Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add protected automated deployment to environments #1382

Open
wants to merge 13 commits into
base: master
Choose a base branch
from

Conversation

ce0la
Copy link
Contributor

@ce0la ce0la commented Jul 23, 2024

chore: Remove kubeconfig dependency (@gytis-ivaskevicius commit)
chore: Add workflow for protected auto deployments (extra configuration done in repo > settings > environments)

Context

Reason for the change? If an issue exists, reference it here using a keyword

Proposed Solution

Important Changes Introduced

Copy link

github-actions bot commented Jul 23, 2024

dev-preview@us-east-1 would change:

dev-preview, dev-preview-cardanojs-backend, Deployment (apps) would change:

  # Source: cardanojs/templates/backend-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: backend
      network: preview
      release: dev-preview-cardanojs
    name: dev-preview-cardanojs-backend
  spec:
    selector:
      matchLabels:
        app: backend
        network: preview
        release: dev-preview-cardanojs
    template:
      metadata:
        labels:
          app: backend
          network: preview
          release: dev-preview-cardanojs
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: BUILD_INFO
-           value: '{"lastModifiedDate":"20240830064857","rev":"2da68e66341ecffe674009009a11d28d7e4a6d48","shortRev":"2da68e6"}'
+           value: '{"lastModifiedDate":"20240830080447","rev":"8129cd50c885e95af591c5929a2f9004ec311237","shortRev":"8129cd5"}'
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: HANDLE_PROVIDER_SERVER_URL
            value: https://preview.api.handle.me
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preview
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preview-cardano-core.dev-preview.svc.cluster.local
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_DB_HANDLE
            value: handle
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-preview-postgresql
          - name: POSTGRES_HOST_HANDLE
            value: dev-preview-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-preview-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PASSWORD_HANDLE
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-preview-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "50"
          - name: POSTGRES_POOL_MAX_HANDLE
            value: "10"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_PORT_HANDLE
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_CA_FILE_HANDLE
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_SSL_HANDLE
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-preview-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_USER_HANDLE
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-preview-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: asset,network-info,rewards,stake-pool,tx-submit,utxo
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-preview-cardano-stack-metadata.dev-preview.svc.cluster.local
          - name: USE_BLOCKFROST
            value: "true"
          - name: USE_KORA_LABS
            value: "true"
          image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            periodSeconds: 60
            timeoutSeconds: 30
          name: backend
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1500m
              memory: 512Mi
            requests:
              cpu: 1000m
              memory: 350Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert
dev-preprod@us-east-1@v2 would change:

dev-preprod, dev-preprod-cardanojs-v2-asset-projector, Deployment (apps) would change:

  # Source: cardanojs/templates/asset-projector-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: asset-projector
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-asset-projector
  spec:
    selector:
      matchLabels:
        app: asset-projector
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: asset-projector
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-projector
          env:
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: POSTGRES_DB
            value: asset
          - name: POSTGRES_HOST
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: asset-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX
            value: "2"
          - name: POSTGRES_PORT
            value: "5432"
          - name: POSTGRES_SSL
            value: "true"
          - name: POSTGRES_SSL_CA_FILE
            value: /tls/ca.crt
          - name: POSTGRES_USER
            valueFrom:
              secretKeyRef:
                key: username
                name: asset-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: PROJECTION_NAMES
            value: asset
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: asset-projector
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 700m
              memory: 300Mi
            requests:
              cpu: 700m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-backend, Deployment (apps) would change:

  # Source: cardanojs/templates/backend-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: backend
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-backend
  spec:
    selector:
      matchLabels:
        app: backend
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: backend
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: BUILD_INFO
-           value: '{"extra":{"narHash":"sha256-mnjbC6oP6okqnc4dl2RGFwmLE5o4zzAEQosSF2yA7Bg=","path":"/nix/store/m1qci7pz01r6pqbvrxav4n4v683137jx-source","sourceInfo":"/nix/store/m1qci7pz01r6pqbvrxav4n4v683137jx-source"},"lastModified":1724406937,"lastModifiedDate":"20240823095537","rev":"92ea4d9cdbaa93bae54b0409826b571712685f60","shortRev":"92ea4d9"}'
+           value: '{"lastModifiedDate":"20240830080447","rev":"8129cd50c885e95af591c5929a2f9004ec311237","shortRev":"8129cd5"}'
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: HANDLE_PROVIDER_SERVER_URL
            value: https://preprod.api.handle.me
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_DB_HANDLE
            value: handle
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-preprod-postgresql
          - name: POSTGRES_HOST_HANDLE
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PASSWORD_HANDLE
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "50"
          - name: POSTGRES_POOL_MAX_HANDLE
            value: "10"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_PORT_HANDLE
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_CA_FILE_HANDLE
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_SSL_HANDLE
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_USER_HANDLE
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: asset,network-info,rewards,stake-pool,tx-submit,utxo
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-preprod-cardano-stack-metadata.dev-preprod.svc.cluster.local
          - name: USE_BLOCKFROST
            value: "true"
          - name: USE_KORA_LABS
            value: "true"
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            periodSeconds: 60
            timeoutSeconds: 30
          name: backend
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1500m
              memory: 512Mi
            requests:
              cpu: 1000m
              memory: 350Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-blockfrost-worker, Deployment (apps) would change:

  # Source: cardanojs/templates/blockfrost-worker-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: blockfrost-worker
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-blockfrost-worker
  spec:
    selector:
      matchLabels:
        app: blockfrost-worker
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: blockfrost-worker
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-blockfrost-worker
          env:
          - name: BLOCKFROST_API_KEY
            valueFrom:
              secretKeyRef:
                key: api-key
                name: blockfrost
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: blockfrost-worker
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 500m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-chain-history-provider, Deployment (apps) would change:

  # Source: cardanojs/templates/chain-history-provider-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: chain-history-provider
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-chain-history-provider
  spec:
    selector:
      matchLabels:
        app: chain-history-provider
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: chain-history-provider
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "50"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: chain-history
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-preprod-cardano-stack-metadata.dev-preprod.svc.cluster.local
          - name: USE_BLOCKFROST
            value: "true"
          - name: USE_KORA_LABS
            value: "true"
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: chain-history-provider
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1200m
              memory: 300Mi
            requests:
              cpu: 1000m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-handle-projector, Deployment (apps) would change:

  # Source: cardanojs/templates/handle-projector-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: handle-projector
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-handle-projector
  spec:
    selector:
      matchLabels:
        app: handle-projector
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: handle-projector
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-projector
          env:
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: POSTGRES_DB
            value: handle
          - name: POSTGRES_HOST
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX
            value: "2"
          - name: POSTGRES_PORT
            value: "5432"
          - name: POSTGRES_SSL
            value: "true"
          - name: POSTGRES_SSL_CA_FILE
            value: /tls/ca.crt
          - name: POSTGRES_USER
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: PROJECTION_NAMES
            value: handle
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: handle-projector
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1000m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-handle-provider, Deployment (apps) would change:

  # Source: cardanojs/templates/handle-provider-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: handle-provider
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-handle-provider
  spec:
    selector:
      matchLabels:
        app: handle-provider
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: handle-provider
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: POSTGRES_DB_HANDLE
            value: handle
          - name: POSTGRES_HOST_HANDLE
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_HANDLE
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_HANDLE
            value: "10"
          - name: POSTGRES_PORT_HANDLE
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_HANDLE
            value: /tls/ca.crt
          - name: POSTGRES_SSL_HANDLE
            value: "true"
          - name: POSTGRES_USER_HANDLE
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: handle
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: handle-provider
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 500m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-pg-boss-worker, Deployment (apps) would change:

  # Source: cardanojs/templates/pgboss-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: pg-boss-worker
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-pg-boss-worker
  spec:
    selector:
      matchLabels:
        app: pg-boss-worker
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: pg-boss-worker
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-pg-boss-worker
          env:
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: METADATA_FETCH_MODE
            value: smash
          - name: NETWORK
            value: preprod
          - name: NETWORK_INFO_PROVIDER_URL
            value: http://dev-preprod-cardanojs-v2-backend.dev-preprod.svc.cluster.local
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_DB_STAKE_POOL
            value: stakepoolv2
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-preprod-postgresql
          - name: POSTGRES_HOST_STAKE_POOL
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PASSWORD_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: password
                name: stakepoolv2-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "5"
          - name: POSTGRES_POOL_MAX_STAKE_POOL
            value: "5"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_PORT_STAKE_POOL
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_CA_FILE_STAKE_POOL
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_SSL_STAKE_POOL
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_USER_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: username
                name: stakepoolv2-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: QUEUES
            value: pool-delist-schedule,pool-metadata,pool-metrics,pool-rewards
          - name: SMASH_URL
            value: https://preprod-smash.world.dev.cardano.org/api/v1
          - name: STAKE_POOL_PROVIDER_URL
            value: http://dev-preprod-cardanojs-v2-backend.dev-preprod.svc.cluster.local
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
          name: pg-boss-worker
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 300m
              memory: 300Mi
            requests:
              cpu: 200m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          startupProbe:
            httpGet:
              path: /v1.0.0/ready
              port: 3000
            initialDelaySeconds: 80
            periodSeconds: 5
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-stake-pool-projector, Deployment (apps) would change:

  # Source: cardanojs/templates/stake-pool-projector-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: stake-pool-projector
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-stake-pool-projector
  spec:
    selector:
      matchLabels:
        app: stake-pool-projector
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: stake-pool-projector
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-projector
          env:
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: POSTGRES_DB
            value: stakepoolv2
          - name: POSTGRES_HOST
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: stakepoolv2-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX
            value: "2"
          - name: POSTGRES_PORT
            value: "5432"
          - name: POSTGRES_SSL
            value: "true"
          - name: POSTGRES_SSL_CA_FILE
            value: /tls/ca.crt
          - name: POSTGRES_USER
            valueFrom:
              secretKeyRef:
                key: username
                name: stakepoolv2-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: PROJECTION_NAMES
            value: stake-pool,stake-pool-metadata-job,stake-pool-metrics-job,stake-pool-rewards-job
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: stake-pool-projector
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 700m
              memory: 300Mi
            requests:
              cpu: 700m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-stake-pool-provider, Deployment (apps) would change:

  # Source: cardanojs/templates/stake-pool-provider-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: stake-pool-provider
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-stake-pool-provider
  spec:
    selector:
      matchLabels:
        app: stake-pool-provider
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: stake-pool-provider
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: preprod
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
          - name: OVERRIDE_FUZZY_OPTIONS
            value: "true"
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_STAKE_POOL
            value: stakepoolv2
          - name: POSTGRES_HOST_STAKE_POOL
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: password
                name: stakepoolv2-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_STAKE_POOL
            value: "10"
          - name: POSTGRES_PORT_STAKE_POOL
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_STAKE_POOL
            value: /tls/ca.crt
          - name: POSTGRES_SSL_STAKE_POOL
            value: "true"
          - name: POSTGRES_USER_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: username
                name: stakepoolv2-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: stake-pool
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-preprod-cardano-stack-metadata.dev-preprod.svc.cluster.local
          - name: USE_TYPEORM_STAKE_POOL_PROVIDER
            value: "true"
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: stake-pool-provider
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 500m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-ws-server, Deployment (apps) would change:

  # Source: cardanojs/templates/ws-server-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: ws-server
      network: preprod
      release: dev-preprod-cardanojs-v2
    name: dev-preprod-cardanojs-v2-ws-server
  spec:
    selector:
      matchLabels:
        app: ws-server
        network: preprod
        release: dev-preprod-cardanojs-v2
    template:
      metadata:
        labels:
          app: ws-server
          network: preprod
          release: dev-preprod-cardanojs-v2
      spec:
        containers:
        - args:
          - start-ws-server
          env:
          - name: DB_CACHE_TTL
            value: "7200"
          - name: NETWORK
            value: preprod
          - name: OGMIOS_URL
            value: ws://dev-preprod-cardano-core.dev-preprod.svc.cluster.local:1337
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-preprod-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "2"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:g5jcvwr4phhz3rfikxdjgbkvcm2z2bpw
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /health
              port: 3000
          name: ws-server
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 300m
              memory: 300Mi
            requests:
              cpu: 200m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-preprod, dev-preprod-cardanojs-v2-wallet-api-projector, Deployment (apps) has been added:

- 
+ # Source: cardanojs/templates/wallet-api-projector-deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   labels:
+     app: wallet-api-projector
+     network: preprod
+     release: dev-preprod-cardanojs-v2
+   name: dev-preprod-cardanojs-v2-wallet-api-projector
+ spec:
+   selector:
+     matchLabels:
+       app: wallet-api-projector
+       network: preprod
+       release: dev-preprod-cardanojs-v2
+   template:
+     metadata:
+       labels:
+         app: wallet-api-projector
+         network: preprod
+         release: dev-preprod-cardanojs-v2
+     spec:
+       containers:
+       - args:
+         - start-projector
+         env:
+         - name: LOGGER_MIN_SEVERITY
+           value: info
+         - name: NETWORK
+           value: preprod
+         - name: OGMIOS_SRV_SERVICE_NAME
+           value: dev-preprod-cardano-core.dev-preprod.svc.cluster.local
+         - name: POSTGRES_DB
+           value: wallet_api
+         - name: POSTGRES_HOST
+           value: dev-preprod-postgresql
+         - name: POSTGRES_PASSWORD
+           valueFrom:
+             secretKeyRef:
+               key: password
+               name: wallet-api-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
+         - name: POSTGRES_POOL_MAX
+           value: "2"
+         - name: POSTGRES_PORT
+           value: "5432"
+         - name: POSTGRES_SSL
+           value: "true"
+         - name: POSTGRES_SSL_CA_FILE
+           value: /tls/ca.crt
+         - name: POSTGRES_USER
+           valueFrom:
+             secretKeyRef:
+               key: username
+               name: wallet-api-owner-user.dev-preprod-postgresql.credentials.postgresql.acid.zalan.do
+         - name: PROJECTION_NAMES
+           value: protocol-parameters
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
+         livenessProbe:
+           httpGet:
+             path: /v1.0.0/health
+             port: 3000
+           timeoutSeconds: 5
+         name: wallet-api-projector
+         ports:
+         - containerPort: 3000
+           name: http
+         resources:
+           limits:
+             cpu: 1000m
+             memory: 300Mi
+           requests:
+             cpu: 100m
+             memory: 150Mi
+         securityContext:
+           runAsGroup: 0
+           runAsUser: 0
+         volumeMounts:
+         - mountPath: /tls
+           name: tls
+       imagePullSecrets:
+       - name: dockerconfigjson
+       volumes:
+       - name: tls
+         secret:
+           secretName: postgresql-server-cert
dev-mainnet@us-east-1 would change:

dev-mainnet, dev-mainnet-cardanojs-asset-projector, Deployment (apps) would change:

  # Source: cardanojs/templates/asset-projector-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: asset-projector
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-asset-projector
  spec:
    selector:
      matchLabels:
        app: asset-projector
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: asset-projector
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-projector
          env:
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: POSTGRES_DB
            value: asset
          - name: POSTGRES_HOST
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: asset-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX
            value: "2"
          - name: POSTGRES_PORT
            value: "5432"
          - name: POSTGRES_SSL
            value: "true"
          - name: POSTGRES_SSL_CA_FILE
            value: /tls/ca.crt
          - name: POSTGRES_USER
            valueFrom:
              secretKeyRef:
                key: username
                name: asset-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: PROJECTION_NAMES
            value: asset
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: asset-projector
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 700m
              memory: 300Mi
            requests:
              cpu: 700m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-backend, Deployment (apps) would change:

