Skip to content

Commit

Permalink
fix: networking mainnet fixes and ecr lcps (#5015)
Browse files Browse the repository at this point in the history
  • Loading branch information
carlomazzaferro authored Oct 16, 2023
1 parent 9da3cf5 commit 11c4e62
Show file tree
Hide file tree
Showing 7 changed files with 102 additions and 105 deletions.
5 changes: 0 additions & 5 deletions ops/mainnet/prod/backend/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,6 @@ module "postgrest" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = "postgrest/postgrest:v10.0.0.20221011"
Expand Down Expand Up @@ -150,7 +149,6 @@ module "sdk-server" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = var.full_image_name_sdk_server
Expand Down Expand Up @@ -304,7 +302,4 @@ module "ecs" {
environment = var.environment
domain = var.domain
ecs_cluster_name_prefix = "nxtp-ecs"
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
public_subnets = module.network.public_subnets
}
31 changes: 10 additions & 21 deletions ops/mainnet/prod/core/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ module "router_subscriber" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = var.full_image_name_router_subscriber
Expand Down Expand Up @@ -64,7 +63,6 @@ module "router_publisher" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = var.full_image_name_router_publisher
Expand Down Expand Up @@ -94,7 +92,6 @@ module "router_executor" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = var.full_image_name_router_executor
Expand Down Expand Up @@ -124,8 +121,7 @@ module "router_web3signer" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
lb_subnets = module.network.private_subnets
docker_image = "ghcr.io/connext/web3signer:latest"
container_family = "router-web3signer"
health_check_path = "/upcheck"
Expand Down Expand Up @@ -167,7 +163,6 @@ module "sequencer_server" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
docker_image = var.full_image_name_sequencer_server
container_family = "sequencer"
Expand Down Expand Up @@ -196,7 +191,6 @@ module "sequencer_publisher" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
docker_image = var.full_image_name_sequencer_publisher
container_family = "sequencer-publisher"
Expand Down Expand Up @@ -236,7 +230,6 @@ module "sequencer_subscriber" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = var.full_image_name_sequencer_subscriber
Expand Down Expand Up @@ -278,8 +271,7 @@ module "sequencer_web3signer" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
lb_subnets = module.network.private_subnets
docker_image = "ghcr.io/connext/web3signer:latest"
container_family = "sequencer-web3signer"
health_check_path = "/upcheck"
Expand Down Expand Up @@ -311,7 +303,7 @@ module "lighthouse_prover_cron" {
timeout = 300
memory_size = 10240
lambda_in_vpc = true
private_subnets = module.network.private_subnets
subnet_ids = module.network.private_subnets
lambda_security_groups = flatten([module.network.allow_all_sg, module.network.ecs_task_sg])

}
Expand All @@ -327,7 +319,6 @@ module "lighthouse_prover_subscriber" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
internal_lb = false
docker_image = var.full_image_name_lighthouse_prover_subscriber
Expand Down Expand Up @@ -407,7 +398,6 @@ module "relayer" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
docker_image = var.full_image_name_relayer
container_family = "relayer"
Expand Down Expand Up @@ -437,8 +427,7 @@ module "relayer_web3signer" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
lb_subnets = module.network.private_subnets
docker_image = "ghcr.io/connext/web3signer:latest"
container_family = "relayer-web3signer"
health_check_path = "/upcheck"
Expand Down Expand Up @@ -467,7 +456,6 @@ module "watcher" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
docker_image = var.full_image_name_watcher
container_family = "watcher"
Expand Down Expand Up @@ -497,8 +485,7 @@ module "watcher_web3signer" {
execution_role_arn = data.aws_iam_role.ecr_admin_role.arn
cluster_id = module.ecs.ecs_cluster_id
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
lb_subnets = module.network.public_subnets
lb_subnets = module.network.private_subnets
docker_image = "ghcr.io/connext/web3signer:latest"
container_family = "watcher-web3signer"
health_check_path = "/upcheck"
Expand Down Expand Up @@ -542,9 +529,6 @@ module "ecs" {
environment = var.environment
domain = var.domain
ecs_cluster_name_prefix = "nxtp-ecs"
vpc_id = module.network.vpc_id
private_subnets = module.network.private_subnets
public_subnets = module.network.public_subnets
}

