diff --git a/.env.alfajores b/.env.alfajores index 5834819e647..efd219523eb 100644 --- a/.env.alfajores +++ b/.env.alfajores @@ -254,7 +254,7 @@ AZURE_ODIS_EASTUS_3_PROM_SIDECAR_GCP_REGION=us-east1 # --- Komenci --- KOMENCI_DOCKER_IMAGE_REPOSITORY="celotestnet.azurecr.io/komenci/komenci" -KOMENCI_DOCKER_IMAGE_TAG="f1119833e7ad90ad741b2b509a1ad4ac647799ff" +KOMENCI_DOCKER_IMAGE_TAG="08081d2d276a6fd0d420805f3bbe3866e866a63a" AZURE_KOMENCI_EASTUS_AZURE_KUBERNETES_RESOURCE_GROUP=staging-komenci-eastus AZURE_KOMENCI_EASTUS_KUBERNETES_CLUSTER_NAME=staging-komenci-eastus @@ -274,6 +274,16 @@ AZURE_KOMENCI_WESTEU_KOMENCI_DB_PORT=5432 AZURE_KOMENCI_WESTEU_KOMENCI_DB_USERNAME=postgres@staging-komenci-weu AZURE_KOMENCI_WESTEU_KOMENCI_DB_PASSWORD_VAULT_NAME=staging-komenci-weu +AZURE_KOMENCI_EASTUS_KOMENCI_REWARD_SERVICE_DB_HOST=staging-komenci-weu.postgres.database.azure.com +AZURE_KOMENCI_EASTUS_KOMENCI_REWARD_SERVICE_DB_PORT=5432 +AZURE_KOMENCI_EASTUS_KOMENCI_REWARD_SERVICE_DB_USERNAME=postgres@staging-komenci-weu +AZURE_KOMENCI_EASTUS_KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME=staging-komenci-weu + +AZURE_KOMENCI_WESTEU_KOMENCI_REWARD_SERVICE_DB_HOST=staging-komenci-weu.postgres.database.azure.com +AZURE_KOMENCI_WESTEU_KOMENCI_REWARD_SERVICE_DB_PORT=5432 +AZURE_KOMENCI_WESTEU_KOMENCI_REWARD_SERVICE_DB_USERNAME=postgres@staging-komenci-weu +AZURE_KOMENCI_WESTEU_KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME=staging-komenci-weu + # Secrets AZURE_KOMENCI_EASTUS_KOMENCI_APP_SECRETS_VAULT_NAME=staging-komenci-eus AZURE_KOMENCI_WESTEU_KOMENCI_APP_SECRETS_VAULT_NAME=staging-komenci-weu @@ -285,8 +295,15 @@ AZURE_KOMENCI_WESTEU_KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_ENABLED=true # Format should be a comma-separated sequence of: #
:: -AZURE_KOMENCI_EASTUS_KOMENCI_ADDRESS_AZURE_KEY_VAULTS=0x00454cac6dae53f8800f71395b9a174f07a784b1:staging-komenci-eus,0xc6f0f9bfb1aed83620ece3eac0add98a65a8574e:staging-komenci-eus,0xd7fc8227642bfab9aa927066e5952fece574f0d6:staging-komenci-eus,0x04a444af9a79b6784bcd57c50ba1e051ba536ed4:staging-komenci-eus,0xbb5932e6b6a588cd1c6764f50d1fe410e6a2d71e:staging-komenci-eus,0xc934bff63a0db800acdf7061eb5cc03211e7bccf:staging-komenci-eus,0x409832bd2d72017f12cfaa3d6dc0103767bb7e7e:staging-komenci-eus,0x75222b1aed66393fa43c6454000e097363d85c73:staging-komenci-eus,0xefbc10d42f77c778431043bd3a34b283f90f3979:staging-komenci-eus,0x70b69157973cd31dae5dc68ee1891b9eae379c42:staging-komenci-eus +AZURE_KOMENCI_EASTUS_KOMENCI_ADDRESS_AZURE_KEY_VAULTS=0x00454cac6dae53f8800f71395b9a174f07a784b1:staging-komenci-eus,0xc6f0f9bfb1aed83620ece3eac0add98a65a8574e:staging-komenci-eus AZURE_KOMENCI_WESTEU_KOMENCI_ADDRESS_AZURE_KEY_VAULTS=0x0f812be74511b90ea6b2f80e77bea047e69a0b2a:staging-komenci-weu,0xb354d3d2908ba6a2b791683b0f454a38f69cb282:staging-komenci-weu +AZURE_KOMENCI_EASTUS_KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS=0xb04390478a57e3c2147599d5380434f25fa5234d:staging-komenci-rewards +AZURE_KOMENCI_WESTEU_KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS=0xb04390478a57e3c2147599d5380434f25fa5234d:staging-komenci-rewards + +# Celo Rewards +AZURE_KOMENCI_EASTUS_KOMENCI_REWARD_SERVICE_INSTANCE_COUNT = 1 +AZURE_KOMENCI_WESTEU_KOMENCI_REWARD_SERVICE_INSTANCE_COUNT = 1 +KOMENCI_SHOULD_SEND_REWARDS=true # Network AZURE_KOMENCI_EASTUS_KOMENCI_NETWORK=alfajores diff --git a/.env.rc1 b/.env.rc1 index ef38cfd79f7..55a361fe824 100644 --- a/.env.rc1 +++ b/.env.rc1 @@ -467,7 +467,7 @@ AZURE_ODIS_BRAZILSOUTH_A_PROM_SIDECAR_GCP_REGION=southamerica-east1-a # --- Komenci --- KOMENCI_DOCKER_IMAGE_REPOSITORY="celotestnet.azurecr.io/komenci/komenci" -KOMENCI_DOCKER_IMAGE_TAG="f1119833e7ad90ad741b2b509a1ad4ac647799ff" +KOMENCI_DOCKER_IMAGE_TAG="e220c5610e196a1d674edde0f24be0d5eca30c00" AZURE_KOMENCI_SOUTHBR_AZURE_KUBERNETES_RESOURCE_GROUP=mainnet-komenci-brazil AZURE_KOMENCI_SOUTHBR_KUBERNETES_CLUSTER_NAME=mainnet-komenci-brazil @@ -493,6 +493,16 @@ AZURE_SEA_KOMENCI_DB_PORT=5432 AZURE_SEA_KOMENCI_DB_USERNAME=postgres@mainnet-komenci-southeastasia AZURE_SEA_KOMENCI_DB_PASSWORD_VAULT_NAME=mainnet-komenci-sea +AZURE_KOMENCI_SOUTHBR_KOMENCI_REWARD_SERVICE_DB_HOST=mainnet-komenci-brazil.postgres.database.azure.com +AZURE_KOMENCI_SOUTHBR_KOMENCI_REWARD_SERVICE_DB_PORT=5432 +AZURE_KOMENCI_SOUTHBR_KOMENCI_REWARD_SERVICE_DB_USERNAME=postgres@mainnet-komenci-brazil +AZURE_KOMENCI_SOUTHBR_KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME=mainnet-komenci-brazil + +AZURE_KOMENCI_SEA_KOMENCI_REWARD_SERVICE_DB_HOST=mainnet-komenci-brazil.postgres.database.azure.com +AZURE_KOMENCI_SEA_KOMENCI_REWARD_SERVICE_DB_PORT=5432 +AZURE_KOMENCI_SEA_KOMENCI_REWARD_SERVICE_DB_USERNAME=postgres@mainnet-komenci-brazil +AZURE_KOMENCI_SEA_KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME=mainnet-komenci-brazil + # App Secrets AZURE_KOMENCI_SOUTHBR_KOMENCI_APP_SECRETS_VAULT_NAME=mainnet-komenci-brazil AZURE_KOMENCI_SEA_KOMENCI_APP_SECRETS_VAULT_NAME=mainnet-komenci-sea @@ -507,13 +517,20 @@ AZURE_KOMENCI_SEA_KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_ENABLED=false #
