Chg: update image tag in helm values to v2.7.0-RC5

Chg: update image tag in helm values to v2.7.0-RC4
Chg: update image tag in helm values to v2.7.0-RC3
2026-03-20 03:40:49 +00:00 · 2022-10-01 00:58:26 +00:00 · 2022-09-30 19:49:07 +00:00 · 2022-09-30 16:31:47 +00:00 · 2022-09-29 23:27:55 +00:00 · 2022-09-16 19:55:16 +00:00
45 changed files with 233 additions and 1227 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,7 +9,6 @@ on:
    branches:
      - main
      - 'release/*'
-  workflow_dispatch: {}

 defaults:
  run:
@@ -29,19 +28,19 @@ jobs:
      id: get_branch_names
      if: startsWith(github.ref, 'refs/pull/')
      run: |
-        echo "pr_branch=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_OUTPUT
+        echo ::set-output name=pr_branch::$(echo ${GITHUB_HEAD_REF})

    - name: Get created deployment tag and set as output
      id: get_deployment_upgrade_tag
      if: startsWith(github.ref, 'refs/tags/v')
      run: |
-        echo "tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
+        echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})

    - name: Get previous deployment tag
      id: get_deployment_tag
      if: startsWith(github.ref, 'refs/tags/v')
      run: |
-        echo "tag=$(git tag | grep -v RC | tail -2 | head -1)" >> $GITHUB_OUTPUT
+        echo ::set-output name=tag::$(git tag | grep -v RC | tail -2 | head -1)

  trigger-docker-compose-testing:
    if: startsWith(github.ref, 'refs/pull/')
@@ -49,7 +48,7 @@ jobs:
    needs: envs
    steps:
    - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
      with:
        repository: Telecominfraproject/.github
        path: github
@@ -72,7 +71,7 @@ jobs:
    needs: envs
    steps:
    - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
      with:
        repository: Telecominfraproject/.github
        path: github
@@ -95,7 +94,7 @@ jobs:
    needs: envs
    steps:
    - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
      with:
        repository: Telecominfraproject/.github
        path: github
--- a/.github/workflows/clustersysteminfo_image_ci.yml
+++ b/.github/workflows/clustersysteminfo_image_ci.yml
@@ -22,7 +22,7 @@ jobs:
      DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
      DOCKER_REGISTRY_USERNAME: ucentral
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v2

    - name: Build Docker image
      working-directory: chart/docker
@@ -55,7 +55,7 @@ jobs:

    - name: Log into Docker registry
      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
-      uses: docker/login-action@v2
+      uses: docker/login-action@v1
      with:
        registry: ${{ env.DOCKER_REGISTRY_URL }}
        username: ${{ env.DOCKER_REGISTRY_USERNAME }}
--- a/.github/workflows/enforce-jira-issue-key.yml
+++ b/.github/workflows/enforce-jira-issue-key.yml
@@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout actions repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
        with:
          repository: Telecominfraproject/.github
          path: github
--- a/.github/workflows/git-release.yml
+++ b/.github/workflows/git-release.yml
@@ -28,7 +28,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
      with:
        path: wlan-cloud-ucentral-deploy

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
      HELM_REPO_USERNAME: ucentral
    steps:
      - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
        with:
          path: wlan-cloud-ucentral-deploy
          repository: Telecominfraproject/wlan-cloud-ucentral-deploy
--- a/chart/.helmignore
+++ b/chart/.helmignore
@@ -20,7 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
-# Chart dependencies
-docker/
-environment-values/
-feature-values/
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,39 +2,38 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 0.1.0
+version: 2.7.0-RC5
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=master"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.7.0-RC4"
  version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.7.0-RC3"
  version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.7.0-RC3"
  version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.7.0-RC4"
  version: 0.1.0
 - name: owanalytics
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.7.0-RC4"
  version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.7.0-RC2"
  version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.7.0-RC2"
  version: 0.1.0
 - name: owsub
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.7.0-RC3"
  version: 0.1.0
 - name: owrrm
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=v2.7.0-RC3"
  version: 0.1.0
 - name: kafka
  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
  version: 13.0.2
-  condition: kafka.enabled
 - name: owls
  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
  version: 0.1.0
--- a/chart/README.md
+++ b/chart/README.md
@@ -6,67 +6,13 @@ This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencie

 [helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so intall it if you don't have it already.

-Using that you can deploy Cloud SDK with 2 setups - without TLS certificates for RESTAPI endpoints and with them.
-
-In both cases Websocket endpoint should be exposed through LoadBalancer. In order to get IP address or DNS FQDN of that endpoint you may refer to `kubectl get svc | grep proxy | awk -F ' ' '{print $4}'`. Used port is 15002, but you would need to disable TLS check on AP side since certificate is issued for `*.wlan.local`.
-
-### Deployment with TLS certificates
-
-This deployment method requires usage of [cert-manager](https://cert-manager.io/docs/) (tested minimal Helm chart version is `v1.6.1`) in your Kubernetes installation in order to issue self-signed PKI for internal communication. In this case you will have to trust the self-signed certificates via your browser. Just like in previous method you still need OWGW Websocket TLS certificate, so you can use the same certificates with another values file using these commands:
-
 ```bash
 $ helm dependency update
-$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
-$ helm upgrade --install -f environment-values/values.base.secure.yaml openwifi .
+$ helm install .
 ```

-In order to acces the UI and other RESTAPI endpoints you should run the following commands after the deployment:
-
-```
-$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
-$ kubectl port-forward deployment/owrrm 16789 &
-$ kubectl port-forward deployment/owgwui 8080:80 &
-$ kubectl port-forward deployment/owprovui 8088:80 &
-```
-
-From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
-
-### Deployment without TLS certificates
-
-**IMPORTANT** Currently this method is not available due to issues in current implementation on microservices side (not being able to use Web UI because of error on Websocket upgrade on OWGW connections), please use TLS method for now.
-
-For this deployment method you will need to disable usage of TLS certificates, yet you will still need a TLS certificate for Websocket endpoint of OWGW. Here are the required steps for the deployment where websocket certificates from [docker-compose certs directory](../docker-compose/certs) and special values file to disable TLS for REST API endpoint will be used:
-
-```bash
-$ helm dependency update
-$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
-$ helm upgrade --install -f environment-values/values.base.insecure.yaml openwifi .
-```
-
-In order to acces the UI and other RESTAPI endpoints you should run the following commands after the deployment:
-
-```
-$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
-$ kubectl port-forward deployment/owrrm 16789 &
-$ kubectl port-forward deployment/owgwui 8080:80 &
-$ kubectl port-forward deployment/owprovui 8088:80 &
-```
-
-From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
-
-During the requests through UI errors may happen - that means that you haven't added certificate exception in browser. In order to that open browser dev tools (F12), open Network tab and see what requests are failing, open them and accept the exceptions.
-
-### Default password change
-
 Then change the default password as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password).

-Values files passed in the installation is using default certificates that may be used for initial evaluation (same certificates are used in [docker-compose](../docker-compose/certs) method) using `*.wlan.local` domains. If you want to change those certificates, please set them in Helm values files instead of default certificates (see default values in `values.yaml` file).
-
-If you are using default values without changing [OWSEC config properties](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/939869948f77575ba0e92c0fb12f2197802ffe71/helm/values.yaml#L212-L213) in your values file, you may access the WebUI using following credentials:
-
-> Username: tip@ucentral.com
-> Password: openwifi
-
 ## Introduction

 This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@@ -125,27 +71,20 @@ The following table lists the configurable parameters that overrides microservic
 |-----------|------|-------------|---------|
 | `owgw.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Gateway to use Kafka for communication | `'true'` |
 | `owgw.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Gateway to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owgw.certs` | map | Map with multiline string containing TLS certificates and private keys required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
-| `owgw.certsCAs` | map | Map with multiline string containing TLS CAs required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
 | `owsec.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Security to use Kafka for communication | `'true'` |
-| `owsec.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owsec.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Security to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `owfms.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Firmware to use Kafka for communication | `'true'` |
 | `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owfms.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owprov.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Provisioning to use Kafka for communication | `'true'` |
 | `owprov.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Provisioning to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owprov.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owanalytics.enabled` | boolean | Install OpenWIFI Analytics in the release | `false` |
 | `owanalytics.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Analytics to use Kafka for communication | `'true'` |
 | `owanalytics.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Analytics to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owanalytics.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
-| `owsub.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Subscription to use Kafka for communication | `'true'` |
-| `owsub.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Subscription to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owsub.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
-| `owrrm.public_env_variables` | map | Map of public environment variables passed to OpenWIFI RRM service |  |
-| `owrrm.mysql.enabled` | boolean | Flag to enable MySQL database deployment of OpenWIFI RRM service using subchart | `true` |
-| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `true` |
+| `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
+| `rttys.internal` | boolean | Whether to use the built-in rttys server | `True` |
+| `rttys.enabled` | boolean | Enable or disable rttys | `True` |
+| `rttys.config.token` | string | Sets default rttys token |  |
+| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
 | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` |
 | `kafka.image.registry` | string | Kafka Docker image registry | `'docker.io'` |
 | `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
@@ -256,10 +195,6 @@ If you want, you may use configuration property `openwifi.security.restapi.disab

 You may see example values to enable this feature in [values.restapi-disable-tls.yaml](./feature-values/values.restapi-disable-tls.yaml).

