diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ee2d9c4..691e9bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: server +name: "CI/CD" on: push: @@ -100,60 +100,65 @@ jobs: deploy_dev: if: github.ref == 'refs/heads/develop' - uses: radixdlt/iac-resuable-artifacts/.github/workflows/deploy.yml@main + name: "Deploy DEV" + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main needs: - push - build with: - app_name: signaling-server - step_name: deploy-dev - env_name: dev - namespace: signaling-server-dev - create_subns: false - aws_region: eu-west-2 - role_to_assume: arn:aws:iam::308190735829:role/gh-signaling-server-dev-deployer - eks_cluster: rdx-works-main-dev - helmfile_extra_vars: >- - ci.tag=${{ needs.build.outputs.tag }}, - ci.environment=dev + jenkins_job_name: 'kubernetes-deployments/job/signaling-server' + github_branch: '${{ github.ref }}' + application_name: 'sig-srv' + hierarchical_namespace: 'signaling-server-dev' + create_subnamespace: 'false' + kubernetes_namespace: 'signaling-server-dev' + aws_eks_cluster: 'rdx-works-main-dev' + aws_iam_role_name: 'jenkins-signaling-server-dev-deployer' + helmfile_environment: 'dev' + helmfile_extra_vars: 'ci.tag=${{ needs.build.outputs.tag }},ci.environment=dev' + secrets: + aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} + secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} deploy_pull_request: if: ${{ github.event_name == 'pull_request' }} - uses: radixdlt/iac-resuable-artifacts/.github/workflows/deploy.yml@main + name: "Deploy PR" + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main needs: - push - build with: - app_name: signaling-server - step_name: deploy-pr - env_name: pr - hierarchical_namespace: signaling-server-ci-pr - namespace: signaling-server-pr-${{ github.event.number }} - create_subns: true - aws_region: eu-west-2 - role_to_assume: arn:aws:iam::308190735829:role/gh-signaling-server-pr-deployer - eks_cluster: rdx-works-main-dev - helmfile_extra_vars: >- - ci.tag=${{ needs.build.outputs.tag }}, - ci.prNumber=${{ github.event.number }}, - ci.environment=pr + jenkins_job_name: 'kubernetes-deployments/job/signaling-server' + github_branch: '${{ github.head_ref }}' + application_name: 'sig-srv' + hierarchical_namespace: 'signaling-server-ci-pr' + create_subnamespace: 'true' + kubernetes_namespace: 'signaling-server-pr-${{ github.event.number }}' + aws_eks_cluster: 'rdx-works-main-dev' + aws_iam_role_name: 'jenkins-signaling-server-pr-deployer' + helmfile_environment: 'pr' + helmfile_extra_vars: 'ci.tag=${{ needs.build.outputs.tag }},ci.prNumber=${{ github.event.number }},ci.environment=pr' + secrets: + aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }} + secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} deploy_prod: if: ${{ github.event_name == 'release' && github.event.release.prerelease == false }} + name: "Deploy PROD" needs: - build - push - uses: radixdlt/iac-resuable-artifacts/.github/workflows/deploy.yml@main + uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main with: - github_environment: prod - app_name: signaling-server - step_name: deploy-prod - env_name: prod - namespace: signaling-server-prod - create_subns: false - aws_region: eu-west-2 - role_to_assume: arn:aws:iam::821496737932:role/gh-signaling-server-prod-deployer - eks_cluster: rtlj-prod - helmfile_extra_vars: >- - ci.tag=${{ github.event.release.tag_name }}, - ci.environment=prod + github_environment: 'prod' + github_branch: '${{ github.ref }}' + jenkins_job_name: 'kubernetes-deployments/job/incentives' + application_name: 'sig-srv' + kubernetes_namespace: 'signaling-server-prod' + aws_eks_cluster: 'rtlj-prod' + aws_iam_role_name: 'jenkins-signaling-server-prod-deployer' + helmfile_environment: 'prod' + helmfile_extra_vars: 'ci.tag=${{ github.event.release.tag_name }},ci.environment=prod' + secrets: + aws_deployment_account_id: ${{ secrets.AWS_PROD_ACCOUNT_ID }} + secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }} \ No newline at end of file diff --git a/deploy/helm/environments/prod/turn-server-values.yaml.gotmpl b/deploy/helm/environments/prod/turn-server-values.yaml.gotmpl index 6b9c205..fb0c8a3 100644 --- a/deploy/helm/environments/prod/turn-server-values.yaml.gotmpl +++ b/deploy/helm/environments/prod/turn-server-values.yaml.gotmpl @@ -13,7 +13,7 @@ metrics: resources: limits: - memory: 1Gi + memory: 512Mi requests: - cpu: 1 - memory: 1Gi + cpu: 100m + memory: 128Mi diff --git a/deploy/helm/environments/prod/values.yaml.gotmpl b/deploy/helm/environments/prod/values.yaml.gotmpl index 31cc1af..5be9dc9 100644 --- a/deploy/helm/environments/prod/values.yaml.gotmpl +++ b/deploy/helm/environments/prod/values.yaml.gotmpl @@ -13,14 +13,15 @@ ingress: autoscaling: enabled: true - minReplicas: 4 - maxReplicas: 15 + minReplicas: 1 + maxReplicas: 5 targetCPUUtilizationPercentage: 70 