From abf3a1341ee136c2ba0effeda667527f52663637 Mon Sep 17 00:00:00 2001
From: Carlo Mazzaferro <carlo.mazzaferro@toolsforhumanity.com>
Date: Tue, 15 Oct 2024 17:04:27 +0200
Subject: [PATCH] release 0.8.23 and specs for upgrade server init
 containers/nginx

---
 deploy/prod/common-values-iris-mpc.yaml       |  2 +-
 .../common-values-upgrade-server-left.yaml    | 76 ++++++++++++++----
 .../common-values-upgrade-server-right.yaml   | 78 ++++++++++++++-----
 .../values-upgrade-server-left.yaml           | 46 ++++++++++-
 .../values-upgrade-server-right.yaml          | 46 ++++++++++-
 .../values-upgrade-server-left.yaml           | 46 ++++++++++-
 .../values-upgrade-server-right.yaml          | 46 ++++++++++-
 .../values-upgrade-server-left.yaml           | 46 ++++++++++-
 .../values-upgrade-server-right.yaml          | 46 ++++++++++-
 9 files changed, 384 insertions(+), 48 deletions(-)

diff --git a/deploy/prod/common-values-iris-mpc.yaml b/deploy/prod/common-values-iris-mpc.yaml
index f1c68579d..8c8ebe458 100644
--- a/deploy/prod/common-values-iris-mpc.yaml
+++ b/deploy/prod/common-values-iris-mpc.yaml
@@ -1,4 +1,4 @@
-image: "ghcr.io/worldcoin/iris-mpc:v0.8.21"
+image: "ghcr.io/worldcoin/iris-mpc:v0.8.23"
 
 environment: prod
 replicaCount: 1
diff --git a/deploy/prod/common-values-upgrade-server-left.yaml b/deploy/prod/common-values-upgrade-server-left.yaml
index 9c7cbb37c..30b8b4c55 100644
--- a/deploy/prod/common-values-upgrade-server-left.yaml
+++ b/deploy/prod/common-values-upgrade-server-left.yaml
@@ -1,4 +1,4 @@
-image: "ghcr.io/worldcoin/iris-mpc:v0.6.2"
+image: "ghcr.io/worldcoin/iris-mpc:v0.8.23"
 
 environment: prod
 replicaCount: 1
@@ -60,25 +60,67 @@ env:
       secretKeyRef:
         key: DATABASE_URL
         name: application
+  - name: RUST_LOG
+    value: info
   - name: ENVIRONMENT
     value: prod
 
 
-keelPolling:
-  # -- Specifies whether keel should poll for container updates
-  enabled: true
-
-ingress:
-  enabled: true
-  ingressClassName: traefik-internal
-  hosts:
-    - not-upgrade-left.1.prod.smpcv2.worldcoin.dev
+service:
+  enabled: false
 
-ingressRouteTCP:
+nginxSidecar:
   enabled: true
-  entryPoints:
-    - websecure
-  service:
-    - name: upgrade-server-left
-      port: 80
-  tls: {}
+  port: 8443
+  secrets:
+    enabled: true
+    volumeMount:
+      - name: mounted-secret-name
+        mountPath: /etc/nginx/cert
+    volume:
+      - name: mounted-secret-name
+        secret:
+          secretName: application
+          items:
+            - key: certificate.crt
+              path: certificate.crt
+            - key: key.pem
+              path: key.pem
+          optional: false
+  config:
+    nginx.conf: |
+      worker_processes  auto;
+      
+      error_log  /dev/stderr notice;
+      pid        /tmp/nginx.pid;
+      
+      events {
+        worker_connections  1024;
+      }
+      
+      stream {
+        log_format basic '$remote_addr [$time_local] '
+                   '$protocol $status $bytes_sent $bytes_received '
+                   '$session_time';
+      
+        upstream tcp_backend {
+          server 127.0.0.1:8000;
+        }
+      
+        server {
+          listen 8443 ssl;
+          proxy_pass tcp_backend;
+      
+          ssl_certificate /etc/nginx/cert/certificate.crt;
+          ssl_certificate_key /etc/nginx/cert/key.pem;
+      
+          ssl_protocols TLSv1.3;
+          ssl_ciphers HIGH:!aNULL:!MD5;
+      
+          # Enable session resumption to improve performance
+          ssl_session_cache shared:SSL:10m;
+          ssl_session_timeout 1h;
+      
+          access_log /dev/stdout basic;
+        }
+      }
diff --git a/deploy/prod/common-values-upgrade-server-right.yaml b/deploy/prod/common-values-upgrade-server-right.yaml
index a9beebc7a..54b2838c3 100644
--- a/deploy/prod/common-values-upgrade-server-right.yaml
+++ b/deploy/prod/common-values-upgrade-server-right.yaml
@@ -1,4 +1,4 @@
-image: "ghcr.io/worldcoin/iris-mpc:v0.6.2"
+image: "ghcr.io/worldcoin/iris-mpc:v0.8.23"
 
 environment: prod
 replicaCount: 1
@@ -60,24 +60,66 @@ env:
       secretKeyRef:
         key: DATABASE_URL
         name: application
+  - name: RUST_LOG
+    value: info
   - name: ENVIRONMENT
-    value: prod
+    value: stage
 
-keelPolling:
-  # -- Specifies whether keel should poll for container updates
-  enabled: true
-
-ingress:
-  enabled: true
-  ingressClassName: traefik-internal
-  hosts:
-    - not-upgrade-right.1.prod.smpcv2.worldcoin.dev
+service:
+  enabled: false
 
-ingressRouteTCP:
+nginxSidecar:
   enabled: true
-  entryPoints:
-    - websecure
-  service:
-    - name: upgrade-server-right
-      port: 80
-  tls: {}
+  port: 8443
+  secrets:
+    enabled: true
+    volumeMount:
+      - name: mounted-secret-name
+        mountPath: /etc/nginx/cert
+    volume:
+      - name: mounted-secret-name
+        secret:
+          secretName: application
+          items:
+            - key: certificate.crt
+              path: certificate.crt
+            - key: key.pem
+              path: key.pem
+          optional: false
+  config:
+    nginx.conf: |
+      worker_processes  auto;
+      
+      error_log  /dev/stderr notice;
+      pid        /tmp/nginx.pid;
+      
+      events {
+        worker_connections  1024;
+      }
+      
+      stream {
+        log_format basic '$remote_addr [$time_local] '
+                   '$protocol $status $bytes_sent $bytes_received '
+                   '$session_time';
+      
+        upstream tcp_backend {
+          server 127.0.0.1:8000;
+        }
+      
+        server {
+          listen 8443 ssl;
+          proxy_pass tcp_backend;
+      
+          ssl_certificate /etc/nginx/cert/certificate.crt;
+          ssl_certificate_key /etc/nginx/cert/key.pem;
+      
+          ssl_protocols TLSv1.3;
+          ssl_ciphers HIGH:!aNULL:!MD5;
+      
+          # Enable session resumption to improve performance
+          ssl_session_cache shared:SSL:10m;
+          ssl_session_timeout 1h;
+      
+          access_log /dev/stdout basic;
+        }
+      }
diff --git a/deploy/prod/smpcv2-0-prod/values-upgrade-server-left.yaml b/deploy/prod/smpcv2-0-prod/values-upgrade-server-left.yaml
index b3aa4860c..741a04ff7 100644
--- a/deploy/prod/smpcv2-0-prod/values-upgrade-server-left.yaml
+++ b/deploy/prod/smpcv2-0-prod/values-upgrade-server-left.yaml
@@ -9,5 +9,47 @@ args:
   - "left"
   - "--environment"
   - "$(ENVIRONMENT)"
-  - "--batch-size"
-  - "50"
+
+initContainer:
+  enabled: true
+  image: "amazon/aws-cli:2.17.62"
+  name: "upgrade-proto-dns-records-updater"
+  env:
+    - name: PARTY_ID
+      value: "1"
+    - name: SIDE
+      value: left
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+  configMap:
+    init.sh: |
+      #!/usr/bin/env bash
+
+      # Set up environment variables
+      HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
+      
+      # Generate the JSON content in memory
+      BATCH_JSON=$(cat <<EOF
+      {
+        "Comment": "Upsert the A record for upgrade-server",
+        "Changes": [
+          {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+              "Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
+              "TTL": 5,
+              "Type": "A",
+              "ResourceRecords": [{
+                "Value": "$MY_POD_IP"
+              }]
+            }
+          }
+        ]
+      }
+      EOF
+      )
+      
+      # Execute AWS CLI command with the generated JSON
+      aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
diff --git a/deploy/prod/smpcv2-0-prod/values-upgrade-server-right.yaml b/deploy/prod/smpcv2-0-prod/values-upgrade-server-right.yaml
index fde911fb9..1f2e32b31 100644
--- a/deploy/prod/smpcv2-0-prod/values-upgrade-server-right.yaml
+++ b/deploy/prod/smpcv2-0-prod/values-upgrade-server-right.yaml
@@ -9,5 +9,47 @@ args:
   - "right"
   - "--environment"
   - "$(ENVIRONMENT)"
-  - "--batch-size"
-  - "50"
+
+initContainer:
+  enabled: true
+  image: "amazon/aws-cli:2.17.62"
+  name: "upgrade-proto-dns-records-updater"
+  env:
+    - name: PARTY_ID
+      value: "1"
+    - name: SIDE
+      value: right
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+  configMap:
+    init.sh: |
+      #!/usr/bin/env bash
+
+      # Set up environment variables
+      HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
+      
+      # Generate the JSON content in memory
+      BATCH_JSON=$(cat <<EOF
+      {
+        "Comment": "Upsert the A record for upgrade-server",
+        "Changes": [
+          {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+              "Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
+              "TTL": 5,
+              "Type": "A",
+              "ResourceRecords": [{
+                "Value": "$MY_POD_IP"
+              }]
+            }
+          }
+        ]
+      }
+      EOF
+      )
+      
+      # Execute AWS CLI command with the generated JSON
+      aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
diff --git a/deploy/prod/smpcv2-1-prod/values-upgrade-server-left.yaml b/deploy/prod/smpcv2-1-prod/values-upgrade-server-left.yaml
index 65c692d98..8f2367ec4 100644
--- a/deploy/prod/smpcv2-1-prod/values-upgrade-server-left.yaml
+++ b/deploy/prod/smpcv2-1-prod/values-upgrade-server-left.yaml
@@ -9,5 +9,47 @@ args:
   - "left"
   - "--environment"
   - "$(ENVIRONMENT)"
-  - "--batch-size"
-  - "50"
+
+initContainer:
+  enabled: true
+  image: "amazon/aws-cli:2.17.62"
+  name: "upgrade-proto-dns-records-updater"
+  env:
+    - name: PARTY_ID
+      value: "2"
+    - name: SIDE
+      value: left
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+  configMap:
+    init.sh: |
+      #!/usr/bin/env bash
+
+      # Set up environment variables
+      HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
+      
+      # Generate the JSON content in memory
+      BATCH_JSON=$(cat <<EOF
+      {
+        "Comment": "Upsert the A record for upgrade-server",
+        "Changes": [
+          {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+              "Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
+              "TTL": 5,
+              "Type": "A",
+              "ResourceRecords": [{
+                "Value": "$MY_POD_IP"
+              }]
+            }
+          }
+        ]
+      }
+      EOF
+      )
+      
+      # Execute AWS CLI command with the generated JSON
+      aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
diff --git a/deploy/prod/smpcv2-1-prod/values-upgrade-server-right.yaml b/deploy/prod/smpcv2-1-prod/values-upgrade-server-right.yaml
index 4331e9cc0..c952f35d1 100644
--- a/deploy/prod/smpcv2-1-prod/values-upgrade-server-right.yaml
+++ b/deploy/prod/smpcv2-1-prod/values-upgrade-server-right.yaml
@@ -9,5 +9,47 @@ args:
   - "right"
   - "--environment"
   - "$(ENVIRONMENT)"
-  - "--batch-size"
-  - "50"
+
+initContainer:
+  enabled: true
+  image: "amazon/aws-cli:2.17.62"
+  name: "upgrade-proto-dns-records-updater"
+  env:
+    - name: PARTY_ID
+      value: "2"
+    - name: SIDE
+      value: right
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+  configMap:
+    init.sh: |
+      #!/usr/bin/env bash
+
+      # Set up environment variables
+      HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
+      
+      # Generate the JSON content in memory
+      BATCH_JSON=$(cat <<EOF
+      {
+        "Comment": "Upsert the A record for upgrade-server",
+        "Changes": [
+          {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+              "Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
+              "TTL": 5,
+              "Type": "A",
+              "ResourceRecords": [{
+                "Value": "$MY_POD_IP"
+              }]
+            }
+          }
+        ]
+      }
+      EOF
+      )
+      
+      # Execute AWS CLI command with the generated JSON
+      aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
diff --git a/deploy/prod/smpcv2-2-prod/values-upgrade-server-left.yaml b/deploy/prod/smpcv2-2-prod/values-upgrade-server-left.yaml
index 8abafc8f6..c6b24e6c4 100644
--- a/deploy/prod/smpcv2-2-prod/values-upgrade-server-left.yaml
+++ b/deploy/prod/smpcv2-2-prod/values-upgrade-server-left.yaml
@@ -9,5 +9,47 @@ args:
   - "left"
   - "--environment"
   - "$(ENVIRONMENT)"
-  - "--batch-size"
-  - "50"
\ No newline at end of file
+
+initContainer:
+  enabled: true
+  image: "amazon/aws-cli:2.17.62"
+  name: "upgrade-proto-dns-records-updater"
+  env:
+    - name: PARTY_ID
+      value: "3"
+    - name: SIDE
+      value: left
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+  configMap:
+    init.sh: |
+      #!/usr/bin/env bash
+
+      # Set up environment variables
+      HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
+      
+      # Generate the JSON content in memory
+      BATCH_JSON=$(cat <<EOF
+      {
+        "Comment": "Upsert the A record for upgrade-server",
+        "Changes": [
+          {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+              "Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
+              "TTL": 5,
+              "Type": "A",
+              "ResourceRecords": [{
+                "Value": "$MY_POD_IP"
+              }]
+            }
+          }
+        ]
+      }
+      EOF
+      )
+      
+      # Execute AWS CLI command with the generated JSON
+      aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"
diff --git a/deploy/prod/smpcv2-2-prod/values-upgrade-server-right.yaml b/deploy/prod/smpcv2-2-prod/values-upgrade-server-right.yaml
index 9fba6804c..62731118e 100644
--- a/deploy/prod/smpcv2-2-prod/values-upgrade-server-right.yaml
+++ b/deploy/prod/smpcv2-2-prod/values-upgrade-server-right.yaml
@@ -9,5 +9,47 @@ args:
   - "right"
   - "--environment"
   - "$(ENVIRONMENT)"
-  - "--batch-size"
-  - "50"
\ No newline at end of file
+
+initContainer:
+  enabled: true
+  image: "amazon/aws-cli:2.17.62"
+  name: "upgrade-proto-dns-records-updater"
+  env:
+    - name: PARTY_ID
+      value: "3"
+    - name: SIDE
+      value: right
+    - name: MY_POD_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+  configMap:
+    init.sh: |
+      #!/usr/bin/env bash
+
+      # Set up environment variables
+      HOSTED_ZONE_ID=$(aws route53 list-hosted-zones-by-name --dns-name "$PARTY_ID".stage.smpcv2.worldcoin.dev --query "HostedZones[].Id" --output text)
+      
+      # Generate the JSON content in memory
+      BATCH_JSON=$(cat <<EOF
+      {
+        "Comment": "Upsert the A record for upgrade-server",
+        "Changes": [
+          {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+              "Name": "upgrade-$SIDE.$PARTY_ID.smpcv2.worldcoin.org",
+              "TTL": 5,
+              "Type": "A",
+              "ResourceRecords": [{
+                "Value": "$MY_POD_IP"
+              }]
+            }
+          }
+        ]
+      }
+      EOF
+      )
+      
+      # Execute AWS CLI command with the generated JSON
+      aws route53 change-resource-record-sets --hosted-zone-id "$HOSTED_ZONE_ID" --change-batch "$BATCH_JSON"