WIFI-13871 Correct log setting and point to chart

Signed-off-by: Carsten Schafer <Carsten.Schafer@kinarasystems.com>

.github/workflows/ci.yml

@@ -49,7 +49,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -72,7 +72,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -95,7 +95,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: Telecominfraproject/.github
         path: github

.github/workflows/clustersysteminfo_image_ci.yml

@@ -22,7 +22,7 @@ jobs:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Build Docker image
       working-directory: chart/docker

.github/workflows/enforce-jira-issue-key.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout actions repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: Telecominfraproject/.github
           path: github

.github/workflows/git-release.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         path: wlan-cloud-ucentral-deploy
 
@@ -36,7 +36,7 @@ jobs:
       run: |
         pip3 install yq
         helm plugin install https://github.com/databus23/helm-diff
-        helm plugin install https://github.com/aslafy-z/helm-git
+        helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
         ls ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh || true
         sed 's/--skip-refresh //' -i ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh
 
@@ -54,6 +54,6 @@ jobs:
         git config --global credential.helper store
         git config --global user.email "tip-automation@telecominfraproject.com"
         git config --global user.name "TIP Automation User"
-        helm repo add bitnami https://charts.bitnami.com/bitnami
-        helm repo update
+        #helm repo add bitnami https://charts.bitnami.com/bitnami
+        #helm repo update
         ./git-release-tool.sh

.github/workflows/release.yml

@@ -11,13 +11,13 @@ defaults:
 
 jobs:
   helm-package:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     env:
       HELM_REPO_URL: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
       HELM_REPO_USERNAME: ucentral
     steps:
       - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy
@@ -42,9 +42,7 @@ jobs:
       - name: Build package
         working-directory: wlan-cloud-ucentral-deploy/chart
         run: |
-          helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-          helm repo update
+          helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
           helm dependency update
           mkdir dist
           helm package . -d dist
@@ -70,7 +68,7 @@ jobs:
           cat Chart.yaml | yq -r '.dependencies[] | "\(.name) - \(.repository) v\(.version)"' >> release.txt
 
       - name: Create GitHub release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           body_path: wlan-cloud-ucentral-deploy/chart/release.txt
           files: wlan-cloud-ucentral-deploy/chart/dist/*
@@ -80,7 +78,7 @@ jobs:
     needs: helm-package
     steps:
     - name: Trigger testing of release
-      uses: peter-evans/repository-dispatch@v1
+      uses: peter-evans/repository-dispatch@v3
       with:
         token: ${{ secrets.WLAN_TESTING_PAT }}
         repository: Telecominfraproject/wlan-testing

cgw/.sops.yaml

@@ -0,0 +1,2 @@
+creation_rules:
+- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'

cgw/README.md

@@ -0,0 +1,35 @@
+# CGW Charts
+
+## Pre-requisites
+
+The following binaries are needed:
+- [helmfile](https://github.com/helmfile/helmfile/releases/download/v0.165.0/helmfile_0.165.0_linux_amd64.tar.gz)
+- helm
+- kubectl
+
+The following helm plugins are needed:
+```bash
+helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
+helm plugin install https://github.com/databus23/helm-diff
+helm plugin install https://github.com/jkroepke/helm-secrets
+```
+
+## Configuration
+
+_helmfile.yaml_ contains the configuration for all the environments. External values files are used for secrets or where appropriate. Each environment needs to be created in this file before it can be deployed.  The files in ./secrets/ are encrypted with SOPS. Use `helm secrets edit secrets/FILE` to edit.
+
+## Installation
+
+To install the entire stack: `helm --environment ENVNAME apply`.
+To install just cgw: `helm --environment ENVNAME -l app=cgw apply`.
+To install just cgw with a specific image tag: `helm --environment ENVNAME -l app=cgw apply --state-values-set "cgw.tag=latest"`.
+
+## Removal
+
+To remove the entire stack: `helm --environment ENVNAME delete`.
+To remove just cgw: `helm --environment ENVNAME -l app=cgw delete`.
+Delete the namespace manually if it is no longer required.
+
+# Re-installation
+
+Note that the kafka, postgres and redis charts do not want to be reinstalled so will have to be removed and installed. If you wish to upgrade these then you must follow the respective Bitnami instructions on how to upgrade these charts.

cgw/helmfile.yaml

@@ -0,0 +1,211 @@
+environments:
+  default:
+    secrets:
+      - secrets/values.postgres.yaml
+      - secrets/certs.tip.yaml
+    values:
+    - global:
+        name: devcgw
+        namespace: openwifi-devcgw
+        domain: cicd.lab.wlan.tip.build
+        certificateARN: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+    - kafka:
+        enabled: true
+    - redis:
+        enabled: true
+    - postgres:
+        enabled: true
+    - cgw:
+        enabled: true
+        tag: next
+  cgw01:
+    secrets:
+      - secrets/values.postgres.yaml
+      - secrets/certs.tip.yaml
+    values:
+    - global:
+        name: cgw01
+        namespace: openlan-cgw01
+        domain: cicd.lab.wlan.tip.build
+        certificateARN: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+    - kafka:
+        enabled: true
+    - redis:
+        enabled: true
+    - postgres:
+        enabled: true
+    - cgw:
+        enabled: true
+        tag: next
+
+---
+
+helmDefaults:
+  force: false
+  timeout: 300
+  createNamespace: true
+
+releases:
+- name: kafka
+  version: 28.3.0
+  namespace: {{ .Environment.Values.global.namespace }}
+  condition: kafka.enabled
+  chart: oci://registry-1.docker.io/bitnamicharts/kafka
+  labels:
+    group: base
+    app: kafka
+  values:
+    - fullnameOverride: kafka
+    - volumePermissions:
+        enabled: true
+    - commonAnnotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+    - readinessProbe:
+        initialDelaySeconds: 45
+    - livenessProbe:
+        initialDelaySeconds: 60
+    - heapOpts: -Xmx1024m -Xms1024m
+    - kraft:
+        enabled: true
+    - zookeeper:
+        enabled: false
+    - provisioning:
+        enabled: true
+        topics:
+          - name: CnC
+            partitions: 1
+            replicationFactor: 1
+          - name: CnC_Res
+            partitions: 1
+            replicationFactor: 1
+    - controller:
+        replicaCount: 1
+        extraConfig: |-
+          maxMessageBytes = 1048588
+        extraEnvVars:
+          - name: ALLOW_PLAINTEXT_LISTENER
+            value: "yes"
+        resources:
+          requests:
+            cpu: 500m
+            memory: 512Mi
+          limits:
+            cpu: 750m
+            memory: 2Gi
+    - listeners:
+        client:
+          protocol: PLAINTEXT
+          containerPort: 9092
+        controller:
+          protocol: "PLAINTEXT"
+    - broker:
+        replicaCount: 2
+        persistence:
+          size: 20Gi
+        resources:
+          requests:
+            cpu: 500m
+            memory: 512Mi
+          limits:
+            cpu: 750m
+            memory: 2Gi
+
+- name: postgres
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: oci://registry-1.docker.io/bitnamicharts/postgresql
+  version: 13.4.3
+  condition: postgres.enabled
+  labels:
+    group: base
+    app: postgres
+  values:
+    - fullnameOverride: pgsql
+    # workaround for: postgresql.conf file not detected. Generating it...
+    # cp: cannot create regular file '/bitnami/postgresql/conf/postgresql.conf': Permission denied
+    - volumePermissions:
+        enabled: true
+    - global:
+        postgresql:
+          auth:
+            postgresPassword: {{ .Environment.Values.postgres.pgUser.password }}
+    - auth:
+        postgresPassword: {{ .Environment.Values.postgres.pgUser.password }}
+    - primary:
+        extendedConfiguration: |-
+          max_connections = 550
+          shared_buffers = 128MB
+          log_error_verbosity = verbose
+          tcp_keepalives_idle = 300
+          tcp_keepalives_interval = 30
+          tcp_user_timeout = 300
+        initdb:
+          scripts:
+            initusers.sql: |-
+              CREATE USER {{ .Environment.Values.postgres.cgwUser.name }};
+              ALTER USER cgw WITH ENCRYPTED PASSWORD '{{ .Environment.Values.postgres.cgwUser.password }}';
+              CREATE DATABASE cgw OWNER {{ .Environment.Values.postgres.cgwUser.name }};
+              \c cgw
+              CREATE TABLE infrastructure_groups (id INT PRIMARY KEY, reserved_size INT, actual_size INT);
+              CREATE TABLE infras (mac MACADDR PRIMARY KEY, infra_group_id INT, FOREIGN KEY(infra_group_id) REFERENCES infrastructure_groups(id) ON DELETE CASCADE);
+
+- name: redis
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: oci://registry-1.docker.io/bitnamicharts/redis
+  version: 19.5.2
+  condition: redis.enabled
+  labels:
+    group: base
+    app: redis
+  values:
+    - architecture: standalone
+    - auth:
+        enabled: false
+    - master:
+        extraEnvVars:
+          - name: ALLOW_EMPTY_PASSWORD
+            value: "yes"
+
+- name: cgw
+  namespace: {{ .Environment.Values.global.namespace }}
+  #chart: ../../openlan-cgw/helm
+  chart: "git+https://github.com/Telecominfraproject/openlan-cgw@helm?ref=next"
+  version: 0.1.0
+  condition: cgw.enabled
+  labels:
+    group: apps
+    app: cgw
+  secrets:
+    - secrets/certs.tip.yaml
+  values:
+    - images:
+        cgw:
+          tag: {{ .Environment.Values.cgw.tag }}
+    - public_env_variables:
+        CGW_DB_HOST: pgsql
+        CGW_DB_PORT: "5432"
+        CGW_DB_USERNAME: "{{ .Environment.Values.postgres.cgwUser.name }}"
+        CGW_KAFKA_HOST: kafka
+        CGW_KAFKA_PORT: "9092"
+        CGW_REDIS_HOST: redis-master
+        CGW_REDIS_PORT: "6379"
+        CGW_ALLOW_CERT_MISMATCH: "yes"
+        # use (#cpus * 2) - 2
+        DEFAULT_WSS_THREAD_NUM: "4"
+        # Useful for debugging:
+        #CGW_LOG_LEVEL: "debug"
+        #RUST_BACKTRACE: "full"
+    - secret_env_variables:
+        CGW_DB_PASSWORD: "{{ .Environment.Values.postgres.cgwUser.password }}"
+    - services:
+        cgw:
+          type: LoadBalancer
+          annotations:
+            external-dns.alpha.kubernetes.io/hostname: cgw-{{ .Environment.Values.global.name }}.{{ .Environment.Values.global.domain }}
+            #service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+            service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+            service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+            service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.global.certificateARN }}
+            service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15003"
+            service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
+            service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002"
+            alb.ingress.kubernetes.io/healthcheck-path: /health

