 250m + cpu: 750m memory: 500Mi limits: + cpu: 1000m memory: 750Mi --- apiVersion: v1 @@ -97,6 +98,8 @@ metadata: annotations: nginx.ingress.kubernetes.io/limit-rps: "10" nginx.ingress.kubernetes.io/limit-burst-multiplier: "10" + external-dns.alpha.kubernetes.io/hostname: "d2sqvm859jhkhq.cloudfront.net" + external-dns.alpha.kubernetes.io/ingress-hostname-source: "annotation-only" spec: ingressClassName: nginx rules: diff --git a/manifests/web-cluster/sdlc/helium/metadata.yaml b/manifests/web-cluster/sdlc/helium/metadata.yaml index 056cff0a..186d8d56 100644 --- a/manifests/web-cluster/sdlc/helium/metadata.yaml +++ b/manifests/web-cluster/sdlc/helium/metadata.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: public-monitoring-rds-read-replica-monitoring-user-access containers: - name: metadata - image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.20 + image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.21 imagePullPolicy: IfNotPresent ports: - containerPort: 8081 From 0f1b36a207c9c4f1ceb8d6c0fbf37bd7bc977732 Mon Sep 17 00:00:00 2001 From: Darwin Rinderer Date: Wed, 8 Nov 2023 14:34:36 -0500 Subject: [PATCH 2/2] Updating backoffLimit in prod entity-invalidator --- manifests/web-cluster/prod/helium/entity-invalidator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/web-cluster/prod/helium/entity-invalidator.yaml b/manifests/web-cluster/prod/helium/entity-invalidator.yaml index 107bd46b..a7a4e872 100644 --- a/manifests/web-cluster/prod/helium/entity-invalidator.yaml +++ b/manifests/web-cluster/prod/helium/entity-invalidator.yaml @@ -10,7 +10,7 @@ spec: failedJobsHistoryLimit: 3 jobTemplate: spec: - backoffLimit: 3 + backoffLimit: 10 template: metadata: labels: