Remove unused dummy PGP file (#2687 )

This was previously used as a dummy value for testing / compilation but it's not used any more.
Connect to GKE by default from the tool (#2686 )
2026-05-21 23:31:51 +00:00 · 2025-02-24 21:45:26 +00:00 · 2025-02-24 19:01:05 +00:00 · 2025-02-24 16:38:47 +00:00
6 changed files with 7 additions and 211 deletions
--- a/core/src/main/java/google/registry/keyring/api/pgp-private-keyring.asc
+++ b/core/src/main/java/google/registry/keyring/api/pgp-private-keyring.asc
@@ -1,32 +0,0 @@
-----BEGIN PGP PRIVATE KEY BLOCK-----
-
-lQHYBFo8aRIBBAC8MA2xQXYvEbeLV1iMo4GC3lRFYvrUCarenhwoWufCYH6dGien
-/HhiB0eiDF672J4MtueHQ2M7UaGJgxAoQTG9c6O90vlmFFhPZ967U1MTdY/NLvDK
-bQEGzjdaUC1T/O6kr0O4GHRAyNyHa39Q75Oaj8MNdPsTmT4tDy+aFO6kKwARAQAB
-AAP9Gd59M12tUmEcGxKBwKuFVSkc6oDlvBosG/geJMoCS+0Z2pzK0MPbBJa9mSAc
-MbRgXZ0TDLwNuwzIqO+UXARCQu1ln/NlCcSzQZd5S80Of6CSoFMdFEb0kcpFW3z9
-rpZdIBpNNk2iyBro9+7JOLJgCUkZQX7jy2K4LM5eTJsnuMECANFBnrMUde43XBiT
-gixOJ5zbekGIIGq4QeRc8fJUDUhkFMq1znNriu30bB0Ld4Btlxzyn56tx8DVgx1+
-4anONuECAOY5nm2G9i46AUxQN3dB8IE0SMMHcRcz60eX68fke+1aYjdSQA/nf9hR
-l2f+gX9+y3cPqo7bFZzrDNECRm3J2IsB/2444JDTnzyME99jRYeEZGM0BXMWZEoO
-hLU7f2V8pdN1po6mZ5bZZv6LeTXWPCIqCuBxNHZAV/xH9oWmkpjnw8Sc77QpVGVz
-dCBSZWdpc3RyeSA8dGVzdC1yZWdpc3RyeUBleGFtcGxlLmNvbT6IuAQTAQIAIgUC
-WjxpEgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQvIOfrLbgEN2NegP+
-JV+i4DxPTv3jfRDcpGy8yDANiIoBFSyARpqMqg0+TfV/UypuyjFTGfnLuQv+osce
-OKtPevH8gCc779+OqtqyNDcPooTG5K+eUYR77PYtfzsKk/Z/33tQtEJDb8WWn4G4
-R9Nh51MOz1X17oe3ih9HNvMGIrOG9VeWPsTxjXAzBoidAdgEWjxpEgEEANiasS9p
-bG53M3jeCwLX0PFgWgspMZl3QnU6bvaTsfMAHaklJ55Tj1wuaaQymHqNm6xElCN8
-MK8exDQQvPZwYVQOuoP3cHriCslLGznB943URcuxXz6R7F7WixYUeVVpQ4J0+gFu
-bR8PfThDCtHQyP+uYx9U+EVWIvuIZIchdjl9ABEBAAEAA/4xmt2sorthIf3g9pL1
-e/jfKoZ8i1rPT1NiNvdeE217neFtEPP9i5vni76ISskGOgN2hH8bkE+y7zwWQ2YP
-FyYGlvVcw2KjT7+SrAWCkgR6Y7hWib+RDcVGje+YH5MxGtBIX2W/zcOW5S9+nC3Q
-Y3Tzc3YQxF8sOeaHvrEb1tJ9eQIA5ivEjt43GgZq0nxacKLhleXyA9Z/JmwDg15z
-FCZCnPABmR72wpXzXe2gO18W3iiqwS/WFDbdSFwxDQ0lXSy8VQIA8Okv6Q2BNXEw
-H0hufK8P7aHvuOI1ll4qTw6QkY+z5hRZAcmmID3boQJeJAmVbUissYKUNJudmiUJ
-DPLQod+wiQIAtJWxlRgHvEHRjQS5tH13ERWLObBHdZcQvKcqdtTCZj1EVH7zVHpb
-qBLggo7QwPJTC+UMf/f4nPd1U2O6zXv66p5liJ8EGAECAAkFAlo8aRICGwwACgkQ
-vIOfrLbgEN141gP9GATYCoihm5igbZ0FL8YPPb5WvHpTEA4WgdIIUUCQ0TYJ2ZOC
-dK0i3qbb1xRRBJq006qSiE4vqQ7fHO8HxmEWaPLlsPvebGm39PUuzVyWx8I2w+0/
-qcxt5L2VVzbZFp6+Yoa+meRYsO77gAzUvqUG1yLWo6MD4pSUNYJA867BB/k=
-=mkAP
-----END PGP PRIVATE KEY BLOCK-----
--- a/core/src/main/java/google/registry/tools/RegistryCli.java
+++ b/core/src/main/java/google/registry/tools/RegistryCli.java
@@ -25,7 +25,6 @@ import com.beust.jcommander.Parameters;
 import com.beust.jcommander.ParametersDelegate;
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import google.registry.persistence.transaction.JpaTransactionManager;
 import google.registry.persistence.transaction.TransactionManagerFactory;
@@ -42,13 +41,6 @@ import org.postgresql.util.PSQLException;
@Parameters(separators = " =", commandDescription = "Command-line interface to the registry")
 final class RegistryCli implements CommandRunner {

