fly: migrate all app variants to v2

chunkiuu · Jun 13, 2023 · 45d3281 · 45d3281
1 parent 4db8467
commit 45d3281
Show file tree

Hide file tree

Showing 5 changed files with 128 additions and 235 deletions.
diff --git a/.github/workflows/fly.yml b/.github/workflows/fly.yml
@@ -34,8 +34,8 @@ on:
         options:
         - dev
         - prod
-        - mach
-        - b1
+        - onebox
+        - flytls
       deployment-strat:
         description: "Deploy strategy"
         required: true
@@ -63,13 +63,12 @@ env:
   # local-only, remote-only (default)
   FLY_BUILDER_TYPE: ${{ github.event.inputs.builder }}
   # default fly app to deploy to (typically, dev)
-  FLY_APP: ${{ secrets.FLY_APP_NAME }}
-  FLY_PROD_APP: ${{ secrets.FLY_APP_NAME_LIVE }}
-  FLY_B1_APP: ${{ secrets.FLY_APP_NAME_B1 }}
-  FLY_MACHINES_APP: "udns"
+  FLY_APP: "rdns-dev"
+  FLY_TLS_APP: "rdns-b1"
+  FLY_PROD_ONEBOX_APP: "rdns"
+  FLY_PROD_APP: "udns"
   FLY_CFG: "fly.toml"
-  FLY_B1_CFG: "fly.tls.toml"
-  FLY_MACHINES_CFG: "fly.machines.toml"
+  FLY_TLS_CFG: "fly.tls.toml"
   FLY_DEPLOY_WAIT_SEC: "300"
 
 jobs:
@@ -91,13 +90,13 @@ jobs:
           echo "FLY_BUILDER_TYPE=${FLY_BUILDER_TYPE:-remote-only}" >> $GITHUB_ENV
         shell: bash
 
-      - name: 🔐👨‍🚒 B1 via dispatch?
+      - name: 🔐👨‍🚒 FlyTLS via dispatch?
         if: ${{ github.event_name == 'workflow_dispatch' &&
-          github.event.inputs.deployment-type == 'b1' }}
+          github.event.inputs.deployment-type == 'flytls' }}
         run: |
-          echo "FLY_APP=${FLY_B1_APP}" >> $GITHUB_ENV
-          echo "FLY_TOML=${FLY_B1_CFG}" >> $GITHUB_ENV
-          echo "::notice::Deploying B1 / ${GIT_REF} @ ${COMMIT_SHA}"
+          echo "FLY_APP=${FLY_TLS_APP}" >> $GITHUB_ENV
+          echo "FLY_TOML=${FLY_TLS_CFG}" >> $GITHUB_ENV
+          echo "::notice::Deploying FLYTLS / ${GIT_REF} @ ${COMMIT_SHA}"
         shell: bash
         env:
           COMMIT_SHA: ${{ github.sha }}
@@ -122,13 +121,12 @@ jobs:
         env:
           COMMIT_SHA: ${{ github.sha }}
 
-      - name: 🚜👨‍🚒 Machines via dispatch?
+      - name: 🚜👨‍🚒 Onebox via dispatch?
         if: ${{ github.event_name == 'workflow_dispatch' &&
-          github.event.inputs.deployment-type == 'mach' }}
+          github.event.inputs.deployment-type == 'onebox' }}
         run: |
-          echo "FLY_APP=${FLY_MACHINES_APP}" >> $GITHUB_ENV
-          echo "FLY_TOML=${FLY_MACHINES_CFG}" >> $GITHUB_ENV
-          echo "::notice::Deploying MACH / ${GIT_REF} @ ${COMMIT_SHA}"
+          echo "FLY_APP=${FLY_PROD_ONEBOX_APP}" >> $GITHUB_ENV
+          echo "::notice::Deploying 1BOX / ${GIT_REF} @ ${COMMIT_SHA}"
         shell: bash
         env:
           COMMIT_SHA: ${{ github.sha }}
@@ -154,5 +152,5 @@ jobs:
       - name: 📕 Registry
         if: success()
         run: |
-          echo "::notice::Image @ registry.fly.io/<fly-app-name>:${{ env.GIT_HEAD }}"
+          echo "::notice::Image @ registry.fly.io/${{ env.FLY_APP }}:${{ env.GIT_HEAD }}"
         shell: bash
diff --git a/fly.machines.tls.toml b/fly.machines.tls.toml
diff --git a/fly.machines.toml b/fly.machines.toml
diff --git a/fly.tls.toml b/fly.tls.toml
@@ -1,28 +1,33 @@
 app = ""
 
