|
|
@@ -1,7 +1,9 @@
|
|
|
import * as awsx from '@pulumi/awsx'
|
|
|
+import * as aws from '@pulumi/aws'
|
|
|
import * as eks from '@pulumi/eks'
|
|
|
import * as k8s from '@pulumi/kubernetes'
|
|
|
import * as pulumi from '@pulumi/pulumi'
|
|
|
+import * as fs from 'fs'
|
|
|
|
|
|
const awsConfig = new pulumi.Config('aws')
|
|
|
const config = new pulumi.Config()
|
|
|
@@ -29,13 +31,13 @@ export const kubeconfig = cluster.kubeconfig
|
|
|
const repo = new awsx.ecr.Repository('colossus-image')
|
|
|
|
|
|
// Build an image and publish it to our ECR repository.
|
|
|
-
|
|
|
export const colossusImage = repo.buildAndPushImage({
|
|
|
dockerfile: '../../../colossus.Dockerfile',
|
|
|
context: '../../../',
|
|
|
})
|
|
|
|
|
|
const name = 'storage-node'
|
|
|
+const colossusPort = 3001
|
|
|
|
|
|
// Create a Kubernetes Namespace
|
|
|
const ns = new k8s.core.v1.Namespace(name, {}, { provider: cluster.provider })
|
|
|
@@ -55,7 +57,7 @@ const service = new k8s.core.v1.Service(
|
|
|
},
|
|
|
spec: {
|
|
|
type: 'LoadBalancer',
|
|
|
- ports: [{ name: 'port-1', port: 3001 }],
|
|
|
+ ports: [{ name: 'port-1', port: colossusPort }],
|
|
|
selector: appLabels,
|
|
|
},
|
|
|
},
|
|
|
@@ -66,24 +68,50 @@ const service = new k8s.core.v1.Service(
|
|
|
|
|
|
// Export the Service name and public LoadBalancer Endpoint
|
|
|
export const serviceName = service.metadata.name
|
|
|
-// When "done", this will print the public IP.
|
|
|
+// When "done", this will print the hostname
|
|
|
export let serviceHostname: pulumi.Output<string>
|
|
|
serviceHostname = service.status.loadBalancer.ingress[0].hostname
|
|
|
-const publicUrlInput: pulumi.Input<string> = pulumi.interpolate`http://${serviceHostname}:${3001}/`
|
|
|
+
|
|
|
+const publicUrlInput: pulumi.Input<string> = pulumi.interpolate`http://${serviceHostname}:${colossusPort}/`
|
|
|
|
|
|
let additionalParams: string[] | pulumi.Input<string>[] = []
|
|
|
|
|
|
+let volumeMounts: pulumi.Input<pulumi.Input<k8s.types.input.core.v1.VolumeMount>[]> = []
|
|
|
+let volumes: pulumi.Input<pulumi.Input<k8s.types.input.core.v1.Volume>[]> = []
|
|
|
+
|
|
|
if (isProduction) {
|
|
|
+ const remoteKeyFilePath = '/joystream/key-file.json'
|
|
|
const providerId = config.require('providerId')
|
|
|
const keyFile = config.require('keyFile')
|
|
|
const publicUrl = config.get('publicURL') ? config.get('publicURL')! : publicUrlInput
|
|
|
|
|
|
- additionalParams = ['--provider-id', providerId, '--key-file', keyFile, '--public-url', publicUrl]
|
|
|
+ const keyConfig = new k8s.core.v1.ConfigMap(name, {
|
|
|
+ metadata: { namespace: namespaceName, labels: appLabels },
|
|
|
+ data: { 'fileData': fs.readFileSync(keyFile).toString() },
|
|
|
+ })
|
|
|
+ const keyConfigName = keyConfig.metadata.apply((m) => m.name)
|
|
|
+
|
|
|