module "sequencer_cache" {
Expand Down Expand Up @@ -593,3 +577,8 @@ module "lighthouse_cache" {
cache_subnet_group_subnet_ids = module.network.public_subnets
node_type = "cache.r4.large"
}

module "ecr-lcp" {
source = "../../../modules/ecr-lcp"
repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
}
77 changes: 77 additions & 0 deletions ops/modules/ecr-lcp/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
resource "aws_ecr_lifecycle_policy" "remove_old_images" {
for_each = toset(var.repository_names)
repository = each.value

policy = <<EOF
{
"rules": [
{
"rulePriority": 1,
"description": "Expire main images that are not the last 50",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["main-"],
"countType": "imageCountMoreThan",
"countNumber": 50
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 2,
"description": "Expire staging images that are not the last 20",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["staging-"],
"countType": "imageCountMoreThan",
"countNumber": 20
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 3,
"description": "Expire testnet-prod images that are not the last 10",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["testnet-prod-"],
"countType": "imageCountMoreThan",
"countNumber": 10
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 4,
"description": "Expire prod images that are not the last 5",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["prod-"],
"countType": "imageCountMoreThan",
"countNumber": 5
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 6,
"description": "Expire images older than 60 days",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["main-", "staging-", "testnet-prod", "prod-"],
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 180
},
"action": {
"type": "expire"
}
}
]
}
EOF
}
4 changes: 4 additions & 0 deletions ops/modules/ecr-lcp/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
variable "repository_names" {
description = "ECR repository names"
type = list(string)
}
79 changes: 0 additions & 79 deletions ops/modules/ecr/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,85 +3,6 @@ resource "aws_ecr_repository" "name" {
name = each.value
}

resource "aws_ecr_lifecycle_policy" "remove_old_images" {
for_each = aws_ecr_repository.name
repository = each.value.name

policy = <<EOF
{
"rules": [
{
"rulePriority": 1,
"description": "Expire main images that are not the last 50",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["main-"],
"countType": "imageCountMoreThan",
"countNumber": 50
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 2,
"description": "Expire staging images that are not the last 20",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["staging-"],
"countType": "imageCountMoreThan",
"countNumber": 20
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 3,
"description": "Expire testnet-prod images that are not the last 10",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["testnet-prod-"],
"countType": "imageCountMoreThan",
"countNumber": 10
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 4,
"description": "Expire prod images that are not the last 5",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["prod-"],
"countType": "imageCountMoreThan",
"countNumber": 5
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 6,
"description": "Expire images older than 60 days",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["main-", "staging-", "testnet-prod", "prod-"],
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 180
},
"action": {
"type": "expire"
}
}
]
}
EOF
}


resource "aws_ecr_replication_configuration" "this" {
replication_configuration {

Expand Down
5 changes: 5 additions & 0 deletions ops/testnet/prod/core/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -519,3 +519,8 @@ module "lighthouse_cache" {
cache_subnet_group_subnet_ids = module.network.public_subnets
node_type = "cache.r4.large"
}

module "ecr-lcp" {
source = "../../../modules/ecr-lcp"
repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
}
6 changes: 6 additions & 0 deletions ops/testnet/staging/core/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -565,3 +565,9 @@ module "lighthouse_cache" {
vpc_id = module.network.vpc_id
cache_subnet_group_subnet_ids = module.network.public_subnets
}


module "ecr-lcp" {
source = "../../../modules/ecr-lcp"
repository_names = ["nxtp-cartographer", "nxtp-lighthouse", "postgrest"]
}

0 comments on commit 11c4e62

Please sign in to comment.