:: AZURE_KOMENCI_SOUTHBR_KOMENCI_ADDRESS_AZURE_KEY_VAULTS=0x21888ae301658cdff7ce8c33cdf83a330a5e6273:mainnet-relayer0,0x1438128a2dcc645f0b9706350c1f5dad04845fe6:mainnet-relayer1,0x1e36bf42272a0693eba69332a6f623ce37694a27:mainnet-relayer2,0xd5afaaa7256c9eb86376c4214635dd56dffbd3a8:mainnet-relayer3,0xb09eba8bc1c8bedadd634a8219c0b09042170903:mainnet-relayer4 AZURE_KOMENCI_SEA_KOMENCI_ADDRESS_AZURE_KEY_VAULTS=0x85a1e716608a84f455d7e07befb76c9b540ac040:mainnet-relayer5,0x2a094e77acf3faebb63279eb60e26d144b9048a2:mainnet-relayer6,0x2f23f9a8f68294a9d6b479c3dbe3dff4de510ced:mainnet-relayer7,0x3db3150c1267d3adeb7f960f3eef11c1dd47a38b:mainnet-relayer8,0xe170915ce32bb8e2ce2a4fcd9113e5298a2e10d2:mainnet-relayer9 +AZURE_KOMENCI_SOUTHBR_KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS=0x198e0D8601AB509ABf1B0B99Fd8f234583Ef1309:mainnet-komenci-rewards0 +AZURE_KOMENCI_SEA_KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS=0xbDD68B64e288171B37F01346042BEe6Eb7dFAE4f:mainnet-komenci-rewards1 + +# Celo Rewards +AZURE_KOMENCI_SOUTHBR_KOMENCI_REWARD_SERVICE_INSTANCE_COUNT=1 +AZURE_KOMENCI_SEA_KOMENCI_REWARD_SERVICE_INSTANCE_COUNT=1 +KOMENCI_SHOULD_SEND_REWARDS=false # Network AZURE_KOMENCI_SOUTHBR_KOMENCI_NETWORK=rc1 AZURE_KOMENCI_SEA_KOMENCI_NETWORK=rc1 # For WalletConnect relay -WALLET_CONNECT_IMAGE_REPOSITORY = 'us.gcr.io/celo-testnet/walletconnect' -WALLET_CONNECT_IMAGE_TAG = '1472bcaad57e3746498f7a661c42ff5cf9acaf5a' -WALLET_CONNECT_REDIS_CLUSTER_ENABLED = false -WALLET_CONNECT_REDIS_CLUSTER_USEPASSWORD = false +WALLET_CONNECT_IMAGE_REPOSITORY='us.gcr.io/celo-testnet/walletconnect' +WALLET_CONNECT_IMAGE_TAG='1472bcaad57e3746498f7a661c42ff5cf9acaf5a' +WALLET_CONNECT_REDIS_CLUSTER_ENABLED=false +WALLET_CONNECT_REDIS_CLUSTER_USEPASSWORD=false diff --git a/packages/celotool/src/lib/env-utils.ts b/packages/celotool/src/lib/env-utils.ts index f1db64fd886..8035bc45c7a 100644 --- a/packages/celotool/src/lib/env-utils.ts +++ b/packages/celotool/src/lib/env-utils.ts @@ -84,6 +84,7 @@ export enum envVar { KOMENCI_DOCKER_IMAGE_REPOSITORY = 'KOMENCI_DOCKER_IMAGE_REPOSITORY', KOMENCI_DOCKER_IMAGE_TAG = 'KOMENCI_DOCKER_IMAGE_TAG', KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_TOKEN = 'KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_TOKEN', + KOMENCI_SHOULD_SEND_REWARDS = 'KOMENCI_SHOULD_SEND_REWARDS', KOMENCI_UNUSED_KOMENCI_ADDRESSES = 'KOMENCI_UNUSED_KOMENCI_ADDRESSES', KUBECONFIG = 'KUBECONFIG', KUBERNETES_CLUSTER_NAME = 'KUBERNETES_CLUSTER_NAME', @@ -194,10 +195,17 @@ export enum DynamicEnvVar { KUBERNETES_CLUSTER_NAME = '{{ context }}_KUBERNETES_CLUSTER_NAME', KOMENCI_ADDRESS_AZURE_KEY_VAULTS = '{{ context }}_KOMENCI_ADDRESS_AZURE_KEY_VAULTS', KOMENCI_ADDRESSES_FROM_MNEMONIC_COUNT = '{{ context }}_KOMENCI_ADDRESSES_FROM_MNEMONIC_COUNT', + KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS = '{{ context }}_KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS', + KOMENCI_FOUNDATION_REWARDS_ADDRESS_AZURE_KEY_VAULTS = '{{ context }}_KOMENCI_FOUNDATION_REWARDS_ADDRESS_AZURE_KEY_VAULTS', + KOMENCI_REWARD_SERVICE_INSTANCE_COUNT = '{{ context }}_KOMENCI_REWARD_SERVICE_INSTANCE_COUNT', KOMENCI_DB_HOST = '{{ context }}_KOMENCI_DB_HOST', KOMENCI_DB_PORT = '{{ context }}_KOMENCI_DB_PORT', KOMENCI_DB_USERNAME = '{{ context }}_KOMENCI_DB_USERNAME', KOMENCI_DB_PASSWORD_VAULT_NAME = '{{ context }}_KOMENCI_DB_PASSWORD_VAULT_NAME', + KOMENCI_REWARD_SERVICE_DB_HOST = '{{ context }}_KOMENCI_REWARD_SERVICE_DB_HOST', + KOMENCI_REWARD_SERVICE_DB_PORT = '{{ context }}_KOMENCI_REWARD_SERVICE_DB_PORT', + KOMENCI_REWARD_SERVICE_DB_USERNAME = '{{ context }}_KOMENCI_REWARD_SERVICE_DB_USERNAME', + KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME = '{{ context }}_KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME', KOMENCI_NETWORK = '{{ context }}_KOMENCI_NETWORK', KOMENCI_APP_SECRETS_VAULT_NAME = '{{ context }}_KOMENCI_APP_SECRETS_VAULT_NAME', KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_ENABLED = '{{ context }}_KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_ENABLED', diff --git a/packages/celotool/src/lib/komenci.ts b/packages/celotool/src/lib/komenci.ts index 0b8d378c04d..842a4d5bcff 100644 --- a/packages/celotool/src/lib/komenci.ts +++ b/packages/celotool/src/lib/komenci.ts @@ -43,7 +43,10 @@ interface KomenciIdentity { * Configuration of multiple relayers */ interface KomenciConfig { - identities: KomenciIdentity[] + relayerIdentities: KomenciIdentity[] + // TODO: For Signup rewards + // foundationRewardsIdentities: KomenciIdentity[] + cLabsRewardsIdentities: KomenciIdentity[] } interface KomenciKeyVaultIdentityConfig { @@ -54,6 +57,10 @@ interface KomenciMnemonicIdentityConfig { addressesFromMnemonicCount: string } +interface KomenciRewardServiceConfig { + instanceCount: number +} + interface KomenciDatabaseConfig { host: string port: string @@ -61,6 +68,11 @@ interface KomenciDatabaseConfig { passwordVaultName: string } +enum RewardType { + Foundation, + CeloLabs, +} + /** * Env vars corresponding to each value for the KomenciKeyVaultIdentityConfig for a particular context */ @@ -79,6 +91,33 @@ const contextKomenciMnemonicIdentityConfigDynamicEnvVars: { addressesFromMnemonicCount: DynamicEnvVar.KOMENCI_ADDRESSES_FROM_MNEMONIC_COUNT, } +/** + * Env vars corresponding to each value for the KomenciFoundationRewardsKeyVaultIdentityConfig for a particular context + */ +const contextKomenciFoundationRewardsKeyVaultIdentityConfigDynamicEnvVars: { + [k in keyof KomenciKeyVaultIdentityConfig]: DynamicEnvVar +} = { + addressAzureKeyVaults: DynamicEnvVar.KOMENCI_FOUNDATION_REWARDS_ADDRESS_AZURE_KEY_VAULTS, +} + +/** + * Env vars corresponding to each value for the KomenciCeloLabsRewardsKeyVaultIdentityConfig for a particular context + */ +const contextKomenciCeloLabsRewardsKeyVaultIdentityConfigDynamicEnvVars: { + [k in keyof KomenciKeyVaultIdentityConfig]: DynamicEnvVar +} = { + addressAzureKeyVaults: DynamicEnvVar.KOMENCI_CELOLABS_REWARDS_ADDRESS_AZURE_KEY_VAULTS, +} + +/** + * Env vars corresponding to each value for the KomenciCeloLabsRewardsKeyVaultIdentityConfig for a particular context + */ +const contextKomenciRewardsServiceConfigDynamicEnvVars: { + [k in keyof KomenciRewardServiceConfig]: DynamicEnvVar +} = { + instanceCount: DynamicEnvVar.KOMENCI_REWARD_SERVICE_INSTANCE_COUNT, +} + const contextDatabaseConfigDynamicEnvVars: { [k in keyof KomenciDatabaseConfig]: DynamicEnvVar } = { host: DynamicEnvVar.KOMENCI_DB_HOST, port: DynamicEnvVar.KOMENCI_DB_PORT, @@ -86,6 +125,15 @@ const contextDatabaseConfigDynamicEnvVars: { [k in keyof KomenciDatabaseConfig]: passwordVaultName: DynamicEnvVar.KOMENCI_DB_PASSWORD_VAULT_NAME, } +const contextRewardServiceDatabaseConfigDynamicEnvVars: { + [k in keyof KomenciDatabaseConfig]: DynamicEnvVar +} = { + host: DynamicEnvVar.KOMENCI_REWARD_SERVICE_DB_HOST, + port: DynamicEnvVar.KOMENCI_REWARD_SERVICE_DB_PORT, + username: DynamicEnvVar.KOMENCI_REWARD_SERVICE_DB_USERNAME, + passwordVaultName: DynamicEnvVar.KOMENCI_REWARD_SERVICE_DB_PASSWORD_VAULT_NAME, +} + function releaseName(celoEnv: string) { return `${celoEnv}-komenci` } @@ -118,7 +166,7 @@ export async function removeHelmRelease(celoEnv: string, context: string) { await removeGenericHelmChart(releaseName(celoEnv), celoEnv) await removeKomenciRBACHelmRelease(celoEnv) const komenciConfig = getKomenciConfig(context) - for (const identity of komenciConfig.identities) { + for (const identity of komenciConfig.relayerIdentities) { // If the identity is using Azure HSM signing, clean it up too if (identity.azureHsmIdentity) { await deleteAzureKeyVaultIdentity( @@ -145,10 +193,24 @@ async function getPasswordFromKeyVaultSecret(vaultName: string, secretName: stri async function helmParameters(celoEnv: string, context: string, useForno: boolean) { const komenciConfig = getKomenciConfig(context) - const replicas = komenciConfig.identities.length - const kubeServiceAccountSecretNames = await rbacServiceAccountSecretNames(celoEnv, replicas) + const onboardingRelayerCount = komenciConfig.relayerIdentities.length + const rewardsRelayerCount = komenciConfig.cLabsRewardsIdentities.length + const kubeServiceAccountSecretNames = await rbacServiceAccountSecretNames( + celoEnv, + '', + onboardingRelayerCount + ) + const kubeRewardsServiceAccountSecretNames = await rbacServiceAccountSecretNames( + celoEnv, + 'rewards-', + rewardsRelayerCount + ) const databaseConfig = getContextDynamicEnvVarValues(contextDatabaseConfigDynamicEnvVars, context) + const rewardDatabaseConfig = getContextDynamicEnvVarValues( + contextRewardServiceDatabaseConfigDynamicEnvVars, + context + ) const vars = getContextDynamicEnvVarValues( { network: DynamicEnvVar.KOMENCI_NETWORK, @@ -166,6 +228,10 @@ async function helmParameters(celoEnv: string, context: string, useForno: boolea databaseConfig.passwordVaultName, 'DB-PASSWORD' ) + const rewardDatabasePassword = await getPasswordFromKeyVaultSecret( + rewardDatabaseConfig.passwordVaultName, + 'DB-PASSWORD' + ) const recaptchaToken = await getPasswordFromKeyVaultSecret( vars.appSecretsKeyVault, 'RECAPTCHA-SECRET-KEY' @@ -174,6 +240,14 @@ async function helmParameters(celoEnv: string, context: string, useForno: boolea vars.appSecretsKeyVault, 'LOGGER-SERVICE-ACCOUNT' ) + const segmentApiKey = await getPasswordFromKeyVaultSecret( + vars.appSecretsKeyVault, + 'SEGMENT-API-KEY' + ) + const rewardServiceConfig = getContextDynamicEnvVarValues( + contextKomenciRewardsServiceConfigDynamicEnvVars, + context + ) const clusterConfig = getAksClusterConfig(context) return [ @@ -189,7 +263,7 @@ async function helmParameters(celoEnv: string, context: string, useForno: boolea `--set komenci.azureHsm.initTryCount=5`, `--set komenci.azureHsm.initMaxRetryBackoffMs=30000`, `--set onboarding.recaptchaToken=${recaptchaToken}`, - `--set onboarding.replicas=${replicas}`, + `--set onboarding.replicas=${onboardingRelayerCount}`, `--set onboarding.relayer.host=${celoEnv + '-relayer'}`, `--set onboarding.db.host=${databaseConfig.host}`, `--set onboarding.db.port=${databaseConfig.port}`, @@ -203,7 +277,7 @@ async function helmParameters(celoEnv: string, context: string, useForno: boolea `--set onboarding.ruleConfig.captcha.bypassToken=${fetchEnv( envVar.KOMENCI_RULE_CONFIG_CAPTCHA_BYPASS_TOKEN )}`, - `--set relayer.replicas=${replicas}`, + `--set relayer.replicas=${onboardingRelayerCount}`, `--set relayer.rpcProviderUrls.http=${httpRpcProviderUrl}`, `--set relayer.rpcProviderUrls.ws=${wsRpcProviderUrl}`, `--set relayer.metrics.enabled=true`, @@ -214,7 +288,35 @@ async function helmParameters(celoEnv: string, context: string, useForno: boolea ) .split(',') .join('\\,')}'`, - ].concat(await komenciIdentityHelmParameters(context, komenciConfig)) + `--set rewards.replicas=${rewardServiceConfig.instanceCount}`, + `--set rewards.db.host=${rewardDatabaseConfig.host}`, + `--set rewards.db.port=${rewardDatabaseConfig.port}`, + `--set rewards.db.username=${rewardDatabaseConfig.username}`, + `--set rewards.db.password=${rewardDatabasePassword}`, + `--set rewards.segmentApiKey=${segmentApiKey}`, + `--set rewards.shouldSendRewards=${fetchEnv(envVar.KOMENCI_SHOULD_SEND_REWARDS)}`, + `--set rewards.metrics.enabled=true`, + `--set rewards.metrics.prometheusPort=9090`, + `--set rewards.relayer.replicas=${rewardsRelayerCount}`, + `--set rewards.relayer.rpcProviderUrls.http=${httpRpcProviderUrl}`, + `--set rewards.relayer.rpcProviderUrls.ws=${wsRpcProviderUrl}`, + `--set rewards.relayer.metrics.enabled=true`, + `--set rewards.relayer.metrics.prometheusPort=9090`, + `--set rewards.relayer.host=${celoEnv + '-rewards-relayer'}`, + `--set kube.rewardsServiceAccountSecretNames='{${kubeRewardsServiceAccountSecretNames.join( + ',' + )}}'`, + ] + .concat( + await komenciIdentityHelmParameters(context, komenciConfig.relayerIdentities, 'relayer') + ) + .concat( + await komenciIdentityHelmParameters( + context, + komenciConfig.cLabsRewardsIdentities, + 'rewards.relayer' + ) + ) } function getPublicHostname(regionName: string, celoEnv: string): string { @@ -225,12 +327,16 @@ function getPublicHostname(regionName: string, celoEnv: string): string { * Returns an array of helm command line parameters for the komenci relayer identities. * Supports both private key and Azure HSM signing. */ -async function komenciIdentityHelmParameters(context: string, komenciConfig: KomenciConfig) { - const replicas = komenciConfig.identities.length +async function komenciIdentityHelmParameters( + context: string, + relayerIdentities: KomenciIdentity[], + envVarPrefix: string +) { + const replicas = relayerIdentities.length let params: string[] = [] for (let i = 0; i < replicas; i++) { - const komenciIdentity = komenciConfig.identities[i] - const prefix = `--set relayer.identities[${i}]` + const komenciIdentity = relayerIdentities[i] + const prefix = `--set ${envVarPrefix}.identities[${i}]` params.push(`${prefix}.address=${komenciIdentity.address}`) // An komenci identity can specify either a private key or some information // about an Azure Key Vault that houses an HSM with the address provided. @@ -259,11 +365,13 @@ async function komenciIdentityHelmParameters(context: string, komenciConfig: Kom } /** - * Gives a config for all komencis for a particular context + * Gives a config for all komenci services for a particular context */ function getKomenciConfig(context: string): KomenciConfig { return { - identities: getKomenciIdentities(context), + relayerIdentities: getKomenciRelayerIdentities(context), + cLabsRewardsIdentities: getKomenciRewardIdentities(context, RewardType.CeloLabs), + // foundationRewardsIdentities: getKomenciRewardIdentities(context, RewardType.Foundation), } } @@ -272,7 +380,7 @@ function getKomenciConfig(context: string): KomenciConfig { * the identities are created from that. Otherwise, the identities are created * with private keys generated by the mnemonic. */ -function getKomenciIdentities(context: string): KomenciIdentity[] { +function getKomenciRelayerIdentities(context: string): KomenciIdentity[] { const { addressAzureKeyVaults } = getContextDynamicEnvVarValues( contextKomenciKeyVaultIdentityConfigDynamicEnvVars, context, @@ -301,6 +409,25 @@ function getKomenciIdentities(context: string): KomenciIdentity[] { throw Error('No komenci identity env vars specified') } +/** + * Returns an array of komenci reward identities. The identities are created from the Azure Key Vault env var. + */ +function getKomenciRewardIdentities(context: string, rewardType: RewardType): KomenciIdentity[] { + const envVars = + rewardType === RewardType.Foundation + ? contextKomenciFoundationRewardsKeyVaultIdentityConfigDynamicEnvVars + : contextKomenciCeloLabsRewardsKeyVaultIdentityConfigDynamicEnvVars + const { addressAzureKeyVaults } = getContextDynamicEnvVarValues(envVars, context, { + addressAzureKeyVaults: '', + }) + + if (addressAzureKeyVaults) { + return getAzureHsmKomenciIdentities(addressAzureKeyVaults) + } + + throw Error('No komenci reward identity env vars specified') +} + /** * Given a string addressAzureKeyVaults of the form: *
:,
