Skip to content

Commit

Permalink
release 0.8.23 and specs for upgrade server init containers/nginx
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlomazzaferro
carlomazzaferro committed Oct 15, 2024
1 parent 8b3b8ea commit abf3a13
Show file tree
Hide file tree
Showing 9 changed files with 384 additions and 48 deletions.
2 changes: 1 addition & 1 deletion deploy/prod/common-values-iris-mpc.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
image: "ghcr.io/worldcoin/iris-mpc:v0.8.21"
image: "ghcr.io/worldcoin/iris-mpc:v0.8.23"

environment: prod
replicaCount: 1
Expand Down
76 changes: 59 additions & 17 deletions deploy/prod/common-values-upgrade-server-left.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
image: "ghcr.io/worldcoin/iris-mpc:v0.6.2"
image: "ghcr.io/worldcoin/iris-mpc:v0.8.23"

environment: prod
replicaCount: 1
Expand Down Expand Up @@ -60,25 +60,67 @@ env:
secretKeyRef:
key: DATABASE_URL
name: application
- name: RUST_LOG
value: info
- name: ENVIRONMENT
value: prod


keelPolling:
# -- Specifies whether keel should poll for container updates
enabled: true

ingress:
enabled: true
ingressClassName: traefik-internal
hosts:
- not-upgrade-left.1.prod.smpcv2.worldcoin.dev
service:
enabled: false

ingressRouteTCP:
nginxSidecar:
enabled: true
entryPoints:
- websecure
service:
- name: upgrade-server-left
port: 80
tls: {}
port: 8443
secrets:
enabled: true
volumeMount:
- name: mounted-secret-name
mountPath: /etc/nginx/cert
volume:
- name: mounted-secret-name
secret:
secretName: application
items:
- key: certificate.crt
path: certificate.crt
- key: key.pem
path: key.pem
optional: false
config:
nginx.conf: |
worker_processes auto;
error_log /dev/stderr notice;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
stream {
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
upstream tcp_backend {
server 127.0.0.1:8000;
}
server {
listen 8443 ssl;
proxy_pass tcp_backend;
ssl_certificate /etc/nginx/cert/certificate.crt;
ssl_certificate_key /etc/nginx/cert/key.pem;
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Enable session resumption to improve performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
access_log /dev/stdout basic;
}
}
78 changes: 60 additions & 18 deletions deploy/prod/common-values-upgrade-server-right.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
image: "ghcr.io/worldcoin/iris-mpc:v0.6.2"
image: "ghcr.io/worldcoin/iris-mpc:v0.8.23"

environment: prod
replicaCount: 1
Expand Down Expand Up @@ -60,24 +60,66 @@ env:
secretKeyRef:
key: DATABASE_URL
name: application
- name: RUST_LOG
value: info
- name: ENVIRONMENT
value: prod
value: stage

keelPolling:
# -- Specifies whether keel should poll for container updates
enabled: true

ingress:
enabled: true
ingressClassName: traefik-internal
hosts:
- not-upgrade-right.1.prod.smpcv2.worldcoin.dev
service:
enabled: false

ingressRouteTCP:
nginxSidecar:
enabled: true
entryPoints:
- websecure
service:
- name: upgrade-server-right
port: 80
tls: {}
port: 8443
secrets:
enabled: true
volumeMount:
- name: mounted-secret-name
mountPath: /etc/nginx/cert
volume:
- name: mounted-secret-name
secret:
secretName: application
items:
- key: certificate.crt
path: certificate.crt
- key: key.pem
path: key.pem
optional: false
config:
nginx.conf: |
worker_processes auto;
error_log /dev/stderr notice;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
stream {
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
upstream tcp_backend {
server 127.0.0.1:8000;
}
server {
listen 8443 ssl;
proxy_pass tcp_backend;
ssl_certificate /etc/nginx/cert/certificate.crt;
ssl_certificate_key /etc/nginx/cert/key.pem;
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Enable session resumption to improve performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
access_log /dev/stdout basic;
}
}
46 changes: 44 additions & 2 deletions deploy/prod/smpcv2-0-prod/values-upgrade-server-left.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,47 @@ args:
- "left"
- "--environment"
- "$(ENVIRONMENT)"
- "--batch-size"
- "50"

initContainer:
enabled: true
image: "amazon/aws-cli:2.17.62"
name: "upgrade-proto-dns-records-updater"
env:
- name: PARTY_ID
value: "1"
- name: SIDE
value: left
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
configMap:
init.sh: |
#!/usr/bin/env bash
# Set up environment variables
HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
# Generate the JSON content in memory
BATCH_JSON=$(cat <<EOF
{
"Comment": "Upsert the A record for upgrade-server",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
"TTL": 5,
"Type": "A",
"ResourceRecords": [{
"Value": "$MY_POD_IP"
}]
}
}
]
}
EOF
)
# Execute AWS CLI command with the generated JSON
aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
46 changes: 44 additions & 2 deletions deploy/prod/smpcv2-0-prod/values-upgrade-server-right.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,47 @@ args:
- "right"
- "--environment"
- "$(ENVIRONMENT)"
- "--batch-size"
- "50"

initContainer:
enabled: true
image: "amazon/aws-cli:2.17.62"
name: "upgrade-proto-dns-records-updater"
env:
- name: PARTY_ID
value: "1"
- name: SIDE
value: right
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
configMap:
init.sh: |
#!/usr/bin/env bash
# Set up environment variables
HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
# Generate the JSON content in memory
BATCH_JSON=$(cat <<EOF
{
"Comment": "Upsert the A record for upgrade-server",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
"TTL": 5,
"Type": "A",
"ResourceRecords": [{
"Value": "$MY_POD_IP"
}]
}
}
]
}
EOF
)
# Execute AWS CLI command with the generated JSON
aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
46 changes: 44 additions & 2 deletions deploy/prod/smpcv2-1-prod/values-upgrade-server-left.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,47 @@ args:
- "left"
- "--environment"
- "$(ENVIRONMENT)"
- "--batch-size"
- "50"

initContainer:
enabled: true
image: "amazon/aws-cli:2.17.62"
name: "upgrade-proto-dns-records-updater"
env:
- name: PARTY_ID
value: "2"
- name: SIDE
value: left
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
configMap:
init.sh: |
#!/usr/bin/env bash
# Set up environment variables
HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
# Generate the JSON content in memory
BATCH_JSON=$(cat <<EOF
{
"Comment": "Upsert the A record for upgrade-server",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
"TTL": 5,
"Type": "A",
"ResourceRecords": [{
"Value": "$MY_POD_IP"
}]
}
}
]
}
EOF
)
# Execute AWS CLI command with the generated JSON
aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
46 changes: 44 additions & 2 deletions deploy/prod/smpcv2-1-prod/values-upgrade-server-right.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,47 @@ args:
- "right"
- "--environment"
- "$(ENVIRONMENT)"
- "--batch-size"
- "50"

initContainer:
enabled: true
image: "amazon/aws-cli:2.17.62"
name: "upgrade-proto-dns-records-updater"
env:
- name: PARTY_ID
value: "2"
- name: SIDE
value: right
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
configMap:
init.sh: |
#!/usr/bin/env bash
# Set up environment variables
HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
# Generate the JSON content in memory
BATCH_JSON=$(cat <<EOF
{
"Comment": "Upsert the A record for upgrade-server",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
"TTL": 5,
"Type": "A",
"ResourceRecords": [{
"Value": "$MY_POD_IP"
}]
}
}
]
}
EOF
)
# Execute AWS CLI command with the generated JSON
aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
Loading

0 comments on commit abf3a13

Please sign in to comment.