celo-org · alvarof2 · Nov 15, 2023 · Nov 9, 2023 · Nov 9, 2023 · Nov 10, 2023
@@ -0,0 +1,2 @@
+---
+---
@@ -17,7 +17,7 @@ image:
   pullPolicy: Always
   # -- Image tag
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "odis-combiner-3.3.1"
+  tag: "odis-combiner-3.3.2"
 
 # -- Image pull secrets
 imagePullSecrets: []
@@ -62,7 +62,7 @@ env:
     # -- Env. Var DOMAIN_KEYS_VERSIONS
     domainKeysVersions: '[{"keyVersion":1,"threshold":2,"polynomial":"0200000000000000f99af1c8fbcb0a15945ff0f23f0e93b86c101f48250c911b4ab4b15004723f93eea98c8ffd4e166535757b46c0522a0167a40224c88ba43c13685bf2f159e63394416cb41432b320e69e3e0810aa8fa1e1b0c7dcc948fc5742f2b8d752b65081f10d83821b4e2cf90b56cc4fc8c98dc00e5f24f2c5b53fa8ad7c2ebd3963c9223cf95209692d267a4f8084edfc0b5f01f7a31d82bf5421c544b6258749c691b79e6f36d9ba963ead6f25b9986b6bcb7d45b5edb33a616af630b4ce17bf552c81","pubKey":"+ZrxyPvLChWUX/DyPw6TuGwQH0glDJEbSrSxUARyP5PuqYyP/U4WZTV1e0bAUioBZ6QCJMiLpDwTaFvy8VnmM5RBbLQUMrMg5p4+CBCqj6HhsMfcyUj8V0LyuNdStlCB"},{"keyVersion":2,"threshold":2,"polynomial":"0200000000000000f99af1c8fbcb0a15945ff0f23f0e93b86c101f48250c911b4ab4b15004723f93eea98c8ffd4e166535757b46c0522a0167a40224c88ba43c13685bf2f159e63394416cb41432b320e69e3e0810aa8fa1e1b0c7dcc948fc5742f2b8d752b65081f10d83821b4e2cf90b56cc4fc8c98dc00e5f24f2c5b53fa8ad7c2ebd3963c9223cf95209692d267a4f8084edfc0b5f01f7a31d82bf5421c544b6258749c691b79e6f36d9ba963ead6f25b9986b6bcb7d45b5edb33a616af630b4ce17bf552c81","pubKey":"+ZrxyPvLChWUX/DyPw6TuGwQH0glDJEbSrSxUARyP5PuqYyP/U4WZTV1e0bAUioBZ6QCJMiLpDwTaFvy8VnmM5RBbLQUMrMg5p4+CBCqj6HhsMfcyUj8V0LyuNdStlCB"}]'
     # -- Env. Var DOMAIN_ODIS_SERVICES_SIGNERS
-    domainOdisServicesSigners: '[{"url": "https://odis-alfajores-signer2.azurefd.net"},{"url": "https://odis-alfajores-signer3.azurefd.net"},{"url": "https://odis-alfajores-signer-1-b.azurefd.net"}]'
+    domainOdisServicesSigners: '[{"url": "http://odis-signer0-alfajores.odis-signer0-alfajores:3000"},{"url": "http://odis-signer1-alfajores.odis-signer1-alfajores:3000"},{"url": "http://odis-signer2-alfajores.odis-signer2-alfajores:3000"}]'
     # -- Env. Var DOMAIN_ODIS_SERVICES_TIMEOUT_MILLISECONDS
     domainOdisServicesTimeoutMillisecond: "5000"
     # -- Env. Var DOMAIN_SERVICE_NAME
@@ -87,7 +87,7 @@ env:
     # -- Env. Var PNP_MOCK_DECK
     pnpMockDeck: "0xbf8a2b73baf8402f8fe906ad3f42b560bf14b39f7df7797ece9e293d6f162188"
     # -- Env. Var PNP_ODIS_SERVICES_SIGNERS
-    pnpOdisServicesSigners: '[{"url": "https://odis-alfajores-signer2.azurefd.net"},{"url": "https://odis-alfajores-signer3.azurefd.net"},{"url": "https://odis-alfajores-signer-1-b.azurefd.net"}]'
+    pnpOdisServicesSigners: '[{"url": "http://odis-signer0-alfajores.odis-signer0-alfajores:3000"},{"url": "http://odis-signer1-alfajores.odis-signer1-alfajores:3000"},{"url": "http://odis-signer2-alfajores.odis-signer2-alfajores:3000"}]'
     # -- Env. Var PNP_ODIS_SERVICES_TIMEOUT_MILLISECONDS
     pnpOdisServicesTimeoutMilliseconds: "5000"
     # -- Env. Var PNP_SERVICE_NAME
@@ -143,32 +143,32 @@ ingress:
 
