Skip to content

Commit

Permalink
Merge pull request #1371 from input-output-hk/global-accelerator
Browse files Browse the repository at this point in the history 
chore: implement AWS Global Accelerator
  • Loading branch information
@gytis-ivaskevicius
gytis-ivaskevicius authored Jul 23, 2024
2 parents 95ac6d5 + 96a5a61 commit 3630c5c
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 25 deletions.
72 changes: 51 additions & 21 deletions nix/cardano-services/deployments/backend-ingress.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,35 +6,65 @@
utils,
...
}: {
templates.accelerator = lib.mkIf (values.useAccelerator && values.ingress.enabled) {
apiVersion = "operator.h3poteto.dev/v1alpha1";
kind = "EndpointGroupBinding";
metadata.name = "${chart.name}-main";
spec = {
endpointGroupArn = values.acceleratorArn;
ingressRef.name = "${chart.name}-backend";
};
};

templates.backend-ingress = lib.mkIf values.ingress.enabled {
apiVersion = "networking.k8s.io/v1";
kind = "Ingress";
metadata = {
name = "${chart.name}-backend";
labels = utils.appLabels "backend";
annotations = {
"alb.ingress.kubernetes.io/actions.ssl-redirect" = builtins.toJSON {
Type = "redirect";
RedirectConfig = {
Protocol = "HTTPS";
Port = "443";
StatusCode = "HTTP_301";
annotations =
if values.useAccelerator
then {
"service.beta.kubernetes.io/aws-load-balancer-backend-protocol" = "tcp";
"service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled" = "true";
"service.beta.kubernetes.io/aws-load-balancer-type" = "external";
"alb.ingress.kubernetes.io/scheme" = "internet-facing";
"service.beta.kubernetes.io/aws-load-balancer-scheme" = "internet-facing";
"alb.ingress.kubernetes.io/target-type" = "ip";
"service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" = "ip";
"service.beta.kubernetes.io/aws-load-balancer-proxy-protocol" = "*";
"service.beta.kubernetes.io/aws-load-balancer-target-group-attributes" = "proxy_protocol_v2.enabled=true,preserve_client_ip.enabled=true";

"alb.ingress.kubernetes.io/listen-ports" = builtins.toJSON [{HTTP = 80;} {HTTPS = 443;}];
#"alb.ingress.kubernetes.io/wafv2-acl-arn" = values.backend.wafARN;
"alb.ingress.kubernetes.io/healthcheck-path" = "${values.cardano-services.httpPrefix}/health";
"alb.ingress.kubernetes.io/healthcheck-interval-seconds" = toString values.backend.albHealthcheck.interval;
"alb.ingress.kubernetes.io/healthcheck-timeout-seconds" = toString values.backend.albHealthcheck.timeout;
"alb.ingress.kubernetes.io/group.order" = toString values.cardano-services.ingresOrder;
"external-dns.alpha.kubernetes.io/disabled" = "true";
}
else {
"alb.ingress.kubernetes.io/actions.ssl-redirect" = builtins.toJSON {
Type = "redirect";
RedirectConfig = {
Protocol = "HTTPS";
Port = "443";
StatusCode = "HTTP_301";
};
};
"alb.ingress.kubernetes.io/listen-ports" = builtins.toJSON [{HTTP = 80;} {HTTPS = 443;}];
"alb.ingress.kubernetes.io/target-type" = "ip";
"alb.ingress.kubernetes.io/scheme" = "internet-facing";
"alb.ingress.kubernetes.io/wafv2-acl-arn" = values.backend.wafARN;
"alb.ingress.kubernetes.io/healthcheck-path" = "${values.cardano-services.httpPrefix}/health";
"alb.ingress.kubernetes.io/healthcheck-interval-seconds" = toString values.backend.albHealthcheck.interval;
"alb.ingress.kubernetes.io/healthcheck-timeout-seconds" = toString values.backend.albHealthcheck.timeout;
# Use latency routing policy
"external-dns.alpha.kubernetes.io/aws-region" = config.region;
"external-dns.alpha.kubernetes.io/set-identifier" = values.backend.dnsId;
"alb.ingress.kubernetes.io/group.name" = chart.namespace;
"alb.ingress.kubernetes.io/group.order" = toString values.cardano-services.ingresOrder;
};
"alb.ingress.kubernetes.io/listen-ports" = builtins.toJSON [{HTTP = 80;} {HTTPS = 443;}];
"alb.ingress.kubernetes.io/target-type" = "ip";
"alb.ingress.kubernetes.io/scheme" = "internet-facing";
"alb.ingress.kubernetes.io/wafv2-acl-arn" = values.backend.wafARN;
"alb.ingress.kubernetes.io/healthcheck-path" = "${values.cardano-services.httpPrefix}/health";
"alb.ingress.kubernetes.io/healthcheck-interval-seconds" = toString values.backend.albHealthcheck.interval;
"alb.ingress.kubernetes.io/healthcheck-timeout-seconds" = toString values.backend.albHealthcheck.timeout;
# Use latency routing policy
"external-dns.alpha.kubernetes.io/aws-region" = config.region;
"external-dns.alpha.kubernetes.io/set-identifier" = values.backend.dnsId;
"alb.ingress.kubernetes.io/group.name" = chart.namespace;
# ACM
"alb.ingress.kubernetes.io/group.order" = toString values.cardano-services.ingresOrder;
};
};
spec = {
ingressClassName = "alb";
Expand Down
6 changes: 5 additions & 1 deletion nix/cardano-services/deployments/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ in
};