  # Source: cardanojs/templates/backend-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: backend
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-backend
  spec:
    replicas: 2
    selector:
      matchLabels:
        app: backend
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: backend
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: BUILD_INFO
-           value: '{"lastModifiedDate":"20240828104849","rev":"bcff9cab9baa7e8a37af48316d8f90215859c9d1","shortRev":"bcff9ca"}'
+           value: '{"lastModifiedDate":"20240830080447","rev":"8129cd50c885e95af591c5929a2f9004ec311237","shortRev":"8129cd5"}'
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: HANDLE_PROVIDER_SERVER_URL
            value: https://api.handle.me
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
+         - name: NODE_ENV
+           value: production
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_DB_HANDLE
            value: handle
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-mainnet-postgresql
          - name: POSTGRES_HOST_HANDLE
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PASSWORD_HANDLE
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "50"
          - name: POSTGRES_POOL_MAX_HANDLE
            value: "10"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_PORT_HANDLE
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_CA_FILE_HANDLE
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_SSL_HANDLE
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_USER_HANDLE
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: asset,network-info,rewards,stake-pool,tx-submit,utxo
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-mainnet-cardano-stack-metadata.dev-mainnet.svc.cluster.local
          - name: USE_BLOCKFROST
            value: "true"
          - name: USE_KORA_LABS
            value: "true"
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            periodSeconds: 60
            timeoutSeconds: 30
          name: backend
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1500m
              memory: 512Mi
            requests:
              cpu: 1000m
              memory: 350Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-blockfrost-worker, Deployment (apps) would change:

  # Source: cardanojs/templates/blockfrost-worker-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: blockfrost-worker
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-blockfrost-worker
  spec:
    selector:
      matchLabels:
        app: blockfrost-worker
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: blockfrost-worker
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-blockfrost-worker
          env:
          - name: BLOCKFROST_API_KEY
            valueFrom:
              secretKeyRef:
                key: api-key
                name: blockfrost
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: blockfrost-worker
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 500m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-chain-history-provider, Deployment (apps) would change:

  # Source: cardanojs/templates/chain-history-provider-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: chain-history-provider
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-chain-history-provider
  spec:
    replicas: 2
    selector:
      matchLabels:
        app: chain-history-provider
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: chain-history-provider
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
          - name: NODE_ENV
            value: production
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "50"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: chain-history
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-mainnet-cardano-stack-metadata.dev-mainnet.svc.cluster.local
          - name: USE_BLOCKFROST
            value: "true"
          - name: USE_KORA_LABS
            value: "true"
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: chain-history-provider
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1200m
              memory: 300Mi
            requests:
              cpu: 1000m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-handle-projector, Deployment (apps) would change:

  # Source: cardanojs/templates/handle-projector-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: handle-projector
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-handle-projector
  spec:
    selector:
      matchLabels:
        app: handle-projector
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: handle-projector
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-projector
          env:
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: POSTGRES_DB
            value: handle
          - name: POSTGRES_HOST
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX
            value: "2"
          - name: POSTGRES_PORT
            value: "5432"
          - name: POSTGRES_SSL
            value: "true"
          - name: POSTGRES_SSL_CA_FILE
            value: /tls/ca.crt
          - name: POSTGRES_USER
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: PROJECTION_NAMES
            value: handle
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: handle-projector
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 1000m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-handle-provider, Deployment (apps) would change:

  # Source: cardanojs/templates/handle-provider-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: handle-provider
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-handle-provider
  spec:
    selector:
      matchLabels:
        app: handle-provider
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: handle-provider
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: ENABLE_METRICS
            value: "true"
          - name: HANDLE_POLICY_IDS
            value: f0ff48bbb7bbe9d59a40f1ce90e9e9d0ff5002ec48f232b49ca0fb9a
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: POSTGRES_DB_HANDLE
            value: handle
          - name: POSTGRES_HOST_HANDLE
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_HANDLE
            valueFrom:
              secretKeyRef:
                key: password
                name: handle-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_HANDLE
            value: "10"
          - name: POSTGRES_PORT_HANDLE
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_HANDLE
            value: /tls/ca.crt
          - name: POSTGRES_SSL_HANDLE
            value: "true"
          - name: POSTGRES_USER_HANDLE
            valueFrom:
              secretKeyRef:
                key: username
                name: handle-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: handle
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: handle-provider
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 500m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-pg-boss-worker, Deployment (apps) would change:

  # Source: cardanojs/templates/pgboss-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: pg-boss-worker
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-pg-boss-worker
  spec:
    selector:
      matchLabels:
        app: pg-boss-worker
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: pg-boss-worker
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-pg-boss-worker
          env:
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: METADATA_FETCH_MODE
            value: smash
          - name: NETWORK
            value: mainnet
          - name: NETWORK_INFO_PROVIDER_URL
            value: http://dev-mainnet-cardanojs-backend.dev-mainnet.svc.cluster.local
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_DB_STAKE_POOL
            value: stakepoolv2
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-mainnet-postgresql
          - name: POSTGRES_HOST_STAKE_POOL
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_PASSWORD_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: password
                name: stakepoolv2-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "5"
          - name: POSTGRES_POOL_MAX_STAKE_POOL
            value: "5"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_PORT_STAKE_POOL
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_CA_FILE_STAKE_POOL
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_SSL_STAKE_POOL
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_USER_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: username
                name: stakepoolv2-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: QUEUES
            value: pool-delist-schedule,pool-metadata,pool-metrics,pool-rewards
          - name: SMASH_URL
            value: https://smash.cardano-mainnet.iohk.io/api/v1
          - name: STAKE_POOL_PROVIDER_URL
            value: http://dev-mainnet-cardanojs-backend.dev-mainnet.svc.cluster.local
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
          name: pg-boss-worker
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 300m
              memory: 300Mi
            requests:
              cpu: 200m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          startupProbe:
            httpGet:
              path: /v1.0.0/ready
              port: 3000
            initialDelaySeconds: 80
            periodSeconds: 5
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-stake-pool-projector, Deployment (apps) would change:

  # Source: cardanojs/templates/stake-pool-projector-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: stake-pool-projector
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-stake-pool-projector
  spec:
    selector:
      matchLabels:
        app: stake-pool-projector
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: stake-pool-projector
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-projector
          env:
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: POSTGRES_DB
            value: stakepoolv2
          - name: POSTGRES_HOST
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: stakepoolv2-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX
            value: "2"
          - name: POSTGRES_PORT
            value: "5432"
          - name: POSTGRES_SSL
            value: "true"
          - name: POSTGRES_SSL_CA_FILE
            value: /tls/ca.crt
          - name: POSTGRES_USER
            valueFrom:
              secretKeyRef:
                key: username
                name: stakepoolv2-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: PROJECTION_NAMES
            value: stake-pool,stake-pool-metadata-job,stake-pool-metrics-job,stake-pool-rewards-job
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: stake-pool-projector
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 700m
              memory: 300Mi
            requests:
              cpu: 700m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-stake-pool-provider, Deployment (apps) would change:

  # Source: cardanojs/templates/stake-pool-provider-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: stake-pool-provider
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-stake-pool-provider
  spec:
    selector:
      matchLabels:
        app: stake-pool-provider
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: stake-pool-provider
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-provider-server
          env:
          - name: ALLOWED_ORIGINS
            value: chrome-extension://gafhhkghbfjjkeiendhlofajokpaflmk,chrome-extension://efeiemlfnahiidnjglmehaihacglceia,chrome-extension://bjlhpephaokolembmpdcbobbpkjnoheb,chrome-extension://djcdfchkaijggdjokfomholkalbffgil,http://localhost/,http://localhost
          - name: DISABLE_STAKE_POOL_METRIC_APY
            value: "true"
          - name: ENABLE_METRICS
            value: "true"
          - name: LOGGER_MIN_SEVERITY
            value: info
          - name: NETWORK
            value: mainnet
+         - name: NODE_ENV
+           value: production
          - name: OGMIOS_SRV_SERVICE_NAME
            value: dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local
          - name: OVERRIDE_FUZZY_OPTIONS
            value: "true"
          - name: PAGINATION_PAGE_SIZE_LIMIT
            value: "5500"
          - name: POSTGRES_DB_STAKE_POOL
            value: stakepoolv2
          - name: POSTGRES_HOST_STAKE_POOL
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: password
                name: stakepoolv2-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_STAKE_POOL
            value: "10"
          - name: POSTGRES_PORT_STAKE_POOL
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_STAKE_POOL
            value: /tls/ca.crt
          - name: POSTGRES_SSL_STAKE_POOL
            value: "true"
          - name: POSTGRES_USER_STAKE_POOL
            valueFrom:
              secretKeyRef:
                key: username
                name: stakepoolv2-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: SERVICE_NAMES
            value: stake-pool
          - name: TOKEN_METADATA_SERVER_URL
            value: http://dev-mainnet-cardano-stack-metadata.dev-mainnet.svc.cluster.local
          - name: USE_TYPEORM_STAKE_POOL_PROVIDER
            value: "true"
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /v1.0.0/health
              port: 3000
            timeoutSeconds: 5
          name: stake-pool-provider
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 500m
              memory: 300Mi
            requests:
              cpu: 100m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

dev-mainnet, dev-mainnet-cardanojs-ws-server, Deployment (apps) would change:

  # Source: cardanojs/templates/ws-server-deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
      app: ws-server
      network: mainnet
      release: dev-mainnet-cardanojs
    name: dev-mainnet-cardanojs-ws-server
  spec:
    selector:
      matchLabels:
        app: ws-server
        network: mainnet
        release: dev-mainnet-cardanojs
    template:
      metadata:
        labels:
          app: ws-server
          network: mainnet
          release: dev-mainnet-cardanojs
      spec:
        containers:
        - args:
          - start-ws-server
          env:
          - name: DB_CACHE_TTL
            value: "7200"
          - name: NETWORK
            value: mainnet
          - name: OGMIOS_URL
            value: ws://dev-mainnet-cardano-core.dev-mainnet.svc.cluster.local:1337
          - name: POSTGRES_DB_DB_SYNC
            value: cardano
          - name: POSTGRES_HOST_DB_SYNC
            value: dev-mainnet-postgresql
          - name: POSTGRES_PASSWORD_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: password
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
          - name: POSTGRES_POOL_MAX_DB_SYNC
            value: "2"
          - name: POSTGRES_PORT_DB_SYNC
            value: "5432"
          - name: POSTGRES_SSL_CA_FILE_DB_SYNC
            value: /tls/ca.crt
          - name: POSTGRES_SSL_DB_SYNC
            value: "true"
          - name: POSTGRES_USER_DB_SYNC
            valueFrom:
              secretKeyRef:
                key: username
                name: cardano-owner-user.dev-mainnet-postgresql.credentials.postgresql.acid.zalan.do
-         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:z9wp2jxvb573blqd14cr92mr0h8qf04i
+         image: 926093910549.dkr.ecr.us-east-1.amazonaws.com/cardano-services:kyz5m0hf2i72hsbbrm4bivai20pc694v
          livenessProbe:
            httpGet:
              path: /health
              port: 3000
          name: ws-server
          ports:
          - containerPort: 3000
            name: http
          resources:
            limits:
              cpu: 300m
              memory: 300Mi
            requests:
              cpu: 200m
              memory: 150Mi
          securityContext:
            runAsGroup: 0
            runAsUser: 0
          volumeMounts:
          - mountPath: /tls
            name: tls
        imagePullSecrets:
        - name: dockerconfigjson
        volumes:
        - name: tls
          secret:
            secretName: postgresql-server-cert

