Update local duchy worker2 to use postgres (#1160)

src/main/docker/images.bzl

@@ -36,6 +36,11 @@ COMMON_IMAGES = [
         image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/gcloud/spanner/tools:update_schema_image",
         repository = _PREFIX + "/duchy/spanner-update-schema",
     ),
+    struct(
+        name = "duchy_postgres_update_schema_image",
+        image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/common/postgres/tools:update_schema_image",
+        repository = _PREFIX + "/duchy/postgres-update-schema",
+    ),
     struct(
         name = "duchy_computations_cleaner_image",
         image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/common/job:computations_cleaner_image",
@@ -111,6 +116,11 @@ GKE_IMAGES = [
         image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/gcloud/server:gcs_spanner_computations_server_image",
         repository = _PREFIX + "/duchy/spanner-computations",
     ),
+    struct(
+        name = "duchy_gcs_postgres_internal_server_image",
+        image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/gcloud/server:gcs_postgres_internal_server_image",
+        repository = _PREFIX + "/duchy/postgres-internal-server",
+    ),
     struct(
         name = "duchy_requisition_fulfillment_server_image",
         image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/gcloud/server:gcs_requisition_fulfillment_server_image",
@@ -126,6 +136,11 @@ GKE_IMAGES = [
         image = "//src/main/kotlin/org/wfanet/measurement/loadtest/dataprovider:bigquery_edp_simulator_runner_image",
         repository = _PREFIX + "/simulator/bigquery-edp",
     ),
+    struct(
+        name = "duchy_gcloud_postgres_update_schema_image",
+        image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/gcloud/postgres/tools:update_schema_image",
+        repository = _PREFIX + "/duchy/gcloud-postgres-update-schema",
+    ),
 ]
 
 # List of image build rules that are only used locally (e.g. in Kind).
@@ -145,6 +160,11 @@ LOCAL_IMAGES = [
         image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/gcloud/server:forwarded_storage_spanner_computations_server_image",
         repository = _PREFIX + "/duchy/local-spanner-computations",
     ),
+    struct(
+        name = "forwarded_storage_postgres_data_server_image",
+        image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/common/server:forwarded_storage_postgres_duchy_data_server_image",
+        repository = _PREFIX + "/duchy/local-postgres-internal-server",
+    ),
     struct(
         name = "forwarded_storage_requisition_fulfillment_server_image",
         image = "//src/main/kotlin/org/wfanet/measurement/duchy/deploy/common/server:forwarded_storage_requisition_fulfillment_server_image",

src/main/k8s/BUILD.bazel

@@ -48,6 +48,22 @@ cue_library(
     ],
 )
 
+cue_library(
+    name = "spanner_duchy",
+    srcs = ["spanner_duchy.cue"],
+    deps = [
+        ":duchy",
+    ],
+)
+
+cue_library(
+    name = "postgres_duchy",
+    srcs = ["postgres_duchy.cue"],
+    deps = [
+        ":duchy",
+    ],
+)
+
 cue_library(
     name = "edp_simulator",
     srcs = ["edp_simulator.cue"],

src/main/k8s/duchy.cue

@@ -30,9 +30,6 @@ import ("strings")
 	_computationsTimeToLive:     string | *"180d"
 	_duchyMillParallelism:       uint | *2
 	_kingdom_system_api_target:  string
-	_spannerConfig:              #SpannerConfig & {
-		database: "\(_duchy.name)_duchy_computations"
-	}
 	_blob_storage_flags: [...string]
 	_verbose_grpc_logging: "true" | "false"
 
@@ -49,8 +46,6 @@ import ("strings")
 		"herald-daemon":                    string | *"duchy/herald"
 		"liquid-legions-v2-mill-daemon":    string | *"duchy/liquid-legions-v2-mill"
 		"requisition-fulfillment-server":   string | *"duchy/requisition-fulfillment"
-		"spanner-computations-server":      string | *"duchy/spanner-computations"
-		"update-duchy-schema":              string | *"duchy/spanner-update-schema"
 		"computations-cleaner":             string | *"duchy/computations-cleaner"
 	}
 	_imageConfigs: [string]: #ImageConfig
@@ -66,18 +61,19 @@ import ("strings")
 	}
 
 	_millPollingInterval?: string
+	_duchyInternalServerContainerArgs: [...string]
 
 	_akid_to_principal_map_file_flag:                   "--authority-key-identifier-to-principal-map-file=/etc/\(#AppName)/config-files/authority_key_identifier_to_principal_map.textproto"
 	_async_computations_control_service_target_flag:    "--async-computation-control-service-target=" + (#Target & {name: "\(_name)-async-computation-control-server"}).target
 	_async_computations_control_service_cert_host_flag: "--async-computation-control-service-cert-host=localhost"
-	_computations_service_target_flag:                  "--computations-service-target=" + (#Target & {name: "\(_name)-spanner-computations-server"}).target
-	_computations_service_cert_host_flag:               "--computations-service-cert-host=localhost"
 	_duchy_name_flag:                                   "--duchy-name=\(_name)"
 	_duchy_info_config_flag:                            "--duchy-info-config=/var/run/secrets/files/duchy_cert_config.textproto"
 	_duchy_protocols_setup_config_flag:                 "--protocols-setup-config=/var/run/secrets/files/\(_protocols_setup_config)"
 	_duchy_tls_cert_file_flag:                          "--tls-cert-file=/var/run/secrets/files/\(_name)_tls.pem"
 	_duchy_tls_key_file_flag:                           "--tls-key-file=/var/run/secrets/files/\(_name)_tls.key"
 	_duchy_cert_collection_file_flag:                   "--cert-collection-file=/var/run/secrets/files/all_root_certs.pem"
+	_duchyInternalApiTargetFlag:                        "--computations-service-target=" + (#Target & {name: "\(_name)-internal-api-server"}).target
+	_duchyInternalApiCertHostFlag:                      "--computations-service-cert-host=localhost"
 	_duchyComputationsTimeToLiveFlag:                   "--computations-time-to-live=\(_computationsTimeToLive)"
 	_duchyDryRunRetentionPolicyFlag:                    "--dry-run"
 	_duchyMillParallelismFlag:                          "--parallelism=\(_duchyMillParallelism)"
@@ -99,7 +95,7 @@ import ("strings")
 	services: {
 		"async-computation-control-server": {}
 		"computation-control-server": _type: "LoadBalancer"
-		"spanner-computations-server": {}
+		"internal-api-server": {}
 		"requisition-fulfillment-server": _type: "LoadBalancer"
 	}
 
@@ -116,8 +112,8 @@ import ("strings")
 	deployments: {
 		"herald-daemon-deployment": {
 			_container: args: [
-						_computations_service_target_flag,
-						_computations_service_cert_host_flag,
+						_duchyInternalApiTargetFlag,
+						_duchyInternalApiCertHostFlag,
 						_duchy_name_flag,
 						_duchy_tls_cert_file_flag,
 						_duchy_tls_key_file_flag,
@@ -128,13 +124,13 @@ import ("strings")
 						_debug_verbose_grpc_client_logging_flag,
 			] + _duchyDeletableStatesFlag
 			spec: template: spec: _dependencies: [
-				"\(_name)-spanner-computations-server",
+				"\(_name)-internal-api-server",
 			]
 		}
 		"liquid-legions-v2-mill-daemon-deployment": Deployment={
 			_container: args: [
-						_computations_service_target_flag,
-						_computations_service_cert_host_flag,
+						_duchyInternalApiTargetFlag,
+						_duchyInternalApiCertHostFlag,
 						_duchy_name_flag,
 						_duchy_info_config_flag,
 						_duchy_tls_cert_file_flag,
@@ -151,13 +147,13 @@ import ("strings")
 						"--otel-service-name=\(Deployment.metadata.name)",
 			] + _blob_storage_flags + _computation_control_target_flags
 			spec: template: spec: _dependencies: [
-				"\(_name)-spanner-computations-server", "\(_name)-computation-control-server",
+				"\(_name)-internal-api-server", "\(_name)-computation-control-server",
 			]
 		}
 		"async-computation-control-server-deployment": #ServerDeployment & {
 			_container: args: [
-				_computations_service_target_flag,
-				_computations_service_cert_host_flag,
+				_duchyInternalApiTargetFlag,
+				_duchyInternalApiCertHostFlag,
 				_duchy_name_flag,
 				_duchy_info_config_flag,
 				_duchy_tls_cert_file_flag,
@@ -182,7 +178,7 @@ import ("strings")
 						"--health-port=8080",
 			] + _blob_storage_flags
 		}
-		"spanner-computations-server-deployment": #ServerDeployment & {
+		"internal-api-server-deployment": #ServerDeployment & {
 			_container: args: [
 						_debug_verbose_grpc_server_logging_flag,
 						_duchy_name_flag,
@@ -195,11 +191,11 @@ import ("strings")
 						"--channel-shutdown-timeout=3s",
 						"--port=8443",
 						"--health-port=8080",
-			] + _spannerConfig.flags + _blob_storage_flags
+			] + _duchyInternalServerContainerArgs + _blob_storage_flags
 			_updateSchemaContainer: #Container & {
 				image:            _images["update-duchy-schema"]
 				imagePullPolicy?: _container.imagePullPolicy
-				args:             _spannerConfig.flags
+				args:             _duchyInternalServerContainerArgs
 			}
 			spec: template: spec: {
 				_initContainers: {
@@ -215,16 +211,16 @@ import ("strings")
 						_duchy_tls_cert_file_flag,
 						_duchy_tls_key_file_flag,
 						_duchy_cert_collection_file_flag,
-						_computations_service_target_flag,
-						_computations_service_cert_host_flag,
+						_duchyInternalApiTargetFlag,
+						_duchyInternalApiCertHostFlag,
 						_kingdom_system_api_target_flag,
 						_kingdom_system_api_cert_host_flag,
 						"--port=8443",
 						"--health-port=8080",
 			] + _blob_storage_flags
 			spec: template: spec: {
 				_mounts: "config-files": #ConfigMapMount
-				_dependencies: ["\(_name)-spanner-computations-server"]
+				_dependencies: ["\(_name)-internal-api-server"]
 			}
 		}
 	}
@@ -242,8 +238,8 @@ import ("strings")
 	cronjobs: {
 		"computations-cleaner": {
 			_container: args: [
-				_computations_service_target_flag,
-				_computations_service_cert_host_flag,
+				_duchyInternalApiTargetFlag,
+				_duchyInternalApiCertHostFlag,
 				_duchy_tls_cert_file_flag,
 				_duchy_tls_key_file_flag,
 				_duchy_cert_collection_file_flag,
@@ -260,8 +256,8 @@ import ("strings")
 	}
 	// TODO(@wangyaopw): Consider setting GCS and spanner destinations explicityly.
 	networkPolicies: {
-		"spanner-computations-server": {
-			_app_label: _object_prefix + "spanner-computations-server-app"
+		"internal-api-server": {
+			_app_label: _object_prefix + "internal-api-server-app"
 			_sourceMatchLabels: [
 				_object_prefix + "herald-daemon-app",
 				_object_prefix + "liquid-legions-v2-mill-daemon-app",
@@ -295,7 +291,7 @@ import ("strings")
 				_object_prefix + "computation-control-server-app",
 			]
 			_destinationMatchLabels: [
-				_object_prefix + "spanner-computations-server-app",
+				_object_prefix + "internal-api-server-app",
 				"opentelemetry-collector-app",
 			]
 		}
@@ -331,7 +327,7 @@ import ("strings")
 		"computations-cleaner": {
 			_app_label: _object_prefix + "computations-cleaner-app"
 			_destinationMatchLabels: [
-				_object_prefix + "spanner-computations-server-app",
+				_object_prefix + "internal-api-server-app",
 			]
 		}
 	}

src/main/k8s/local/BUILD.bazel

@@ -77,14 +77,17 @@ cue_library(
     srcs = ["duchies.cue"],
     deps = [
         ":config_cue",
-        "//src/main/k8s:duchy",
+        "//src/main/k8s:postgres",
+        "//src/main/k8s:postgres_duchy",
+        "//src/main/k8s:spanner_duchy",
     ],
 )
 
 cue_dump(
     name = "duchies",
     cue_tags = {
         "secret_name": SECRET_NAME,
+        "db_secret_name": DB_SECRET_NAME,
         "container_registry": IMAGE_REPOSITORY_SETTINGS.container_registry,
         "image_repo_prefix": IMAGE_REPOSITORY_SETTINGS.repository_prefix,
         "image_tag": IMAGE_REPOSITORY_SETTINGS.image_tag,
@@ -315,11 +318,13 @@ kustomization_dir(
         ":edp_simulators",
         ":emulators",
         ":kingdom",
+        ":postgres_database",
     ],
     generate_kustomization = True,
     tags = ["manual"],
     deps = [
         ":config_files",
+        ":db_creds",
         "//src/main/k8s/testing/secretfiles:kustomization",
     ],
 )