cgw/secrets/values.postgres.yaml

@@ -0,0 +1,21 @@
+postgres:
+    pgUser:
+        password: ENC[AES256_GCM,data:QHV7Y5Jfes4=,iv:QTs0fu7behn1g2CLheoJROFHNYvN6OpS/vcQQC0NrMs=,tag:PeaRcoDsOrEjDN9KgHUEPA==,type:str]
+    cgwUser:
+        name: ENC[AES256_GCM,data:g6J6,iv:H4HxE5orLFXZFDDVD2tAS0PkOqNJ9j6SNu1ief7Snk0=,tag:Tuj9yjBcJzZBBZRtwAY33w==,type:str]
+        password: ENC[AES256_GCM,data:5K0f,iv:+g61dhYOOTbr8TwnwwLHgW17R+6zXpQT2PfgjvofvlI=,tag:1nSVXgkTC41d1AnDDE19Hg==,type:int]
+sops:
+    kms:
+        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
+          created_at: "2024-06-12T13:45:13Z"
+          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEPrxIAaT+xE4C1IFYmWvmkAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMrFaPNxf0atKVKnFsAgEQgDu8uqj035qrcelG0Dq4/Ond4H5bmpUHNRVEj0C8BFxg+a4R3loIk4NBeyuA0yqC0cQeWnA5e+/SjVtGAA==
+          aws_profile: ""
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-06-25T17:29:15Z"
+    mac: ENC[AES256_GCM,data:gbXt2MRhlx9zGcm9ZvXjWuwSPh/QHkNngGx0j0UQ61jZTINRh4ZgERuUj7Vpo1tg/blIFWbl768wB89RAGq3n1C4AcQpX3xvC33QyCT0i4pitQmnec9RnJL0L197mioOikPxl8z56WE1014EV+Vvbk7rf1CQkqrrEIJINoqSdfE=,iv:ThbvKhY0fsaXJz9rORnvxY64vMWyM/IOgSI+kuFFbAQ=,tag:fSF4tdyf3wc5+uIfoYLc5g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