values = {
useAccelerator = false;
acceleratorArn = tf-outputs.${final.region}.accelerators.${final.namespace} or null;
postgresName = "${final.namespace}-postgresql";
stakepool.databaseName = "stakepool";
ingress.enabled = true;
Expand Down Expand Up @@ -216,6 +218,7 @@ in
};

values = {
useAccelerator = true;
ws-server.enabled = true;
stakepool.databaseName = "stakepoolv2";
cardano-services = {
Expand Down Expand Up @@ -417,6 +420,7 @@ in
};

values = {
useAccelerator = true;
ws-server.enabled = true;
stakepool.databaseName = "stakepoolv2";
backend.allowedOrigins = lib.concatStringsSep "," allowedOriginsDev;
Expand Down Expand Up @@ -866,7 +870,6 @@ in
(map (v: "/v${v}/handle") versions.handle)
];
};
chain-history-provider.enabled = false;
};

"ops-preview-1@us-east-1" = final: {
Expand Down Expand Up @@ -902,6 +905,7 @@ in
};

values = {
useAccelerator = true;
cardano-services = {
ingresOrder = 99;
};
Expand Down
2 changes: 1 addition & 1 deletion nix/cardano-services/deployments/tf-outputs/lace-dev-us-east-1.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"acm_arn":"arn:aws:acm:us-east-1:926093910549:certificate/f136a39b-3556-4ddf-85ac-ac5b7431dd34","acm_dapp_arn":"arn:aws:acm:us-east-1:926093910549:certificate/84cb06a8-cf8e-4485-b117-d0ff5c8304b0","waf_arn":"arn:aws:wafv2:us-east-1:926093910549:regional/webacl/rate-limit/d4216c0e-b464-4383-953f-3262f4cd3cb6"}
{"accelerators":{"dev-preprod":"arn:aws:globalaccelerator::926093910549:accelerator/75241ddd-9ca6-4907-9fb4-ed6973e39563/listener/2e35ef83/endpoint-group/cd0c364c0002","dev-preview":"arn:aws:globalaccelerator::926093910549:accelerator/792713c0-b902-47c1-ba82-4d38a8e06ae9/listener/18235bfe/endpoint-group/c487a8452002","ops-preprod-1":"arn:aws:globalaccelerator::926093910549:accelerator/3c1f8a14-aa0b-4114-b287-33ea56f0ddcb/listener/51576def/endpoint-group/7fde6f56d002"},"acm_arn":"arn:aws:acm:us-east-1:926093910549:certificate/f136a39b-3556-4ddf-85ac-ac5b7431dd34","acm_dapp_arn":"arn:aws:acm:us-east-1:926093910549:certificate/84cb06a8-cf8e-4485-b117-d0ff5c8304b0","waf_arn":"arn:aws:wafv2:us-east-1:926093910549:regional/webacl/rate-limit/d4216c0e-b464-4383-953f-3262f4cd3cb6"}