 # -- Liveness probe configuration
 livenessProbe:
-  timeoutSeconds: 30
-  initialDelaySeconds: 60
+  timeoutSeconds: 60
+  initialDelaySeconds: 90
   httpGet:
     path: /status
     port: http
 
 # -- Readiness probe configuration
 readinessProbe:
-  timeoutSeconds: 30
-  initialDelaySeconds: 60
+  timeoutSeconds: 60
+  initialDelaySeconds: 90
   httpGet:
     path: /status
     port: http
 
 # -- Container resources
-resources: {}
+resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   # limits:
   #   cpu: 100m
   #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+  requests:
+    cpu: 2000m
+    memory: 1Gi
 
 autoscaling:
   # -- Enable autoscaling
@@ -182,10 +182,15 @@ autoscaling:
   # targetMemoryUtilizationPercentage: 80
 
 # -- Kubernetes node selector
-nodeSelector: {}
+nodeSelector:
+  node.kubernetes.io/instance-type: e2-standard-4
 
 # -- Kubernetes tolerations
-tolerations: []
+tolerations:
+  - key: "service"
+    operator: "Equal"
+    value: "odis"
+    effect: "NoSchedule"
 
 # -- Kubernetes pod affinity
 affinity: {}
@@ -17,7 +17,7 @@ image:
   pullPolicy: Always
   # -- Image tag
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "odis-combiner-3.3.1"
+  tag: "odis-combiner-3.3.2"
 
 # -- Image pull secrets
 imagePullSecrets: []
@@ -35,7 +35,7 @@ env:
     # -- Enable tracing
     enabled: true
     # -- Env. Var TRACER_ENDPOINT. If enabled is false, will not be added to the deployment.
-    endpoint: "https://grafana-agent.odis-mainnet-signer-westus2.celo-networks-dev.org/api/traces"
+    endpoint: "http://grafana-agent.monitoring:14268/api/traces"
     # -- Env. Var TRACING_SERVICE_NAME. If enabled is false, will not be added to the deployment.
     serviceName: "odis-combiner-mainnet-k8s"
   log:
@@ -62,7 +62,7 @@ env:
     # -- Env. Var DOMAIN_KEYS_VERSIONS
     domainKeysVersions: '[{"keyVersion":1,"threshold":5,"polynomial":"05000000000000002d7e2d2e2b989bc81e677ced987ee8216cf8a215eddde3d14ddf416c6f513bce8d32b0297e58a888ecca62d22cca3100d2e6ab9d7f049a8fa5b936386f0116a60643c8f604e9431602805a641772e8d0cc800c526dd36d69012ae757c18c250029d97c8a3d4b81e305780b49d511c80dc3009c02b8f651a06c8ec2d5530937a1f7eadf730ad46762a4c089bbd973a000ba77717ec36ebb6fd58904b444a6cde7dd3b3b7ac6fa37f9cd8d00aa67e7cfe81adee5ed45218f7f78b4f8473b564601f4361d228dc6dabf7decd3f61f5bb0ad2c7bd7fe5b7a88054959543e82f4deb08d4fe9af4ac775c9353e038e79f82200863ac9cb7fd6b5fa263eb9d1dead51002607f3eadac153596b671b854715bdb07bee1b0bc8d5178f0dac1b4d00ed0700f46e37135e96604d389f3a323028e29b07f36279e829da00eee1794f3ad6e5dca24eba65a7821755cc464add27c7a601c7e187756e79a5ec3c847f4d91b037fe3cd40590fc1a46b46c2f68c0edcbe5cd7727162a195a711008e4e956eb8a81011b290057cee3f14b9a4198a3e9909cac69a9e7d648fa3dd185794acc4c1e4b994637dca36621d463b42e015115ac2c015fc176d8f143bf99cca654ae95a3101afbdc0c5026f95fbf31af1ac115399f5b6b6d1de09af367745415be9533f8c080","pubKey":"LX4tLiuYm8geZ3ztmH7oIWz4ohXt3ePRTd9BbG9RO86NMrApflioiOzKYtIsyjEA0uarnX8Emo+luTY4bwEWpgZDyPYE6UMWAoBaZBdy6NDMgAxSbdNtaQEq51fBjCUA"}]'
     # -- Env. Var DOMAIN_ODIS_SERVICES_SIGNERS
-    domainOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "https://mainnet-pgpnp-brazilsouth.azurefd.net"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]'
+    domainOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "http://odis-signer0-mainnet.odis-signer0-mainnet:3000"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]'
     # -- Env. Var DOMAIN_ODIS_SERVICES_TIMEOUT_MILLISECONDS
     domainOdisServicesTimeoutMillisecond: "5000"
     # -- Env. Var DOMAIN_SERVICE_NAME
@@ -87,7 +87,7 @@ env:
     # -- Env. Var PNP_MOCK_DECK
     pnpMockDeck: "0xbf8a2b73baf8402f8fe906ad3f42b560bf14b39f7df7797ece9e293d6f162188"
     # -- Env. Var PNP_ODIS_SERVICES_SIGNERS
-    pnpOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "https://mainnet-pgpnp-brazilsouth.azurefd.net"},{"url": "https://mainnet-pgpnp-eastasia.azurefd.net"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]'
+    pnpOdisServicesSigners: '[{"url": "https://odis.vladiatorlabs.io"},{"url": "http://odis-signer0-mainnet.odis-signer0-mainnet:3000"},{"url": "http://odis-signer1-mainnet.odis-signer1-mainnet:3000"},{"url": "https://phone.chainlayerattestations.com"},{"url": "https://pnprivacy.wotrust.us"},{"url": "https://pgpnp.census.works"},{"url": "https://odis.keyko.rocks"},{"url": "https://odis.celo.spruceid.xyz"}]'
     # -- Env. Var PNP_ODIS_SERVICES_TIMEOUT_MILLISECONDS
     pnpOdisServicesTimeoutMilliseconds: "5000"
     # -- Env. Var PNP_SERVICE_NAME
@@ -158,17 +158,17 @@ readinessProbe:
     port: http
 