chart/Chart.yaml

@@ -31,10 +31,6 @@ dependencies:
 - name: owrrm
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=main"
   version: 0.1.0
-- name: kafka
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-  version: 13.0.2
-  condition: kafka.enabled
 - name: owls
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
   version: 0.1.0
@@ -43,11 +39,15 @@ dependencies:
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master"
   version: 0.1.0
   condition: owlsui.enabled
+- name: kafka
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 28.2.3
+  condition: kafka.enabled
 - name: haproxy
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-  version: 0.2.21
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 0.13.3
   condition: haproxy.enabled
-- name: postgresql-ha
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-  version: 8.6.13
-  condition: postgresql-ha.enabled
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 13.4.3
+  condition: postgresql.enabled

chart/environment-values/.gitignore

@@ -0,0 +1,3 @@
+_values.custom-*.yaml
+certs/
+env_*

chart/environment-values/cleanup.sh

@@ -1,6 +1,15 @@
 #!/bin/bash
 [ -z "$NAMESPACE" ] && echo "No NAMESPACE set" && exit 1
-helm -n openwifi-"$NAMESPACE" delete tip-openwifi
-sleep 30
-kubectl delete ns openwifi-"$NAMESPACE"
-exit 0
+ns="openwifi-$NAMESPACE"
+echo "Cleaning up namespace $ns in 10 seconds..."
+sleep 10
+echo "- delete tip-openwifi helm release in $ns"
+helm -n "$ns" delete tip-openwifi
+if [[ "$1" == "full" ]] ; then
+    echo "- delete $ns namespace in 30 seconds..."
+    sleep 30
+    echo "- delete $ns namespace"
+    kubectl delete ns "$ns"
+fi
+echo "- cleaned up $ns namespace"
+exit 0

chart/environment-values/deploy.sh

@@ -2,48 +2,47 @@
 set -e
 
 # Usage function
-usage () {
-  echo >&2;
-  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
-  echo >&2;
-  echo "Required environment variables:" >&2;
-  echo >&2;
-  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
-  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
-  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
-  echo >&2;
-  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
-  echo "- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build" >&2;
-  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
-  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
-  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
-  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
-  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
-  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
-  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
-  echo >&2;
-  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
-  echo >&2;
-  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
-  echo >&2;
-  echo "Optional environment variables:" >&2;
-  echo >&2;
-  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
-  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
-  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
-  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
-  echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
-  echo "- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed" >&2;
-  echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
-  echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
+function usage()
+{
+    cat <<-EOF >&2
+
+This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables
+
+Required environment variables:
+- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')
+- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart), 'bundle' (will use chart stored in the Artifactory) or local
+- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)
+- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment
+- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build
+- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security
+- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)
+- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket
+- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket
+- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties
+- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services
+- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services
+
+The following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):
+- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
+
+Optional environment variables:
+- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)
+- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator
+- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator
+- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services
+- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)
+- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed
+- MAILER_USERNAME - SMTP username used for OWSEC mailer
+- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)
+EOF
 }
 
 # Global variables
@@ -51,32 +50,30 @@ VALUES_FILE_LOCATION_SPLITTED=()
 EXTRA_VALUES_SPLITTED=()
 
 # Helper functions
-check_if_chart_version_is_release() {
-  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v[0-9]+\.[0-9]+\.[0-9]+.*")
-  if [[ -z "$PARSED_CHART_VERSION" ]]; then
-    return 1
-  else
-    return 0
-  fi
+function check_if_chart_version_is_release()
+{
+    [[ "$CHART_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]]
 }
 
 # Check if required environment variables were passed
 ## Deployment specifics
 [ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
 [ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
-if check_if_chart_version_is_release; then
-  echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
-else
-  echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
-  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
-  [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
+if [[ "$DEPLOY_METHOD" != "local" ]] ; then
+    if check_if_chart_version_is_release ; then
+        echo "Chart version ($CHART_VERSION) is a release version, ignoring services versions"
+    else
+        echo "Chart version ($CHART_VERSION) is not a release version, checking if services versions are set"
+        [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
+        [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
+    fi
 fi
 ## Environment specifics
 [ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
@@ -108,54 +105,55 @@ export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
 export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
 export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-')
 
-# Debug get bash version
-bash --version >&2
-
 # Check deployment method that's required for this environment
 helm plugin install https://github.com/databus23/helm-diff || true
-if [[ "$DEPLOY_METHOD" == "git" ]]; then
-  helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
-  rm -rf wlan-cloud-ucentral-deploy || true
-  git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
-  cd wlan-cloud-ucentral-deploy
-  git checkout $CHART_VERSION
-  cd chart
-  if ! check_if_chart_version_is_release; then
-    sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
-  fi
-  helm repo add bitnami https://charts.bitnami.com/bitnami
-  helm repo update
-  helm dependency update
-  cd ../..
-  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
-elif [[ "$DEPLOY_METHOD" == "bundle" ]]; then
-  helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
-  export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
+if [[ "$DEPLOY_METHOD" == "git" ]] ; then
+    helm plugin list | grep "^helm-git" || helm plugin install https://github.com/aslafy-z/helm-git || true
+    rm -rf wlan-cloud-ucentral-deploy || true
+    git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+    cd wlan-cloud-ucentral-deploy
+    git checkout $CHART_VERSION
+    cd chart
+    if ! check_if_chart_version_is_release ; then
+        sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
+        sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
+    fi
+    #helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update
+    [ -z "$SKIP_DEPS" ] && helm dependency update
+    cd ../..
+    export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
+elif [[ "$DEPLOY_METHOD" == "bundle" ]] ; then
+    helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
+    export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
+elif [[ "$DEPLOY_METHOD" == "local" ]] ; then
+    export DEPLOY_SOURCE=".."
+    pushd ..
+    [ -z "$SKIP_DEPS" ] && helm dependency update
+    popd
 else
-  echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git or bundle" >&2
-  exit 1
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git, bundle or local" >&2
+    exit 1
 fi
 
 VALUES_FILES_FLAGS=()
 IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
 for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
-  VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
+    VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
 done
 EXTRA_VALUES_FLAGS=()
 IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
 for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
-  EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
+    EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
 done
 
-if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
+if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]] ; then
   export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
   export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN}"
 else
@@ -163,21 +161,13 @@ else
   export OWGW_SERVICE_DNS_RECORDS=""
 fi
 
-echo "Deploying into openwifi-${NAMESPACE} with the following values files:"
-echo ${VALUES_FILES_FLAGS[*]}
-echo
-envsubst < values.custom.tpl.yaml > values.custom-${NAMESPACE}.yaml
+envsubst < values.custom.tpl.yaml > _values.custom-${NAMESPACE}.yaml
 
-echo "Using configuration:"
-echo "---"
-cat values.custom-${NAMESPACE}.yaml
-echo "---"
-set -x
 helm upgrade --install --create-namespace --wait --timeout 60m \
   --namespace openwifi-${NAMESPACE} \
   ${VALUES_FILES_FLAGS[*]} \
   ${EXTRA_VALUES_FLAGS[*]} \
-  -f values.custom-${NAMESPACE}.yaml \
+  -f _values.custom-${NAMESPACE}.yaml \
   --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
   --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \

chart/environment-values/values.aws.yaml

@@ -15,8 +15,8 @@ owgwui:
   ingresses:
     default:
       enabled: true
+      className: alb
       annotations:
-        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
@@ -65,8 +65,8 @@ owprovui:
   ingresses:
     default:
       enabled: true
+      className: alb
       annotations:
-        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c

chart/environment-values/values.base.insecure.yaml

@@ -77,10 +77,33 @@ owprovui:
     REACT_APP_UCENTRALSEC_URL: http://localhost:16001
 
 kafka:
-  heapOpts: -Xmx512m -Xms512m
+  volumePermissions:
+    enabled: true
+  commonAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
   readinessProbe:
     initialDelaySeconds: 45
   livenessProbe:
     initialDelaySeconds: 60
+  kraft:
+    enabled: true
+  heapOpts: -Xmx1024m -Xms1024m
   zookeeper:
-    heapSize: 256
+    enabled: false
+  controller:
+    replicaCount: 1
+    extraConfig: |-
+      maxMessageBytes = 1048588
+    extraEnvVars:
+      - name: ALLOW_PLAINTEXT_LISTENER
+        value: "yes"
+  listeners:
+    client:
+      protocol: PLAINTEXT
+      containerPort: 9092
+    controller:
+      protocol: "PLAINTEXT"
+  broker:
+    persistence:
+      size: 20Gi
+    replicaCount: 2

