Skip to content

Commit

Permalink
Prep for CRIB (#11418)
Browse files Browse the repository at this point in the history 
* Make CICD work with new ECRs (#495)

* Fix ECR and publish on PRs (#496)

* Remove test file

* Add mockserver to helm chart dependency

* Add default values file

* Add security contexts

* Fix ref to values

* Use head SHA instead of commit SHA for image tagging

* Use emptyDir mount for postgres to resolve perm issues

* Fix volume mounts on postgres

* Fix /tmp writes and mount /tmp emptyDir

* Remove custom uid

* Run as same uid as postgres

* Test DOCKER_METADATA_PR_HEAD_SHA disable for root image

* Upgrade docker metadata action

* Do a full clone

* Avoid emptyDir mounts and update gid

* Use head SHA when on a PR as default input

* Downgrade metata action to latest on prev major

* Override sha tag with HEAD value

* Remove old sha tag default

* Attempt to fix sha tag

* Fix syntax error

* Remove DOCKER_METADATA_PR_HEAD_SHA env

* Refactor shared var output

* Revert "Refactor shared var output"

This reverts commit 2362fe6473974d4723cf5294cccec7090ab07a0f.

* Revert "Remove DOCKER_METADATA_PR_HEAD_SHA env"

This reverts commit a7bd01e544ad97603147ccb33576e8006056e930.

* Try to make things work again

* Set the host to localhost for K8s

* Add user to pg_isready

* Make securityContext container specific

* Create init container to create /clroot

* Fix volumes

* Add security context to init container

* Skip the chown

* Remove init container

* Breakout DB into its own deployment and service

* Fix typo

* Update localhost to db service dns

* Fix path to script

* Change geth /root path to /app

* Create emptyDir volume for geth devchain dir

* Remove full clone

* Add correct inputs to mockserver

* merge with develop

* cleanup & verify

* Add fixes for /chainlink

* Remove unused env var

* Set back to hardcoded repo name

* Reset values back to pre rebase changes

* Remove mockserver templates in favor of subchart

* fix connect.toml and rename mockserver connection

* Backout triggering on PR

* Create new build-publish workflow for chainlink-untrusted (from PR)

* Reset workflow back

* Make step name accurate

---------

Co-authored-by: skudasov <f4hrenh9it@gmail.com>
  • Loading branch information
@chainchad @skudasov
chainchad and skudasov authored Dec 1, 2023
1 parent e140618 commit bb03a45
Show file tree
Hide file tree
Showing 20 changed files with 554 additions and 349 deletions.
12 changes: 8 additions & 4 deletions .github/actions/build-sign-publish-chainlink/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ inputs:
required: false
git-commit-sha:
description: Git commit SHA used as metadata when building the application (appears in logs)
default: ${{ github.sha }}
default: ${{ github.event.pull_request.head.sha || github.sha }}
required: false
aws-role-to-assume:
description: The AWS role to assume as the CD user, if any. Used in configuring the docker/login-action
Expand Down Expand Up @@ -73,7 +73,7 @@ runs:
using: composite
steps:
- name: Set shared variables
shell: sh
shell: bash
# See https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#multiline-strings
run: |
SHARED_IMAGES=${{ inputs.ecr-hostname }}/${{ inputs.ecr-image-name }}
Expand Down Expand Up @@ -122,7 +122,9 @@ runs:

- name: Generate docker metadata for root image
id: meta-root
uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.4
uses: docker/metadata-action@2c0bd771b40637d97bf205cbccdd294a32112176 # v4.5.0
env:
DOCKER_METADATA_PR_HEAD_SHA: "true"
with:
# list of Docker images to use as base name for tags
images: ${{ env.shared-images }}
Expand Down Expand Up @@ -164,7 +166,9 @@ runs:
- name: Generate docker metadata for non-root image
id: meta-nonroot
uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.4
uses: docker/metadata-action@2c0bd771b40637d97bf205cbccdd294a32112176 # v4.5.0
env:
DOCKER_METADATA_PR_HEAD_SHA: "true"
with:
flavor: |
latest=auto
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/automation-ondemand-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
pull-requests: write
id-token: write
contents: read
needs: [ build-chainlink, build-test-image ]
needs: [build-chainlink, build-test-image]
env:
CHAINLINK_COMMIT_SHA: ${{ github.sha }}
CHAINLINK_ENV_USER: ${{ github.actor }}
Expand Down
44 changes: 44 additions & 0 deletions .github/workflows/build-publish-pr.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: "Build and Publish from PR"