-### PostgreSQL storage option for services
-
-By default all microservices except RRM service use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used.
-
 ## Environment specific values

 This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).
--- a/chart/environment-values/cleanup.sh
+++ b/chart/environment-values/cleanup.sh
@@ -1,5 +0,0 @@
-#!/bin/bash
-[ -z "$NAMESPACE" ] && echo "No NAMESPACE set" && exit 1
-helm -n openwifi-$NAMESPACE delete tip-openwifi
-sleep 30
-kubectl delete ns openwifi-$NAMESPACE
--- a/chart/environment-values/deploy.sh
+++ b/chart/environment-values/deploy.sh
@@ -13,7 +13,6 @@ usage () {
  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
  echo >&2;
  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
-  echo "- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build" >&2;
  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
@@ -52,7 +51,7 @@ EXTRA_VALUES_SPLITTED=()

 # Helper functions
 check_if_chart_version_is_release() {
-  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xE "v\d+\.\d+\.\d+.*")
+  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
  if [[ -z "$PARSED_CHART_VERSION" ]]; then
    return 1
  else
@@ -95,7 +94,6 @@ fi
 [ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
 export MAILER_ENABLED="false"
 [ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
-[ -z "${DOMAIN}" ] && echo "DOMAIN is unset, using cicd.lab.wlan.tip.build" && export DOMAIN="cicd.lab.wlan.tip.build"

 # Transform some environment variables
 export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
@@ -136,12 +134,14 @@ if [[ "$DEPLOY_METHOD" == "git" ]]; then
  helm dependency update
  cd ../..
  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
-elif [[ "$DEPLOY_METHOD" == "bundle" ]]; then
-  helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
-  export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
 else
-  echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git or bundle" >&2
-  exit 1
+  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
+    helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
+    export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
+  else
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
+    exit 1
+  fi
 fi

 VALUES_FILES_FLAGS=()
@@ -156,28 +156,79 @@ for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
 done

 if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
-  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN}"
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
 else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN},sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
  export OWGW_SERVICE_DNS_RECORDS=""
 fi

-echo "Deploying into openwifi-${NAMESPACE} with the following values files:"
-echo ${VALUES_FILES_FLAGS[*]}
-echo
-envsubst < values.custom.tpl.yaml > values.custom-${NAMESPACE}.yaml
-
-echo "Using configuration:"
-echo "---"
-cat values.custom-${NAMESPACE}.yaml
-echo "---"
-set -x
+# Run the deployment
 helm upgrade --install --create-namespace --wait --timeout 60m \
  --namespace openwifi-${NAMESPACE} \
  ${VALUES_FILES_FLAGS[*]} \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
+  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
+  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
+  --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
+  --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
+  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
+  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
+  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
+  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owrrm.public_env_variables.SERVICECONFIG_PUBLICENDPOINT=https://rrm-${NAMESPACE}.cicd.lab.wlan.tip.build:16789 \
+  --set owrrm.services.owrrm.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rrm-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
  ${EXTRA_VALUES_FLAGS[*]} \
-  -f values.custom-${NAMESPACE}.yaml \
  --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
  --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
  --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
--- a/chart/environment-values/values.aws.yaml
+++ b/chart/environment-values/values.aws.yaml
@@ -19,7 +19,7 @@ owgwui:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
        external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -29,7 +29,7 @@ owgwui:
        servicePort: http