chart/environment-values/values.base.secure.yaml

@@ -323,13 +323,43 @@ owprovui:
     REACT_APP_UCENTRALSEC_URL: https://localhost:16001
 
 kafka:
-  heapOpts: -Xmx512m -Xms512m
+  volumePermissions:
+    enabled: true
+  commonAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+  #resources:
+  #  requests:
+  #    cpu: 100m
+  #    memory: 512Mi
+  #  limits:
+  #    cpu: 500m
+  #    memory: 1Gi
   readinessProbe:
     initialDelaySeconds: 45
   livenessProbe:
     initialDelaySeconds: 60
+  kraft:
+    enabled: true
+  heapOpts: -Xmx1024m -Xms1024m
   zookeeper:
-    heapSize: 256
+    enabled: false
+  controller:
+    replicaCount: 1
+    extraConfig: |-
+      maxMessageBytes = 1048588
+    extraEnvVars:
+      - name: ALLOW_PLAINTEXT_LISTENER
+        value: "yes"
+  listeners:
+    client:
+      protocol: PLAINTEXT
+      containerPort: 9092
+    controller:
+      protocol: "PLAINTEXT"
+  broker:
+    persistence:
+      size: 20Gi
+    replicaCount: 2
 
 restapiCerts:
   enabled: true

chart/environment-values/values.openwifi-dev03.yaml

@@ -0,0 +1,22 @@
+owgwui:
+  ingresses:
+    default:
+      annotations:
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+owprovui:
+  ingresses:
+    default:
+      annotations:
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+owrrm:
+  services:
+    owrrm:
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be

chart/environment-values/values.openwifi-qa.disable-radiusproxy.yaml

@@ -0,0 +1,7 @@
+owgw:
+  configProperties:
+    radius.proxy.enable: "false"
+    radius.proxy.accounting.port: 1813
+    radius.proxy.authentication.port: 1812
+    radius.proxy.coa.port: 3799
+    radsec.keepalive: 120

chart/environment-values/values.openwifi-qa.owls-external.yaml

@@ -12,25 +12,43 @@ owgw:
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
 
   configProperties:
-    simulatorid: 53494D020202
-    storage.type: postgresql
-    storage.type.postgresql.host: owgw-pgsql
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"
+    # done by default for owgw now:
+    #simulatorid: 53494D020202
+    # on a host with more CPUs you may need to bump this up from default of 64
+    storage.type.postgresql.maxsessions: 120
+    # this actually disables websocket logging:
+    logging.websocket: true
+    # consider lowering the # of days to keep archives in the database
+    #archiver.db.0.name = healthchecks
+    #archiver.db.0.keep = 1
+    #archiver.db.1.name = statistics
+    #archiver.db.1.keep = 1
+    #archiver.db.2.name = devicelogs
+    #archiver.db.2.keep = 1
+    #archiver.db.3.name = commandlist
+    #archiver.db.3.keep = 1
 
   resources:
     requests:
       cpu: 2000m
-      memory: 3000Mi
+      memory: 3Gi
     limits:
       cpu: 2000m
-      memory: 3000Mi
+      memory: 5Gi
 
-  postgresql:
-    enabled: true
-    fullnameOverride: owgw-pgsql
-    postgresqlDatabase: owgw
-    postgresqlUsername: owgw
-    postgresqlPassword: owgw
+# Postgres tuning for larger # of APs
+#postgresql:
+#  primary:
+#    resourcesPreset: large
+#    persistence:
+#      size: 120Gi
+
+owprov:
+  # consider providing more memory to owprov
+  resources:
+    requests:
+      cpu: 10m
+      memory: 20Mi
+    limits:
+      cpu: 100m
+      memory: 4Gi

