Chg: update image tag in helm values to v2.6.2

[WIFI-10842] Add: docker-compose support for iptocountry

.github/git-release-tool/git-release-tool.sh

@@ -51,7 +51,7 @@ usage() {
   echo "    docker_compose_name: OWPROVUI # name of environment variable in docker-compose .env file containing image tag for the service"
   log_notice
   log_notice "List of required environment variables:"
-  log_notice "- RELEASE_VERSION - release version that should be applied to repositories. Should comply release nameing policy (valid example - 'v2.0.0' or 'v2.0.1')"
+  log_notice "- RELEASE_VERSION - release version that should be applied to repositories. Should comply release nameing policy (valid example - 'v2.0.0')"
   log_notice "- TAG_TYPE - type of tag that should be created for release (supported values - RC / FINAL)"
   log_notice "- GIT_PUSH_CONFIRMED - confirmation that any changes should be pushed to git (dry-run if unset, set to 'true' to enable)"
   log_notice
@@ -86,21 +86,20 @@ set_log_verbosity_number() {
 modify_deploy_repo_values() {
   NEW_RELEASE_TAG=$1
   log_debug "NEW_RELEASE_TAG - $NEW_RELEASE_TAG"
-  REPOSITORIES_AMOUNT=$(cat ../release.repositories.yaml | yq ".repositories[].name" -r | wc -l)
+  REPOSITORIES_AMOUNT=$(cat ../repositories.yaml | yq ".repositories[].name" -r | wc -l)
   for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
-    REPO_URL=$(cat ../release.repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+    REPO_URL=$(cat ../repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
     REPO_NAME_SUFFIXED=$(echo $REPO_URL | awk -F '/' '{print $NF}')
     REPO_NAME_WITHOUT_SUFFIX=${REPO_NAME_SUFFIXED%.git}
-    REPO_DOCKER_COMPOSE_NAME=$(cat ../release.repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+    REPO_DOCKER_COMPOSE_NAME=$(cat ../repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
     SERVICE_TAG="${REPO_TAGS_ARRAY[$REPO_INDEX]}"
     log_debug "REPO_NAME_WITHOUT_SUFFIX - $REPO_NAME_WITHOUT_SUFFIX"
     sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env
     sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.letsencrypt
     sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.selfsigned
     sed "/${REPO_NAME_WITHOUT_SUFFIX#*/}@/s/ref=.*/ref=$SERVICE_TAG\"/g" -i chart/Chart.yaml
-    sed "/repository: tip-tip-wlan-cloud-ucentral.jfrog.io\/clustersysteminfo/!b;n;s/tag: .*/tag: $NEW_RELEASE_TAG/" -i chart/values.yaml
   done
-  LATEST_RELEASE_TAG=$(git tag | grep $RELEASE_VERSION | tail -1)
+  LATEST_RELEASE_TAG=$(git tag | grep $CURRENT_RELEASE_VERSION | tail -1)
   if [[ "$(git diff | wc -l)" -eq "0" ]] && [[ "$(git diff $LATEST_RELEASE_TAG)" -eq "0" ]]; then
     log_info "No changes in microservices and since the latest tag are found, new release is not required"
   else
@@ -136,20 +135,21 @@ push_changes() {
 }
 
 create_tag() {
+  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
   TAG_TYPE_LOWERED=$(echo $TAG_TYPE | tr '[:upper:]' '[:lower:]')
   if [[ "$TAG_TYPE_LOWERED" == "final" ]]; then
     log_debug "Creating final tag"
-    modify_values $RELEASE_VERSION
-    git tag $RELEASE_VERSION
+    modify_values $CURRENT_RELEASE_VERSION
+    git tag $CURRENT_RELEASE_VERSION
     push_changes
-    REPO_TAGS_ARRAY+=($RELEASE_VERSION)
+    REPO_TAGS_ARRAY+=($CURRENT_RELEASE_VERSION)
   else
     log_debug "Checking if there are tags in the current release branch"
-    LATEST_RELEASE_TAG=$(git tag | grep $RELEASE_VERSION | tail -1)
+    LATEST_RELEASE_TAG=$(git tag | grep $CURRENT_RELEASE_VERSION | tail -1)
     log_debug "Latest release tag found - '$LATEST_RELEASE_TAG'"
     if [[ -z "$LATEST_RELEASE_TAG" ]]; then
       log_info "There are no tags in the release branch, creating the first one"
-      NEW_RELEASE_TAG=$RELEASE_VERSION-RC1
+      NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC1
       log_debug "New tag - $NEW_RELEASE_TAG"
       modify_values $NEW_RELEASE_TAG
       git tag $NEW_RELEASE_TAG
@@ -160,7 +160,7 @@ create_tag() {
         NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
         NEW_RC=$(expr $NEW_RC + 1)
         log_debug "New RC to create - $NEW_RC"
-        NEW_RELEASE_TAG=$RELEASE_VERSION-RC$NEW_RC
+        NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC$NEW_RC
         modify_deploy_repo_values $NEW_RELEASE_TAG
         if [[ "v$(cat chart/Chart.yaml | yq '.version' -r)" == "$NEW_RELEASE_TAG" ]]; then
           git add .
@@ -186,7 +186,7 @@ create_tag() {
           NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
           NEW_RC=$(expr $NEW_RC + 1)
           log_debug "New RC to create - $NEW_RC"
-          NEW_RELEASE_TAG=$RELEASE_VERSION-RC$NEW_RC
+          NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC$NEW_RC
           modify_values $NEW_RELEASE_TAG
           git tag $NEW_RELEASE_TAG
           push_changes
@@ -199,51 +199,22 @@ create_tag() {
 }
 
 check_final_tag() {
-  log_debug "Amount of final tags found - $(git tag | grep -x $RELEASE_VERSION | wc -l)"
-  if [[ "$(git tag | grep -x $RELEASE_VERSION | wc -l)" -gt "0" ]]; then
-    log_error "Final tag $RELEASE_VERSION already exists in release branch"
+  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
+  log_debug "Amount of final tags found - $(git tag | grep -x $CURRENT_RELEASE_VERSION | wc -l)"
+  if [[ "$(git tag | grep -x $CURRENT_RELEASE_VERSION | wc -l)" -gt "0" ]]; then
+    log_error "Final tag $CURRENT_RELEASE_VERSION already exists in release branch"
     exit 1
   fi
 }
 
 check_git_tags() {
-  if [[ "${#REPO_TAGS_ARRAY[@]}" -eq "0" ]] && [[ "$(basename $PWD)" == "deploy" ]]; then
-    log_info "This deploy clone run is required to get repositories tied to the release, we will make changes later."
-  else
-    RELEASE_TAGS_AMOUNT=$(git tag | grep $RELEASE_VERSION | wc -l)
-    log_info "Checking if there are any tags for current version ($RELEASE_VERSION)"
-    log_debug "Amount of tags linked with the release - $RELEASE_TAGS_AMOUNT"
-    if [[ "$RELEASE_TAGS_AMOUNT" -gt "0" ]]; then
-      log_info "Tags for release $RELEASE_VERSION are found, checking if final tag exist"
-      check_final_tag
-      create_tag
-    else
-      log_info "No tags found for current version, checking if there are any tags for release branch ($RELEASE_BRANCH_VERSION_BASE)"
-      RELEASE_BRANCH_TAGS_AMOUNT=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | wc -l)
-      log_debug "Amount of tags linked with the release branch - $RELEASE_BRANCH_TAGS_AMOUNT"
-      if [[ "$RELEASE_BRANCH_TAGS_AMOUNT" -gt "0" ]]; then
-        log_info "Tags for $RELEASE_BRANCH_VERSION_BASE are found, finding the latest one"
-        RELEASE_BRANCH_TAG_FINAL=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | grep -v 'RC' | tail -1)
-        if [[ ! -z "$RELEASE_BRANCH_TAG_FINAL" ]]; then
-          RELEASE_BRANCH_TAG=$RELEASE_BRANCH_TAG_FINAL
-        else
-          RELEASE_BRANCH_TAG=$(git tag | grep $RELEASE_BRANCH_VERSION_BASE | tail -1)
-        fi
-        log_info "Latest release tag in $RELEASE_BRANCH_VERSION_BASE - $RELEASE_BRANCH_TAG. Checking if there are changes since then"
-        DIFF_LINES_AMOUNT=$(git diff $RELEASE_BRANCH_TAG | wc -l)
-        if [[ "$DIFF_LINES_AMOUNT" -eq "0" ]]; then
-          log_info "No changes found since the latest release tag ($RELEASE_BRANCH_TAG), using it for new version"
-          REPO_TAGS_ARRAY+=($RELEASE_BRANCH_TAG)
-        else
-          log_info "Changes are found in the branch, creating a new tag"
-          create_tag
-        fi
-      else
-        log_info "Tags for $RELEASE_BRANCH_VERSION_BASE not found, creating new one"
-        create_tag
-      fi
-    fi
+  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
+  RELEASE_TAGS_AMOUNT=$(git tag | grep $CURRENT_RELEASE_VERSION | wc -l)
+  log_debug "Amount of tags linked with the release - $RELEASE_TAGS_AMOUNT"
+  if [[ "$RELEASE_TAGS_AMOUNT" -gt "0" ]]; then
+    check_final_tag
   fi
+  create_tag
 }
 
 check_release_branch() {
@@ -253,8 +224,8 @@ check_release_branch() {
 }
 
 create_release_branch() {
-  git checkout -b release/$RELEASE_BRANCH_VERSION -q
-  check_release_branch release/$RELEASE_BRANCH_VERSION
+  git checkout -b release/$RELEASE_VERSION -q
+  check_release_branch release/$RELEASE_VERSION
 }
 
 check_if_release_branch_required() {
@@ -262,22 +233,13 @@ check_if_release_branch_required() {
   log_debug "Latest release branch available - $LATEST_RELEASE_BRANCH"
   if [[ -z "$LATEST_RELEASE_BRANCH" ]]; then
     log_info "Could not find a single release branch, creating it"
-    create_release_branch $RELEASE_BRANCH_VERSION
+    create_release_branch $RELEASE_VERSION
   else
     LAST_RELEASE_DIFF_LINES_AMOUNT=$(git diff $LATEST_RELEASE_BRANCH ':(exclude)helm/values.yaml' | wc -l)
     if [[ "$LAST_RELEASE_DIFF_LINES_AMOUNT" -eq "0" ]]; then
       log_info "There are no changes in project since the latest release branch $LATEST_RELEASE_BRANCH so we will use tag from it"
-      LATEST_RELEASE=$(echo $LATEST_RELEASE_BRANCH | awk -F 'origin/release/' '{print $2}')
-      LATEST_RELEASE_BASE=$(echo $LATEST_RELEASE | cut -f 1,2 -d '.')
-      LATEST_RELEASE_TAG_FINAL=$(git tag | grep $LATEST_RELEASE_BASE | grep -v 'RC' | tail -1)
-      if [[ ! -z "$LATEST_RELEASE_TAG_FINAL" ]]; then
-        LATEST_RELEASE_TAG=$LATEST_RELEASE_TAG_FINAL
-      else
-        LATEST_RELEASE=$(git tag | grep $LATEST_RELEASE_BASE | tail -1)
-      fi
-      log_debug "Latest release - $LATEST_RELEASE"
-      log_debug "Latest release base - $LATEST_RELEASE_BASE"
-      log_debug "Latest release tag - $LATEST_RELEASE_TAG"
+      LATEST_RELEASE=$(echo $LATEST_RELEASE_BRANCH | awk -F 'origin/' '{print $2}')
+      LATEST_RELEASE_TAG=$(git tag | grep -x $LATEST_RELEASE | tail -1)
       if [[ -z "$LATEST_RELEASE_TAG" ]]; then
         log_info "Could not find any tags for $LATEST_RELEASE release, creating it"
         check_release_branch $LATEST_RELEASE
@@ -286,20 +248,11 @@ check_if_release_branch_required() {
         REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
       fi 
     else
-      log_info "New release branch for $RELEASE_BRANCH_VERSION is required, creating it"
-      create_release_branch $RELEASE_BRANCH_VERSION
+      create_release_branch $RELEASE_VERSION
     fi
   fi
 }
 
-get_release_branch_version() {
-  RELEASE_BRANCH_VERSION_BASE=$(echo $RELEASE_VERSION | cut -f 1,2 -d '.')
-  RELEASE_BRANCH_VERSION="$RELEASE_BRANCH_VERSION_BASE.0"
-  if [[ "$RELEASE_BRANCH_VERSION" != "$RELEASE_VERSION" ]]; then
-    log_info "Minor release version ($RELEASE_VERSION) deployment is detected, work will be checked in branch for $RELEASE_BRANCH_VERSION"
-  fi
-}
-
 create_repo_version() {
   CWD=$PWD
   REPO_NAME=$1
@@ -307,10 +260,8 @@ create_repo_version() {
   rm -rf $REPO_NAME
   git clone -q $REPO_URL $REPO_NAME
   cd $REPO_NAME
-  get_release_branch_version
-  log_debug "Release branch version - $RELEASE_BRANCH_VERSION"
   DEFAULT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
-  RELEASE_BRANCH=$(git branch -r | grep $RELEASE_BRANCH_VERSION | awk -F 'origin/' '{print $2}' | xargs)
+  RELEASE_BRANCH=$(git branch -r | grep $RELEASE_VERSION | awk -F 'origin/' '{print $2}' | xargs)
   log_debug "Release branch to check - '$RELEASE_BRANCH'"
   if [[ ! -z "$RELEASE_BRANCH" ]]; then
     log_info "Release branch $RELEASE_BRANCH exists in the repository, checking if it has tags"
@@ -322,6 +273,7 @@ create_repo_version() {
   log_info "Release commit info:"
   git show
   cd $CWD
+  rm -rf $REPO_NAME
 }
 
 # Log level setup
@@ -352,34 +304,28 @@ fi
 # Check variables
 log_debug "Release version: ${RELEASE_VERSION}"
 [ -z ${RELEASE_VERSION+x} ] && echo "RELEASE_VERSION is unset" && usage && exit 3
-echo "${RELEASE_VERSION}" | grep -xP "v(\d)+\.(\d)+\.\d+" >/dev/null || (log_error "RELEASE_VERSION is not in the right notation (correct example - v2.2.0 or v2.2.2)" && usage && exit 3)
+echo "${RELEASE_VERSION}" | grep -xP "v(\d)+\.(\d)+\.\d+" >/dev/null || (log_error "RELEASE_VERSION is not in the right notation (correct example - v2.2.0)" && usage && exit 3)
 log_debug "Tag type: ${TAG_TYPE}"
 [ -z ${TAG_TYPE+x} ] && echo "TAG_TYPE is unset" && usage && exit 3
 echo "${TAG_TYPE}" | tr '[:upper:]' '[:lower:]' | grep -xP "(rc|final)" >/dev/null || (log_error "TAG_TYPE is not in the supported values ('rc' or 'final', case insensitive)" && usage && exit 3)
 
 # Main body
+REPOSITORIES_AMOUNT=$(cat repositories.yaml | yq ".repositories[].name" -r | wc -l)
 DEPLOY_REPO_URL=$(cat repositories.yaml | yq ".deploy_repo_url" -r)
 log_debug "DEPLOY_REPO_URL - $DEPLOY_REPO_URL"
 
-log_info "First we need to get repository list for tied deployment version"
-create_repo_version "deploy" $DEPLOY_REPO_URL
-cp deploy/.github/git-release-tool/repositories.yaml release.repositories.yaml
-rm -rf deploy
-
 log_info "Checking repositories"
-REPOSITORIES_AMOUNT=$(cat release.repositories.yaml | yq ".repositories[].name" -r | wc -l)
 log_info "Found $REPOSITORIES_AMOUNT repos to process"
 for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
   echo
-  REPO_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
-  REPO_URL=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
-  REPO_DOCKER_COMPOSE_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+  REPO_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  REPO_URL=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+  REPO_DOCKER_COMPOSE_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
   log_debug "REPO_NAME - $REPO_NAME"
   log_debug "REPO_URL - $REPO_URL"
   log_debug "REPO_DOCKER_COMPOSE_NAME - $REPO_DOCKER_COMPOSE_NAME"
   log_info "Processing repository '$REPO_NAME'"
   create_repo_version $REPO_NAME $REPO_URL
-  rm -rf $REPO_NAME
 done
 log_debug "Tags per project: ${REPO_TAGS_ARRAY[*]}"
 
@@ -390,11 +336,10 @@ create_repo_version "deploy" $DEPLOY_REPO_URL
 echo
 log_info "Services versions:"
 for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
-  REPO_NAME=$(cat release.repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  REPO_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
   log_info "- $REPO_NAME - ${REPO_TAGS_ARRAY[$REPO_INDEX]}"
 done
 log_info "Deployment repo version - ${REPO_TAGS_ARRAY[-1]}"
-rm release.repositories.yaml
 if [[ "$GIT_PUSH_CONFIRMED" != "true" ]]; then
   log_info "To apply changes described above, set GIT_PUSH_CONFIRMED to 'true' and rerun this script"
 fi

.github/git-release-tool/repositories.yaml

@@ -24,6 +24,3 @@ repositories:
   - name: owsub
     url: https://github.com/Telecominfraproject/wlan-cloud-userportal.git
     docker_compose_name: OWSUB_TAG
-  - name: owrrm
-    url: https://github.com/Telecominfraproject/wlan-cloud-rrm.git
-    docker_compose_name: OWRRM_TAG

.github/workflows/ci.yml

@@ -9,7 +9,6 @@ on:
     branches:
       - main
       - 'release/*'
-  workflow_dispatch: {}
 
 defaults:
   run:
@@ -29,19 +28,19 @@ jobs:
       id: get_branch_names
       if: startsWith(github.ref, 'refs/pull/')
       run: |
-        echo "pr_branch=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_OUTPUT
+        echo ::set-output name=pr_branch::$(echo ${GITHUB_HEAD_REF})
 
     - name: Get created deployment tag and set as output
       id: get_deployment_upgrade_tag
       if: startsWith(github.ref, 'refs/tags/v')
       run: |
-        echo "tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
+        echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
 
     - name: Get previous deployment tag
       id: get_deployment_tag
       if: startsWith(github.ref, 'refs/tags/v')
       run: |
-        echo "tag=$(git tag | grep -v RC | tail -2 | head -1)" >> $GITHUB_OUTPUT
+        echo ::set-output name=tag::$(git tag | grep -v RC | tail -2 | head -1)
 
   trigger-docker-compose-testing:
     if: startsWith(github.ref, 'refs/pull/')
@@ -49,7 +48,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -72,7 +71,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -95,7 +94,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: Telecominfraproject/.github
         path: github

.github/workflows/clustersysteminfo_image_ci.yml

@@ -22,7 +22,7 @@ jobs:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v2
 
     - name: Build Docker image
       working-directory: chart/docker
@@ -55,7 +55,7 @@ jobs:
 
     - name: Log into Docker registry
       if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
-      uses: docker/login-action@v2
+      uses: docker/login-action@v1
       with:
         registry: ${{ env.DOCKER_REGISTRY_URL }}
         username: ${{ env.DOCKER_REGISTRY_USERNAME }}

.github/workflows/enforce-jira-issue-key.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout actions repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           repository: Telecominfraproject/.github
           path: github

.github/workflows/git-release.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: wlan-cloud-ucentral-deploy
 

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
       HELM_REPO_USERNAME: ucentral
     steps:
       - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy

.gitignore

@@ -1,7 +1,6 @@
 *.swp
 chart/charts/*
-chart/Chart.lock
-chart/environment-values/wlan-cloud-ucentral-deploy/
 /docker-compose/certs/
 /docker-compose/*_data
 /docker-compose/owls/*_data
+chart/environment-values/wlan-cloud-ucentral-deploy/

chart/.helmignore

@@ -20,7 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
-# Chart dependencies
-docker/
-environment-values/
-feature-values/

chart/Chart.yaml

@@ -2,39 +2,35 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 0.1.0
+version: 2.6.2
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.6.2"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owanalytics
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.6.0"
   version: 0.1.0
 - name: owsub
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main"
-  version: 0.1.0
-- name: owrrm
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.6.0"
   version: 0.1.0
 - name: kafka
   repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 13.0.2
-  condition: kafka.enabled
 - name: owls
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
   version: 0.1.0
@@ -47,7 +43,3 @@ dependencies:
   repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 0.2.21
   condition: haproxy.enabled
-- name: postgresql-ha
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-  version: 8.6.13
-  condition: postgresql-ha.enabled

chart/README.md

@@ -1,72 +1,18 @@
 # openwifi
 
-This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. The purpose of this chart is to set up the correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
+This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
 
 ## TL;DR;
 
-[helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so install it if you don't have it already.
-
-Using that you can deploy Cloud SDK with 2 setups - without TLS certificates for RESTAPI endpoints and with them.
-
-In both cases Websocket endpoint should be exposed through LoadBalancer. In order to get IP address or DNS FQDN of that endpoint you may refer to `kubectl get svc | grep proxy | awk -F ' ' '{print $4}'`. Used port is 15002, but you would need to disable TLS check on AP side since certificate is issued for `*.wlan.local`.
-
-### Deployment with TLS certificates
-
-This deployment method requires usage of [cert-manager](https://cert-manager.io/docs/) (tested minimal Helm chart version is `v1.6.1`) in your Kubernetes installation in order to issue self-signed PKI for internal communication. In this case you will have to trust the self-signed certificates via your browser. Just like in previous method you still need OWGW Websocket TLS certificate, so you can use the same certificates with another values file using these commands:
+[helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so intall it if you don't have it already.
 
 ```bash
 $ helm dependency update
-$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
-$ helm upgrade --install -f environment-values/values.base.secure.yaml openwifi .
+$ helm install .
 ```
 
-In order to access the UI and other RESTAPI endpoints you should run the following commands after the deployment:
-
-```
-$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
-$ kubectl port-forward deployment/owrrm 16789 &
-$ kubectl port-forward deployment/owgwui 8080:80 &
-$ kubectl port-forward deployment/owprovui 8088:80 &
-```
-
-From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
-
-### Deployment without TLS certificates
-
-**IMPORTANT** Currently this method is not available due to issues in current implementation on microservices side (not being able to use Web UI because of error on Websocket upgrade on OWGW connections), please use TLS method for now.
-
-For this deployment method you will need to disable usage of TLS certificates, yet you will still need a TLS certificate for Websocket endpoint of OWGW. Here are the required steps for the deployment where websocket certificates from [docker-compose certs directory](../docker-compose/certs) and special values file to disable TLS for REST API endpoint will be used:
-
-```bash
-$ helm dependency update
-$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
-$ helm upgrade --install -f environment-values/values.base.insecure.yaml openwifi .
-```
-
-In order to access the UI and other RESTAPI endpoints you should run the following commands after the deployment:
-
-```
-$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
-$ kubectl port-forward deployment/owrrm 16789 &
-$ kubectl port-forward deployment/owgwui 8080:80 &
-$ kubectl port-forward deployment/owprovui 8088:80 &
-```
-
-From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
-
-During the requests through UI errors may happen - that means that you haven't added certificate exception in browser. In order to that open browser dev tools (F12), open Network tab and see what requests are failing, open them and accept the exceptions.
-
-### Default password change
-
 Then change the default password as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password).
 
-Values files passed in the installation is using default certificates that may be used for initial evaluation (same certificates are used in [docker-compose](../docker-compose/certs) method) using `*.wlan.local` domains. If you want to change those certificates, please set them in Helm values files instead of default certificates (see default values in `values.yaml` file).
-
-If you are using default values without changing [OWSEC config properties](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/939869948f77575ba0e92c0fb12f2197802ffe71/helm/values.yaml#L212-L213) in your values file, you may access the WebUI using following credentials:
-
-> Username: tip@ucentral.com
-> Password: openwifi
-
 ## Introduction
 
 This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@@ -125,27 +71,20 @@ The following table lists the configurable parameters that overrides microservic
 |-----------|------|-------------|---------|
 | `owgw.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Gateway to use Kafka for communication | `'true'` |
 | `owgw.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Gateway to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owgw.certs` | map | Map with multiline string containing TLS certificates and private keys required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
-| `owgw.certsCAs` | map | Map with multiline string containing TLS CAs required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
 | `owsec.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Security to use Kafka for communication | `'true'` |
-| `owsec.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owsec.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Security to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `owfms.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Firmware to use Kafka for communication | `'true'` |
 | `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owfms.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owprov.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Provisioning to use Kafka for communication | `'true'` |
 | `owprov.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Provisioning to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owprov.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owanalytics.enabled` | boolean | Install OpenWIFI Analytics in the release | `false` |
 | `owanalytics.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Analytics to use Kafka for communication | `'true'` |
 | `owanalytics.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Analytics to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owanalytics.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
-| `owsub.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Subscription to use Kafka for communication | `'true'` |
-| `owsub.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Subscription to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owsub.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
-| `owrrm.public_env_variables` | map | Map of public environment variables passed to OpenWIFI RRM service |  |
-| `owrrm.mysql.enabled` | boolean | Flag to enable MySQL database deployment of OpenWIFI RRM service using subchart | `true` |
-| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `true` |
+| `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
+| `rttys.internal` | boolean | Whether to use the built-in rttys server | `True` |
+| `rttys.enabled` | boolean | Enable or disable rttys | `True` |
+| `rttys.config.token` | string | Sets default rttys token |  |
+| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
 | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` |
 | `kafka.image.registry` | string | Kafka Docker image registry | `'docker.io'` |
 | `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
@@ -167,7 +106,7 @@ The following table lists the configurable parameters that overrides microservic
 | `restapiCerts.services` | array | List of services that require certificates generation |  |
 | `restapiCerts.clusterDomain` | string | Kubernetes cluster domain | `cluster.local` |
 
-If required, further overrides may be passed. They will be merged with default values from this chart and other sub-charts with priority to values you'll pass.
+If required, further overrides may be passed. They will be merged with default values from this chart and other subcharts with priority to values you'll pass.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
@@ -200,7 +139,7 @@ By setting `clusterinfo.enabled` to `true` you may enable job on post-install/po
 1. Change default security credentials from credentials set in OWSEC configuration file (see 'Required password changing on the first startup' block above)
 2. Check if all services started responding correctly after the deployment using systeminfo REST API method
 
-In order to do that, you need to additionally set multiple parameters:
+In order to do that, you need to additionaly set multiple parameters:
 
 1. clusterinfo.public_env_variables.OWSEC - OWSEC endpoint to use for CLI tools
 2. clusterinfo.secret_env_variables.OWSEC_DEFAULT_USERNAME - username used for CLI requests (see OWSEC configuration file for details)
@@ -221,17 +160,17 @@ You may see example values to enable this feature in [values.enable-owls.yaml](.
 
 In order to use single point of entry for all services (may be used for one cloud Load Balancer per installation) HAproxy is installed by default with other services. HAproxy is working in TCP proxy mode, so every TLS certificate is managed by services themself, while it is possible to pass requests from cloud load balancer to services using same ports (configuration of cloud load balancer may vary from cloud provider to provider).
 
-By default, this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
+By default this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
 
 ### OWGW unsafe sysctls
 
-By default, Linux is using quite adequate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
+By default Linux is using quite adeqate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
 
 - net.ipv4.tcp_keepalive_intvl
 - net.ipv4.tcp_keepalive_probes - 2
 - net.ipv4.tcp_keepalive_time - 45
 