  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url

 owsec:
  configProperties: # TODO change FQDNs and credentials
@@ -69,7 +69,7 @@ owprovui:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
        external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -99,7 +99,7 @@ haproxy:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs
--- a/chart/environment-values/values.base.insecure.yaml
+++ b/chart/environment-values/values.base.insecure.yaml
@@ -1,86 +0,0 @@
-owgw:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16002
-    openwifi.system.uri.private: http://owgw-owgw:17002
-    openwifi.system.uri.ui: http://localhost
-
-owsec:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16001
-    openwifi.system.uri.private: http://owsec-owsec:17001
-    openwifi.system.uri.ui: http://localhost
-
-owfms:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16004
-    openwifi.system.uri.private: http://owfms-owfms:17004
-    openwifi.system.uri.ui: http://localhost
-
-owprov:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16005
-    openwifi.system.uri.private: http://owprov-owprov:17005
-    openwifi.system.uri.ui: http://localhost
-
-owanalytics:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16009
-    openwifi.system.uri.private: http://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: http://localhost
-
-owsub:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16006
-    openwifi.system.uri.private: http://owsub-owsub:17006
-    openwifi.system.uri.ui: http://localhost
-
-owrrm:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  mysql:
-    enabled: true
-    fullnameOverride: "owrrm-mysql"
-
-owgwui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
-
-owprovui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
-
-kafka:
-  heapOpts: -Xmx512m -Xms512m
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    heapSize: 256
--- a/chart/environment-values/values.base.secure.yaml
+++ b/chart/environment-values/values.base.secure.yaml
@@ -1,335 +0,0 @@
-owgw:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16002
-    openwifi.system.uri.private: https://owgw-owgw:17002
-    openwifi.system.uri.ui: http://localhost:8443
-    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owgw:
-      - name: config
-        mountPath: /owgw-data/owgw.properties
-        subPath: owgw.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-config
-      - name: certs
-        mountPath: /owgw-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owgw.fullname" . }}-certs{{ end }}
-      - name: certs-cas
-        mountPath: /owgw-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-certs-cas
-      - name: persist
-        mountPath: /owgw-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owgw.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owgw-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-
-owsec:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16001
-    openwifi.system.uri.private: https://owsec-owsec:17001
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsec:
-      - name: config
-        mountPath: /owsec-data/owsec.properties
-        subPath: owsec.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-config
-      - name: certs
-        mountPath: /owsec-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owsec-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsec.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsec-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-
-owfms:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16004
-    openwifi.system.uri.private: https://owfms-owfms:17004
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owfms:
-      - name: config
-        mountPath: /owfms-data/owfms.properties
-        subPath: owfms.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-config
-      - name: certs
-        mountPath: /owfms-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owfms.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owfms-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owfms.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owfms-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-
-owprov:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16005
-    openwifi.system.uri.private: https://owprov-owprov:17005
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owprov:
-      - name: config
-        mountPath: /owprov-data/owprov.properties
-        subPath: owprov.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-config
-      - name: certs
-        mountPath: /owprov-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owprov.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owprov-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owprov.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owprov-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-
-owanalytics:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16009
-    openwifi.system.uri.private: https://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owanalytics:
-      - name: config
-        mountPath: /owanalytics-data/owanalytics.properties
-        subPath: owanalytics.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-config
-      - name: certs
-        mountPath: /owanalytics-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owanalytics.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owanalytics-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owanalytics.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owanalytics-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
-
-
-owsub:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16006
-    openwifi.system.uri.private: https://owsub-owsub:17006
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsub:
-      - name: config
-        mountPath: /owsub-data/owsub.properties
-        subPath: owsub.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-config
-      - name: certs
-        mountPath: /owsub-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsub.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owsub-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsub.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsub-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
-
-owrrm:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  mysql:
-    enabled: true
-    fullnameOverride: "owrrm-mysql"
-
-owgwui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
-
-owprovui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
-
-kafka:
-  heapOpts: -Xmx512m -Xms512m
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    heapSize: 256
-
-restapiCerts:
-  enabled: true
--- a/chart/environment-values/values.custom.tpl.yaml
+++ b/chart/environment-values/values.custom.tpl.yaml
@@ -1,128 +0,0 @@
-owgw:
-  services:
-    owgw:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: "$OWGW_SERVICE_DNS_RECORDS"
-  configProperties:
-    openwifi.fileuploader.host.0.name: gw-${NAMESPACE}.${DOMAIN}
-    rtty.server: gw-${NAMESPACE}.${DOMAIN}
-    openwifi.system.uri.public: https://gw-${NAMESPACE}.${DOMAIN}:16002
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsec:
-  configProperties:
-    authentication.default.username: "${OWGW_AUTH_USERNAME}"
-    authentication.default.password: "${OWGW_AUTH_PASSWORD}"
-    openwifi.system.uri.public: https://sec-${NAMESPACE}.${DOMAIN}:16001
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001
-    openwifi.ystem.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    mailer.sender: "sec-${NAMESPACE}@${DOMAIN}"
-    mailer.enabled: $MAILER_ENABLED
-    mailer.username: "$MAILER_USERNAME"
-    mailer.password: "$MAILER_PASSWORD"
-  services:
-    owsec:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sec-${NAMESPACE}.${DOMAIN}
-owfms:
-  configProperties:
-    s3.secret: "${OWFMS_S3_SECRET}"
-    s3.key: "${OWFMS_S3_KEY}"
-    openwifi.system.uri.public: https://fms-${NAMESPACE}.${DOMAIN}:16004
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  services:
-    owfms:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: fms-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owgwui:
-  ingresses:
-    default:
-      hosts:
-      - webui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owprov:
-  services:
-    owprov:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: prov-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://prov-${NAMESPACE}.${DOMAIN}:16005
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005
-    openwifi.system.uri.ui: https://provui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owprovui:
-  ingresses:
-    default:
-      hosts:
-      - provui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: provui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owanalytics:
-  services:
-    owanalytics:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: analytics-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://analytics-${NAMESPACE}.${DOMAIN}:16009
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsub:
-  services:
-    owsub:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sub-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://sub-${NAMESPACE}.${DOMAIN}:16006
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-clustersysteminfo:
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-  secret_env_variables:
-    OWSEC_NEW_PASSWORD: "${OWSEC_NEW_PASSWORD}"
-owls:
-  services:
-    owls:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: ls-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://ls-${NAMESPACE}.${DOMAIN}:16007
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-owlsui:
-  ingresses:
-    default:
-      hosts:
-      - lsui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: lsui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owrrm:
-  public_env_variables:
-    SERVICECONFIG_PUBLICENDPOINT: https://rrm-${NAMESPACE}.${DOMAIN}:16789
-  services:
-    owrrm:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: rrm-${NAMESPACE}.${DOMAIN}
-haproxy:
-  service:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: "$HAPROXY_SERVICE_DNS_RECORDS"
--- a/chart/environment-values/values.openwifi-qa.owls-enabled.yaml
+++ b/chart/environment-values/values.openwifi-qa.owls-enabled.yaml
@@ -1,4 +1,3 @@
-# This helm values file is to be used when OWLS is run in the same namespace.
 owgw:
  services:
    owgw:
@@ -8,7 +7,7 @@ owgw:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"