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -2,7 +2,7 @@ owgw:
   configProperties:
     simulatorid: 53494D020202
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
@@ -10,7 +10,7 @@ owgw:
 owsec:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owsec
     storage.type.postgresql.username: owsec
     storage.type.postgresql.password: owsec
@@ -18,7 +18,7 @@ owsec:
 owfms:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owfms
     storage.type.postgresql.username: owfms
     storage.type.postgresql.password: owfms
@@ -26,7 +26,7 @@ owfms:
 owprov:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owprov
     storage.type.postgresql.username: owprov
     storage.type.postgresql.password: owprov
@@ -34,7 +34,7 @@ owprov:
 owanalytics:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owanalytics
     storage.type.postgresql.username: owanalytics
     storage.type.postgresql.password: owanalytics
@@ -42,15 +42,41 @@ owanalytics:
 owsub:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owsub
     storage.type.postgresql.username: owsub
     storage.type.postgresql.password: owsub
 
-postgresql-ha:
+postgresql:
   enabled: true
   initDbScriptSecret:
     enabled: true
+    initdbScriptsSecret: tip-openwifi-initdb-scripts
+  volumePermissions:
+    enabled: true
+  global:
+    postgresql:
+      auth:
+        postgresPassword: postgres
+  auth:
+    postgresPassword: postgres
+  primary:
+    # Consider using this resource model for small installations
+    #resourcesPreset: medium
+    extendedConfiguration: |-
+      max_connections = 550
+      shared_buffers = 128MB
+    initdb:
+      scriptsSecret: tip-openwifi-initdb-scripts
+    # Consider using this disk size for small installations
+    #persistence:
+    #  size: 30Gi
+
+postgresql-ha:
+  enabled: false
+  initDbScriptSecret:
+    enabled: false
+    initdbScriptsSecret: tip-openwifi-initdb-scripts
   pgpool:
     adminPassword: admin
     resources:

chart/environment-values/values.openwifi-qa.yaml

@@ -357,7 +357,6 @@ owgwui:
     default:
       enabled: true
       annotations:
-        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
@@ -565,7 +564,6 @@ owprovui:
     default:
       enabled: true
       annotations:
-        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
@@ -813,31 +811,50 @@ owrrm:
         memory: 512Mi
 
 kafka:
+  volumePermissions:
+    enabled: true
   commonAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-  heapOpts: -Xmx512m -Xms512m
-  resources:
-    requests:
-      cpu: 100m
-      memory: 512Mi
-    limits:
-      cpu: 500m
-      memory: 1Gi
   readinessProbe:
     initialDelaySeconds: 45
   livenessProbe:
     initialDelaySeconds: 60
+  heapOpts: -Xmx1024m -Xms1024m
+  kraft:
+    enabled: true
   zookeeper:
-    commonAnnotations:
-      cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-    heapSize: 256
+    enabled: false
+  controller:
+    replicaCount: 1
+    extraConfig: |-
+      maxMessageBytes = 1048588
+    extraEnvVars:
+      - name: ALLOW_PLAINTEXT_LISTENER
+        value: "yes"
     resources:
       requests:
-        cpu: 100m
-        memory: 256Mi
+        cpu: 500m
+        memory: 512Mi
       limits:
-        cpu: 200m
-        memory: 384Mi
+        cpu: 750m
+        memory: 2Gi
+  listeners:
+    client:
+      protocol: PLAINTEXT
+      containerPort: 9092
+    controller:
+      protocol: "PLAINTEXT"
+  broker:
+    persistence:
+      size: 20Gi
+    replicaCount: 2
+    resources:
+      requests:
+        cpu: 500m
+        memory: 512Mi
+      limits:
+        cpu: 750m
+        memory: 2Gi
 
 clustersysteminfo:
   enabled: true
@@ -846,11 +863,11 @@ clustersysteminfo:
 haproxy:
   resources:
     requests:
-      cpu: 10m
-      memory: 20Mi
+      cpu: 50m
+      memory: 50Mi
     limits:
-      cpu: 10m
-      memory: 20Mi
+      cpu: 50m
+      memory: 50Mi
   service:
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl

chart/environment-values/values.openwifi-qa03.yaml

@@ -0,0 +1,29 @@
+
+owgw:
+  services:
+    owgw:
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+owgwui:
+  ingresses:
+    default:
+      annotations:
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+owprovui:
+  ingresses:
+    default:
+      annotations:
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+owrrm:
+  services:
+    owrrm:
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be