##
# This workflow builds and publishes a Docker image for Chainlink from a PR.
# It doesn't use an environment, has its own special IAM role, does not sign
# the image, and publishes to a special ECR repo.
##

on:
pull_request:

jobs:
build-publish-untrusted:
if: ${{ ! startsWith(github.ref_name, 'release/') }}
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Build and publish chainlink image
uses: ./.github/actions/build-sign-publish-chainlink
with:
publish: true
aws-role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS_DEFAULT }}
aws-region: ${{ secrets.AWS_REGION }}
sign-images: false
ecr-hostname: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
ecr-image-name: chainlink-untrusted
dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}

- name: Collect Metrics
if: always()
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d1618b772a97fd87e6505de97b872ee0b1f1729a # v2.0.2
with:
basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_CLOUD_HOST }}
this-job-name: build-publish-untrusted
continue-on-error: true
7 changes: 6 additions & 1 deletion charts/chainlink-cluster/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,9 @@ apiVersion: v1
name: chainlink-cluster
description: Chainlink nodes cluster
version: 0.1.3
appVersion: '2.6.0'
appVersion: "2.6.0"
dependencies:
- name: mockserver
version: "5.14.0"
repository: "@mockserver"
condition: mockserver.enabled
6 changes: 3 additions & 3 deletions charts/chainlink-cluster/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,10 +74,10 @@ After that all the changes will be synced automatically
Check `.profiles` to understand what is uploaded in profiles `runner` and `node`