 # -- Container resources
-resources: {}
+resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   # limits:
   #   cpu: 100m
   #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+  requests:
+    cpu: 2000m
+    memory: 1Gi
 
 autoscaling:
   # -- Enable autoscaling
@@ -182,10 +182,15 @@ autoscaling:
   # targetMemoryUtilizationPercentage: 80
 
 # -- Kubernetes node selector
-nodeSelector: {}
+nodeSelector:
+  node.kubernetes.io/instance-type: e2-standard-4
 
 # -- Kubernetes tolerations
-tolerations: []
+tolerations:
+  - key: "service"
+    operator: "Equal"
+    value: "odis"
+    effect: "NoSchedule"
 
 # -- Kubernetes pod affinity
 affinity: {}
@@ -17,7 +17,7 @@ image:
   pullPolicy: Always
   # -- Image tag
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "odis-combiner-3.3.1"
+  tag: "odis-combiner-3.3.2"
 
 # -- Image pull secrets
 imagePullSecrets: []

@@ -29,23 +29,31 @@ ODIS signer is deployed in the following clusters:
 
 - Staging: cluster `integration-tests`
   - Signer0 in namespace `odis-signer0-staging` with this [`values-signer0-staging.yaml` file](./values/staging/values-signer0-staging.yaml).
-    - URL: `http://odis-signer0-staging.odis-signer0-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL internal: `http://odis-signer0-staging.odis-signer0-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer0-staging.integration-tests.celo-networks-dev.org`.
   - Signer1 in namespace `odis-signer1-staging` with this [`values-signer1-staging.yaml` file](./values/staging/values-signer1-staging.yaml).
     - URL: `http://odis-signer1-staging.odis-signer1-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer1-staging.integration-tests.celo-networks-dev.org`.
   - Signer2 in namespace `odis-signer2-staging` with this [`values-signer2-staging.yaml` file](./values/staging/values-signer2-staging.yaml).
     - URL: `http://odis-signer2-staging.odis-signer2-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer2-staging.integration-tests.celo-networks-dev.org`.
 - Alfajores: cluster `alfajores`
   - Signer0 in namespace `odis-signer0-alfajores` with this [`values-signer0-alfajores.yaml` file](./values/alfajores/values-signer0-alfajores.yaml).
     - URL: `http://odis-signer0-alfajores.odis-signer0-alfajores:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer0-alfajores.alfajores.celo-testnet.org`.
   - Signer1 in namespace `odis-signer1-alfajores` with this [`values-signer1-alfajores.yaml` file](./values/alfajores/values-signer1-alfajores.yaml).
     - URL: `http://odis-signer1-staging.odis-signer1-staging:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer1-alfajores.alfajores.celo-testnet.org`.
   - Signer2 in namespace `odis-signer2-alfajores` with this [`values-signer2-alfajores.yaml` file](./values/alfajores/values-signer2-alfajores.yaml).
     - URL: `http://odis-signer2-alfajores.odis-signer2-alfajores:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer2-alfajores.alfajores.celo-testnet.org`.
 - Mainnet: cluster `rc1-europe-west1`
-  - Signer0 in namespace `odis-signer0-mainnet` with this [`values-signer0-mainnet.yaml` file](./values/mainnet/values-signer0-mainnet.yaml).
+  - Signer0 in namespace `odis-signer0-mainnet` with this [`values-signer0-mainnet.yaml` file](./values/mainnet/values-signer0-mainnet.yaml). **This signer has the same key as `odis-mainnet-brazilsouth-a-v2`.**
     - URL: `http://odis-signer0-mainnet.odis-signer0-mainnet:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
-  - Signer1 in namespace `odis-signer1-mainnet` with this [`values-signer1-mainnet.yaml` file](./values/mainnet/values-signer1-mainnet.yaml).
+    - URL external: `https://odis-signer0-mainnet.rc1-europe-west1.celo-testnet.org`.
+  - Signer1 in namespace `odis-signer1-mainnet` with this [`values-signer1-mainnet.yaml` file](./values/mainnet/values-signer1-mainnet.yaml). **This signer has the same key as `odis-mainnet-eastasia-a-v2`.**
     - URL: `http://odis-signer1-mainnet.odis-signer1-mainnet:3000`. :warning: This is a URL internal to the cluster (i.e. not accessible from outside)!!
+    - URL external: `https://odis-signer1-mainnet.rc1-europe-west1.celo-testnet.org`.
 