-  private static final ImmutableSet<RegistryToolEnvironment> DEFAULT_GKE_ENVIRONMENTS =
-      ImmutableSet.of(
-          RegistryToolEnvironment.ALPHA,
-          RegistryToolEnvironment.CRASH,
-          RegistryToolEnvironment.QA,
-          RegistryToolEnvironment.SANDBOX);
-
  // The environment parameter is parsed twice: once here, and once with {@link
  // RegistryToolEnvironment#parseFromArgs} in the {@link RegistryTool#main} function.
  //
@@ -78,9 +70,6 @@ final class RegistryCli implements CommandRunner {
              + "Beam pipelines")
  private String sqlAccessInfoFile = null;

-  @Parameter(names = "--gke", description = "Whether to use GKE runtime, instead of GAE")
-  private boolean useGke = false;
-
  @Parameter(names = "--gae", description = "Whether to use GAE runtime, instead of GKE")
  private boolean useGae = false;

@@ -161,12 +150,6 @@ final class RegistryCli implements CommandRunner {
      throw e;
    }

-    checkState(!useGke || !useGae, "Cannot specify both --gke and --gae");
-    // Special logic to set the default based on the environment if neither --gae nor --gke is set.
-    if (!useGke && !useGae) {
-      useGke = DEFAULT_GKE_ENVIRONMENTS.contains(environment);
-    }
-
    String parsedCommand = jcommander.getParsedCommand();
    // Show the list of all commands either if requested or if no subcommand name was specified
    // (which does not throw a ParameterException parse error above).
@@ -186,7 +169,7 @@ final class RegistryCli implements CommandRunner {
        DaggerRegistryToolComponent.builder()
            .credentialFilePath(credentialJson)
            .sqlAccessInfoFile(sqlAccessInfoFile)
-            .useGke(useGke)
+            .useGke(!useGae)
            .useCanary(useCanary)
            .build();

--- a/db/src/main/resources/sql/schema/nomulus.golden.sql
+++ b/db/src/main/resources/sql/schema/nomulus.golden.sql
@@ -2,8 +2,8 @@
 -- PostgreSQL database dump
 --

-- Dumped from database version 17.3
-- Dumped by pg_dump version 17.3
+-- Dumped from database version 17.4
+-- Dumped by pg_dump version 17.4

 SET statement_timeout = 0;
 SET lock_timeout = 0;
--- a/jetty/get-endpoints.py
+++ b/jetty/get-endpoints.py
@@ -1,158 +0,0 @@
-#! /bin/env python3
-# Copyright 2024 The Nomulus Authors. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-'''
-A script that outputs the IP endpoints of various load balancers, to be run
-after Nomulus is deployed.
-'''
-
-import ipaddress
-import json
-import subprocess
-import sys
-from dataclasses import dataclass
-from ipaddress import IPv4Address
-from ipaddress import IPv6Address
-from operator import attrgetter
-from operator import methodcaller
-
-
-class PreserveContext:
-    def __enter__(self):
-        self._context = run_command('kubectl config current-context')
-
-    def __exit__(self, type, value, traceback):
-        run_command('kubectl config use-context ' + self._context)
-
-
-class UseCluster(PreserveContext):
-    def __init__(self, cluster: str, region: str, project: str):
-        self._cluster = cluster
-        self._region = region
-        self._project = project
-
-    def __enter__(self):
-        super().__enter__()
-        cmd = (f'gcloud container fleet memberships get-credentials'
-                   f' {self._cluster} --project {self._project}')
-        run_command(cmd)
-
-
-def run_command(cmd: str, print_output=False) -> str:
-    proc = subprocess.run(cmd, text=True, shell=True, stdout=subprocess.PIPE,
-                          stderr=subprocess.STDOUT)
-    if print_output:
-        print(proc.stdout)
-    return proc.stdout
-
-
-def get_clusters(project: str) -> dict[str, str]:
-    cmd = f'gcloud container clusters list --project {project} --format=json'
-    content = json.loads(run_command(cmd))
-    res = {}
-    for item in content:
-        name = item['name']
-        region = item['location']
-        if not name.startswith('nomulus-cluster'):
-            continue
-        res[name] = region
-    return res
-
-
-def get_endpoints(resource: str, service: str, jsonpath: str) -> list[
-    str]:
-    content = run_command(
-            f'kubectl get {resource}/{service} -o jsonpath={jsonpath}', )
-    return content.split()
-
-
-def get_region_symbol(region: str) -> str:
-    if region.startswith('us'):
-        return 'amer'
-    if region.startswith('europe'):
-        return 'emea'
-    if region.startswith('asia'):
-        return 'apac'
-    return 'other'
-
-
-@dataclass
-class IP:
-    service: str
-    region: str
-    address: IPv4Address | IPv6Address
-
-    def is_ipv6(self) -> bool:
-        return self.address.version == 6
-
-    def __str__(self) -> str:
-        return f'{self.service} {self.region}: {self.address}'
-
-
-def terraform_str(item) -> str:
-    res = ""
-    if (isinstance(item, dict)):
-        res += '{\n'
-        for key, value in item.items():
-            res += f'{key} = {terraform_str(value)}\n'
-        res += '}'
-    elif (isinstance(item, list)):
-        res += '['
-        for i, value in enumerate(item):
-            if i != 0:
-                res += ', '
-            res += terraform_str(value)
-        res += ']'
-    else:
-        res += f'"{item}"'
-    return res
-
-
-if __name__ == '__main__':
-    if len(sys.argv) != 2:
-        raise ValueError('Usage: get-endpoints.py <project>')
-    project = sys.argv[1]
-    print(f'Project: {project}')
-    clusters = get_clusters(project)
-    ips = []
-    res = {}
-    for cluster, region in clusters.items():
-        with UseCluster(cluster, region, project):
-            for service in ['whois', 'whois-canary', 'epp', 'epp-canary']:
-                map_key = service.replace('-', '_')
-                for ip in get_endpoints('services', service,
-                                        '{.status.loadBalancer.ingress[*].ip}'):
-                    ip = ipaddress.ip_address(ip)
-                    if isinstance(ip, IPv4Address):
-                        map_key_with_iptype = map_key + '_ipv4'
-                    else:
-                        map_key_with_iptype = map_key + '_ipv6'
-                    if map_key_with_iptype not in res:
-                        res[map_key_with_iptype] = {}
-                    res[map_key_with_iptype][get_region_symbol(region)] = [ip]
-                    ips.append(IP(service, get_region_symbol(region), ip))
-            if not region.startswith('us'):
-                continue
-            ip = get_endpoints('gateways.gateway.networking.k8s.io', 'nomulus',
-                               '{.status.addresses[*].value}')[0]
-            print(f'nomulus: {ip}')
-            res['https_ip'] = ipaddress.ip_address(ip)
-    ips.sort(key=attrgetter('region'))
-    ips.sort(key=methodcaller('is_ipv6'))
-    ips.sort(key=attrgetter('service'))
-    for ip in ips:
-        print(ip)
-    print("Terraform friendly output:")
-    print(terraform_str(res))
--- a/jetty/kubernetes/nomulus-frontend.yaml
+++ b/jetty/kubernetes/nomulus-frontend.yaml
@@ -110,6 +110,7 @@ metadata:
  annotations:
    cloud.google.com/l4-rbs: enabled
    networking.gke.io/weighted-load-balancing: pods-per-node
+    networking.gke.io/load-balancer-ip-addresses: "EPP-ipv6-main,EPP-ipv4-main"
 spec:
  type: LoadBalancer
  # Traffic is directly delivered to a node, preserving the original source IP.
--- a/release/cloudbuild-restart-proxies.yaml
+++ b/release/cloudbuild-restart-proxies.yaml
@@ -48,7 +48,9 @@ steps:
      gcloud container clusters get-credentials $name \
        --project $project_id --location $location
      kubectl rollout restart deployment/proxy-deployment
+      # Sleep for 20 min for the rollout to stabilize.
+      sleep 1200
    done < <(gcloud container clusters list --project $project_id | grep proxy-cluster)
-timeout: 3600s
+timeout: 7200s
 options:
  machineType: 'N1_HIGHCPU_8'
Author	SHA1	Message	Date
gbrodman	8fbf363195	Remove unused dummy PGP file (#2687 ) This was previously used as a dummy value for testing / compilation but it's not used any more.	2025-02-24 21:45:26 +00:00
Lai Jiang	397f800614	Connect to GKE by default from the tool (#2686 )	2025-02-24 19:01:05 +00:00
Lai Jiang	bcf42bd287	Use static IPs for EPP endpoints (#2685 ) These IPs are now provisioned by Terraform. Also delete the get-endpoints.py script as it is no longer necessary.	2025-02-24 16:38:47 +00:00