: @@ -359,7 +486,7 @@ function getKomenciAzureIdentityName(keyVaultName: string, address: string) { async function installKomenciRBACHelmChart(celoEnv: string, context: string) { return installGenericHelmChart( celoEnv, - rbacReleaseName(celoEnv), + rbacReleaseName(celoEnv, ''), rbacHelmChartPath, rbacHelmParameters(celoEnv, context) ) @@ -368,33 +495,42 @@ async function installKomenciRBACHelmChart(celoEnv: string, context: string) { async function upgradeKomenciRBACHelmChart(celoEnv: string, context: string) { return upgradeGenericHelmChart( celoEnv, - rbacReleaseName(celoEnv), + rbacReleaseName(celoEnv, ''), rbacHelmChartPath, rbacHelmParameters(celoEnv, context) ) } function removeKomenciRBACHelmRelease(celoEnv: string) { - return removeGenericHelmChart(rbacReleaseName(celoEnv), celoEnv) + return removeGenericHelmChart(rbacReleaseName(celoEnv, ''), celoEnv) } function rbacHelmParameters(celoEnv: string, context: string) { const komenciConfig = getKomenciConfig(context) console.info(komenciConfig) - const replicas = komenciConfig.identities.length - return [`--set environment.name=${celoEnv}`, `--set relayer.replicas=${replicas}`] + const relayerReplicas = komenciConfig.relayerIdentities.length + const rewardsRelayerReplicas = komenciConfig.cLabsRewardsIdentities.length + return [ + `--set environment.name=${celoEnv}`, + `--set relayer.replicas=${relayerReplicas}`, + `--set rewards.relayer.replicas=${rewardsRelayerReplicas}`, + ] } -function rbacReleaseName(celoEnv: string) { - return `${celoEnv}-komenci-rbac` +function rbacReleaseName(celoEnv: string, prefix: string) { + return `${celoEnv}-komenci-${prefix}rbac` } -async function rbacServiceAccountSecretNames(celoEnv: string, replicas: number) { - const names = [...Array(replicas).keys()].map((i) => `${rbacReleaseName(celoEnv)}-${i}`) +async function rbacServiceAccountSecretNames(celoEnv: string, prefix: string, replicas: number) { + const names = [...Array(replicas).keys()].map((i) => `${rbacReleaseName(celoEnv, prefix)}-${i}`) + let jsonSecretPath = '"{.items[*].secrets[0][\'name\']}"' + if (names.length === 1) { + jsonSecretPath = '"{.secrets[0][\'name\']}"' + } const [tokenName] = await execCmdWithExitOnFailure( `kubectl get serviceaccount --namespace=${celoEnv} ${names.join( ' ' - )} -o=jsonpath="{.items[*].secrets[0]['name']}"` + )} -o=jsonpath=${jsonSecretPath}` ) const tokenNames = tokenName.trim().split(' ') return tokenNames diff --git a/packages/helm-charts/komenci-rbac/templates/_helper.tpl b/packages/helm-charts/komenci-rbac/templates/_helper.tpl index 77f405b1bf6..1527741e2c3 100644 --- a/packages/helm-charts/komenci-rbac/templates/_helper.tpl +++ b/packages/helm-charts/komenci-rbac/templates/_helper.tpl @@ -5,3 +5,11 @@ {{- define "komenci-pod-name" -}} {{- .Values.environment.name -}}-relayer-{{- .index -}} {{- end -}} + +{{- define "rewards-name" -}} +{{- .Values.environment.name -}}-komenci-rewards-rbac-{{- .index -}} +{{- end -}} + +{{- define "komenci-rewards-pod-name" -}} +{{- .Values.environment.name -}}-rewards-relayer-{{- .index -}} +{{- end -}} \ No newline at end of file diff --git a/packages/helm-charts/komenci-rbac/templates/role.yaml b/packages/helm-charts/komenci-rbac/templates/role.yaml index dd4be55079b..df04f4e72b0 100644 --- a/packages/helm-charts/komenci-rbac/templates/role.yaml +++ b/packages/helm-charts/komenci-rbac/templates/role.yaml @@ -11,3 +11,17 @@ rules: verbs: ["get", "patch"] --- {{ end }} + +{{ range $index, $e := until (.Values.rewards.relayer.replicas | int) }} +{{- $index_counter := (dict "Values" $.Values "index" $index) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "rewards-name" $index_counter }} +rules: +- apiGroups: [""] + resources: ["pods"] + resourceNames: ["{{ template "komenci-rewards-pod-name" $index_counter }}"] + verbs: ["get", "patch"] +--- +{{ end }} diff --git a/packages/helm-charts/komenci-rbac/templates/rolebinding.yaml b/packages/helm-charts/komenci-rbac/templates/rolebinding.yaml index dbc187d2d87..f9ebfb24826 100644 --- a/packages/helm-charts/komenci-rbac/templates/rolebinding.yaml +++ b/packages/helm-charts/komenci-rbac/templates/rolebinding.yaml @@ -13,3 +13,19 @@ subjects: name: {{ template "name" $index_counter }} --- {{ end }} + +{{ range $index, $e := until (.Values.rewards.relayer.replicas | int) }} +{{- $index_counter := (dict "Values" $.Values "index" $index) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "rewards-name" $index_counter }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "rewards-name" $index_counter }} +subjects: +- kind: ServiceAccount + name: {{ template "rewards-name" $index_counter }} +--- +{{ end }} diff --git a/packages/helm-charts/komenci-rbac/templates/service-account.yaml b/packages/helm-charts/komenci-rbac/templates/service-account.yaml index 61cadbb621d..da8ea5730db 100644 --- a/packages/helm-charts/komenci-rbac/templates/service-account.yaml +++ b/packages/helm-charts/komenci-rbac/templates/service-account.yaml @@ -6,3 +6,12 @@ metadata: name: {{ template "name" $index_counter}} --- {{ end }} + +{{ range $index, $e := until (.Values.rewards.relayer.replicas | int) }} +{{- $index_counter := (dict "Values" $.Values "index" $index) -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "rewards-name" $index_counter}} +--- +{{ end }} diff --git a/packages/helm-charts/komenci/templates/_helpers.tpl b/packages/helm-charts/komenci/templates/_helpers.tpl index d92b63640d2..df8bc9c4a72 100644 --- a/packages/helm-charts/komenci/templates/_helpers.tpl +++ b/packages/helm-charts/komenci/templates/_helpers.tpl @@ -5,10 +5,18 @@ The name of the deployment {{- .Values.environment.name -}}-relayer {{- end -}} +{{- define "rewards-relayer-name" -}} +{{- .Values.environment.name -}}-rewards-relayer +{{- end -}} + {{- define "komenci-onboarding-fullname" -}} {{- .Values.environment.name -}}-onboarding {{- end -}} +{{- define "komenci-rewards-fullname" -}} +{{- .Values.environment.name -}}-rewards +{{- end -}} + {{/* Common labels that are recommended to be used by Helm and Kubernetes */}} @@ -41,6 +49,20 @@ Label specific to the komenci onboarding component app.kubernetes.io/component: komenci-onboarding {{- end -}} +{{/* +Label specific to the komenci rewards component +*/}} +{{- define "komenci-rewards-component-label" -}} +app.kubernetes.io/component: komenci-rewards +{{- end -}} + +{{/* +Label specific to the komenci rewards relayer component +*/}} +{{- define "komenci-rewards-relayer-component-label" -}} +app.kubernetes.io/component: komenci-rewards-relayer +{{- end -}} + {{/* The name of the azure identity binding for all relayers */}} @@ -49,8 +71,22 @@ The name of the azure identity binding for all relayers {{- end -}} {{/* -The name of the azure identity for all oracles +The name of the azure identity binding for all rewards relayers +*/}} +{{- define "azure-rewards-identity-binding-name" -}} +{{- with .dot -}}{{ template "rewards-relayer-name" . }}{{- end -}}-{{ .index }}-identity-binding +{{- end -}} + +{{/* +The name of the azure identity for all relayers */}} {{- define "azure-identity-name" -}} {{- with .dot -}}{{ template "name" . }}{{- end -}}-{{ .index }}-identity +{{- end -}} + +{{/* +The name of the azure identity for all rewards relayers +*/}} +{{- define "azure-rewards-identity-name" -}} +{{- with .dot -}}{{ template "rewards-relayer-name" . }}{{- end -}}-{{ .index }}-identity {{- end -}} \ No newline at end of file diff --git a/packages/helm-charts/komenci/templates/azure-identity-binding.yaml b/packages/helm-charts/komenci/templates/azure-identity-binding.yaml index 455ed7b1c49..6160db69102 100644 --- a/packages/helm-charts/komenci/templates/azure-identity-binding.yaml +++ b/packages/helm-charts/komenci/templates/azure-identity-binding.yaml @@ -10,3 +10,16 @@ spec: --- {{ end }} {{ end }} + +{{- range $index, $identity := .Values.rewards.relayer.identities -}} +{{ if (hasKey $identity "azure") }} +apiVersion: "aadpodidentity.k8s.io/v1" +kind: AzureIdentityBinding +metadata: + name: {{ template "azure-rewards-identity-binding-name" (dict "dot" $ "index" $index) }} +spec: + azureIdentity: {{ template "azure-rewards-identity-name" (dict "dot" $ "index" $index) }} + selector: {{ template "azure-rewards-identity-binding-name" (dict "dot" $ "index" $index) }} +--- +{{ end }} +{{ end }} diff --git a/packages/helm-charts/komenci/templates/azure-identity.yaml b/packages/helm-charts/komenci/templates/azure-identity.yaml index 69098472a2d..b93930624c4 100644 --- a/packages/helm-charts/komenci/templates/azure-identity.yaml +++ b/packages/helm-charts/komenci/templates/azure-identity.yaml @@ -13,3 +13,19 @@ spec: --- {{ end }} {{ end }} + +{{- range $index, $identity := .Values.rewards.relayer.identities -}} +{{ if (hasKey $identity "azure") }} +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentity +metadata: + name: {{ template "azure-rewards-identity-name" (dict "dot" $ "index" $index) }} + annotations: + aadpodidentity.k8s.io/Behavior: namespaced +spec: + type: 0 + resourceID: {{ $identity.azure.id }} + clientID: {{ $identity.azure.clientId }} +--- +{{ end }} +{{ end }} diff --git a/packages/helm-charts/komenci/templates/onboarding-deployment.yaml b/packages/helm-charts/komenci/templates/onboarding-deployment.yaml index b993754216c..fd6bf98290e 100644 --- a/packages/helm-charts/komenci/templates/onboarding-deployment.yaml +++ b/packages/helm-charts/komenci/templates/onboarding-deployment.yaml @@ -27,7 +27,7 @@ spec: - bash - "-c" - | - node dist/apps/onboarding/main.js + node packages/apps/api/dist/main.js resources: {{- toYaml .Values.onboarding.resources | nindent 12 }} env: diff --git a/packages/helm-charts/komenci/templates/onboarding-ingress.yaml b/packages/helm-charts/komenci/templates/onboarding-ingress.yaml index d5727df8f34..842c2870d60 100644 --- a/packages/helm-charts/komenci/templates/onboarding-ingress.yaml +++ b/packages/helm-charts/komenci/templates/onboarding-ingress.yaml @@ -14,7 +14,11 @@ spec: - host: {{ .Values.onboarding.publicHostname }} http: paths: + - path: /rewards + backend: + serviceName: {{ .Release.Namespace }}-rewards + servicePort: 3000 - path: / backend: serviceName: {{ .Release.Namespace }}-onboarding - servicePort: 3000 \ No newline at end of file + servicePort: 3000 diff --git a/packages/helm-charts/komenci/templates/pkey-secret.yaml b/packages/helm-charts/komenci/templates/pkey-secret.yaml deleted file mode 100644 index 48a3fde41bf..00000000000 --- a/packages/helm-charts/komenci/templates/pkey-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: pkey-secret - labels: -{{ include "labels" . | indent 4 }} -type: Opaque -data: -{{ range $index, $identity := .Values.relayer.identities }} -{{ if (hasKey $identity "privateKey") }} - private-key-{{ $index }}: {{ $identity.privateKey }} -{{ end }} -{{ end }} diff --git a/packages/helm-charts/komenci/templates/relayer-statefulset.yaml b/packages/helm-charts/komenci/templates/relayer-statefulset.yaml index 352bd5904fb..a6e9fd4dea9 100644 --- a/packages/helm-charts/komenci/templates/relayer-statefulset.yaml +++ b/packages/helm-charts/komenci/templates/relayer-statefulset.yaml @@ -104,7 +104,7 @@ spec: ADDRESSES={{- range $index, $identity := .Values.relayer.identities -}}{{ $identity.address }},{{- end }} export WALLET_ADDRESS=`echo -n $ADDRESSES | cut -d ',' -f $((RID + 1))` - node dist/apps/relayer/main.js + node packages/apps/relayer/dist/main.js env: - name: REPLICA_NAME valueFrom: @@ -133,11 +133,3 @@ spec: port: 3000 initialDelaySeconds: 15 periodSeconds: 20 - volumeMounts: - - name: private-key-volume - readOnly: true - mountPath: "/private-keys" - volumes: - - name: private-key-volume - secret: - secretName: pkey-secret diff --git a/packages/helm-charts/komenci/templates/rewards-deployment.yaml b/packages/helm-charts/komenci/templates/rewards-deployment.yaml new file mode 100644 index 00000000000..61f77c8d3b8 --- /dev/null +++ b/packages/helm-charts/komenci/templates/rewards-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "komenci-rewards-fullname" . }} + labels: +{{- include "komenci-rewards-component-label" . | nindent 4 }} +spec: + replicas: {{ .Values.rewards.replicaCount }} + selector: + matchLabels: + {{- include "komenci-rewards-component-label" . | nindent 6 }} + template: + metadata: + labels: +{{- include "komenci-rewards-component-label" . | nindent 8 }} + spec: + containers: + - name: komenci-rewards + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + ports: + - name: http + containerPort: 3000 + command: + - bash + - "-c" + - | + node packages/apps/rewards/dist/main.js + env: + - name: REPLICA_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +{{ include "common.env-var" (dict "name" "DB_HOST" "dict" .Values.rewards.db "value_name" "host" "optional" true) | indent 10 }} +{{ include "common.env-var" (dict "name" "DB_PORT" "dict" .Values.rewards.db "value_name" "port" "optional" true) | indent 10 }} +{{ include "common.env-var" (dict "name" "DB_USERNAME" "dict" .Values.rewards.db "value_name" "username") | indent 10 }} +{{ include "common.env-var" (dict "name" "DB_PASSWORD" "dict" .Values.rewards.db "value_name" "password") | indent 10 }} +{{ include "common.env-var" (dict "name" "DB_DATABASE" "dict" .Values.rewards.db "value_name" "database") | indent 10 }} +{{ include "common.env-var" (dict "name" "DB_SYNCHRONIZE" "dict" .Values.rewards.db "value_name" "synchronize") | indent 10 }} +{{ include "common.env-var" (dict "name" "DB_SSL" "dict" .Values.rewards.db "value_name" "ssl") | indent 10 }} +{{ include "common.env-var" (dict "name" "RELAYER_HOST" "dict" .Values.rewards.relayer "value_name" "host") | indent 10 }} +{{ include "common.env-var" (dict "name" "RELAYER_PORT" "dict" .Values.rewards.relayer "value_name" "port") | indent 10 }} +{{ include "common.env-var" (dict "name" "NETWORK" "dict" .Values.environment "value_name" "network") | indent 10 }} +{{ include "common.env-var" (dict "name" "SEGMENT_API_KEY" "dict" .Values.rewards "value_name" "segmentApiKey") | indent 10 }} +{{ include "common.env-var" (dict "name" "SHOULD_SEND_REWARDS" "dict" .Values.rewards "value_name" "shouldSendRewards") | indent 10 }} diff --git a/packages/helm-charts/komenci/templates/rewards-relayer-statefulset.yaml b/packages/helm-charts/komenci/templates/rewards-relayer-statefulset.yaml new file mode 100644 index 00000000000..70fc0e4a129 --- /dev/null +++ b/packages/helm-charts/komenci/templates/rewards-relayer-statefulset.yaml @@ -0,0 +1,128 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "rewards-relayer-name" . }} + labels: +{{ include "labels" . | indent 4 }} +{{ include "komenci-rewards-relayer-component-label" . | indent 4 }} +spec: + ports: + - name: http + port: 3000 + clusterIP: None + selector: +{{ include "komenci-rewards-relayer-component-label" . | indent 4 }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "rewards-relayer-name" . }} + labels: +{{ include "labels" . | indent 4 }} +{{ include "komenci-rewards-relayer-component-label" . | indent 4 }} +spec: + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + replicas: {{ .Values.rewards.relayer.replicas }} + serviceName: relayer + selector: + matchLabels: +{{ include "labels" . | indent 6 }} +{{ include "komenci-rewards-relayer-component-label" . | indent 6 }} + template: + metadata: + labels: +{{ include "labels" . | indent 8 }} +{{ include "komenci-rewards-relayer-component-label" . | indent 8 }} + annotations: +{{ if .Values.rewards.relayer.metrics.enabled }} +{{ include "metric-annotations" . | indent 8 }} +{{ end }} + spec: + initContainers: + - name: set-label + image: {{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} + command: + - /bin/bash + - -c + args: + - | + RID=${POD_NAME##*-} + TOKEN_ENV_VAR_NAME="TOKEN_$RID" + kubectl \ + --namespace "$POD_NAMESPACE" \ + --server="https://kubernetes.default.svc" \ + --token="${!TOKEN_ENV_VAR_NAME}" \ + --certificate-authority="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" \ + label pod "$POD_NAME" \ + --overwrite \ + "aadpodidbinding=$POD_NAME-identity-binding" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{ range $index, $e := .Values.kube.rewardsServiceAccountSecretNames }} + - name: TOKEN_{{ $index }} + valueFrom: + secretKeyRef: + key: token + name: {{ $e }} + {{ end }} + containers: + - name: komenci-rewards-relayer + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + ports: + - name: prometheus + containerPort: {{ .Values.rewards.relayer.metrics.prometheusPort }} + - name: relayer + containerPort: 3000 + command: + - bash + - "-c" + - | + [[ $REPLICA_NAME =~ -([0-9]+)$ ]] || exit 1 + RID=${BASH_REMATCH[1]} + + # Get the correct key vault name. If this relayer's identity is not + # using Azure HSM signing, the key vault name will be empty and ignored + AZURE_KEY_VAULT_NAMES={{- range $index, $identity := .Values.rewards.relayer.identities -}}{{- if (hasKey $identity "azure" ) -}}{{ $identity.azure.keyVaultName | default "" }}{{- end }},{{- end }} + export AZURE_KEY_NAME=`echo -n $AZURE_KEY_VAULT_NAMES | cut -d ',' -f $((RID + 1))` + export AZURE_VAULT_NAME=`echo -n $AZURE_KEY_VAULT_NAMES | cut -d ',' -f $((RID + 1))` + + # Get the correct relayer account address + ADDRESSES={{- range $index, $identity := .Values.rewards.relayer.identities -}}{{ $identity.address }},{{- end }} + export WALLET_ADDRESS=`echo -n $ADDRESSES | cut -d ',' -f $((RID + 1))` + + node packages/apps/relayer/dist/main.js + env: + - name: REPLICA_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +{{ include "common.env-var" (dict "name" "AZURE_HSM_INIT_TRY_COUNT" "dict" .Values.komenci.azureHsm "value_name" "initTryCount") | indent 8 }} +{{ include "common.env-var" (dict "name" "AZURE_HSM_INIT_MAX_RETRY_BACKOFF_MS" "dict" .Values.komenci.azureHsm "value_name" "initMaxRetryBackoffMs") | indent 8 }} +{{ include "common.env-var" (dict "name" "METRICS" "dict" .Values.rewards.relayer.metrics "value_name" "enabled") | indent 8 }} +{{ include "common.env-var" (dict "name" "OVERRIDE_INDEX" "dict" .Values.rewards.relayer "value_name" "overrideIndex" "optional" true) | indent 8 }} +{{ include "common.env-var" (dict "name" "PROMETHEUS_PORT" "dict" .Values.rewards.relayer.metrics "value_name" "prometheusPort") | indent 8 }} +{{ include "common.env-var" (dict "name" "NODE_ENV" "dict" .Values.rewards.relayer "value_name" "node_env") | indent 8 }} +{{ include "common.env-var" (dict "name" "RELAYER_PORT" "dict" .Values.rewards.relayer "value_name" "port") | indent 8 }} +{{ include "common.env-var" (dict "name" "NETWORK" "dict" .Values.environment "value_name" "network") | indent 8 }} +{{ include "common.env-var" (dict "name" "WALLET_TYPE" "dict" .Values.rewards.relayer "value_name" "walletType") | indent 8 }} +{{ include "common.env-var" (dict "name" "GAS_PRICE_UPDATE_INTERVAL_MS" "dict" .Values.rewards.relayer "value_name" "gasPriceUpdateIntervalMs") | indent 8 }} + readinessProbe: + tcpSocket: + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 20 \ No newline at end of file diff --git a/packages/helm-charts/komenci/templates/rewards-service.yaml b/packages/helm-charts/komenci/templates/rewards-service.yaml new file mode 100644 index 00000000000..0653de5454a --- /dev/null +++ b/packages/helm-charts/komenci/templates/rewards-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "komenci-rewards-fullname" . }} + labels: +{{ include "labels" . | indent 4 }} +{{ include "komenci-rewards-component-label" . | indent 4 }} +spec: + clusterIP: None + selector: +{{ include "komenci-rewards-component-label" . | indent 4 }} + ports: + - name: http + port: 3000 diff --git a/packages/helm-charts/komenci/values.yaml b/packages/helm-charts/komenci/values.yaml index 1537194abf6..7992c7df226 100644 --- a/packages/helm-charts/komenci/values.yaml +++ b/packages/helm-charts/komenci/values.yaml @@ -86,5 +86,38 @@ onboarding: synchronize: true ssl: true +rewards: + segmentApiKey: 'writeApiKey' + shouldSendRewards: false + relayer: + node_env: production + image: + repository: celotestnet.azurecr.io/komenci/relayer + tag: dae43ddce108a73da07dce73875b980ff077c7d4 + replicas: 2 + port: 3000 + identities: + - address: 0xb04390478A57E3C2147599D5380434f25fa5234d + privateKey: 0x000 + azure: + id: defaultId + clientId: defaultClientId + keyVaultName: staging-komenci-rewards + azureHsm: + initTryCount: 5 + initMaxRetryBackoffMs: 30000 + metrics: + enabled: true + prometheusPort: 9090 + walletType: azure-hsm + gasPriceUpdateIntervalMs: "1200000" + db: + host: komenci-komenci-postgresql + port: 5432 + username: 'postgres' + database: 'postgres' + synchronize: true + ssl: true + loggingAgent: credentials: eydleGFtcGxlJzogJ2NyZWRlbnRpYWxzJ30K # base64 credentials.json of a gcloud service account \ No newline at end of file