chore: setup rpc (next) (#17111)

Author: alexghr

.github/workflows/deploy-staging-networks.yml

@@ -243,10 +243,10 @@ jobs:
           BOT_SWAPS_REPLICAS=0
           FLUSH_ENTRY_QUEUE=false
 
-          # RPC_INGRESS_ENABLED=true
-          # RPC_INGRESS_HOST=rpc.testnet.aztec-labs.com
-          # RPC_INGRESS_STATIC_IP_NAME=testnet-rpc-ingress
-          # RPC_INGRESS_SSL_CERT_NAME=testnet-rpc-cert
+          RPC_INGRESS_ENABLED=true
+          RPC_INGRESS_HOST=rpc.testnet.aztec-labs.com
+          RPC_INGRESS_STATIC_IP_NAME=testnet-rpc-ip
+          RPC_INGRESS_SSL_CERT_NAME=testnet-rpc-cert
 
           EOF
           echo "NAMESPACE=$NAMESPACE" >> $GITHUB_ENV

spartan/terraform/deploy-aztec-infra/main.tf

@@ -194,7 +194,10 @@ locals {
         service = {
           rpc = {
             annotations = {
-              "cloud.google.com/neg" = "{\"ingress\": true}"
+              "cloud.google.com/neg" = jsonencode({ ingress = true })
+              "cloud.google.com/backend-config" = jsonencode({
+                default = "${var.RELEASE_PREFIX}-rpc-ingress-backend"
+              })
             }
           }
         }
@@ -319,3 +322,28 @@ resource "helm_release" "releases" {
     }
   }
 }
+
+resource "kubernetes_manifest" "rpc_ingress_backend" {
+  count    = var.RPC_INGRESS_ENABLED ? 1 : 0
+  provider = kubernetes.gke-cluster
+
+  manifest = {
+    apiVersion = "cloud.google.com/v1"
+    kind       = "BackendConfig"
+    metadata = {
+      name      = "${var.RELEASE_PREFIX}-rpc-ingress-backend"
+      namespace = var.NAMESPACE
+    }
+    spec = {
+      healthCheck = {
+        checkIntervalSec   = 15
+        timeoutSec         = 5
+        healthyThreshold   = 2
+        unhealthyThreshold = 2
+        type               = "HTTP"
+        port               = 8080
+        requestPath        = "/status"
+      }
+    }
+  }
+}

spartan/terraform/gke-cluster/network-ingress.tf

@@ -20,26 +20,24 @@ resource "google_compute_managed_ssl_certificate" "staging_public_rpc_cert" {
   }
 }
 
-# TODO: enable these resources once testnet is migrated to use deploy_network.sh
-
-#resource "google_compute_global_address" "testnet_rpc_ip" {
-#  name        = "testnet-rpc-ingress"
-#  description = "Static IP for testnet RPC ingress"
-#
-#  lifecycle {
-#    prevent_destroy = true
-#  }
-#}
-#
-#resource "google_compute_managed_ssl_certificate" "testnet_rpc_cert" {
-#  name        = "testnet-rpc-cert"
-#  description = "Managed SSL certificate for testnet RPC ingress"
-#
-#  managed {
-#    domains = ["rpc.testnet.aztec-labs.com"]
-#  }
-#
-#  lifecycle {
-#    prevent_destroy = true
-#  }
-#}
+resource "google_compute_global_address" "testnet_rpc_ip" {
+  name        = "testnet-rpc-ip"
+  description = "Static IP for testnet RPC ingress"
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "google_compute_managed_ssl_certificate" "testnet_rpc_cert" {
+  name        = "testnet-rpc-cert"
+  description = "Managed SSL certificate for testnet RPC ingress"
+
+  managed {
+    domains = ["rpc.testnet.aztec-labs.com"]
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}