 ### Modifying the deployment
 

@@ -1,4 +1,15 @@
-affinity: {}
+affinity:
+  podAntiAffinity: 
+    preferredDuringSchedulingIgnoredDuringExecution: 
+    - weight: 100  
+      podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: app.kubernetes.io/name
+            operator: In 
+            values:
+            - odis-signer
+        topologyKey: kubernetes.io/hostname
 autoscaling:
   enabled: false
   maxReplicas: 3
@@ -20,6 +31,8 @@ env:
     type: postgres
     useSsl: false
     username: cLabs
+    poolMaxSize: 100
+    timeout: 10000
   keystore:
     domainsKeyLatestVersion: null
     domainsKeyNameBase: odis-signer0-alfajores-domains
@@ -33,38 +46,57 @@ env:
     level: trace
   odis:
     mockDek: 0x034846bc781cacdafc66f3a77aa9fc3c56a9dadcd683c72be3c446fee8da041070
-    odisSignerTimeout: "6000"
+    odisSignerTimeout: "10000"
     shouldMockAccountService: "false"
     shouldMockRequestService: "false"
-    testQuotaBypassPercentage: "50"
+    fullNodeTimeoutMs: 10000
   tracing:
     enabled: true
     endpoint: "http://grafana-agent.monitoring:14268/api/traces"
     serviceName: "odis-signer0-alfajores-k8s"
 fullnameOverride: ""
 image:
   pullPolicy: Always
-  repository: us.gcr.io/celo-testnet/celo-monorepo
-  tag: oblivious-decentralized-identifier-service-3.0.1
+  repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer
+  tag: "odis-signer-3.1.1"
 imagePullSecrets: []
 ingress:
-  annotations: {}
-  className: nginx
-  enabled: false
-  hosts: []
-  tls: []
+  enabled: true
+  className: "nginx"
+  annotations:
+    kubernetes.io/tls-acme: "true"
+  hosts: 
+    - host: odis-signer0-alfajores.alfajores.celo-testnet.org
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: odis-signer0-alfajores.alfajores.celo-testnet.org-tls
+      hosts:
+        - odis-signer0-alfajores.alfajores.celo-testnet.org
 livenessProbe: {}
 nameOverride: ""
-nodeSelector: {}
-podAnnotations: {}
+nodeSelector:
+  node.kubernetes.io/instance-type: e2-standard-4
+podAnnotations:
+  prometheus.io/path: /metrics
+  prometheus.io/port: "3000"
+  prometheus.io/scrape: "true"
 podSecurityContext: {}
 readinessProbe: {}
 replicaCount: 1
-resources: {}
+resources:
+  requests:
+    cpu: 1000m
+    memory: 1Gi
 securityContext: {}
 serviceAccount:
   annotations:
     iam.gke.io/gcp-service-account: odis-signer0-alfajores@celo-testnet-production.iam.gserviceaccount.com
   create: true
   name: ""
-tolerations: []
+tolerations:
+  - key: "service"
+    operator: "Equal"
+    value: "odis"
+    effect: "NoSchedule"