-However, this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls), and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
+However this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls) and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
 
 ```
 --allowed-unsafe-sysctls net.ipv4.tcp_keepalive_intvl,net.ipv4.tcp_keepalive_probes,net.ipv4.tcp_keepalive_time
@@ -256,18 +195,14 @@ If you want, you may use configuration property `openwifi.security.restapi.disab
 
 You may see example values to enable this feature in [values.restapi-disable-tls.yaml](./feature-values/values.restapi-disable-tls.yaml).
 
-### PostgreSQL storage option for services
-
-By default, all microservices except RRM service use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used.
-
 ## Environment specific values
 
-This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime environments (including different cloud deployments).
+This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).
 
 Some environments are using [external-dns](https://github.com/kubernetes-sigs/external-dns) service to dynamically set DNS records, but you may manage your records manually
 
 ### AWS EKS
 
-EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also, it is assumed that you have Route53 managed DNS zone, and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
+EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also it is assumed that you have Route53 managed DNS zone and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
 
 You may see example values for this environment in [values.aws.yaml](./environment-values/values.aws.yaml).

chart/docker/change_credentials

@@ -61,7 +61,7 @@ then
         echo "Logged in with new credentials:"
     fi
 else
-    echo "Credentials check failed with unexpected ErrorCode, please review the response body:"
+    echo "Credentials check failed with unexpected ErrorCode, please review the responce body:"
     jq < ${result_file}
     exit 2
 fi

chart/environment-values/cleanup.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-[ -z "$NAMESPACE" ] && echo "No NAMESPACE set" && exit 1
-helm -n openwifi-"$NAMESPACE" delete tip-openwifi
-sleep 30
-kubectl delete ns openwifi-"$NAMESPACE"
-exit 0

chart/environment-values/deploy.sh

@@ -13,7 +13,6 @@ usage () {
   echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
   echo >&2;
   echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
-  echo "- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build" >&2;
   echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
   echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
   echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
@@ -32,7 +31,6 @@ usage () {
   echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
   echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
   echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
   echo >&2;
   echo "Optional environment variables:" >&2;
   echo >&2;
@@ -52,7 +50,7 @@ EXTRA_VALUES_SPLITTED=()
 
 # Helper functions
 check_if_chart_version_is_release() {
-  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xE "v\d+\.\d+\.\d+.*")
+  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
   if [[ -z "$PARSED_CHART_VERSION" ]]; then
     return 1
   else
@@ -76,7 +74,6 @@ else
   [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
   [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
   [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
 fi
 ## Environment specifics
 [ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
@@ -95,7 +92,6 @@ fi
 [ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
 export MAILER_ENABLED="false"
 [ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
-[ -z "${DOMAIN}" ] && echo "DOMAIN is unset, using cicd.lab.wlan.tip.build" && export DOMAIN="cicd.lab.wlan.tip.build"
 
 # Transform some environment variables
 export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
@@ -106,7 +102,6 @@ export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
 export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
 export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
 export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
-export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-')
 
 # Debug get bash version
 bash --version >&2
@@ -129,19 +124,20 @@ if [[ "$DEPLOY_METHOD" == "git" ]]; then
     sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
     sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
     sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
   fi
   helm repo add bitnami https://charts.bitnami.com/bitnami
   helm repo update
   helm dependency update
   cd ../..
   export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
-elif [[ "$DEPLOY_METHOD" == "bundle" ]]; then
-  helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
-  export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
 else
-  echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git or bundle" >&2
-  exit 1
+  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
+    helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
+    export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
+  else
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
+    exit 1
+  fi
 fi
 
 VALUES_FILES_FLAGS=()
@@ -156,28 +152,77 @@ for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
 done
 
 if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
-  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN}"
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
 else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN},sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
   export OWGW_SERVICE_DNS_RECORDS=""
 fi
 
-echo "Deploying into openwifi-${NAMESPACE} with the following values files:"
-echo ${VALUES_FILES_FLAGS[*]}
-echo
-envsubst < values.custom.tpl.yaml > values.custom-${NAMESPACE}.yaml
-
-echo "Using configuration:"
-echo "---"
-cat values.custom-${NAMESPACE}.yaml
-echo "---"
-set -x
+# Run the deployment
 helm upgrade --install --create-namespace --wait --timeout 60m \
   --namespace openwifi-${NAMESPACE} \
   ${VALUES_FILES_FLAGS[*]} \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
+  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
+  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
+  --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
+  --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
+  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
+  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
+  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
+  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
   ${EXTRA_VALUES_FLAGS[*]} \
-  -f values.custom-${NAMESPACE}.yaml \
   --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
   --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \

chart/environment-values/values.aws.yaml

@@ -19,7 +19,7 @@ owgwui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -29,7 +29,7 @@ owgwui:
         servicePort: http
 
   public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
 
 owsec:
   configProperties: # TODO change FQDNs and credentials
@@ -69,7 +69,7 @@ owprovui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -99,8 +99,8 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
-      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs
+      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build" # TODO change FQDNs
 

chart/environment-values/values.base.insecure.yaml

@@ -1,86 +0,0 @@
-owgw:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16002
-    openwifi.system.uri.private: http://owgw-owgw:17002
-    openwifi.system.uri.ui: http://localhost
-
-owsec:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16001
-    openwifi.system.uri.private: http://owsec-owsec:17001
-    openwifi.system.uri.ui: http://localhost
-
-owfms:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16004
-    openwifi.system.uri.private: http://owfms-owfms:17004
-    openwifi.system.uri.ui: http://localhost
-
-owprov:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16005
-    openwifi.system.uri.private: http://owprov-owprov:17005
-    openwifi.system.uri.ui: http://localhost
-
-owanalytics:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16009
-    openwifi.system.uri.private: http://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: http://localhost
-
-owsub:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16006
-    openwifi.system.uri.private: http://owsub-owsub:17006
-    openwifi.system.uri.ui: http://localhost
-
-owrrm:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  mysql:
-    enabled: true
-    fullnameOverride: "owrrm-mysql"
-
-owgwui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
-
-owprovui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
-
-kafka:
-  heapOpts: -Xmx512m -Xms512m
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    heapSize: 256

chart/environment-values/values.base.secure.yaml

@@ -1,335 +0,0 @@
-owgw:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16002
-    openwifi.system.uri.private: https://owgw-owgw:17002
-    openwifi.system.uri.ui: http://localhost:8443
-    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owgw:
-      - name: config
-        mountPath: /owgw-data/owgw.properties
-        subPath: owgw.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-config
-      - name: certs
-        mountPath: /owgw-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owgw.fullname" . }}-certs{{ end }}
-      - name: certs-cas
-        mountPath: /owgw-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-certs-cas
-      - name: persist
-        mountPath: /owgw-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owgw.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owgw-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-
-owsec:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16001
-    openwifi.system.uri.private: https://owsec-owsec:17001
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsec:
-      - name: config
-        mountPath: /owsec-data/owsec.properties
-        subPath: owsec.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-config
-      - name: certs
-        mountPath: /owsec-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owsec-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsec.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsec-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-
-owfms:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16004
-    openwifi.system.uri.private: https://owfms-owfms:17004
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owfms:
-      - name: config
-        mountPath: /owfms-data/owfms.properties
-        subPath: owfms.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-config
-      - name: certs
-        mountPath: /owfms-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owfms.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owfms-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owfms.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owfms-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-
-owprov:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16005
-    openwifi.system.uri.private: https://owprov-owprov:17005
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owprov:
-      - name: config
-        mountPath: /owprov-data/owprov.properties
-        subPath: owprov.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-config
-      - name: certs
-        mountPath: /owprov-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owprov.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owprov-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owprov.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owprov-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-
-owanalytics:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16009
-    openwifi.system.uri.private: https://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owanalytics:
-      - name: config
-        mountPath: /owanalytics-data/owanalytics.properties
-        subPath: owanalytics.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-config
-      - name: certs
-        mountPath: /owanalytics-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owanalytics.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owanalytics-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owanalytics.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owanalytics-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
-
-
-owsub:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16006
-    openwifi.system.uri.private: https://owsub-owsub:17006
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsub:
-      - name: config
-        mountPath: /owsub-data/owsub.properties
-        subPath: owsub.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-config
-      - name: certs
-        mountPath: /owsub-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsub.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owsub-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsub.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsub-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
-
-owrrm:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  mysql:
-    enabled: true
-    fullnameOverride: "owrrm-mysql"
-
-owgwui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
-
-owprovui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
-
-kafka:
-  heapOpts: -Xmx512m -Xms512m
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    heapSize: 256
-
-restapiCerts:
-  enabled: true

chart/environment-values/values.custom.tpl.yaml

@@ -1,128 +0,0 @@
-owgw:
-  services:
-    owgw:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: "$OWGW_SERVICE_DNS_RECORDS"
-  configProperties:
-    openwifi.fileuploader.host.0.name: gw-${NAMESPACE}.${DOMAIN}
-    rtty.server: gw-${NAMESPACE}.${DOMAIN}
-    openwifi.system.uri.public: https://gw-${NAMESPACE}.${DOMAIN}:16002
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsec:
-  configProperties:
-    authentication.default.username: "${OWGW_AUTH_USERNAME}"
-    authentication.default.password: "${OWGW_AUTH_PASSWORD}"
-    openwifi.system.uri.public: https://sec-${NAMESPACE}.${DOMAIN}:16001
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001
-    openwifi.ystem.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    mailer.sender: "sec-${NAMESPACE}@${DOMAIN}"
-    mailer.enabled: $MAILER_ENABLED
-    mailer.username: "$MAILER_USERNAME"
-    mailer.password: "$MAILER_PASSWORD"
-  services:
-    owsec:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sec-${NAMESPACE}.${DOMAIN}
-owfms:
-  configProperties:
-    s3.secret: "${OWFMS_S3_SECRET}"
-    s3.key: "${OWFMS_S3_KEY}"
-    openwifi.system.uri.public: https://fms-${NAMESPACE}.${DOMAIN}:16004
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  services:
-    owfms:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: fms-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owgwui:
-  ingresses:
-    default:
-      hosts:
-      - webui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owprov:
-  services:
-    owprov:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: prov-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://prov-${NAMESPACE}.${DOMAIN}:16005
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005
-    openwifi.system.uri.ui: https://provui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owprovui:
-  ingresses:
-    default:
-      hosts:
-      - provui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: provui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owanalytics:
-  services:
-    owanalytics:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: analytics-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://analytics-${NAMESPACE}.${DOMAIN}:16009
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsub:
-  services:
-    owsub:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sub-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://sub-${NAMESPACE}.${DOMAIN}:16006
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-clustersysteminfo:
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-  secret_env_variables:
-    OWSEC_NEW_PASSWORD: "${OWSEC_NEW_PASSWORD}"
-owls:
-  services:
-    owls:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: ls-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://ls-${NAMESPACE}.${DOMAIN}:16007
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-owlsui:
-  ingresses:
-    default:
-      hosts:
-      - lsui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: lsui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owrrm:
-  public_env_variables:
-    SERVICECONFIG_PUBLICENDPOINT: https://rrm-${NAMESPACE}.${DOMAIN}:16789
-  services:
-    owrrm:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: rrm-${NAMESPACE}.${DOMAIN}
-haproxy:
-  service:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: "$HAPROXY_SERVICE_DNS_RECORDS"

chart/environment-values/values.openwifi-qa.external-db.yaml

@@ -21,74 +21,74 @@ owgw:
         cpu: 250m
         memory: 1024Mi
 
-owsec:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: owsec-pgsql
-    storage.type.postgresql.database: owsec
-    storage.type.postgresql.username: owsec
-    storage.type.postgresql.password: owsec
+#owsec:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owsec-pgsql
+#    storage.type.postgresql.database: owsec
+#    storage.type.postgresql.username: owsec
+#    storage.type.postgresql.password: owsec
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owsec-pgsql
+#    fullnameOverride: owsec-pgsql
+#    postgresqlDatabase: owsec
+#    postgresqlUsername: owsec
+#    postgresqlPassword: owsec
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi
 
-  postgresql:
-    enabled: true
-    nameOverride: owsec-pgsql
-    fullnameOverride: owsec-pgsql
-    postgresqlDatabase: owsec
-    postgresqlUsername: owsec
-    postgresqlPassword: owsec
-    resources:
-      requests:
-        cpu: 250m
-        memory: 1024Mi
-      limits:
-        cpu: 250m
-        memory: 1024Mi
+#owfms:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owfms-pgsql
+#    storage.type.postgresql.database: owfms
+#    storage.type.postgresql.username: owfms
+#    storage.type.postgresql.password: owfms
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owfms-pgsql
+#    fullnameOverride: owfms-pgsql
+#    postgresqlDatabase: owfms
+#    postgresqlUsername: owfms
+#    postgresqlPassword: owfms
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi
 
-owfms:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: owfms-pgsql
-    storage.type.postgresql.database: owfms
-    storage.type.postgresql.username: owfms
-    storage.type.postgresql.password: owfms
-
-  postgresql:
-    enabled: true
-    nameOverride: owfms-pgsql
-    fullnameOverride: owfms-pgsql
-    postgresqlDatabase: owfms
-    postgresqlUsername: owfms
-    postgresqlPassword: owfms
-    resources:
-      requests:
-        cpu: 250m
-        memory: 1024Mi
-      limits:
-        cpu: 250m
-        memory: 1024Mi
-
-owprov:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: owprov-pgsql
-    storage.type.postgresql.database: owprov
-    storage.type.postgresql.username: owprov
-    storage.type.postgresql.password: owprov
-
-  postgresql:
-    enabled: true
-    nameOverride: owprov-pgsql
-    fullnameOverride: owprov-pgsql
-    postgresqlDatabase: owprov
-    postgresqlUsername: owprov
-    postgresqlPassword: owprov
-    resources:
-      requests:
-        cpu: 250m
-        memory: 1024Mi
-      limits:
-        cpu: 250m
-        memory: 1024Mi
+#owprov:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owprov-pgsql
+#    storage.type.postgresql.database: owprov
+#    storage.type.postgresql.username: owprov
+#    storage.type.postgresql.password: owprov
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owprov-pgsql
+#    fullnameOverride: owprov-pgsql
+#    postgresqlDatabase: owprov
+#    postgresqlUsername: owprov
+#    postgresqlPassword: owprov
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi
 
 owanalytics:
   configProperties:
@@ -113,25 +113,25 @@ owanalytics:
         cpu: 250m
         memory: 1024Mi
 
-owsub:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: owsub-pgsql
-    storage.type.postgresql.database: owsub
-    storage.type.postgresql.username: owsub
-    storage.type.postgresql.password: owsub
-
-  postgresql:
-    enabled: true
-    nameOverride: owsub-pgsql
-    fullnameOverride: owsub-pgsql
-    postgresqlDatabase: owsub
-    postgresqlUsername: owsub
-    postgresqlPassword: owsub
-    resources:
-      requests:
-        cpu: 250m
-        memory: 1024Mi
-      limits:
-        cpu: 250m
-        memory: 1024Mi
+#owsub:
+#  configProperties:
+#    storage.type: postgresql
+#    storage.type.postgresql.host: owsub-pgsql
+#    storage.type.postgresql.database: owsub
+#    storage.type.postgresql.username: owsub
+#    storage.type.postgresql.password: owsub
+#
+#  postgresql:
+#    enabled: true
+#    nameOverride: owsub-pgsql
+#    fullnameOverride: owsub-pgsql
+#    postgresqlDatabase: owsub
+#    postgresqlUsername: owsub
+#    postgresqlPassword: owsub
+#    resources:
+#      requests:
+#        cpu: 250m
+#        memory: 1024Mi
+#      limits:
+#        cpu: 250m
+#        memory: 1024Mi

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -1,4 +1,3 @@
-# This helm values file is to be used when OWLS is run in the same namespace.
 owgw:
   services:
     owgw:
@@ -8,7 +7,7 @@ owgw:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
 
   configProperties:
@@ -18,7 +17,6 @@ owgw:
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"
 
   resources:
     requests:
@@ -31,13 +29,13 @@ owgw:
   postgresql:
     enabled: true
     fullnameOverride: owgw-pgsql
+
     postgresqlDatabase: owgw
     postgresqlUsername: owgw
     postgresqlPassword: owgw
 
 owls:
   enabled: true
-
   services:
     owls:
       type: LoadBalancer
@@ -46,7 +44,7 @@ owls:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
         external-dns.alpha.kubernetes.io/ttl: "60"
 
@@ -55,10 +53,10 @@ owls:
 
   resources:
     requests:
-      cpu: 6000m
+      cpu: 3000m
       memory: 8000Mi
     limits:
-      cpu: 6000m
+      cpu: 3000m
       memory: 8000Mi
 
   checks:
@@ -142,7 +140,7 @@ owls:
           secret:
             secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -162,145 +160,7 @@ owlsui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
-        external-dns.alpha.kubernetes.io/ttl: "60"
-      paths:
-      - path: /*
-        serviceName: owlsui
-        servicePort: http
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-owls:
-  enabled: true
-
-  services:
-    owls:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
-        external-dns.alpha.kubernetes.io/ttl: "60"
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  resources:
-    requests:
-      cpu: 6000m
-      memory: 8000Mi
-    limits:
-      cpu: 6000m
-      memory: 8000Mi
-
-  checks:
-    owls:
-      liveness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-      readiness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owls:
-      - name: config
-        mountPath: /owls-data/owls.properties
-        subPath: owls.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-config
-      - name: certs
-        mountPath: /owls-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs
-      - name: certs-cas
-        mountPath: /owls-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs-cas
-      # Change this if you want to use another volume type
-      - name: persist
-        mountPath: /owls-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owls.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owls-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-
-owlsui:
-  enabled: true
-
-  services:
-    owlsui:
-      type: NodePort
-
-  ingresses:
-    default:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: alb
-        alb.ingress.kubernetes.io/scheme: internet-facing
-        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/ttl: "60"

chart/environment-values/values.openwifi-qa.owls-external.yaml

@@ -1,36 +0,0 @@
-# This helm values file is to be used when OWLS is run externally.
-owgw:
-  services:
-    owgw:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
-
-  configProperties:
-    simulatorid: 53494D020202
-    storage.type: postgresql
-    storage.type.postgresql.host: owgw-pgsql
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"
-
-  resources:
-    requests:
-      cpu: 2000m
-      memory: 3000Mi
-    limits:
-      cpu: 2000m
-      memory: 3000Mi
-
-  postgresql:
-    enabled: true
-    fullnameOverride: owgw-pgsql
-    postgresqlDatabase: owgw
-    postgresqlUsername: owgw
-    postgresqlPassword: owgw

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -7,7 +7,7 @@ owgw:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
 
 owsec:
@@ -19,7 +19,7 @@ owsec:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
 
 owfms:
@@ -31,7 +31,7 @@ owfms:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
 
 owprov:
@@ -43,7 +43,7 @@ owprov:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
 
 owanalytics:
@@ -55,7 +55,7 @@ owanalytics:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
 
 owsub:
@@ -67,7 +67,7 @@ owsub:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
 
 haproxy:

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -1,79 +0,0 @@
-owgw:
-  configProperties:
-    simulatorid: 53494D020202
-    storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-
-owsec:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
-    storage.type.postgresql.database: owsec
-    storage.type.postgresql.username: owsec
-    storage.type.postgresql.password: owsec
-
-owfms:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
-    storage.type.postgresql.database: owfms
-    storage.type.postgresql.username: owfms
-    storage.type.postgresql.password: owfms
-
-owprov:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
-    storage.type.postgresql.database: owprov
-    storage.type.postgresql.username: owprov
-    storage.type.postgresql.password: owprov
-
-owanalytics:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
-    storage.type.postgresql.database: owanalytics
-    storage.type.postgresql.username: owanalytics
-    storage.type.postgresql.password: owanalytics
-
-owsub:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
-    storage.type.postgresql.database: owsub
-    storage.type.postgresql.username: owsub
-    storage.type.postgresql.password: owsub
-
-postgresql-ha:
-  enabled: true
-  initDbScriptSecret:
-    enabled: true
-  pgpool:
-    adminPassword: admin
-    maxConnections: 400
-    resources:
-      requests:
-        cpu: 250m
-        memory: 1024Mi
-      limits:
-        cpu: 250m
-        memory: 1024Mi
-    initdbScriptsSecret: tip-openwifi-initdb-scripts
-  postgresql:
-    replicaCount: 1
-    password: postgres
-    postgresPassword: postgres
-    repmgrPassword: repmgr
-    maxConnections: 1000
-    sharedBuffers: 256MB
-
-    resources:
-      requests:
-        cpu: 250m
-        memory: 1024Mi
-      limits:
-        cpu: 250m
-        memory: 1024Mi

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -112,7 +112,7 @@ owprovui:
 
 owls:
   nodeSelector:
-    env: owls
+    env: tests
   tolerations:
   - key: "tests"
     operator: "Exists"
@@ -149,6 +149,7 @@ owanalytics:
   - key: "tests"
     operator: "Exists"
     effect: "NoSchedule"
+
   postgresql:
     primary:
       nodeSelector:
@@ -172,6 +173,7 @@ owsub:
   - key: "tests"
     operator: "Exists"
     effect: "NoSchedule"
+
   postgresql:
     primary:
       nodeSelector:
@@ -188,21 +190,6 @@ owsub:
         operator: "Exists"
         effect: "NoSchedule"
 
-owrrm:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-  mysql:
-    nodeSelector:
-      env: tests
-    tolerations:
-    - key: "tests"
-      operator: "Exists"
-      effect: "NoSchedule"
-
 kafka:
   nodeSelector:
     env: tests
@@ -217,19 +204,3 @@ kafka:
     - key: "tests"
       operator: "Exists"
       effect: "NoSchedule"
-
-postgresql-ha:
-  pgpool:
-    nodeSelector:
-      env: tests
-    tolerations:
-    - key: "tests"
-      operator: "Exists"
-      effect: "NoSchedule"
-  postgresql:
-    nodeSelector:
-      env: tests
-    tolerations:
-    - key: "tests"
-      operator: "Exists"
-      effect: "NoSchedule"

chart/environment-values/values.openwifi-qa.yaml

@@ -15,22 +15,22 @@ owgw:
       memory: 100Mi
     limits:
       cpu: 2000m
-      memory: 2Gi
+      memory: 500Mi
 
-#  securityContext:
-#    sysctls:
-#    - name: net.ipv4.tcp_keepalive_intvl
-#      value: "5"
-#    - name: net.ipv4.tcp_keepalive_probes
-#      value: "2"
-#    - name: net.ipv4.tcp_keepalive_time
-#      value: "45"
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
 
   podAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
-#  podSecurityPolicy:
-#    enabled: true
+  podSecurityPolicy:
+    enabled: true
 
   certs:
     restapi-ca.pem: |
@@ -56,160 +56,6 @@ owgw:
       L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
       5IOM7ItsRmen6u3qu+JXros54e4juQ==
       -----END CERTIFICATE-----
-    clientcas.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-    issuer.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-    root.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  certsCAs:
-    issuer.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-    root.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
 
   public_env_variables:
     SELFSIGNED_CERTS: "true"
@@ -253,7 +99,7 @@ owgw:
           secret:
             secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -314,7 +160,6 @@ owsec:
     openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
     mailer.hostname: email-smtp.us-east-2.amazonaws.com
-    openwifi.certificates.allowmismatch: "false"
 
   volumes:
     owsec:
@@ -342,7 +187,7 @@ owsec:
           secret:
             secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -360,7 +205,7 @@ owgwui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
       paths:
@@ -425,8 +270,6 @@ owfms:
 
   public_env_variables:
     SELFSIGNED_CERTS: "true"
-    # This has no effect as template based config is not enabled (see configProperties)
-    FIRMWAREDB_MAXAGE: "360"
 
   configProperties:
     openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
@@ -435,7 +278,6 @@ owfms:
     openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
     openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    firmwaredb.maxage: 360
 
   volumes:
     owfms:
@@ -463,7 +305,7 @@ owfms:
           secret:
             secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -522,7 +364,6 @@ owprov:
     openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
     openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    rrm.providers: owrrm
 
   volumes:
     owprov:
@@ -550,7 +391,7 @@ owprov:
           secret:
             secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -568,7 +409,7 @@ owprovui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
       paths:
@@ -659,7 +500,7 @@ owanalytics:
           secret:
             secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -739,78 +580,12 @@ owsub:
           secret:
             secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
             secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
 
-owrrm:
-  fullnameOverride: owrrm
-
-  services:
-    owrrm:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,16790"
-
-  resources:
-    requests:
-      cpu: 1000m
-      memory: 2048Mi
-    limits:
-      cpu: 1000m
-      memory: 2048Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-    # Empty string will disable DB usage
-    DATABASECONFIG_SERVER: ""
-    # Uncomment these parameters to enable DB usage + enable mysql below
-    #DATABASECONFIG_SERVER: owrrm-mysql:3306
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  volumes:
-    owrrm:
-      - name: persist
-        mountPath: /owrrm-data/
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owrrm.fullname" . }}-pvc
-
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls
-
-  mysql:
-    enabled: false