@gytis-ivaskevicius gytis-ivaskevicius marked this pull request as draft July 24, 2024 08:20
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
ce0la added 3 commits July 25, 2024 07:39
chore: Remove kubeconfig dependency (@gytis-ivaskevicius commit)
chore: Add workflow for protected auto deployments (extra configuration done in repo > settings > environments)
@ce0la ce0la force-pushed the feat/automated-protected-deployments branch from d889c36 to 47e88e0 Compare July 25, 2024 06:45
@ce0la ce0la temporarily deployed to ops-preview-1 July 25, 2024 06:47 — with GitHub Actions Inactive
@ce0la ce0la temporarily deployed to ops-preview-1 July 25, 2024 06:51 — with GitHub Actions Inactive
@ce0la ce0la had a problem deploying to ops-preview-1@us-east-1 July 25, 2024 07:03 — with GitHub Actions Failure
@ce0la ce0la temporarily deployed to ops-preview-1@us-east-1 July 25, 2024 07:09 — with GitHub Actions Inactive
@ce0la ce0la changed the title Add protected automated deployment to environments (ops-preview-1 for now) Add protected automated deployment to environments Jul 25, 2024
@ce0la ce0la marked this pull request as ready for review July 25, 2024 07:40
@ce0la ce0la requested a review from gytis-ivaskevicius July 25, 2024 07:40
@ce0la
Copy link
Contributor Author

ce0la commented Jul 25, 2024

Successful deploy to ops-preview-1@us-east-1: https://github.com/input-output-hk/cardano-js-sdk/actions/runs/10089733209/job/27897743167

I am leaving the push: trigger to make it easy for anyone testing to do that. Once approved, I am going to take out the push: trigger and the ops-preview-1@us-east-1 default value in instances of {{ inputs.environment || 'ops-preview-1@us-east-1' }}.

I would also create new environments for the repository and set protection rules as appropriate; to be discussed with @bernokl.

Cc: @michalrus @gytis-ivaskevicius

.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
@ce0la ce0la temporarily deployed to ops-preview-1@us-east-1 July 26, 2024 16:47 — with GitHub Actions Inactive
@ce0la ce0la deployed to ops-preview-1@us-east-1 July 26, 2024 18:11 — with GitHub Actions Active
@ce0la ce0la requested a review from michalrus July 26, 2024 21:50
Copy link
Contributor

@gytis-ivaskevicius gytis-ivaskevicius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, has this been tested?

.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
Copy link
Member

@michalrus michalrus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great! Only 2 small changes 🙏

.github/workflows/deploy-env.yaml Outdated Show resolved Hide resolved
run: |
echo "${{ secrets.ENVRC }}" > .envrc.local
source .envrc.local
nix develop -L --command bash -c "
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It works by accident, but not the way you think (I think ^^).

It should be a single quote here, because on L52 you close this double quote right before yes, and reopen it right after. Single quotes, OTOH, will pass everything to the bash running inside the devshell.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. The purpose of using the double quotes here is to test the CI which initially failed on the single quotes due to setting a single-quoted default value for the environment variable here: ${{ inputs.environment || 'ops-preview-1@us-east-1' }}. Updated now for final reviews.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P.S: Escaping (\) the single quotes did not help.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, but ${{ inputs.environment || 'ops-preview-1@us-east-1' }} is evaluated as a very first step, it's GitHub's YAML templating. So these single quotes have nothing to do with Bash, or?

@ce0la
Copy link
Contributor Author

ce0la commented Aug 6, 2024

Looks good, has this been tested?

Yes, it works.

michalrus
michalrus previously approved these changes Aug 6, 2024
Copy link
Member

@michalrus michalrus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Thank you :)

- name: 🧰 Setup Nix
uses: cachix/install-nix-action@v21

- name: 🚀 Deploy
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, but don't we have to build the images first? 🤔 Or at least make sure they're built and pushed to ECR?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about it, it should not have push at the top and then it should be fine. We may encounter a race condition once in a while but that's probably not going to be even noticable

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I plan to take out push: once the PR is tested and cleared for merging.

Ref: #1382 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, thanks. I remember I added a check in dapp-store once, to prevent such a race condition, but they use Git commits to tag images.

@michalrus michalrus self-requested a review August 28, 2024 11:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet