From 545ea20f5e9d5d3472372b8fd6c2799add2565d2 Mon Sep 17 00:00:00 2001
From: Gor Poghosyan <gor@netris.ai>
Date: Thu, 17 Feb 2022 18:00:15 +0400
Subject: [PATCH] Update-2022-02-17_14:00:15

---
 charts/netris-controller/Chart.yaml           |  4 +-
 charts/netris-controller/README.md            |  4 +-
 .../templates/migration.yaml                  | 70 +++++++++++++++++++
 .../templates/netris-controller-initdb.yaml   | 12 ++--
 charts/netris-controller/values.yaml          | 10 ++-
 5 files changed, 89 insertions(+), 11 deletions(-)
 create mode 100644 charts/netris-controller/templates/migration.yaml

diff --git a/charts/netris-controller/Chart.yaml b/charts/netris-controller/Chart.yaml
index 70989f0..044e084 100644
--- a/charts/netris-controller/Chart.yaml
+++ b/charts/netris-controller/Chart.yaml
@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.5
+version: 1.0.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 3.0.4
+appVersion: 3.0.4.1
 home: https://netris.ai
 icon: https://www.netris.ai/wp-content/uploads/2021/01/logo-300.png  # [todo] Change url to permalink
 keywords:
diff --git a/charts/netris-controller/README.md b/charts/netris-controller/README.md
index fa1f3c7..ba06ef6 100644
--- a/charts/netris-controller/README.md
+++ b/charts/netris-controller/README.md
@@ -78,7 +78,7 @@ The following table lists the configurable parameters of the netris-controller c
 | ------------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------- |
 | `app.replicaCount`                    | Number of replicas in app deployment                                                                      | `1`                        |
 | `app.image.repository`                | Image repository                                                                                          | `netrisai/controller-web-service` |
-| `app.image.tag`                       | Image tag. Overrides the image tag whose default is the chart appVersion                                  | `"3.0.4-003"`                       |
+| `app.image.tag`                       | Image tag. Overrides the image tag whose default is the chart appVersion                                  | `"3.0.5-003"`                       |
 | `app.image.pullPolicy`                | Image pull policy                                                                                         | `IfNotPresent`             |
 | `app.imagePullSecrets`                | Reference to one or more secrets to be used when pulling images                                           | `[]`                       |
 | `app.service.type`                    | Kubernetes service type 	                                                                                | `ClusterIP`                |
@@ -102,7 +102,7 @@ The following table lists the configurable parameters of the netris-controller c
 | -------------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------- |
 | `grpc.replicaCount`                    | Number of replicas in grpc deployment                                                                     | `1`                        |
 | `grpc.image.repository`                | Image repository                                                                                          | `netrisai/controller-grpc` |
-| `grpc.image.tag`                       | Image tag. Overrides the image tag whose default is the chart appVersion                                  | `"3.0.4.002"`                       |
+| `grpc.image.tag`                       | Image tag. Overrides the image tag whose default is the chart appVersion                                  | `"3.0.4.005"`                       |
 | `grpc.image.pullPolicy`                | Image pull policy                                                                                         | `IfNotPresent`             |
