Dshop backend ops update (#4472)

* update dockerfile for dshop backend changes

* ignore secrets-dshop.yaml

* update dshop backend deploys: adjusts env vars as necessary, switches dshop backends from statefulsets to deployments, configures CloudSQL connections,

* new subdir in dshop dir

* adds redis and move dshop backend back to statefulsets for redis persistance

* dshop backend Dockerfile moved to different repo

* adds backendapi.ogn.app to dshop backend ingress

* fixes mainnet password for dshop DB

* dshopapi.ogn.app not backendapi

Author: mikeshultz

.gitignore

@@ -31,6 +31,7 @@ secrets.yaml
 secrets-dev.yaml
 secrets-staging.yaml
 secrets-prod.yaml
+secrets-dshop.yaml
 github.key
 
 # Development #

devops/dockerfiles/dshop-backend

@@ -1,27 +1 @@
-FROM node:10 as build
-
-WORKDIR /app
-
-ARG ENVKEY
-ARG DSHOP_BACKEND_DIR=dapps/shop/backend
-
-ENV NODE_ENV=production
-ENV ENVKEY=$ENVKEY
-ENV DISABLE_SYNC=true
-
-COPY $DSHOP_BACKEND_DIR/package.json ./
-COPY $DSHOP_BACKEND_DIR/app.js ./
-COPY $DSHOP_BACKEND_DIR/app.json ./
-COPY $DSHOP_BACKEND_DIR/config.js ./
-COPY $DSHOP_BACKEND_DIR/index.js ./
-COPY $DSHOP_BACKEND_DIR/listener.js ./
-COPY $DSHOP_BACKEND_DIR/tstEnc.js ./
-COPY $DSHOP_BACKEND_DIR/routes ./routes
-COPY $DSHOP_BACKEND_DIR/utils ./utils
-COPY $DSHOP_BACKEND_DIR/data/config.js ./data/config.js
-COPY $DSHOP_BACKEND_DIR/data/migrations ./data/migrations
-COPY $DSHOP_BACKEND_DIR/models ./models
-COPY $DSHOP_BACKEND_DIR/scripts ./scripts
-
-RUN yarn install
-CMD npm run migrate && node index.js
+# Moved to https://github.com/OriginProtocol/dshop/blob/master/devops/Dockerfile

devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.ingress.yaml

@@ -23,11 +23,16 @@ spec:
     - secretName: "{{ .Values.dshopBackendMainnetHost }}"
       hosts:
         - {{ .Values.dshopBackendMainnetHost }}
+    - secretName: "dshopapi.ogn.app"
+      hosts:
+        - "dshopapi.ogn.app"
   rules:
   - host: {{ .Values.dshopBackendMainnetHost }}
-    http:
+    http: &http_rules
       paths:
         - path: /
           backend:
             serviceName: {{ template "dshopBackendMainnet.fullname" . }}
             servicePort: 3000
+  - host: "dshopapi.ogn.app"
+    http: *http_rules

devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.secret.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "dshopBackendMainnet.fullname" . }}
+  labels:
+    app: {{ template "dshopBackendMainnet.fullname" . }}
+    app.kubernetes.io/name: dshop
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: backend
+    app.kubernetes.io/part-of: dshop-backend-rinkeby
+type: Opaque
+data:
+  ENCRYPTION_KEY: {{ required "Set a .Values.dshopBackendMainnetEncryptionKey" .Values.dshopBackendMainnetEncryptionKey | b64enc | quote}}
+  DATABASE_URL: {{ required "Set a .Values.dshopBackendMainnetDatabaseURL" .Values.dshopBackendMainnetDatabaseURL | b64enc | quote}}

devops/kubernetes/charts/origin-experimental/templates/dshop-backend-mainnet.statefulset.yaml

@@ -12,11 +12,11 @@ metadata:
     app.kubernetes.io/component: backend
     app.kubernetes.io/part-of: dshop-backend-mainnet
 spec:
+  replicas: {{ default 1 .Values.dshopBackendMainnetReplicas }}
   selector:
     matchLabels:
       app: {{ template "dshopBackendMainnet.fullname" . }}
   serviceName: {{ template "dshopBackendMainnet.fullname" . }}
-  replicas: 1
   template:
     metadata:
       labels:
@@ -27,25 +27,50 @@ spec:
         image: "{{ .Values.containerRegistry }}/{{ .Release.Namespace }}/{{ .Values.dshopBackendMainnetImage }}:{{ .Values.dshopBackendMainnetImageTag }}"
         imagePullPolicy: Always
         env:
-          - name: ENVKEY
+          - name: ENCRYPTION_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ template "dshopBackendMainnet.fullname" . }}
-                key: ENVKEY
+                key: ENCRYPTION_KEY
           - name: DATABASE_URL
-            value: "sqlite:/data/dshop/net_mainnet.db"
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "dshopBackendMainnet.fullname" . }}
+                key: DATABASE_URL
+          - name: REDIS_URL
+            value: redis://localhost:6379/0
         port:
           - name: http
             containerPort: 3000
-        volumeMounts:
-          - mountPath: /data/dshop
-            name: {{ template "dshopBackendMainnet.fullname" . }}-data
         resources:
           requests:
             memory: 1Gi
+      - name: cloudsql-proxy
+        image: gcr.io/cloudsql-docker/gce-proxy:1.11
+        command: ["/cloud_sql_proxy",
+                  "-instances={{ .Values.dshopBackendMainnetDBInstance }}=tcp:5432",
+                  "-credential_file=/secrets/cloudsql/credentials.json"]
+        securityContext:
+          runAsUser: 2  # non-root user
+          allowPrivilegeEscalation: false
+        volumeMounts:
+        - name: dshop-cloudsql-credentials
+          mountPath: /secrets/cloudsql
+          readOnly: true
+      - name: redis
+        image: redis:6.0
+        command: ["/bin/sh","-c"]
+        args: ["mkdir -p /data/redis && redis-server --dir /data/redis "]
+        volumeMounts:
+          - mountPath: /data
+            name: {{ template "dshopBackendMainnet.fullname" . }}-redis
+      volumes:
+        - name: dshop-cloudsql-credentials
+          secret:
+            secretName: dshop-cloudsql-credentials
   volumeClaimTemplates:
   - metadata:
-      name: {{ template "dshopBackendMainnet.fullname" . }}-data
+      name: {{ template "dshopBackendMainnet.fullname" . }}-redis
       labels:
         app: {{ template "dshopBackendMainnet.fullname" . }}
     spec:

devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.secret.yaml

@@ -13,4 +13,5 @@ metadata:
     app.kubernetes.io/part-of: dshop-backend-rinkeby
 type: Opaque
 data:
-  ENVKEY: {{ required "Set a .Values.dshopBackendRinkebyEnvKey" .Values.dshopBackendRinkebyEnvKey | b64enc | quote}}
+  ENCRYPTION_KEY: {{ required "Set a .Values.dshopBackendRinkebyEncryptionKey" .Values.dshopBackendRinkebyEncryptionKey | b64enc | quote}}
+  DATABASE_URL: {{ required "Set a .Values.dshopBackendRinkebyDatabaseURL" .Values.dshopBackendRinkebyDatabaseURL | b64enc | quote}}

devops/kubernetes/charts/origin-experimental/templates/dshop-backend-rinkeby.statefulset.yaml

@@ -12,11 +12,11 @@ metadata:
     app.kubernetes.io/component: backend
     app.kubernetes.io/part-of: dshop-backend-rinkeby
 spec:
+  replicas: {{ default 1 .Values.dshopBackendRinkebyReplicas }}
   selector:
     matchLabels:
       app: {{ template "dshopBackendRinkeby.fullname" . }}
   serviceName: {{ template "dshopBackendRinkeby.fullname" . }}
-  replicas: 1
   template:
     metadata:
       labels:
@@ -27,25 +27,50 @@ spec:
         image: "{{ .Values.containerRegistry }}/{{ .Release.Namespace }}/{{ .Values.dshopBackendRinkebyImage }}:{{ .Values.dshopBackendRinkebyImageTag }}"
         imagePullPolicy: Always
         env:
-          - name: ENVKEY
+          - name: ENCRYPTION_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ template "dshopBackendRinkeby.fullname" . }}
-                key: ENVKEY
+                key: ENCRYPTION_KEY
           - name: DATABASE_URL
-            value: "sqlite:/data/dshop/net_rinkeby.db"
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "dshopBackendRinkeby.fullname" . }}
+                key: DATABASE_URL
+          - name: REDIS_URL
+            value: redis://localhost:6379/0
         port:
           - name: http
             containerPort: 3000
-        volumeMounts:
-          - mountPath: /data/dshop
-            name: {{ template "dshopBackendRinkeby.fullname" . }}-data
         resources:
           requests:
             memory: 1Gi
+      - name: cloudsql-proxy
+        image: gcr.io/cloudsql-docker/gce-proxy:1.11
+        command: ["/cloud_sql_proxy",
+                  "-instances={{ .Values.dshopBackendRinkebyDBInstance }}=tcp:5432",
+                  "-credential_file=/secrets/cloudsql/credentials.json"]
+        securityContext:
+          runAsUser: 2  # non-root user
+          allowPrivilegeEscalation: false
+        volumeMounts:
+        - name: dshop-cloudsql-credentials
+          mountPath: /secrets/cloudsql
+          readOnly: true
+      - name: redis
+        image: redis:6.0
+        command: ["/bin/sh","-c"]
+        args: ["mkdir -p /data/redis && redis-server --dir /data/redis "]
+        volumeMounts:
+          - mountPath: /data
+            name: {{ template "dshopBackendRinkeby.fullname" . }}-redis
+      volumes:
+        - name: dshop-cloudsql-credentials
+          secret:
+            secretName: dshop-cloudsql-credentials
   volumeClaimTemplates:
   - metadata:
-      name: {{ template "dshopBackendRinkeby.fullname" . }}-data
+      name: {{ template "dshopBackendRinkeby.fullname" . }}-redis
       labels:
         app: {{ template "dshopBackendRinkeby.fullname" . }}
     spec:

devops/kubernetes/charts/origin-experimental/values.yaml

@@ -2,8 +2,11 @@ containerRegistry: gcr.io/origin-214503
 
 clusterIssuer: letsencrypt-prod
 
+
+dshopBackendMainnetReplicas: 1
 dshopBackendMainnetImage: dshop-backend
 dshopBackendMainnetImageTag: mainnet
 
+dshopBackendRinkebyReplicas: 1
 dshopBackendRinkebyImage: dshop-backend
 dshopBackendRinkebyImageTag: latest

devops/kubernetes/values/origin-experimental/secrets-dshop.enc

@@ -1,2 +1,6 @@
 dshopBackendMainnetHost: api.ogn.app
+dshopBackendMainnetDBInstance: origin-214503:us-west1:dshop-mainnet0
+dshopBackendMainnetRedisURL: redis://localhost:6379/0
 dshopBackendRinkebyHost: rinkebyapi.ogn.app
+dshopBackendRinkebyDBInstance: origin-214503:us-west1:dshop-rinkeby0
+dshopBackendRinkebyRedisURL: redis://localhost:6379/0