Merge the Develop

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: server
+name: "CI/CD"
 
 on:
   push:
@@ -100,60 +100,65 @@ jobs:
 
   deploy_dev:
     if:  github.ref == 'refs/heads/develop'
-    uses: radixdlt/iac-resuable-artifacts/.github/workflows/deploy.yml@main
+    name: "Deploy DEV"
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
     needs:
       - push
       - build
     with:
-      app_name: signaling-server
-      step_name: deploy-dev
-      env_name: dev
-      namespace: signaling-server-dev
-      create_subns: false
-      aws_region: eu-west-2
-      role_to_assume: arn:aws:iam::308190735829:role/gh-signaling-server-dev-deployer
-      eks_cluster: rdx-works-main-dev
-      helmfile_extra_vars: >-
-        ci.tag=${{ needs.build.outputs.tag }},
-        ci.environment=dev
+      jenkins_job_name: 'kubernetes-deployments/job/signaling-server'
+      github_branch: '${{ github.ref }}'
+      application_name: 'sig-srv'
+      hierarchical_namespace: 'signaling-server-dev'
+      create_subnamespace: 'false'
+      kubernetes_namespace: 'signaling-server-dev'
+      aws_eks_cluster: 'rdx-works-main-dev'
+      aws_iam_role_name: 'jenkins-signaling-server-dev-deployer'
+      helmfile_environment: 'dev'
+      helmfile_extra_vars: 'ci.tag=${{ needs.build.outputs.tag }},ci.environment=dev'
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
 
   deploy_pull_request:
     if: ${{ github.event_name == 'pull_request' }}
-    uses: radixdlt/iac-resuable-artifacts/.github/workflows/deploy.yml@main
+    name: "Deploy PR"
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
     needs:
       - push
       - build
     with:
-      app_name: signaling-server
-      step_name: deploy-pr
-      env_name: pr
-      hierarchical_namespace: signaling-server-ci-pr
-      namespace: signaling-server-pr-${{ github.event.number }}
-      create_subns: true
-      aws_region: eu-west-2
-      role_to_assume: arn:aws:iam::308190735829:role/gh-signaling-server-pr-deployer
-      eks_cluster: rdx-works-main-dev
-      helmfile_extra_vars: >-
-        ci.tag=${{ needs.build.outputs.tag }},
-        ci.prNumber=${{ github.event.number }},
-        ci.environment=pr
+      jenkins_job_name: 'kubernetes-deployments/job/signaling-server'
+      github_branch: '${{ github.head_ref }}'
+      application_name: 'sig-srv'
+      hierarchical_namespace: 'signaling-server-ci-pr'
+      create_subnamespace: 'true'
+      kubernetes_namespace: 'signaling-server-pr-${{ github.event.number }}'
+      aws_eks_cluster: 'rdx-works-main-dev'
+      aws_iam_role_name: 'jenkins-signaling-server-pr-deployer'
+      helmfile_environment: 'pr'
+      helmfile_extra_vars: 'ci.tag=${{ needs.build.outputs.tag }},ci.prNumber=${{ github.event.number }},ci.environment=pr'
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
 
   deploy_prod:
     if: ${{ github.event_name == 'release' && github.event.release.prerelease == false }}
+    name: "Deploy PROD"
     needs:
       - build
       - push
-    uses: radixdlt/iac-resuable-artifacts/.github/workflows/deploy.yml@main
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
     with:
-      github_environment: prod
-      app_name: signaling-server
-      step_name: deploy-prod
-      env_name: prod
-      namespace: signaling-server-prod
-      create_subns: false
-      aws_region: eu-west-2
-      role_to_assume: arn:aws:iam::821496737932:role/gh-signaling-server-prod-deployer
-      eks_cluster: rtlj-prod
-      helmfile_extra_vars: >-
-        ci.tag=${{ github.event.release.tag_name }},
-        ci.environment=prod
+      github_environment: 'prod'
+      github_branch: '${{ github.ref }}'
+      jenkins_job_name: 'kubernetes-deployments/job/incentives'
+      application_name: 'sig-srv'
+      kubernetes_namespace: 'signaling-server-prod'
+      aws_eks_cluster: 'rtlj-prod'
+      aws_iam_role_name: 'jenkins-signaling-server-prod-deployer'
+      helmfile_environment: 'prod'
+      helmfile_extra_vars: 'ci.tag=${{ github.event.release.tag_name }},ci.environment=prod'
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_PROD_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}

deploy/helm/environments/prod/turn-server-values.yaml.gotmpl

@@ -13,7 +13,7 @@ metrics:
 
 resources:
   limits:
-    memory: 1Gi
+    memory: 512Mi
   requests:
-    cpu: 1
-    memory: 1Gi
+    cpu: 100m
+    memory: 128Mi

deploy/helm/environments/prod/values.yaml.gotmpl

@@ -13,14 +13,15 @@ ingress:
 
 autoscaling:
   enabled: true
-  minReplicas: 4
-  maxReplicas: 15
+  minReplicas: 1
+  maxReplicas: 5
   targetCPUUtilizationPercentage: 70
   targetMemoryUtilizationPercentage: 70
 
 metrics:
-  env: prod
-  cluster: rtlj-prod
+  alert_labels:
+    env: prod
+    cluster: rtlj-prod
 
 redis:
   pub:
@@ -44,7 +45,7 @@ nodeSelector:
 