targetMemoryUtilizationPercentage: 70 metrics: - env: prod - cluster: rtlj-prod + alert_labels: + env: prod + cluster: rtlj-prod redis: pub: @@ -44,7 +45,7 @@ nodeSelector: resources: limits: - memory: 4Gi + memory: 512Mi requests: - cpu: 1000m - memory: 4Gi + cpu: 100m + memory: 192Mi diff --git a/deploy/helm/helmfile.yaml b/deploy/helm/helmfile.yaml index 7de45a2..30c1bb6 100644 --- a/deploy/helm/helmfile.yaml +++ b/deploy/helm/helmfile.yaml @@ -1,7 +1,13 @@ +environments: + default: {} + dev: {} + pr: {} + prod: {} +--- helmDefaults: verify: false - wait: false - timeout: 600 + wait: true + timeout: 120 recreatePods: false force: false createNamespace: false @@ -12,81 +18,70 @@ repositories: url: https://raw.githubusercontent.com/radixdlt/helm-charts/master/ username: {{ requiredEnv "HELM_GH_USER" }} password: {{ requiredEnv "HELM_GH_PASS" }} -environments: - default: {} - dev: {} - pr: {} - prod: {} releases: -{{ $SIG_SRV_NS := .Namespace }} -{{ $SIG_SRV_IMAGE_TAG := .StateValues.ci.tag }} -{{ $ENVIRONMENT_NAME := .Environment.Name }} -{{ $INSTALL_LOCAL_REDIS := eq $ENVIRONMENT_NAME "pr" }} -{{ $INSTALL_TURN_SERVER := ne $ENVIRONMENT_NAME "pr" }} - name: redis - namespace: {{ $SIG_SRV_NS }} chart: bitnami/redis version: 16.10.1 - installed: {{ $INSTALL_LOCAL_REDIS }} + installed: {{ eq .Environment.Name "pr" }} values: - - architecture: standalone - commonConfiguration: | - loglevel verbose - client-output-buffer-limit normal 0 0 0 - client-output-buffer-limit slave 1024mb 128mb 60 - client-output-buffer-limit pubsub 1024mb 128mb 60 - auth: - enabled: true - password: redis - image: - registry: public.ecr.aws - repository: u2o0d2a1/bitnami-redis - tag: 7.2.4-debian-12-r16 - master: - resources: - limits: - memory: 512Mi - requests: - cpu: 1000m - memory: 512Mi - persistence: - enabled: true - replica: - replicaCount: 4 - metrics: - enabled: true - serviceMonitor: - enabled: true - additionalLabels: - release: prometheus-operator + - architecture: standalone + commonConfiguration: | + loglevel verbose + client-output-buffer-limit normal 0 0 0 + client-output-buffer-limit slave 1024mb 128mb 60 + client-output-buffer-limit pubsub 1024mb 128mb 60 + auth: + enabled: true + password: redis + image: + registry: public.ecr.aws + repository: u2o0d2a1/bitnami-redis + tag: 7.2.4-debian-12-r16 + master: + resources: + limits: + memory: 512Mi + requests: + cpu: 1000m + memory: 512Mi + persistence: + enabled: true + replica: + replicaCount: 4 + metrics: + image: + registry: public.ecr.aws + repository: u2o0d2a1/bitnami-redis-exporter + tag: 1.58.0-debian-12-r7 + enabled: true + serviceMonitor: + enabled: true + additionalLabels: + release: prometheus-operator - name: turn-server - installed: {{ $INSTALL_TURN_SERVER }} - namespace: {{ $SIG_SRV_NS }} + installed: {{ ne .Environment.Name "pr" }} chart: ./turn-server values: - environments/{{ .Environment.Name }}/turn-server-values.yaml.gotmpl - name: signaling-server - namespace: {{ $SIG_SRV_NS }} chart: ./signaling-server values: - environments/{{ .Environment.Name }}/values.yaml.gotmpl - image: - tag: {{ $SIG_SRV_IMAGE_TAG }} + tag: {{ .StateValues.ci.tag }} - name: developer-access - namespace: {{ $SIG_SRV_NS}} chart: rdx-works/developer-access version: 1.0.0 values: - project: signaling-server - name: alertmanager - namespace: {{ $SIG_SRV_NS }} chart: rdx-works/alertmanager-configs - installed: {{ ne $ENVIRONMENT_NAME "pr" }} + installed: {{ ne .Environment.Name "pr" }} version: 1.1.0 values: - environments/{{ .Environment.Name }}/values.yaml.gotmpl diff --git a/deploy/helm/signaling-server/templates/service-monitor.yaml b/deploy/helm/signaling-server/templates/service-monitor.yaml index 69b6eee..a4808d0 100644 --- a/deploy/helm/signaling-server/templates/service-monitor.yaml +++ b/deploy/helm/signaling-server/templates/service-monitor.yaml @@ -6,6 +6,7 @@ metadata: labels: release: prometheus-operator spec: + fallbackScrapeProtocol: PrometheusText0.0.4 endpoints: - port: metrics path: {{ .Values.metrics.serviceMonitor.path }} diff --git a/deploy/helm/signaling-server/values.yaml b/deploy/helm/signaling-server/values.yaml index ba53f84..c456599 100644 --- a/deploy/helm/signaling-server/values.yaml +++ b/deploy/helm/signaling-server/values.yaml @@ -16,7 +16,7 @@ docker: region: eu-west-1 name: docker.io/radixdlt -replicaCount: 2 +replicaCount: 1 image: repository: docker.io/radixdlt/signaling-server diff --git a/deploy/helm/turn-server/templates/service-monitor.yaml b/deploy/helm/turn-server/templates/service-monitor.yaml index 3800592..4b477e5 100644 --- a/deploy/helm/turn-server/templates/service-monitor.yaml +++ b/deploy/helm/turn-server/templates/service-monitor.yaml @@ -6,6 +6,7 @@ metadata: labels: release: prometheus-operator spec: + fallbackScrapeProtocol: PrometheusText0.0.4 endpoints: - port: metrics interval: {{ .Values.metrics.interval }}