-    fullnameOverride: "owrrm-mysql"
-
-    resources:
-      requests:
-        cpu: 100m
-        memory: 512Mi
-      limits:
-        cpu: 100m
-        memory: 512Mi
 
 kafka:
   commonAnnotations:
@@ -856,8 +631,8 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16006,17006"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007,16006,17006"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
 
 restapiCerts:

chart/templates/_initdb_scripts.tpl

@@ -1,21 +0,0 @@
-{{- define "openwifi.user_creation_script" -}}
-{{- $root := . -}}
-{{- $postgresqlBase := index .Values "postgresql-ha" }}
-{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql-ha") "Release" $.Release) }}
-#!/bin/bash
-export PGPASSWORD=$PGPOOL_POSTGRES_PASSWORD
-
-until psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres -c '\q'; do
-  >&2 echo "Postgres is unavailable - sleeping"
-  sleep 1
-done
-
-{{ range index .Values "postgresql-ha" "initDbScriptSecret" "services" }}
-echo "{{ . }}"
-echo "SELECT 'CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = '{{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}')\gexec" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
-echo "ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}'" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
-echo "SELECT 'CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '{{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}')\gexec" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
-echo "GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}" | psql -h {{ include "postgresql-ha.postgresql" $postgresqlEmulatedRoot }} postgres postgres
-
-{{ end }}
-{{- end -}}

chart/templates/secret-postgresql-initdb.yaml

@@ -1,16 +0,0 @@
-{{- $root := . -}}
-{{- if  index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
----
-apiVersion: v1
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ include "openwifi.name" . }}
-    helm.sh/chart: {{ include "openwifi.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  name: {{ include "openwifi.fullname" . }}-initdb-scripts
-kind: Secret
-type: Opaque
-data:
-  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
-{{- end }}

chart/values.yaml

@@ -29,7 +29,7 @@ owprov:
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
-
+      #
 # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
 owanalytics:
   fullnameOverride: owanalytics
@@ -54,13 +54,6 @@ owsub:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
-# OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
-owrrm:
-  fullnameOverride: owrrm
-
-  mysql:
-    enabled: true
-
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
   enabled: true
@@ -85,7 +78,7 @@ clustersysteminfo:
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: main
+      tag: v2.6.2
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -437,20 +430,5 @@ restapiCerts:
     - owls-owls
     - owanalytics-owanalytics
     - owsub-owsub
-    - owrrm-owrrm
 
   clusterDomain: cluster.local
-
-postgresql-ha:
-  enabled: false
-  nameOverride: pgsql
-  fullnameOverride: pgsql
-  initDbScriptSecret:
-    enabled: false
-    services:
-      - owgw
-      - owsec
-      - owfms
-      - owprov
-      - owanalytics
-      - owsub

docker-compose/.env

@@ -1,19 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-KAFKA_TAG=2.8.0-debian-10-r43
-ZOOKEEPER_TAG=3.8
-POSTGRESQL_TAG=15.0
-MYSQL_TAG=latest
-# NOTE currently OWRRM is only supported in LB installations
-#OWRRM_TAG=main
+OWGW_TAG=v2.6.2
+OWGWUI_TAG=v2.6.0
+OWSEC_TAG=v2.6.0
+OWFMS_TAG=v2.6.0
+OWPROV_TAG=v2.6.0
+OWPROVUI_TAG=v2.6.0
+OWANALYTICS_TAG=v2.6.0
+OWSUB_TAG=v2.6.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
+POSTGRESQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -36,4 +33,3 @@ INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
 INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
-#INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/.env.letsencrypt

@@ -1,19 +1,17 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-OWRRM_TAG=main
-KAFKA_TAG=2.8.0-debian-10-r43
-ZOOKEEPER_TAG=3.8
+OWGW_TAG=v2.6.2
+OWGWUI_TAG=v2.6.0
+OWSEC_TAG=v2.6.0
+OWFMS_TAG=v2.6.0
+OWPROV_TAG=v2.6.0
+OWPROVUI_TAG=v2.6.0
+OWANALYTICS_TAG=v2.6.0
+OWSUB_TAG=v2.6.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
-MYSQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -39,5 +37,4 @@ INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
-INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local
 SDKHOSTNAME=

docker-compose/.env.selfsigned

@@ -1,19 +1,17 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-OWRRM_TAG=main
-KAFKA_TAG=2.8.0-debian-10-r43
-ZOOKEEPER_TAG=3.8
+OWGW_TAG=v2.6.2
+OWGWUI_TAG=v2.6.0
+OWSEC_TAG=v2.6.0
+OWFMS_TAG=v2.6.0
+OWPROV_TAG=v2.6.0
+OWPROVUI_TAG=v2.6.0
+OWANALYTICS_TAG=v2.6.0
+OWSUB_TAG=v2.6.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
-MYSQL_TAG=latest
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
@@ -38,4 +36,3 @@ INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
 INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_OWANALYTICS_HOSTNAME=owanalytics.wlan.local
 INTERNAL_OWSUB_HOSTNAME=owsub.wlan.local
-INTERNAL_OWRRM_HOSTNAME=owrrm.wlan.local

docker-compose/README.md

@@ -1,15 +1,13 @@
 # OpenWifi SDK Docker Compose
 ### Overview
-With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Let's Encrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Let's Encrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
+With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.
 The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
 - [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
 - [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
 - [Non-LB deployment with PostgreSQL](#non-lb-deployment-with-postgresql)
 - [LB deployment with self-signed certificates](#lb-deployment-with-self-signed-certificates)
-- [LB deployment with Let's Encrypt certificates](#lb-deployment-with-letsencrypt-certificates)
+- [LB deployment with Letsencrypt certificates](#lb-deployment-with-letsencrypt-certificates)
 - [OWLS deployment with self-signed certificates](owls/README.md)
-- [AWS CloudFormation template](cloudformation/openwifi-cloudsdk-docker-compose.yml)
-
 ### Configuration
 Config files for the microservices are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into these files. For an explanation of the configuration properties please see the README in the respective microservice repository.
 Be aware that local changes to the config files will be overwritten on every startup if `TEMPLATE_CONFIG` is set to `true` in the microservice env files. If you want to bind mount your own config file or make local changes, please set this variable to `false`.
@@ -33,20 +31,19 @@ On the startup of owsec directories for wwwassets and mailer templates are creat
 export OWSEC="openwifi.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
-⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Let's Encrypt deployment or provide your own valid certificates if you want to use these features.
+⚠️**Note**: When deploying with self-signed certificates you can not use the 'Trace' and 'Connect' features in the UI since the AP will throw a TLS error. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use these features.
 ## Non-LB deployment with own certificates
 1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
 2. Adapt the following hostname and URI variables according to your environment:
 ### .env
-| Variable                        | Description                                                                        |
-| ------------------------------- | ---------------------------------------------------------------------------------- |
-| `INTERNAL_OWGW_HOSTNAME`        | Set this to your OWGW hostname, for example `owgw.example.com`.                    |
-| `INTERNAL_OWSEC_HOSTNAME`       | Set this to your OWSec hostname, for example `owsec.example.com`.                  |
-| `INTERNAL_OWFMS_HOSTNAME`       | Set this to your OWFms hostname, for example `owfms.example.com`.                  |
-| `INTERNAL_OWPROV_HOSTNAME`      | Set this to your OWProv hostname, for example `owprov.example.com`.                |
-| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`.      |
-| `INTERNAL_OWSUB_HOSTNAME`       | Set this to your OWSub hostname, for example `owsub.example.com`.                  |
-| `INTERNAL_OWRRM_HOSTNAME`       | Set this to your OWRRM hostname, for example `owrrm.example.com`.                  |
+| Variable                   | Description                                                         |
+| -------------------------- | ------------------------------------------------------------------- |
+| `INTERNAL_OWGW_HOSTNAME`   | Set this to your OWGW hostname, for example `owgw.example.com`.     |
+| `INTERNAL_OWSEC_HOSTNAME`  | Set this to your OWSec hostname, for example `owsec.example.com`.   |
+| `INTERNAL_OWFMS_HOSTNAME`  | Set this to your OWFms hostname, for example `owfms.example.com`.   |
+| `INTERNAL_OWPROV_HOSTNAME` | Set this to your OWProv hostname, for example `owprov.example.com`. |
+| `INTERNAL_OWANALYTICS_HOSTNAME` | Set this to your OWAnalytics hostname, for example `owanalytics.example.com`. |
+| `INTERNAL_OWSUB_HOSTNAME`  | Set this to your OWSub hostname, for example `owsub.example.com`.   |
 ### owgw.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
@@ -56,9 +53,9 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owgw-ui.env
-| Variable                    | Description                                                                |
-| --------------------------- | -------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 ### owsec.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
@@ -83,16 +80,6 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | ---------------------------------------- | -------------------------------------------------------------------------------------- |
 | `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWAnalytics URL, for example `https://owanalytics.example.com:16009`. |
 | `SYSTEM_URI_UI`                          | Set this to your OWProv-UI URL, for example `https://owprov-ui.example.com`.           |
-### owrrm.env
-| Variable                                 | Description                                                                                     |
-| ---------------------------------------- | ----------------------------------------------------------------------------------------------- |
-| `SERVICECONFIG_PRIVATEENDPOINT`, `SERVICECONFIG_PUBLICENDPOINT` | Set this to your OWRRM URL, for example https://owrrm.example.com:16789. |
-| `DATABASECONFIG_PASSWORD`                                       | Set this to a random and safe password.                                  |
-### mysql.env
-| Variable                                 | Description                                      |
-| ---------------- | ------------------------------------------------------------------------ |
-| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
-
 3. Spin up the deployment with `docker-compose up -d`.
 4. Check if the containers are up and running with `docker-compose ps`.
 5. Login to the UI and and follow the instructions to change your default password.
@@ -165,8 +152,8 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
 ## LB deployment with self-signed certificates
 Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-## LB deployment with Let's Encrypt certificates
-For the Let's Encrypt challenge to work you need a public IP address. The hostname which you set in the `$SDKHOSTNAME` env variable has to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
+## LB deployment with Letsencrypt certificates
+For the Letsencrypt challenge to work you need a public IP address. The hostname which you set in the `$SDKHOSTNAME` env variable has to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
 1. Switch into the project directory with `cd docker-compose/`.
 2. Adapt the following hostname and URI variables according to your environment.
 ### .env.letsencrypt
@@ -184,9 +171,9 @@ For the Let's Encrypt challenge to work you need a public IP address. The hostna
 | `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |
 
 ### owgw-ui.env
-| Variable                    | Description                                                                   |
-| --------------------------- | ----------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
 
 ### owsec.env
 | Variable            | Description                                                                   |
@@ -218,15 +205,6 @@ For the Let's Encrypt challenge to work you need a public IP address. The hostna
 | -------------------- | ----------------------------------------------------------------------------- |
 | `SYSTEM_URI_PUBLIC`  | Set this to your OWSub URL, for example `https://openwifi.example.com:16006`. |
 | `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.     |
-### owrrm.env
-| Variable                                 | Description                     |
-| ---------------------------------------- | ------------------------------- |
-| `SERVICECONFIG_PUBLICENDPOINT`   | Set this to your OWRRM URL, for example https://openwifi.example.com:16789. |
-| `DATABASECONFIG_PASSWORD`        | Set this to a random and safe password.                                     |
-### mysql.env
-| Variable         | Description                                                              |
-| ---------------- | ------------------------------------------------------------------------ |
-| `MYSQL_PASSWORD` | Set this to the same value as `$DATABASECONFIG_PASSWORD` in `owrrm.env`. |
 ### traefik.env
 | Variable                                            | Description                               |
 | --------------------------------------------------- | ----------------------------------------- |

docker-compose/cloudformation/README.md

@@ -1,20 +0,0 @@
-# OpenWiFi Cloud SDK deployment with CloudFormation
-With the YAML template included in this directory you can create an OpenWiFi Cloud SDK deployment with the help of AWS CloudFormation (https://aws.amazon.com/cloudformation).  
-The template creates a CloudFormation stack based on the Docker Compose Let's Encrypt deployment (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose#lb-deployment-with-letsencrypt-certificates). The created stack consists of an EC2 instance, and depending on the input parameters, also adds a Route53 hosted zone and a DNS record.  
-⚠️**Note**: Please be aware that you will be billed for the AWS resources if you create a stack from this template.
-1. Login into the AWS Management Console (https://aws.amazon.com/de/console).
-2. Go to the AWS Systems Manager Parameter Store page and create two parameters according to these instructions https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-create-console.html: one for your Digicert-signed websocket certificate and the other one for the corresponding key. You can leave the default parameter details: you need two standard parameters with type `String` and data type `text`. Just copy and paste your certificate and key into the `Value` field of the respective parameter and remember the parameter names.
-3. Go to the CloudFormation service page and follow the instructions described here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-template.html to upload a template file and choose the template included in this repository.
-4. In the next step you have to enter multiple input parameters required for a successful deployment. Here's an explanation of all parameters:
-
-**InstanceType**: Choose an AWS EC2 instance type (https://aws.amazon.com/ec2/instance-types). The smallest instance type you can choose is t2.small.  
-**KeyName**: Specify the name of the SSH key pair you want to use to connect the instance. If you don't have a key pair yet, please create or import one according to these instructions https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.  
-**SSHLocation**: If you want to restrict the IP range which is allowed to connect to the instance via SSH, please specify a valid CIDR IP range here.  