# Helm
If you would like to use `helm` directly, please uncomment data in `values-raw-helm.yaml`
If you would like to use `helm` directly, please uncomment data in `values.yaml`
## Install from local files
```
helm install -f values-raw-helm.yaml cl-cluster .
helm install -f values.yaml cl-cluster .
```
Forward all apps (in another terminal)
```
Expand All @@ -99,7 +99,7 @@ kubectl config set-context --current --namespace cl-cluster

Install
```
helm install -f values-raw-helm.yaml cl-cluster chainlink-cluster/chainlink-cluster --version v0.1.2
helm install -f values.yaml cl-cluster .
```

## Create a new release
Expand Down
2 changes: 1 addition & 1 deletion charts/chainlink-cluster/connect.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ cl_node_url_template = "http://app-node-%d:6688"
cl_node_internal_dns_record_template = "app-node-%d"
cl_node_user = "notreal@fakeemail.ch"
cl_node_password = "fj293fbBnlQ!f9vNs"
mockserver_url = "http://app-mockserver:1080"
mockserver_url = "http://mockserver:1080"
42 changes: 0 additions & 42 deletions charts/chainlink-cluster/dashboard/dashboard.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,48 +350,6 @@ func (m *CLClusterDashboard) generate() error {
),
),
),
// logs
dashboard.Row(
"Logs",
row.Collapse(),
row.WithTimeSeries(
"Log Counters",
timeseries.Span(12),
timeseries.Height("200px"),
timeseries.DataSource(m.PrometheusDataSourceName),
timeseries.WithPrometheusTarget(
`log_panic_count{namespace="${namespace}"}`,
prometheus.Legend("{{pod}} - panic"),
),
timeseries.WithPrometheusTarget(
`log_fatal_count{namespace="${namespace}"}`,
prometheus.Legend("{{pod}} - fatal"),
),
timeseries.WithPrometheusTarget(
`log_critical_count{namespace="${namespace}"}`,
prometheus.Legend("{{pod}} - critical"),
),
timeseries.WithPrometheusTarget(
`log_warn_count{namespace="${namespace}"}`,
prometheus.Legend("{{pod}} - warn"),
),
timeseries.WithPrometheusTarget(
`log_error_count{namespace="${namespace}"}`,
prometheus.Legend("{{pod}} - error"),
),
),
m.logsRowOption("All errors", `
{namespace="${namespace}", app="app", container="node"}
| json
| level="error"
| line_format "{{ .instance }} {{ .level }} {{ .ts }} {{ .logger }} {{ .caller }} {{ .msg }} {{ .version }} {{ .nodeTier }} {{ .nodeName }} {{ .node }} {{ .evmChainID }} {{ .nodeOrder }} {{ .mode }} {{ .nodeState }} {{ .sentryEventID }} {{ .stacktrace }}"`),
m.logsRowOption("Node 1", `{namespace="${namespace}", app="app", instance="node-1", container="node"}`),
m.logsRowOption("Node 2", `{namespace="${namespace}", app="app", instance="node-2", container="node"}`),
m.logsRowOption("Node 3", `{namespace="${namespace}", app="app", instance="node-3", container="node"}`),
m.logsRowOption("Node 4", `{namespace="${namespace}", app="app", instance="node-4", container="node"}`),
m.logsRowOption("Node 5", `{namespace="${namespace}", app="app", instance="node-5", container="node"}`),
m.logsRowOption("Node 6", `{namespace="${namespace}", app="app", instance="node-6", container="node"}`),
),
// HeadTracker
dashboard.Row("Head tracker",
row.Collapse(),
Expand Down
180 changes: 162 additions & 18 deletions charts/chainlink-cluster/devspace.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,26 +40,56 @@ deployments:
# they can be defined the same way in values.yml
# devspace merging this "values" and "values.yml" before deploy
values:
runner:
image: ${DEVSPACE_IMAGE}
stateful: false
geth:
version: v1.12.0
wsrpc-port: 8546
httprpc-port: 8544
networkid: 1337
blocktime: 1
mockserver:
port: 1080
db:
stateful: false
podSecurityContext:
fsGroup: 999

chainlink:
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 14933
runAsGroup: 999
web_port: 6688
p2p_port: 6690
nodes:
- name: node-1
image: ${DEVSPACE_IMAGE}
version: latest
# override default config per node
# for example, use OCRv2 P2P setup, the whole config
# toml: |
# RootDir = './clroot'
# [Log]
# JSONConsole = true
# Level = 'debug'
# [WebServer]
# AllowOrigins = '*'
# SecureCookies = false
# SessionTimeout = '999h0m0s'
# [OCR2]
# Enabled = true
# [P2P]
# [P2P.V2]
# Enabled = false
# AnnounceAddresses = []
# DefaultBootstrappers = []
# DeltaDial = '15s'
# DeltaReconcile = '1m0s'
# ListenAddresses = []
# [[EVM]]
# ChainID = '1337'
# MinContractPayment = '0'
# [[EVM.Nodes]]
# Name = 'node-0'
# WSURL = 'ws://geth:8546'
# HTTPURL = 'http://geth:8544'
# [WebServer.TLS]
# HTTPSPort = 0
# or use overridesToml to override some part of configuration
# overridesToml: |
- name: node-2
image: ${DEVSPACE_IMAGE}
version: latest
Expand All @@ -75,11 +105,125 @@ deployments:
- name: node-6
image: ${DEVSPACE_IMAGE}
version: latest
prometheusMonitor: "true"
podAnnotations: { }
nodeSelector: { }
tolerations: [ ]
affinity: { }
resources:
requests:
cpu: 350m
memory: 1024Mi
limits:
cpu: 350m
memory: 1024Mi

# each CL node have a dedicated PostgreSQL 11.15
# use StatefulSet by setting:
#
# stateful: true
# capacity 10Gi
#
# if you are running long tests
db:
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
stateful: false
resources:
requests:
cpu: 1
memory: 1024Mi
limits:
cpu: 1
memory: 1024Mi
# default cluster shipped with latest Geth ( dev mode by default )
geth:
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
version: v1.12.0
wsrpc-port: 8546
httprpc-port: 8544
networkid: 1337
blocktime: 1
resources:
requests:
cpu: 1
memory: 1024Mi
limits:
cpu: 1
memory: 1024Mi
# mockserver is https://www.mock-server.com/where/kubernetes.html
# used to stub External Adapters
mockserver:
# image: "mockserver/mockserver"
# version: "mockserver-5.15.0"
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
enabled: true
releasenameOverride: mockserver
app:
runAsUser: 999
readOnlyRootFilesystem: false
port: 1080
resources:
requests:
cpu: 1
memory: 1024Mi
limits:
cpu: 1
memory: 1024Mi
runner:
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
stateful: false
resources:
requests:
cpu: 1
memory: 512Mi
limits:
cpu: 1
memory: 512Mi
affinity: { }
tolerations: [ ]
nodeSelector: { }
ingress:
enabled: false
className: ""
hosts: [ ]
tls: [ ]
annotations: { }
service:
type: NodePort
port: 8080


# monitoring.coreos.com/v1 PodMonitor for each node
prometheusMonitor: true

# deployment placement, standard helm stuff
podAnnotations:
nodeSelector:
tolerations:
affinity:

profiles:
# this replaces only "runner" pod, usable when you'd like to run some system level tests inside k8s
Expand Down
Loading

0 comments on commit bb03a45

Please sign in to comment.