 resources:
   limits:
-    memory: 4Gi
+    memory: 512Mi
   requests:
-    cpu: 1000m
-    memory: 4Gi
+    cpu: 100m
+    memory: 192Mi

deploy/helm/helmfile.yaml

@@ -1,7 +1,13 @@
+environments:
+  default: {}
+  dev: {}
+  pr: {}
+  prod: {}
+---
 helmDefaults:
   verify: false
-  wait: false
-  timeout: 600
+  wait: true
+  timeout: 120
   recreatePods: false
   force: false
   createNamespace: false
@@ -12,81 +18,70 @@ repositories:
     url: https://raw.githubusercontent.com/radixdlt/helm-charts/master/
     username: {{ requiredEnv "HELM_GH_USER" }}
     password: {{ requiredEnv "HELM_GH_PASS" }}
-environments:
-  default: {}
-  dev: {}
-  pr: {}
-  prod: {}
 releases:
-{{ $SIG_SRV_NS := .Namespace }}
-{{ $SIG_SRV_IMAGE_TAG := .StateValues.ci.tag }}
-{{ $ENVIRONMENT_NAME := .Environment.Name }}
-{{ $INSTALL_LOCAL_REDIS := eq $ENVIRONMENT_NAME "pr" }}
-{{ $INSTALL_TURN_SERVER := ne $ENVIRONMENT_NAME "pr" }}
 
   - name: redis
-    namespace: {{ $SIG_SRV_NS }}
     chart: bitnami/redis
     version: 16.10.1
-    installed: {{ $INSTALL_LOCAL_REDIS }}
+    installed: {{ eq .Environment.Name "pr" }}
     values:
-     - architecture: standalone
-       commonConfiguration: |
-         loglevel verbose
-         client-output-buffer-limit normal 0 0 0
-         client-output-buffer-limit slave 1024mb 128mb 60
-         client-output-buffer-limit pubsub 1024mb 128mb 60
-       auth:
-         enabled: true
-         password: redis
-       image:
-         registry: public.ecr.aws
-         repository: u2o0d2a1/bitnami-redis
-         tag: 7.2.4-debian-12-r16
-       master:
-         resources:
-           limits:
-             memory: 512Mi
-           requests:
-             cpu: 1000m
-             memory: 512Mi
-         persistence:
-           enabled: true
-       replica:
-         replicaCount: 4
-       metrics:
-         enabled: true
-         serviceMonitor:
-           enabled: true
-           additionalLabels:
-             release: prometheus-operator
+      - architecture: standalone
+        commonConfiguration: |
+          loglevel verbose
+          client-output-buffer-limit normal 0 0 0
+          client-output-buffer-limit slave 1024mb 128mb 60
+          client-output-buffer-limit pubsub 1024mb 128mb 60
+        auth:
+          enabled: true
+          password: redis
+        image:
+          registry: public.ecr.aws
+          repository: u2o0d2a1/bitnami-redis
+          tag: 7.2.4-debian-12-r16
+        master:
+          resources:
+            limits:
+              memory: 512Mi
+            requests:
+              cpu: 1000m
+              memory: 512Mi
+          persistence:
+            enabled: true
+        replica:
+          replicaCount: 4
+        metrics:
+          image:
+            registry: public.ecr.aws
+            repository: u2o0d2a1/bitnami-redis-exporter
+            tag: 1.58.0-debian-12-r7
+          enabled: true
+          serviceMonitor:
+            enabled: true
+            additionalLabels:
+              release: prometheus-operator
 
   - name: turn-server
-    installed: {{ $INSTALL_TURN_SERVER }}
-    namespace: {{ $SIG_SRV_NS }}
+    installed: {{ ne .Environment.Name "pr" }}
     chart: ./turn-server
     values:
       - environments/{{ .Environment.Name }}/turn-server-values.yaml.gotmpl
 
   - name: signaling-server
-    namespace: {{ $SIG_SRV_NS }}
     chart: ./signaling-server
     values: 
       - environments/{{ .Environment.Name }}/values.yaml.gotmpl
       - image:
-          tag: {{ $SIG_SRV_IMAGE_TAG }}
+          tag: {{ .StateValues.ci.tag  }}
 
   - name: developer-access
-    namespace: {{ $SIG_SRV_NS}}
     chart: rdx-works/developer-access
     version: 1.0.0
     values:
       - project: signaling-server
 
   - name: alertmanager
-    namespace: {{ $SIG_SRV_NS }}
     chart: rdx-works/alertmanager-configs
-    installed: {{ ne $ENVIRONMENT_NAME "pr" }}
+    installed: {{ ne .Environment.Name "pr" }}
     version: 1.1.0
     values:
       - environments/{{ .Environment.Name }}/values.yaml.gotmpl

deploy/helm/signaling-server/templates/service-monitor.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     release: prometheus-operator
 spec:
+  fallbackScrapeProtocol: PrometheusText0.0.4
   endpoints:
   - port: metrics
     path: {{ .Values.metrics.serviceMonitor.path }}

deploy/helm/signaling-server/values.yaml

@@ -16,7 +16,7 @@ docker:
     region: eu-west-1
     name: docker.io/radixdlt
 
-replicaCount: 2
+replicaCount: 1
 
 image:
   repository: docker.io/radixdlt/signaling-server

deploy/helm/turn-server/templates/service-monitor.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     release: prometheus-operator
 spec:
+  fallbackScrapeProtocol: PrometheusText0.0.4
   endpoints:
   - port: metrics
     interval: {{ .Values.metrics.interval }}