Skip to content

Infrastructure provisioning for Circles

License

Notifications You must be signed in to change notification settings

CirclesUBI/circles-iac

Repository files navigation

circles-iac

Infrastructure provisioning for Circles


Setup and deployment infrastructure using Terraform and Helm to manage volumes and Circles services with Kubernetes on DigitalOcean.

Requirements

Overview

  • do-infra-setup: Terraform files to deploy Circles staging and production infrastructure on DigitalOcean
  • helm/circles-infra-suite: Helm chart and templates to deploy Circles services from Docker images
  • secrets: Helpers to create secrets on Kubernetes cluster

Usage

Setup

  1. Use terraform do-infra-setup to provision a Kubernetes cluster, PostgreSQL database, NFS Provisioner, Ingress controller and LetsEncrypt issuer on DigitalOcean
  2. Create required secrets via secrets helper tools
  3. Use helm helm/circles-infra-suite to deploy Circles services on Kubernetes cluster

Deployment of new services

  1. Follow all steps to create new releases and docker images of circles-api and safe-relay-service.
  2. Make sure the docker images are uploaded and ready in the Digital Ocean registry, this might take a few minutes.
  3. Change the values in the regarding imageTag field for staging and production to the versions you want to release.
  4. Make sure you're using the right Kubernetes context (staging / production cluster) via kubectl config current-context. You can switch the context via kubectl config use-context <name>.
  5. Run ./helm-upgrade.sh <production|staging> to apply the changes on the Kubernetes cluster.

Secrets

This setup requires the following Secret objects to be created on the Kubernetes cluster. Check secrets for further helper tools to maintain secrets:

relayer:

  • SAFE_FUNDER_PRIVATE_KEY: Wallet with funds to pay for Safe creation
  • SAFE_TX_SENDER_PRIVATE_KEY: Wallet with funds to pay for transactions
  • DJANGO_SECRET_KEY: Hashing salt for Relayer Django app

aws:

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY

db:

  • POSTGRES_HOST
  • POSTGRES_PASSWORD
  • POSTGRES_PORT
  • POSTGRES_USER

Images registry

Circles repositories automatically build and upload Docker images of their latest versions. These images are available in our DigitalOcean registry and publicly on DockerHub.

Provisioning via docker-compose

In case you don't want to deploy Circles infrastructure with DigitalOcean and Kubernetes you can have a look at our circles-docker repository which allows a similar setup with docker-compose for local development and easier production server deployments.

License

GNU Affero General Public License v3.0 AGPL-3.0