-**CreateRoute53Record**: To expose your SDK installation to the public you need a valid DNS entry for your SDK hostname. This is also required to pass the Let's Encrypt HTTP-01 challenge (https://letsencrypt.org/de/docs/challenge-types/#http-01-challenge). If you set this to `True`, an Amazon Route53 entry (https://aws.amazon.com/route53) for the hostname defined in the **SDKHostname** parameter is automatically created. This Route53 entry will resolve to the public IP address of the EC2 instance. You can also set this to `False` and create a DNS entry manually afterwards.  
-**ExistingHostedZoneId**: If you decide to create a Route53 record and already have an existing hosted zone which you want to use, please specify the according hosted zone ID. You can get the ID by listing your public hosted zones (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ListInfoOnHostedZone.html).  
-**HostedZoneName**: If you didn't create the hosted zone yet which you want to use for your Route53 record, please specify the domain name of the hosted zone you want to create. Be aware that if you set **CreateRoute53Record** to `True`, you only have to specify either `ExistingHostedZoneId` or `HostedZoneName`. If you decide to create the DNS record yourself, you can leave both parameters empty.  
-**SDKVersion**: The SDK version you want to use for your deployment. You can either use release names (e.g. `v2.6.0`) or Git branch names (for example `release/v2.6.0`).  
-**SDKHostname**: Enter a valid public hostname which you want to use for your deployment. This has to resolve to the public IP address of the created EC2 instance. If you set **CreateRoute53Record** to `False`, don't forget to create a DNS entry manually afterwards.  
-**WebsocketCertParameter**: The name of the AWS Systems Manager parameter containing your Digicert-signed websocket certificate.  
-**WebsocketKeyParameter**: The name of the AWS Systems Manager parameter containing the key to your Digicert-signed websocket certificate.  
-**TraefikAcmeEmail**: Enter a valid email address to complete Let's Encrypt ACME registration.  

docker-compose/cloudformation/openwifi-cloudsdk-docker-compose.yml

@@ -1,341 +0,0 @@
-AWSTemplateFormatVersion: 2010-09-09
-Description: |
-  OpenWiFi Cloud SDK Docker Compose Deployment: This template creates an
-  OpenWiFi Cloud SDK deployment using Docker Compose and Letsencrypt for
-  northbound certificates (https://github.com/Telecominfraproject/
-  wlan-cloud-ucentral-deploy/tree/main/docker-compose
-  #lb-deployment-with-letsencrypt-certificates).
-  **WARNING** You will be billed for the AWS resources used if you create a
-  stack from this template.
-Metadata:
-  AWS::CloudFormation::Interface:
-    ParameterGroups:
-      - Label:
-          default: "Amazon EC2 configuration"
-        Parameters:
-          - InstanceType
-          - LatestUbuntuFocalAMI
-          - KeyName
-          - SSHLocation
-      - Label:
-          default: "Amazon Route53 configuration"
-        Parameters:
-          - CreateRoute53Record
-          - ExistingHostedZoneId
-          - HostedZoneName
-      - Label:
-          default: "OpenWiFi cloud SDK configuration"
-        Parameters:
-          - SDKVersion
-          - SDKHostname
-          - WebsocketCertParameter
-          - WebsocketKeyParameter
-          - TraefikAcmeEmail
-Parameters:
-  KeyName:
-    Description: Name of the EC2 KeyPair to enable SSH access to the instance.
-    Type: AWS::EC2::KeyPair::KeyName
-    ConstraintDescription: Must be the name of an existing EC2 KeyPair.
-  SDKHostname:
-    Description: Hostname you want to use for your OpenWiFi Cloud SDK installation.
-    Default: openwifi.wlan.local
-    Type: String
-    AllowedPattern: "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$"
-  TraefikAcmeEmail:
-    Description: Email address used for ACME registration
-    Type: String
-  CreateRoute53Record:
-    Description: |
-      Set this to "True" if you want to create a DNS record for the SDK
-      hostname.
-      This will resolve to the public IP of the created EC2 instance.
-    AllowedValues:
-      - "True"
-      - "False"
-    Default: "False"
-    Type: String
-  ExistingHostedZoneId:
-    Description: |
-      If you want to create the Route53 record in an existing hosted zone,
-      please specify the according hosted zone ID. 
-    Type: String
-#    MinLength: 21
-#    MaxLength: 21
-#    AllowedPattern: "[A-Z0-9]+"
-  HostedZoneName:
-    Description: |
-      If you want to create a new hosted zone for the Route53 record, please
-      specify the name of the domain.
-    Type: String
-#    AllowedPattern: "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$"
-  SDKVersion:
-    Description: OpenWiFi Cloud SDK version to be deployed.
-    Default: main
-    Type: String
-  WebsocketCertParameter:
-    Description: |
-      The AWS Systems Manager parameter containing your Digicert-signed
-      websocket certificate.
-    Type: AWS::SSM::Parameter::Value<String>
-  WebsocketKeyParameter:
-    Description: |
-      The AWS Systems Manager parameter containing the key to your
-      Digicert-signed websocket certificate.
-    Type: AWS::SSM::Parameter::Value<String>
-  LatestUbuntuFocalAMI:
-    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
-    Default: "/aws/service/canonical/ubuntu/server/focal/stable/current/amd64/hvm/ebs-gp2/ami-id"
-  InstanceType:
-    Description: Cloud SDK EC2 instance type
-    Type: String
-    Default: t2.small
-    AllowedValues:
-      - t2.small
-      - t2.medium
-      - t2.large
-      - m1.small
-      - m1.medium
-      - m1.large
-      - m1.xlarge
-      - m2.xlarge
-      - m2.2xlarge
-      - m2.4xlarge
-      - m3.medium
-      - m3.large
-      - m3.xlarge
-      - m3.2xlarge
-      - m4.large
-      - m4.xlarge
-      - m4.2xlarge
-      - m4.4xlarge
-      - m4.10xlarge
-      - c1.medium
-      - c1.xlarge
-      - c3.large
-      - c3.xlarge
-      - c3.2xlarge
-      - c3.4xlarge
-      - c3.8xlarge
-      - c4.large
-      - c4.xlarge
-      - c4.2xlarge
-      - c4.4xlarge
-      - c4.8xlarge
-      - g2.2xlarge
-      - g2.8xlarge
-      - r3.large
-      - r3.xlarge
-      - r3.2xlarge
-      - r3.4xlarge
-      - r3.8xlarge
-      - i2.xlarge
-      - i2.2xlarge
-      - i2.4xlarge
-      - i2.8xlarge
-      - d2.xlarge
-      - d2.2xlarge
-      - d2.4xlarge
-      - d2.8xlarge
-      - hi1.4xlarge
-      - hs1.8xlarge
-      - cr1.8xlarge
-      - cc2.8xlarge
-      - cg1.4xlarge
-    ConstraintDescription: must be a valid EC2 instance type.
-  SSHLocation:
-    Description: |
-      The IP address range that can be used to SSH to the EC2 instances
-    Type: String
-    MinLength: "9"
-    MaxLength: "18"
-    Default: 0.0.0.0/0
-    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
-    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
-Conditions:
-  HasExistingHostedZoneId: !Not [ !Equals [ !Ref ExistingHostedZoneId, "" ] ]
-  HasHostedZoneName: !Not [ !Equals [ !Ref HostedZoneName, "" ] ]
-  CreateRoute53Record: !Equals [ !Ref CreateRoute53Record, "True" ]
-  CreateRecordInExistingZone: !And [ Condition: HasExistingHostedZoneId, Condition: CreateRoute53Record ]
-  CreateRecordInNewZone: !And [ Condition: HasHostedZoneName, Condition: CreateRoute53Record ]
-Resources:
-  CloudSDKInstance:
-    Type: "AWS::EC2::Instance"
-    Metadata:
-      "AWS::CloudFormation::Init":
-        configSets:
-          InstallDockerAndCreateDeployment:
-            - InstallDocker
-            - CreateCloudSDKDeployment
-        InstallDocker:
-          packages:
-            apt:
-              ca-certificates: []
-              curl: []
-              gnupg: []
-              lsb-release: []
-              php-mysql: []
-          commands:
-            a_add_repo_gpg_key:
-              command: |
-                curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
-                | sudo gpg --dearmor -o \
-                /usr/share/keyrings/docker-archive-keyring.gpg
-            b_add_docker_repo:
-              command: |
-                echo "deb [arch=$(dpkg --print-architecture) \
-                signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
-                https://download.docker.com/linux/ubuntu $(lsb_release -cs) \
-                stable" | sudo tee /etc/apt/sources.list.d/docker.list \
-                > /dev/null
-            c_install_docker:
-              command: |
-                sudo apt-get update \
-                && sudo apt-get install -y docker-ce docker-ce-cli \
-                containerd.io docker-compose-plugin docker-compose
-            d_enable_and_start_docker:
-              command: |
-                sudo systemctl enable docker && sudo systemctl start docker
-            e_add_ubuntu_user_to_docker_group:
-              command: "sudo usermod -aG docker ubuntu"
-        CreateCloudSDKDeployment:
-          files:
-            /etc/profile.d/aliases.sh:
-              content: |
-                alias docker-compose-lb-letsencrypt="docker-compose -f \
-                docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"
-                alias docker-compose-lb-selfsigned="docker-compose -f \
-                docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"
-                alias docker-compose-postgresql="docker-compose -f \
-                docker-compose.yml -f docker-compose.postgresql.yml"
-              mode: "000644"
-              owner: "root"
-              group: "root"
-          commands:
-            a_clone_deploy_repo:
-              command: |
-                git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy
-              cwd: "~"
-            b_checkout_deploy_version:
-              command: !Sub "git checkout ${SDKVersion}"
-              cwd: "~/wlan-cloud-ucentral-deploy"
-            c_create_deployment:
-              command: "./deploy.sh"
-              env:
-                DEFAULT_UCENTRALSEC_URL: !Sub "https://${SDKHostname}:16001"
-                SYSTEM_URI_UI: !Sub "https://${SDKHostname}"
-                SDKHOSTNAME: !Sub "${SDKHostname}"
-                WEBSOCKET_CERT: !Ref WebsocketCertParameter
-                WEBSOCKET_KEY: !Ref WebsocketKeyParameter
-                OWGW_FILEUPLOADER_HOST_NAME: !Sub "${SDKHostname}"
-                OWGW_FILEUPLOADER_URI: !Sub "https://${SDKHostname}:16003"
-                OWGW_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16002"
-                OWGW_RTTY_SERVER: !Sub "${SDKHostname}"
-                OWSEC_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16001"
-                OWFMS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16004"
-                OWPROV_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16005"
-                OWANALYTICS_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16009"
-                OWSUB_SYSTEM_URI_PUBLIC: !Sub "https://${SDKHostname}:16006"
-                OWRRM_SERVICECONFIG_PRIVATEENDPOINT: !Sub "http://owrrm.wlan.local:17007"
-                OWRRM_SERVICECONFIG_PUBLICENDPOINT: !Sub "https://${SDKHostname}:16789"
-                TRAEFIK_ACME_EMAIL: !Sub "${TraefikAcmeEmail}"
-              cwd: "~/wlan-cloud-ucentral-deploy/docker-compose"
-    Properties:
-      ImageId: !Ref LatestUbuntuFocalAMI
-      InstanceType: !Ref InstanceType
-      SecurityGroups:
-        - !Ref CloudSDKSecurityGroup
-      KeyName: !Ref KeyName
-      UserData:
-        Fn::Base64: !Sub |
-          #!/bin/bash -xe
-          apt-get update -y
-          mkdir -p /opt/aws/bin
-          wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz
-          python3 -m easy_install --script-dir /opt/aws/bin aws-cfn-bootstrap-py3-latest.tar.gz
-          /opt/aws/bin/cfn-init -v \
-            --stack ${AWS::StackName} \
-            --resource CloudSDKInstance \
-            --configsets InstallDockerAndCreateDeployment \
-            --region ${AWS::Region}
-          /opt/aws/bin/cfn-signal -e $? \
-            --stack ${AWS::StackName} \
-            --resource CloudSDKInstance \
-            --region ${AWS::Region}
-    CreationPolicy:
-      ResourceSignal:
-        Timeout: PT5M
-  CloudSDKSecurityGroup:
-    Type: "AWS::EC2::SecurityGroup"
-    Properties:
-      GroupDescription: Enable OpenWiFi Cloud SDK and SSH access
-      SecurityGroupIngress:
-        - IpProtocol: icmp
-          FromPort: "-1"
-          ToPort: "-1"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "80"
-          ToPort: "80"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "443"
-          ToPort: "443"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "15002"
-          ToPort: "15002"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "16001"
-          ToPort: "16006"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "16009"
-          ToPort: "16009"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "16789"
-          ToPort: "16789"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "5912"
-          ToPort: "5913"
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: "22"
-          ToPort: "22"
-          CidrIp: !Ref SSHLocation
-  CloudSDKHostedZone:
-    Condition: HasHostedZoneName
-    Type: AWS::Route53::HostedZone
-    Properties: 
-      Name: !Ref HostedZoneName
-  CloudSDKRoute53RecordExistingHostedZone:
-    Condition: CreateRecordInExistingZone
-    Type: AWS::Route53::RecordSet
-    Properties:
-      HostedZoneId: !Ref ExistingHostedZoneId
-      Name: !Ref SDKHostname
-      Type: A
-      TTL: 900
-      ResourceRecords:
-      - !GetAtt CloudSDKInstance.PublicIp
-  CloudSDKRoute53RecordNewHostedZone:
-    Condition: CreateRecordInNewZone
-    Type: AWS::Route53::RecordSet
-    Properties:
-      HostedZoneId: !GetAtt CloudSDKHostedZone.Id
-      Name: !Ref SDKHostname
-      Type: A
-      TTL: 900
-      ResourceRecords:
-      - !GetAtt CloudSDKInstance.PublicIp
-Outputs:
-  WebsiteURL:
-    Description: |
-      Visit this URL and login with user 'tip@ucentral.com' and password
-      'openwifi'.
-    Value: !Join
-      - ""
-      - - "https://"
-        - !Ref SDKHostname

docker-compose/deploy.sh

@@ -39,9 +39,6 @@ usage () {
 #  echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
   echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
   echo;
-  echo "- OWRRM_SERVICECONFIG_PRIVATEENDPOINT - private URL to be used for OWRRM";
-  echo "- OWRRM_SERVICECONFIG_PUBLICENDPOINT - public URL to be used for OWRRM";
-  echo;
   echo "Optional environment variables:"
   echo "- WEBSOCKET_CERT - Your Digicert-signed websocket certificate"
   echo "- WEBSOCKET_KEY - The key to your Digicert-signed websocket certificate"
@@ -53,10 +50,7 @@ usage () {
   echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
   echo;
   echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
-  echo;
   echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
-  echo;
-  echo "- CERTIFICATES_ALLOWMISMATCH - boolean flag to allow certificates serial mismatch";
 }
 
 # Check if required environment variables were passed
@@ -91,9 +85,6 @@ usage () {
 ## OWSub configuration variables
 #[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
 [ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-## OWRRM configuration variables
-[ -z ${OWRRM_SERVICECONFIG_PRIVATEENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PRIVATEENDPOINT is unset" && usage && exit 1
-[ -z ${OWRRM_SERVICECONFIG_PUBLICENDPOINT+x} ] && echo "OWRRM_SERVICECONFIG_PUBLICENDPOINT is unset" && usage && exit 1
 
 # Search and replace image version tags if set
 if [[ ! -z "$OWGW_VERSION" ]]; then
@@ -145,7 +136,7 @@ if [[ ! -z "$SIMULATORID" ]]; then
   sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
 fi
 
-sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
+sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
 
 if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
   sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
@@ -181,17 +172,10 @@ sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owanalytics.env
 sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
 sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsub.env
 