 kill_signal = "SIGINT"
-kill_timeout = 10
+kill_timeout = "15s"
 
 [build]
   dockerfile = "node.Dockerfile"
 
 [env]
-# offload TLS to Fly.io's load balancers
-TLS_OFFLOAD = "true"
-DENO_ENV = "production"
-NODE_ENV = "production"
-CLOUD_PLATFORM = "fly"
-LOG_LEVEL = "info"
+  # offload TLS on to fly-proxy;
+  # tls-tls_options for [[services]] must be set
+  TLS_OFFLOAD = "true"
+  NODE_ENV = "production"
+  CLOUD_PLATFORM = "fly"
+  LOG_LEVEL = "info"
+  # fly can't start vms that scale down super quickly
+  # community.fly.io/t/6091/12
+  # node proc shuts itself after this threshold
+  # MACHINES_TIMEOUT_SEC = "100"
+  # for now, using auto_start_machines / auto_stop_machines
 
 [experimental]
 auto_rollback = true
 
 # DNS over HTTPS (well, h2c and http1.1)
 [[services]]
-http_checks = []
-internal_port = 8055
-protocol = "tcp"
-script_checks = []
+  internal_port = 8055
+  protocol = "tcp"
+  auto_stop_machines = true
+  auto_start_machines = true
 
   [services.concurrency]
   hard_limit = 575
@@ -34,20 +39,23 @@ script_checks = []
   tls_options = { alpn = ["h2", "http/1.1"] }
   port = 443
 
+  [[services.ports]]
+  handlers = ["tls"]
+  tls_options = { alpn = ["h2", "http/1.1"] }
+  port = 8055
+
   [[services.tcp_checks]]
-  # account for delay due to blocklists download that
-  # happens on process startup: plugin.js:systemReady
-  grace_period = "15s"
-  interval = "30s"
-  restart_limit = 6
-  timeout = "2s"
+    interval = "30s"
+    timeout = "3s"
+    grace_period = "15s"
+    restart_limit = 3
 
 # DNS over TCP/TLS
 [[services]]
-http_checks = []
-internal_port = 10555
-protocol = "tcp"
-script_checks = []
+  internal_port = 10555
+  protocol = "tcp"
+  auto_stop_machines = true
+  auto_start_machines = true
 
   [services.concurrency]
   hard_limit = 575
@@ -59,10 +67,26 @@ script_checks = []
   handlers = ["tls"]
   port = 853
 
+  [[services.ports]]
+  # TODO: ProxyProto v2
+  handlers = ["tls"]
+  port = 10555
+
   [[services.tcp_checks]]
-  # account for delay due to blocklists download that
-  # happens on process startup: plugin.js:systemReady
-  grace_period = "15s"
-  interval = "30s"
-  restart_limit = 6
-  timeout = "2s"
+    interval = "30s"
+    timeout = "3s"
+    grace_period = "15s"
+    restart_limit = 3
+
+# community.fly.io/t/5490/3
+[checks]
+  [checks.up]
+    # grace_period affects time taken for rolling deploys
+    grace_period = "15s"
+    interval = "15s"
+    method = "get"
+    path = "/check"
+    port = 8888
+    timeout = "3s"
+    type = "http"
+