2 changes: 1 addition & 1 deletion nix/cardano-services/deployments/tf-outputs/lace-live-eu-central-1.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"acm_arn":"arn:aws:acm:eu-central-1:926093910549:certificate/c0da842b-45c2-4306-ab09-139c47b437d0","acm_dapp_arn":"arn:aws:acm:eu-central-1:926093910549:certificate/07886406-64df-477c-b76b-f6a8d7c708ce","waf_arn":"arn:aws:wafv2:eu-central-1:926093910549:regional/webacl/rate-limit/bee0cf89-9c9a-4fb3-a609-88a3bb2edc7e"}
{"accelerators":{"dev-preprod":"arn:aws:globalaccelerator::926093910549:accelerator/75241ddd-9ca6-4907-9fb4-ed6973e39563/listener/2e35ef83/endpoint-group/247304504909","dev-preview":"arn:aws:globalaccelerator::926093910549:accelerator/792713c0-b902-47c1-ba82-4d38a8e06ae9/listener/18235bfe/endpoint-group/a58684e05909","ops-preprod-1":"arn:aws:globalaccelerator::926093910549:accelerator/3c1f8a14-aa0b-4114-b287-33ea56f0ddcb/listener/51576def/endpoint-group/82f43e613909"},"acm_arn":"arn:aws:acm:eu-central-1:926093910549:certificate/c0da842b-45c2-4306-ab09-139c47b437d0","acm_dapp_arn":"arn:aws:acm:eu-central-1:926093910549:certificate/07886406-64df-477c-b76b-f6a8d7c708ce","waf_arn":"arn:aws:wafv2:eu-central-1:926093910549:regional/webacl/rate-limit/bee0cf89-9c9a-4fb3-a609-88a3bb2edc7e"}
2 changes: 1 addition & 1 deletion nix/cardano-services/deployments/tf-outputs/lace-prod-us-east-2.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"acm_arn":"arn:aws:acm:us-east-2:926093910549:certificate/5ecbcb9a-222f-40ed-9067-05a70e416b30","acm_dapp_arn":"arn:aws:acm:us-east-2:926093910549:certificate/2f2912ea-f2eb-4fe7-adab-080fabcda0be","waf_arn":"arn:aws:wafv2:us-east-2:926093910549:regional/webacl/rate-limit/78a416a5-74d6-4215-95eb-575dd9146a6e"}
{"accelerators":{"dev-preprod":"arn:aws:globalaccelerator::926093910549:accelerator/75241ddd-9ca6-4907-9fb4-ed6973e39563/listener/2e35ef83/endpoint-group/af197b8fb300","dev-preview":"arn:aws:globalaccelerator::926093910549:accelerator/792713c0-b902-47c1-ba82-4d38a8e06ae9/listener/18235bfe/endpoint-group/6868e24ff300","ops-preprod-1":"arn:aws:globalaccelerator::926093910549:accelerator/3c1f8a14-aa0b-4114-b287-33ea56f0ddcb/listener/51576def/endpoint-group/73ad3825b300"},"acm_arn":"arn:aws:acm:us-east-2:926093910549:certificate/5ecbcb9a-222f-40ed-9067-05a70e416b30","acm_dapp_arn":"arn:aws:acm:us-east-2:926093910549:certificate/2f2912ea-f2eb-4fe7-adab-080fabcda0be","waf_arn":"arn:aws:wafv2:us-east-2:926093910549:regional/webacl/rate-limit/78a416a5-74d6-4215-95eb-575dd9146a6e"}

0 comments on commit 3630c5c

Please sign in to comment.