-sed -i "s~.*SERVICECONFIG_PRIVATEENDPOINT=.*~SERVICECONFIG_PRIVATEENDPOINT=$OWRRM_SERVICECONFIG_PRIVATEENDPOINT~" owrrm.env
-sed -i "s~.*SERVICECONFIG_PUBLICENDPOINT=.*~SERVICECONFIG_PUBLICENDPOINT=$OWRRM_SERVICECONFIG_PUBLICENDPOINT~" owrrm.env
-
 if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
   sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
 fi
 
-if [[ ! -z "$CERTIFICATES_ALLOWMISMATCH" ]]; then
-  sed -i "s~.*CERTIFICATES_ALLOWMISMATCH=.*~CERTIFICATES_ALLOWMISMATCH=$CERTIFICATES_ALLOWMISMATCH~" owgw.env
-fi
-
 # Run the deployment
 if [[ ! -z "$SDKHOSTNAME" ]]; then
   docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -13,16 +13,12 @@ volumes:
     driver: local
   owsub_data:
     driver: local
-  owrrm_data:
-    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
-  mysql_data:
-    driver: local
   letsencrypt_certs:
     driver: local
 
@@ -160,21 +156,6 @@ services:
       - owsub_data:${OWSUB_ROOT}
       - ./certs:/${OWSUB_ROOT}/certs
 
-  owrrm:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_OWRRM_HOSTNAME}
-    env_file:
-      - owrrm.env
-    depends_on:
-      - mysql
-      - kafka
-    restart: unless-stopped
-    volumes:
-      - owrrm_data:/owrrm-data
-
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
     networks:
@@ -196,35 +177,6 @@ services:
     volumes:
       - kafka_data:/bitnami/kafka
 
-  init-kafka:
-    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
-    networks:
-      openwifi:
-    depends_on:
-      - kafka
-    env_file:
-      - kafka.env
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |
-        echo "Creating all required Kafka topics..."
-        for topic in $$TOPICS; do
-          /opt/bitnami/kafka/bin/kafka-topics.sh \
-          --create --if-not-exists --topic $$topic --replication-factor 1 \
-          --partitions 1 --bootstrap-server kafka:9092
-        done && echo "Successfully created Kafka topics, exiting." && exit 0
-
-  mysql:
-    image: "mysql:${MYSQL_TAG}"
-    networks:
-      openwifi:
-    env_file:
-      - mysql.env
-    restart: unless-stopped
-    volumes:
-      - mysql_data:/var/lib/mysql
-
   traefik:
     image: "traefik:${TRAEFIK_TAG}"
     networks:
@@ -239,9 +191,6 @@ services:
       - owfms
       - owprov
       - owprov-ui
-      - owanalytics
-      - owsub
-      - owrrm
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
@@ -268,7 +217,3 @@ services:
       - "16006:16006"
       - "5912:5912"
       - "5913:5913"
-      - "16789:16789"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"

docker-compose/docker-compose.lb.selfsigned.yml

@@ -13,16 +13,12 @@ volumes:
     driver: local
   owsub_data:
     driver: local
-  owrrm_data:
-    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
-  mysql_data:
-    driver: local
 
 networks:
   openwifi:
@@ -160,21 +156,6 @@ services:
       - owsub_data:${OWSUB_ROOT}
       - ./certs:/${OWSUB_ROOT}/certs
 
-  owrrm:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
-    networks:
-      openwifi:
-        aliases:
-          - ${INTERNAL_OWRRM_HOSTNAME}
-    env_file:
-      - owrrm.env
-    depends_on:
-      - mysql
-      - kafka
-    restart: unless-stopped
-    volumes:
-      - owrrm_data:/owrrm-data
-
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
     networks:
@@ -196,35 +177,6 @@ services:
     volumes:
       - kafka_data:/bitnami/kafka
 
-  init-kafka:
-    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
-    networks:
-      openwifi:
-    depends_on:
-      - kafka
-    env_file:
-      - kafka.env
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |
-        echo "Creating all required Kafka topics..."
-        for topic in $$TOPICS; do
-          /opt/bitnami/kafka/bin/kafka-topics.sh \
-          --create --if-not-exists --topic $$topic --replication-factor 1 \
-          --partitions 1 --bootstrap-server kafka:9092
-        done && echo "Successfully created Kafka topics, exiting." && exit 0
-
-  mysql:
-    image: "mysql:${MYSQL_TAG}"
-    networks:
-      openwifi:
-    env_file:
-      - mysql.env
-    restart: unless-stopped
-    volumes:
-      - mysql_data:/var/lib/mysql
-
   traefik:
     image: "traefik:${TRAEFIK_TAG}"
     networks:
@@ -238,9 +190,6 @@ services:
       - owfms
       - owprov
       - owprov-ui
-      - owanalytics
-      - owsub
-      - owrrm
     restart: unless-stopped
     volumes:
       - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
@@ -259,10 +208,5 @@ services:
       - "16004:16004"
       - "16005:16005"
       - "16009:16009"
-      - "16006:16006"
       - "5912:5912"
       - "5913:5913"
-      - "16789:16789"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"

docker-compose/docker-compose.postgresql.yml

@@ -39,12 +39,6 @@ services:
     image: "postgres:${POSTGRESQL_TAG}"
     networks:
       openwifi:
-    command:
-      - "postgres"
-      - "-c"
-      - "max_connections=400"
-      - "-c"
-      - "shared_buffers=20MB"    
     env_file:
       - postgresql.env
     restart: unless-stopped

docker-compose/docker-compose.yml

@@ -1,17 +1,12 @@
 version: '3'
 
 volumes:
-#  owrrm_data:
-#    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
     driver: local
   kafka_data:
     driver: local
-  mysql_data:
-    driver: local
-
 
 networks:
   openwifi:
@@ -38,9 +33,6 @@ services:
       - "16003:16003"
       - "5912:5912"
       - "5913:5913"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"
     sysctls:
       - net.ipv4.tcp_keepalive_intvl=5
       - net.ipv4.tcp_keepalive_probes=2
@@ -57,8 +49,6 @@ services:
       - owgw
       - owfms
       - owprov
-      - owanalytics
-      - owsub
     restart: unless-stopped
     volumes:
       - "./owgw-ui/default.conf:/etc/nginx/conf.d/default.conf"
@@ -133,8 +123,6 @@ services:
       - owgw
       - owfms
       - owprov
-      - owanalytics
-      - owsub
     restart: unless-stopped
     volumes:
       - "./owprov-ui/default.conf:/etc/nginx/conf.d/default.conf"
@@ -180,7 +168,6 @@ services:
       - "16006:16006"
       - "16106:16106"
 
-
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
     networks:
@@ -201,49 +188,3 @@ services:
       - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
-
-  init-kafka:
-    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
-    networks:
-      openwifi:
-    depends_on:
-      - kafka
-    env_file:
-      - kafka.env
-    entrypoint:
-      - /bin/sh
-      - -c
-      - |
-        echo "Creating all required Kafka topics..."
-        for topic in $$TOPICS; do
-          /opt/bitnami/kafka/bin/kafka-topics.sh \
-          --create --if-not-exists --topic $$topic --replication-factor 1 \
-          --partitions 1 --bootstrap-server kafka:9092
-        done && echo "Successfully created Kafka topics, exiting." && exit 0
-
-# NOTE currently OWRRM is only supported in LB installations
-#  owrrm:
-#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
-#    networks:
-#      openwifi:
-#        aliases:
-#          - ${INTERNAL_OWRRM_HOSTNAME}
-#    env_file:
-#      - owrrm.env
-#    depends_on:
-#      - mysql
-#      - kafka
-#    restart: unless-stopped
-#    volumes:
-#      - owrrm_data:/owrrm-data
-#    ports:
-#      - "16789:16789"
-#  mysql:
-#    image: "mysql:${MYSQL_TAG}"
-#    networks:
-#      openwifi:
-#    env_file:
-#      - mysql.env
-#    restart: unless-stopped
-#    volumes:
-#      - mysql_data:/var/lib/mysql

docker-compose/kafka.env

@@ -1,3 +1,2 @@
 KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
 ALLOW_PLAINTEXT_LISTENER=yes
-TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan rrm

docker-compose/mysql.env

@@ -1,5 +0,0 @@
-#MYSQL_RANDOM_ROOT_PASSWORD=yes
-MYSQL_ROOT_PASSWORD=openwifi
-MYSQL_DATABASE=owrrm
-#MYSQL_USER=owrrm
-#MYSQL_PASSWORD=openwifi

docker-compose/owanalytics.env

@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWANALYTICS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owanalytics.wlan.local:17009
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16009
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/owfms.env

@@ -21,7 +21,6 @@ SYSTEM_DATA=$OWFMS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #S3_BUCKETNAME=ucentral-ap-firmware
 #S3_REGION=us-east-1
 S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI

docker-compose/owgw-ui.env

@@ -1 +1,2 @@
-REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owgw.env

@@ -37,7 +37,6 @@ SYSTEM_DATA=$OWGW_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #SIMULATORID=
 #IPTOCOUNTRY_PROVIDER=ipinfo
 #IPTOCOUNTRY_IPINFO_TOKEN=
@@ -50,10 +49,6 @@ RTTY_SERVER=openwifi.wlan.local
 #RTTY_TIMEOUT=60
 #RTTY_VIEWPORT=5913
 #RTTY_ASSETS=$OWGW_ROOT/rtty_ui
-RADIUS_PROXY_ENABLE=true
-#RADIUS_PROXY_ACCOUNTING_PORT=1813
-#RADIUS_PROXY_AUTHENTICATION_PORT=1812
-#RADIUS_PROXY_COA_PORT=3799
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite
@@ -67,4 +62,3 @@ KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE_MYSQL_PASSWORD=owgw
 #STORAGE_TYPE_MYSQL_DATABASE=owgw
 #STORAGE_TYPE_MYSQL_PORT=3306
-#CERTIFICATES_ALLOWMISMATCH=false

docker-compose/owls/.env

@@ -3,7 +3,7 @@ COMPOSE_PROJECT_NAME=owls
 OWSEC_TAG=main
 OWLS_TAG=main
 OWLSUI_TAG=master
-KAFKA_TAG=2.8.0-debian-10-r43
+KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 
 # Microservice root/config directories

docker-compose/owls/deploy_owls.sh

@@ -57,7 +57,7 @@ cd wlan-cloud-ucentral-deploy/docker-compose/owls
 sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
 sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
 
-sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
+sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
 
 sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
 sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env

docker-compose/owls/owls-ui.env

@@ -1 +1,2 @@
-REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+DEFAULT_UCENTRALSEC_URL=https://openwifi-owls.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owprov.env

@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWPROV_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owprov.wlan.local:17005
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16005
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/owrrm.env

@@ -1,8 +0,0 @@
-SELFSIGNED_CERTS=true
-SERVICECONFIG_PRIVATEENDPOINT=https://owrrm.wlan.local:16789
-SERVICECONFIG_PUBLICENDPOINT=https://openwifi.wlan.local:16789
-KAFKACONFIG_BOOTSTRAPSERVER=kafka:9092
-DATABASECONFIG_SERVER=mysql:3306
-DATABASECONFIG_USER=root
-#DATABASECONFIG_PASSWORD=openwifi
-DATABASECONFIG_DBNAME=owrrm

docker-compose/owsec.env

@@ -22,7 +22,6 @@ SYSTEM_DATA=$OWSEC_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16001
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
 #SERVICE_KEY_PASSWORD=mypassword
 #MAILER_HOSTNAME=localhost

docker-compose/owsub.env

@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWSUB_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsub.wlan.local:17006
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16006
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/postgresql.env

@@ -15,6 +15,6 @@ OWPROV_DB_PASSWORD=owprov
 OWANALYTICS_DB=owanalytics
 OWANALYTICS_DB_USER=owanalytics
 OWANALYTICS_DB_PASSWORD=owanalytics
-OWSUB_DB=owsub
-OWSUB_DB_USER=owsub
-OWSUB_DB_PASSWORD=owsub
+OWUSB_DB=owsub
+OWUSB_DB_USER=owsub
+OWUSB_DB_PASSWORD=owsub

docker-compose/postgresql/init-db.sh

@@ -3,15 +3,21 @@ set -e
 
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
     CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
-    CREATE DATABASE $OWGW_DB OWNER $OWGW_DB_USER;
+    CREATE DATABASE $OWGW_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWGW_DB TO $OWGW_DB_USER;
     CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
-    CREATE DATABASE $OWSEC_DB OWNER $OWSEC_DB_USER;
+    CREATE DATABASE $OWSEC_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSEC_DB TO $OWSEC_DB_USER;
     CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
-    CREATE DATABASE $OWFMS_DB OWNER $OWFMS_DB_USER;
+    CREATE DATABASE $OWFMS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWFMS_DB TO $OWFMS_DB_USER;
     CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
-    CREATE DATABASE $OWPROV_DB OWNER $OWPROV_DB_USER;
+    CREATE DATABASE $OWPROV_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
     CREATE USER $OWANALYTICS_DB_USER WITH ENCRYPTED PASSWORD '$OWANALYTICS_DB_PASSWORD';
-    CREATE DATABASE $OWANALYTICS_DB OWNER $OWANALYTICS_DB_USER;
+    CREATE DATABASE $OWANALYTICS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWANALYTICS_DB TO $OWANALYTICS_DB_USER;
     CREATE USER $OWSUB_DB_USER WITH ENCRYPTED PASSWORD '$OWSUB_DB_PASSWORD';
-    CREATE DATABASE $OWSUB_DB OWNER $OWSUB_DB_USER;
+    CREATE DATABASE $OWSUB_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSUB_DB TO $OWSUB_DB_USER;
 EOSQL

docker-compose/traefik.env

@@ -3,9 +3,6 @@ TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
 TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
 TRAEFIK_ENTRYPOINTS_OWGWRTTYS_ADDRESS=:5912
 TRAEFIK_ENTRYPOINTS_OWGWRTTYSVIEW_ADDRESS=:5913
-TRAEFIK_ENTRYPOINTS_OWGWRADACC_ADDRESS=:1813/udp
-TRAEFIK_ENTRYPOINTS_OWGWRADAUTH_ADDRESS=:1812/udp
-TRAEFIK_ENTRYPOINTS_OWGWRADCOA_ADDRESS=:3799/udp
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
 TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_ADDRESS=:8080
@@ -17,7 +14,6 @@ TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
 TRAEFIK_ENTRYPOINTS_OWPROVRESTAPI_ADDRESS=:16005
 TRAEFIK_ENTRYPOINTS_OWANALYTICSRESTAPI_ADDRESS=:16009
 TRAEFIK_ENTRYPOINTS_OWSUBRESTAPI_ADDRESS=:16006
-TRAEFIK_ENTRYPOINTS_OWRRMOPENAPI_ADDRESS=:16789
 TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=
 TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_HTTPCHALLENGE=true

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -40,10 +40,6 @@ http:
       loadBalancer:
         servers:
           - url: "https://owgw.wlan.local:5913/"
-    owrrm-openapi:
-      loadBalancer:
-        servers:
-          - url: "http://owrrm.wlan.local:16789/"
 
   routers:
     owgw-ui-http:
@@ -114,12 +110,6 @@ http:
       rule: "Host(`{{env "SDKHOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
-    owrrm-openapi:
-      entryPoints: "owrrmopenapi"
-      service: "owrrm-openapi"
-      rule: "Host(`{{env "SDKHOSTNAME"}}`)"
-      tls:
-        certResolver: "openwifi"
 
 tcp:
   services:
@@ -147,29 +137,3 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
-
-udp:
-  services:
-    owgw-radius-acc:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1813"
-    owgw-radius-auth:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1812"
-    owgw-radius-coa:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:3799"
-
-  routers:
-    owgw-radius-acc:
-      entryPoints: "owgwradacc"
-      service: "owgw-radius-acc"
-    owgw-radius-auth:
-      entryPoints: "owgwradauth"
-      service: "owgw-radius-auth"
-    owgw-radius-coa:
-      entryPoints: "owgwradcoa"
-      service: "owgw-radius-coa"

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -15,11 +15,6 @@ http:
         servers:
           - url: "http://owprov-ui.wlan.local:80/"
 
-    owrrm-openapi:
-      loadBalancer:
-        servers:
-          - url: "http://owrrm.wlan.local:16789/"
-
   routers:
     owgw-ui-http:
       entryPoints: "owgwuihttp"
@@ -43,12 +38,6 @@ http:
       rule: "PathPrefix(`/`)"
       tls: {}
 
-    owrrm-openapi:
-      entryPoints: "owrrmopenapi"
-      service: "owrrm-openapi"
-      rule: "PathPrefix(`/`)"
-      tls: {}
-
 tcp:
   services:
     owgw-websocket:
@@ -153,29 +142,3 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
-
-udp:
-  services:
-    owgw-radius-acc:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1813"
-    owgw-radius-auth:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1812"
-    owgw-radius-coa:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:3799"
-
-  routers:
-    owgw-radius-acc:
-      entryPoints: "owgwradacc"
-      service: "owgw-radius-acc"
-    owgw-radius-auth:
-      entryPoints: "owgwradauth"
-      service: "owgw-radius-auth"
-    owgw-radius-coa:
-      entryPoints: "owgwradcoa"
-      service: "owgw-radius-coa"