+ additionalParams = ['--provider-id', providerId, '--key-file', remoteKeyFilePath, '--public-url', publicUrl]
|
|
|
+
|
|
|
+ volumeMounts.push({
|
|
|
+ mountPath: remoteKeyFilePath,
|
|
|
+ name: 'keyfile-volume',
|
|
|
+ subPath: 'fileData',
|
|
|
+ })
|
|
|
+
|
|
|
+ volumes.push({
|
|
|
+ name: 'keyfile-volume',
|
|
|
+ configMap: {
|
|
|
+ name: keyConfigName,
|
|
|
+ },
|
|
|
+ })
|
|
|
|
|
|
const passphrase = config.get('passphrase')
|
|
|
if (passphrase) {
|
|
|
additionalParams.push('--passphrase', passphrase)
|
|
|
}
|
|
|
+} else {
|
|
|
+ additionalParams.push('--anonymous')
|
|
|
}
|
|
|
|
|
|
// Create a Deployment
|
|
|
@@ -113,6 +141,7 @@ const deployment = new k8s.apps.v1.Deployment(
|
|
|
'set -e; \
|
|
|
/usr/local/bin/start_ipfs config profile apply lowpower; \
|
|
|
/usr/local/bin/start_ipfs config --json Gateway.PublicGateways \'{"localhost": null }\'; \
|
|
|
+ /usr/local/bin/start_ipfs config Datastore.StorageMax 200GB; \
|
|
|
/sbin/tini -- /usr/local/bin/start_ipfs daemon --migrate=true',
|
|
|
],
|
|
|
},
|
|
|
@@ -130,10 +159,10 @@ const deployment = new k8s.apps.v1.Deployment(
|
|
|
value: 'joystream:*',
|
|
|
},
|
|
|
],
|
|
|
+ volumeMounts,
|
|
|
command: [
|
|
|
'yarn',
|
|
|
'colossus',
|
|
|
- '--anonymous',
|
|
|
'--ws-provider',
|
|
|
wsProviderEndpointURI,
|
|
|
'--ipfs-host',
|
|
|
@@ -143,6 +172,7 @@ const deployment = new k8s.apps.v1.Deployment(
|
|
|
ports: [{ containerPort: 3001 }],
|
|
|
},
|
|
|
],
|
|
|
+ volumes,
|
|
|
},
|
|
|
},
|
|
|
},
|
|
|
@@ -154,3 +184,47 @@ const deployment = new k8s.apps.v1.Deployment(
|
|
|
|
|
|
// Export the Deployment name
|
|
|
export const deploymentName = deployment.metadata.name
|
|
|
+
|
|
|
+// Create a CloudFront distribution
|
|
|
+const distributionArgs: aws.cloudfront.DistributionArgs = {
|
|
|
+ enabled: true,
|
|
|
+ origins: [
|
|
|
+ {
|
|
|
+ originId: 'storage-node-load-balancer',
|
|
|
+ domainName: serviceHostname,
|
|
|
+ customOriginConfig: {
|
|
|
+ originProtocolPolicy: 'http-only',
|
|
|
+ httpPort: colossusPort,
|
|
|
+ httpsPort: colossusPort,
|
|
|
+ originSslProtocols: ['TLSv1'],
|
|
|
+ },
|
|
|
+ },
|
|
|
+ ],
|
|
|
+
|
|
|
+ defaultCacheBehavior: {
|
|
|
+ targetOriginId: 'storage-node-load-balancer',
|
|
|
+
|
|
|
+ viewerProtocolPolicy: 'allow-all',
|
|
|
+ allowedMethods: ['GET', 'HEAD'],
|
|
|
+ cachedMethods: ['GET', 'HEAD'],
|
|
|
+
|
|
|
+ forwardedValues: {
|
|
|
+ cookies: { forward: 'none' },
|
|
|
+ queryString: false,
|
|
|
+ },
|
|
|
+ },
|
|
|
+
|
|
|
+ restrictions: {
|
|
|
+ geoRestriction: {
|
|
|
+ restrictionType: 'none',
|
|
|
+ },
|
|
|
+ },
|
|
|
+
|
|
|
+ viewerCertificate: {
|
|
|
+ cloudfrontDefaultCertificate: true,
|
|
|
+ },
|
|
|
+}
|
|
|
+
|
|
|
+const cloudfront = new aws.cloudfront.Distribution(`storage-node`, distributionArgs)
|
|
|
+
|
|
|
+export const cloudFrontDomain = cloudfront.domainName
|
Anuj Bansal