chart/templates/_initdb_sql.tpl

@@ -0,0 +1,13 @@
+{{- define "openwifi.user_creation_script_sql" -}}
+{{- $root := . -}}
+{{- $postgresqlBase := index .Values "postgresql" }}
+{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql") "Release" $.Release) }}
+{{ range index .Values "postgresql" "initDbScriptSecret" "services" }}
+CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
+ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}';
+CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }};
+GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
+ALTER DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} OWNER TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
+{{ end }}
+{{- end -}}
+

chart/templates/secret-postgresql-initdb.yaml

@@ -1,5 +1,5 @@
 {{- $root := . -}}
-{{- if  index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
+{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
 ---
 apiVersion: v1
 metadata:
@@ -14,3 +14,18 @@ type: Opaque
 data:
   users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
 {{- end }}
+{{- if index .Values "postgresql" "initDbScriptSecret" "enabled" }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-initdb-scripts
+kind: Secret
+type: Opaque
+data:
+  initdb.sql: {{ include "openwifi.user_creation_script_sql" . | b64enc | quote }}
+{{- end }}

chart/values.yaml

@@ -1,7 +1,6 @@
 # OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
 owgw:
   fullnameOverride: owgw
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -9,7 +8,6 @@ owgw:
 # OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
 owsec:
   fullnameOverride: owsec
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -17,7 +15,6 @@ owsec:
 # OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
 owfms:
   fullnameOverride: owfms
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -25,7 +22,6 @@ owfms:
 # OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/)
 owprov:
   fullnameOverride: owprov
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -33,7 +29,6 @@ owprov:
 # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
 owanalytics:
   fullnameOverride: owanalytics
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -49,7 +44,6 @@ owprovui:
 # OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/)
 owsub:
   fullnameOverride: owsub
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -57,31 +51,18 @@ owsub:
 # OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
 owrrm:
   fullnameOverride: owrrm
-
   mysql:
     enabled: true
 
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
   enabled: true
-
   fullnameOverride: kafka
 
-  image:
-    registry: docker.io
-    repository: bitnami/kafka
-    tag: 2.8.0-debian-10-r43
-
-  minBrokerId: 100
-
-  zookeeper:
-    fullnameOverride: zookeeper
-
 # clustersysteminfo check
 clustersysteminfo:
   enabled: false
   delay: 0 # number of seconds to delay clustersysteminfo execution
-
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
@@ -103,23 +84,17 @@ clustersysteminfo:
     # limits:
     #  cpu: 100m
     #  memory: 128Mi
-
   nodeSelector: {}
-
   tolerations: []
-
   affinity: {}
-
   public_env_variables:
     FLAGS: "-s --connect-timeout 3"
     OWSEC: owsec-owsec:16001
     CHECK_RETRIES: 30
-
   secret_env_variables:
     OWSEC_DEFAULT_USERNAME: tip@ucentral.com
     OWSEC_DEFAULT_PASSWORD: openwifi
     #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
-
   activeDeadlineSeconds: 2400
   backoffLimit: 5
   restartPolicy: OnFailure
@@ -127,9 +102,7 @@ clustersysteminfo:
 # OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
 owls:
   enabled: false
-
   fullnameOverride: owls
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -137,17 +110,13 @@ owls:
 # OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
 owlsui:
   enabled: false
-
   fullnameOverride: owlsui
 
 # HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
 haproxy:
   enabled: true
-
   fullnameOverride: proxy
-
-  replicaCount: 3
-
+  replicaCount: 1
   service:
     type: LoadBalancer
     ports:
@@ -428,7 +397,6 @@ haproxy:
 # Cert-manager RESTAPI certs
 restapiCerts:
   enabled: false
-
   services:
     - owgw-owgw
     - owsec-owsec
@@ -438,9 +406,22 @@ restapiCerts:
     - owanalytics-owanalytics
     - owsub-owsub
     - owrrm-owrrm
-
   clusterDomain: cluster.local
 
+postgresql:
+  enabled: false
+  nameOverride: pgsql
+  fullnameOverride: pgsql
+  initDbScriptSecret:
+    enabled: false
+    services:
+      - owgw
+      - owsec
+      - owfms
+      - owprov
+      - owanalytics
+      - owsub
+
 postgresql-ha:
   enabled: false
   nameOverride: pgsql