 | `grpc.imagePullSecrets`                | Reference to one or more secrets to be used when pulling images                                           | `[]`                       |
 | `grpc.service.type`                    | Kubernetes service type 	                                                                                 | `ClusterIP`                |
diff --git a/charts/netris-controller/templates/migration.yaml b/charts/netris-controller/templates/migration.yaml
new file mode 100644
index 0000000..f2d01d0
--- /dev/null
+++ b/charts/netris-controller/templates/migration.yaml
@@ -0,0 +1,70 @@
+{{- $microservicename := "migration" }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ printf "%s-%s" (include "netris-controller.fullname" .) $microservicename }}
+  labels:
+    {{- include "netris-controller.labels" . | nindent 4 }}
+    {{- printf "%s-%s" (include "netris-controller.selectorLabels" .) $microservicename | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      name: {{ printf "%s-%s" (include "netris-controller.fullname" .) $microservicename }}
+      labels:
+        {{- printf "%s-%s" (include "netris-controller.selectorLabels" .) $microservicename | nindent 8 }}
+    spec:
+      {{- with (index .Values $microservicename).imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "netris-controller.serviceAccountName" . }}
+      restartPolicy: Never
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+      - name: init-wait-mariadb
+        image: alpine:3.11
+        command:
+          - sh
+          - -c
+          - for i in $(seq 1 200); do nc -z -w3 {{ printf "%s-%s" (include "netris-controller.fullname" .) "mariadb" }} {{ .Values.mariadb.primary.service.port }} && exit 0 || sleep 3; done; exit 1
+      containers:
+        - name: {{ printf "%s-%s" .Chart.Name $microservicename }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ (index .Values $microservicename).image.repository }}:{{ (index .Values $microservicename).image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ (index .Values $microservicename).image.pullPolicy }}
+          env:
+            - name: DB_NAME
+              value: {{ .Values.mariadb.auth.database | quote }}
+            - name: DB_USER
+              value: {{ .Values.mariadb.auth.username | quote }}
+            - name: DB_HOST
+              value: {{ printf "%s-%s" (include "netris-controller.fullname" .) "mariadb" }}
+            - name: DB_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: {{ printf "%s-%s" (include "netris-controller.fullname" .) "mariadb" }}
+                  key: mariadb-password
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/netris-controller/templates/netris-controller-initdb.yaml b/charts/netris-controller/templates/netris-controller-initdb.yaml
index f0e3dd1..b86143d 100644
--- a/charts/netris-controller/templates/netris-controller-initdb.yaml
+++ b/charts/netris-controller/templates/netris-controller-initdb.yaml
@@ -1499,7 +1499,7 @@ data:
     INSERT INTO `global_settings` VALUES (5,'billing_script','/opt/xcaas-billing/bcalc.pl -c /opt/xcaas-billing/xcg.conf','Billing Script','false');
     INSERT INTO `global_settings` VALUES (6,'billtype_map','{1:\"Per Path\", 2 :\"Per Region\"}','Billing Type Values','false');
     INSERT INTO `global_settings` VALUES (7,'userpause_map','{0:\"Disable\", 1 :\"Enable\"}','User Pausable Values','false');
-    INSERT INTO `global_settings` VALUES (8,'portal_contact_email','info@netris.ai','Email Support Address','true');
+    INSERT INTO `global_settings` VALUES (8,'portal_contact_email','info@netris.ai','Email Support Address','false');
     INSERT INTO `global_settings` VALUES (9,'resetpwd_from_email','noreply@netris.ai','Noreply email address','true');
     INSERT INTO `global_settings` VALUES (10,'log_level','debug',NULL,'false');
     INSERT INTO `global_settings` VALUES (11,'fqdn_domain_name','example.com','Controller FQDN or IP address','true');
@@ -1509,14 +1509,14 @@ data:
     INSERT INTO `global_settings` VALUES (15,'physical_instance_asn','65500','ASN of physical servers','false');
     INSERT INTO `global_settings` VALUES (16,'switch_listing_heartbeat','50','Switch heartbeat threshold (secs.)','false');
     INSERT INTO `global_settings` VALUES (20,'bill_type_for_bcalc_map','{1:\"path\", 2 :\"region\"}',NULL,'false');
-    INSERT INTO `global_settings` VALUES (21,'image_upload_dir','/var/www/conductor','Image Upload Directory','true');
+    INSERT INTO `global_settings` VALUES (21,'image_upload_dir','/var/www/conductor','Image Upload Directory','false');
     INSERT INTO `global_settings` VALUES (23,'virtual_instance_asn','65501','ASN of the virtual servers','false');
     INSERT INTO `global_settings` VALUES (24,'switch_asn','65005','ASN of the switch','false');
     INSERT INTO `global_settings` VALUES (25,'hypervisor_host_asn','65002','ASN of the hypervisors','false');
     INSERT INTO `global_settings` VALUES (26,'external_acl_admin_approve','true','Approve external acls by users having Admin role','false');
     INSERT INTO `global_settings` VALUES (27,'permission_types','{\"Global Settings\":{\"UPDATE_SETTINGS\":{\"description\":\"Update\",\"urls\":[\"/settings/save\",\"settings/whitelist/delete\",\"settings/whitelist/save\"]}},\"Users\":{\"UPDATE_USER\":{\"description\":\"Update\",\"urls\":[\"/user/update\"]},\"DELETE_USER\":{\"description\":\"Delete\",\"urls\":[\"/user/delete\"]},\"ADD_USER\":{\"description\":\"Create\",\"urls\":[\"/user/add\"]}},\"Tenants\":{\"TOPUP_TENANT\":{\"description\":\"Topup balance\",\"urls\":[\"/tenants/topup\"]},\"ADD_TENANT\":{\"description\":\"Create\",\"urls\":[\"/tenants/add/\"]},\"DELETE_TENANT\":{\"description\":\"Delete\",\"urls\":[\"/tenants/delete/\"]},\"UPDATE_TENANT\":{\"description\":\"Edit\",\"urls\":[\"/tenants/update\"]}},\"Providers\":{\"ADD_PROVIDER\":{\"description\":\"Create\",\"urls\":[\"/providers/add\"]},\"DELETE_PROVIDER\":{\"description\":\"Delete\",\"urls\":[\"/providers/delete/\"]},\"UPDATE_PROVIDER\":{\"description\":\"Edit\",\"urls\":[\"/providers/update\"]}},\"Paths\":{\"UPDATE_PATH\":{\"description\":\"Edit\",\"urls\":[\"/billing/update/path\"]}},\"Ports\":{\"UPDATE_PORT\":{\"description\":\"Edit\",\"urls\":[\"/billing/update/port\",\"/switch/port/update\"]},\"ASSIGN_PORT\":{\"description\":\"Assign\",\"urls\":[\"/billing/assign/port\",\"/switch/port/assign\"]},\"UNASSIGN_PORT\":{\"description\":\"Unassign\",\"urls\":[\"/switch/port/unassign\"]},\"INHERIT_PORT\":{\"description\":\"Inherit\",\"urls\":[\"/switch/port/inherit\"]}},\"Regions\":{\"ADD_REGION\":{\"description\":\"Create\",\"urls\":[\"/billing/add/region\",\"/billing/add/regionrange\"]},\"DELETE_REGION\":{\"description\":\"Delete\",\"urls\":[\"/billing/delete/region\",\"/billing/delete/regionrange\"]},\"UPDATE_REGION\":{\"description\":\"Edit\",\"urls\":[\"/billing/update/region\",\"/billing/update/regionrange\"]}},\"InterRegions\":{\"ADD_INTER_REGION\":{\"description\":\"Create\",\"urls\":[\"/billing/add/intregion\",\"/billing/add/intregionrange\"]},\"DELETE_INER_REGION\":{\"description\":\"Delete\",\"urls\":[\"/billing/delete/intregion\",\"/billing/delete/intregionrange\"]},\"UPDATE_INTER_REGION\":{\"description\":\"Edit\",\"urls\":[\"/billing/update/intregion\",\"/billing/update/intregionrange\"]}},\"Pops\":{\"ADD_POP\":{\"description\":\"Create\",\"urls\":[\"/pops/add\"]},\"DELETE_POP\":{\"description\":\"Delete\",\"urls\":[\"/pops/delete\"]},\"UPDATE_POP\":{\"description\":\"Edit\",\"urls\":[\"/pops/update\"]}},\"Hardware\":{\"ADD_HW\":{\"description\":\"Add\",\"urls\":[\"/switch/add\"]},\"DELETE_HW\":{\"description\":\"Delete\",\"urls\":[\"/switch/delete\"]},\"UPDATE_HW\":{\"description\":\"Edit\",\"urls\":[\"/switch/update\"]}},\"ACL\":{\"ADD_ACL\":{\"description\":\"Create\",\"urls\":[\"/user/acls/add\"]},\"DELETE_ACL\":{\"description\":\"Delete\",\"urls\":[\"/user/acls/delete\"]},\"UPDATE_ACL\":{\"description\":\"Edit\",\"urls\":[\"/user/acls/add\"]},\"APPROVE_ACL\":{\"description\":\"Approve\",\"urls\":[\"/user/acls/approve\"]},\"REJECT_ACL\":{\"description\":\"Reject\",\"urls\":[\"/user/acls/reject\"]}},\"ALC 2.0 Service\":{\"CREATE_ACL2.0_SERVICE\":{\"description\":\"Create\",\"urls\":\"/acltozero/service/add\"},\"EDIT_ACL2.0_SERVICE\":{\"description\":\"Edit\",\"urls\":[\"/acltozero/service/edit\",\"/acltozero/service/status\"]},\"DELETE_ACL2.0_SERVICE\":{\"description\":\"Delete\",\"urls\":\"/acltozero/service/delete\"}},\"ALC 2.0 Publisher\":{\"ADD_ACL2.0_PUBLISHER\":{\"description\":\"Add\",\"urls\":[\"/acltozero/pub/protoport/add\",\"/acltozero/pub/instances/add\",\"/acltozero/pub/lb/add\"]},\"REMOVE_ACL2.0_PUBLISHER\":{\"description\":\"Remove\",\"urls\":[\"/acltozero/pub/protoport/delete\",\"/acltozero/pub/instances/delete\",\"/acltozero/pub/lb/delete\"]}},\"ALC 2.0 Subscriber\":{\"ADD_ACL2.0_SUBSCRIBER\":{\"description\":\"Add\",\"urls\":[\"/acltozero/sub/prefixes/add\",\"/acltozero/sub/instance/add\"]},\"REMOVE_ACL2.0_SUBSCRIBER\":{\"description\":\"Remove\",\"urls\":[\"/acltozero/sub/prefixes/delete\",\"/acltozero/sub/instance/delete\"]},\"APPROVE_REJECT_ACL2.0_SUBSCRIBER\":{\"description\":\"Approve/Reject\",\"urls\":[\"/acltozero/sub/instance/approve\",\"/acltozero/sub/instance/reject\"]}},\"Instances\":{\"ADD_INSTANCE\":{\"description\":\"Create\",\"urls\":[\"/user/instances/add\"]},\"DELETE_INSTANCE\":{\"description\":\"Delete\",\"urls\":[\"/user/instances/delete\"]},\"UPDATE_INSTANCE\":{\"description\":\"Edit\",\"urls\":[\"/user/instances/edit\",\"/user/instances/update\"]}},\"PortGroups\":{\"ADD_PORTGROUP\":{\"description\":\"Create\",\"urls\":[\"/user/portgroup/add\"]},\"DELETE_PORTGROUP\":{\"description\":\"Delete\",\"urls\":[\"/user/portgroup/delete\"]},\"UPDATE_PORTGROUP\":{\"description\":\"Edit\",\"urls\":[\"/user/portgroup/update\"]},\"APPROVE_PORTGROUP\":{\"description\":\"Approve\",\"urls\":[\"/user/portgroup/approve\"]},\"REJECT_PORTGROUP\":{\"description\":\"Reject\",\"urls\":[\"/user/portgroup/reject\"]}},\"Subnets\":{\"ADD_SUBNET\":{\"description\":\"Create\",\"urls\":[\"/user/subnets/add\"]},\"DELETE_SUBNET\":{\"description\":\"Delete\",\"urls\":[\"/user/subnets/delete\"]}},\"Load Balancer\":{\"ADD_CHECK_LB\":{\"description\":\"Create check\",\"urls\":[\"/user/lb/check/add\"]},\"DELETE_CHECK_LB\":{\"description\":\"Remove check\",\"urls\":[\"/user/lb/check/remove\"]},\"ADD_INSTANCE_LB\":{\"description\":\"Create instance\",\"urls\":[\"/user/lb/instance/[0-9]+/add\"]},\"DELETE_INSTANCE_LB\":{\"description\":\"Remove instance\",\"urls\":[\"/user/lb/instance/[0-9]+/remove\"]},\"ADD_MAINT_LB\":{\"description\":\"Maintenance\",\"urls\":[\"/user/lb/instance/maintanance\"]}},\"L2 Circuit\":{\"ADD_CIRCUIT\":{\"description\":\"Create\",\"urls\":[\"/circuit/create\",\"/circuit/add\"]},\"EDIT_CIRCUIT\":{\"description\":\"Edit\",\"urls\":[\"/circuit/edit\"]},\"PAUSE_CIRCUIT\":{\"description\":\"Pause\",\"urls\":[\"/circuit/pause\"]},\"UNPAUSE_CIRCUIT\":{\"description\":\"Unpause\",\"urls\":[\"/circuit/unpause\"]},\"DELETE_CIRCUIT\":{\"description\":\"Delete\",\"urls\":[\"/circuit/delete\"]}},\"L3 Circuit\":{\"ADD_L3_CIRCUIT\":{\"description\":\"Create\",\"urls\":[\"/user/routedcircuit/add\"]},\"EDIT_L3_CIRCUIT\":{\"description\":\"Edit\",\"urls\":[\"/user/routedcircuit/update\"]},\"DELETE_L3_CIRCUIT\":{\"description\":\"Delete\",\"urls\":[\"/user/routedcircuit/delete\"]}},\"Permission Groups\":{\"ADD_PERMISSION_GROUP\":{\"description\":\"Create\",\"urls\":\"/user/permissiongroup/add\"},\"EDIT_PERMISSION_GROUP\":{\"description\":\"Edit\",\"urls\":\"/user/permissiongroup/update\"},\"DELETE_PERMISSION_GROUP\":{\"description\":\"Delete\",\"urls\":\"/user/permissiongroup/delete\"}},\"Software Load Balancer\":{\"ADD_SLB\":{\"description\":\"Create\",\"urls\":\"/user/slb/add\"},\"EDIT_SLB\":{\"description\":\"Edit\",\"urls\":\"/user/slb/edit\"},\"DELETE_SLB\":{\"description\":\"Delete\",\"urls\":\"/user/slb/delete\"}},\"NAT\":{\"ADD_NAT\":{\"description\":\"Create\",\"urls\":\"/net/nat/create\"},\"EDIT_NAT\":{\"description\":\"Edit\",\"urls\":\"/net/nat/update\"},\"DELETE_NAT\":{\"description\":\"Delete\",\"urls\":\"/net/nat/delete\"}},\"Sites\":{\"ADD_SITE\":{\"description\":\"Create\",\"urls\":\"/net/pops/add\"},\"EDIT_SITE\":{\"description\":\"Edit\",\"urls\":\"/net/pops/edit\"},\"DELETE_SITE\":{\"description\":\"Delete\",\"urls\":\"/net/pops/delete\"}},\"E-BGP\":{\"ADD_EBGP\":{\"description\":\"Create\",\"urls\":\"/net/peers/add\"},\"EDIT_EBGP\":{\"description\":\"Edit\",\"urls\":\"/net/peers/edit\"},\"DELETE_EBGP\":{\"description\":\"Delete\",\"urls\":\"/net/peers/delete\"}}}','Permission types','false');
     INSERT INTO `global_settings` VALUES (28,'permit_site_to_site_acl','true','Permit site to site traffic on public ports','true');
-    INSERT INTO `global_settings` VALUES (29,'evpn_enable','true','VXLAN via EVPN','true');
+    INSERT INTO `global_settings` VALUES (29,'evpn_enable','true','VXLAN via EVPN','false');
     INSERT INTO `global_settings` VALUES (30,'optimise_port_ext','true','Optimized deployment of ACLs for subinterfaces','true');
     INSERT INTO `global_settings` VALUES (31,'shadow_acl','false','Avoid deployment of ACL overlaps','false');
     INSERT INTO `global_settings` VALUES (33,'health_check_atempts','3','Layer4 load balancer health-check attempts','true');
@@ -1525,8 +1525,10 @@ data:
     INSERT INTO `global_settings` VALUES (36,'wireguard_port_range','59000-60999','VPN peers port range','true');
     INSERT INTO `global_settings` VALUES (37,'k8s_lb_check_timeout','2000','K8s Layer 4 load-balancer timeout (ms)','true');
     INSERT INTO `global_settings` VALUES (38,'vpn_measurement_wait_secs','30','Site Mesh measurement module wait interval (sec)','true');
-    INSERT INTO `global_settings` VALUES (39,'migration_version', '3.0.0', 'Database scheme version', 'false');
-    INSERT INTO `global_settings` VALUES (40,'system_asn_range', '4200000000 - 4294967294', 'System ASN range', true);
+    INSERT INTO `global_settings` VALUES (39,'migration_version', '3.0.5', 'Database scheme version', 'false');
+    INSERT INTO `global_settings` VALUES (40,'system_asn_range', '4200000000 - 4209999999', 'System ASN range', 'true');
+    INSERT INTO `global_settings` VALUES (41,'vpn_asn_range', '4210000000 - 4219999999', 'Site Mesh VPN ASN range', 'true');
+    INSERT INTO `global_settings` VALUES (42,'calico_asn_range', '4230000000 - 4239999999', 'Calico ASN range', 'true');
   mon_thresholds.sql: |
     USE {{ .Values.mariadb.auth.database }};
     INSERT INTO `mon_default_thresholds` VALUES (2,'check_port','Link Utilization (RX)','*.rx',0,0,90,70,NULL,'%','');
diff --git a/charts/netris-controller/values.yaml b/charts/netris-controller/values.yaml
index 73e59d6..add85b4 100644
--- a/charts/netris-controller/values.yaml
+++ b/charts/netris-controller/values.yaml
@@ -59,7 +59,7 @@ app:
     repository: netrisai/controller-web-service
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "3.0.4-003"
+    tag: "3.0.5-003"
 
   imagePullSecrets: []
 
@@ -107,7 +107,7 @@ grpc:
     repository: netrisai/controller-grpc
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "3.0.4.002"
+    tag: "3.0.4.005"
 
   imagePullSecrets: []
 
@@ -319,3 +319,9 @@ graphite:
       [collectd]
       pattern = ^collectd.*
       retentions = 1m:7d,5m:90d,1h:2y
+
+migration:
+  image:
+    repository: netrisai/controller-web-service-migration
+    pullPolicy: IfNotPresent
+    tag: "3.0.5"