  configProperties:
@@ -18,7 +17,6 @@ owgw:
    storage.type.postgresql.database: owgw
    storage.type.postgresql.username: owgw
    storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"

  resources:
    requests:
@@ -31,13 +29,13 @@ owgw:
  postgresql:
    enabled: true
    fullnameOverride: owgw-pgsql
+
    postgresqlDatabase: owgw
    postgresqlUsername: owgw
    postgresqlPassword: owgw

 owls:
  enabled: true
-
  services:
    owls:
      type: LoadBalancer
@@ -46,7 +44,7 @@ owls:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
        external-dns.alpha.kubernetes.io/ttl: "60"

@@ -55,10 +53,10 @@ owls:

  resources:
    requests:
-      cpu: 6000m
+      cpu: 3000m
      memory: 8000Mi
    limits:
-      cpu: 6000m
+      cpu: 3000m
      memory: 8000Mi

  checks:
@@ -142,7 +140,7 @@ owls:
          secret:
            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -162,145 +160,7 @@ owlsui:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
-        external-dns.alpha.kubernetes.io/ttl: "60"
-      paths:
-      - path: /*
-        serviceName: owlsui
-        servicePort: http
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-owls:
-  enabled: true
-
-  services:
-    owls:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
-        external-dns.alpha.kubernetes.io/ttl: "60"
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  resources:
-    requests:
-      cpu: 6000m
-      memory: 8000Mi
-    limits:
-      cpu: 6000m
-      memory: 8000Mi
-
-  checks:
-    owls:
-      liveness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-      readiness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owls:
-      - name: config
-        mountPath: /owls-data/owls.properties
-        subPath: owls.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-config
-      - name: certs
-        mountPath: /owls-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs
-      - name: certs-cas
-        mountPath: /owls-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs-cas
-      # Change this if you want to use another volume type
-      - name: persist
-        mountPath: /owls-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owls.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owls-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-
-owlsui:
-  enabled: true
-
-  services:
-    owlsui:
-      type: NodePort
-
-  ingresses:
-    default:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: alb
-        alb.ingress.kubernetes.io/scheme: internet-facing
-        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
        external-dns.alpha.kubernetes.io/ttl: "60"
--- a/chart/environment-values/values.openwifi-qa.owls-external.yaml
+++ b/chart/environment-values/values.openwifi-qa.owls-external.yaml
@@ -1,36 +0,0 @@
-# This helm values file is to be used when OWLS is run externally.
-owgw:
-  services:
-    owgw:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
-
-  configProperties:
-    simulatorid: 53494D020202
-    storage.type: postgresql
-    storage.type.postgresql.host: owgw-pgsql
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"
-
-  resources:
-    requests:
-      cpu: 2000m
-      memory: 3000Mi
-    limits:
-      cpu: 2000m
-      memory: 3000Mi
-
-  postgresql:
-    enabled: true
-    fullnameOverride: owgw-pgsql
-    postgresqlDatabase: owgw
-    postgresqlUsername: owgw
-    postgresqlPassword: owgw
--- a/chart/environment-values/values.openwifi-qa.separate-lbs.yaml
+++ b/chart/environment-values/values.openwifi-qa.separate-lbs.yaml
@@ -7,7 +7,7 @@ owgw:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"

 owsec:
@@ -19,7 +19,7 @@ owsec:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"

 owfms:
@@ -31,7 +31,7 @@ owfms:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"

 owprov:
@@ -43,7 +43,7 @@ owprov:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"

 owanalytics:
@@ -55,7 +55,7 @@ owanalytics:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"

 owsub:
@@ -67,7 +67,7 @@ owsub:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"

 haproxy:
--- a/chart/environment-values/values.openwifi-qa.single-external-db.yaml
+++ b/chart/environment-values/values.openwifi-qa.single-external-db.yaml
@@ -51,11 +51,7 @@ postgresql-ha:
  initDbScriptSecret:
    enabled: true
  pgpool:
-    replicaCount: 1
    adminPassword: admin
-#    childLifeTime: 0
-#    maxPool: 8
-#    numInitChildren : 48
    resources:
      requests:
        cpu: 250m
--- a/chart/environment-values/values.openwifi-qa.test-nodes.yaml
+++ b/chart/environment-values/values.openwifi-qa.test-nodes.yaml
@@ -112,7 +112,7 @@ owprovui:

 owls:
  nodeSelector:
-    env: owls
+    env: tests
  tolerations:
  - key: "tests"
    operator: "Exists"
--- a/chart/environment-values/values.openwifi-qa.yaml
+++ b/chart/environment-values/values.openwifi-qa.yaml
@@ -15,22 +15,22 @@ owgw:
      memory: 100Mi
    limits:
      cpu: 2000m
-      memory: 2Gi
+      memory: 500Mi

-#  securityContext:
-#    sysctls:
-#    - name: net.ipv4.tcp_keepalive_intvl
-#      value: "5"
-#    - name: net.ipv4.tcp_keepalive_probes
-#      value: "2"
-#    - name: net.ipv4.tcp_keepalive_time
-#      value: "45"
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"

  podAnnotations:
    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

-#  podSecurityPolicy:
-#    enabled: true
+  podSecurityPolicy:
+    enabled: true

  certs:
    restapi-ca.pem: |
@@ -56,160 +56,6 @@ owgw:
      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
      5IOM7ItsRmen6u3qu+JXros54e4juQ==
      -----END CERTIFICATE-----
-    clientcas.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-    issuer.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-    root.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  certsCAs:
-    issuer.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-    root.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----

  public_env_variables:
    SELFSIGNED_CERTS: "true"
@@ -253,7 +99,7 @@ owgw:
          secret:
            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -314,7 +160,6 @@ owsec:
    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
    mailer.hostname: email-smtp.us-east-2.amazonaws.com
-    openwifi.certificates.allowmismatch: "false"

  volumes:
    owsec:
@@ -342,7 +187,7 @@ owsec:
          secret:
            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -360,7 +205,7 @@ owgwui:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
      paths:
@@ -425,8 +270,6 @@ owfms:

  public_env_variables:
    SELFSIGNED_CERTS: "true"
-    # This has no effect as template based config is not enabled (see configProperties)
-    FIRMWAREDB_MAXAGE: "360"

  configProperties:
    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
@@ -435,7 +278,6 @@ owfms:
    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    firmwaredb.maxage: 360

  volumes:
    owfms:
@@ -463,7 +305,7 @@ owfms:
          secret:
            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -522,7 +364,6 @@ owprov:
    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    rrm.providers: owrrm

  volumes:
    owprov:
@@ -550,7 +391,7 @@ owprov:
          secret:
            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -568,7 +409,7 @@ owprovui:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
      paths:
@@ -659,7 +500,7 @@ owanalytics:
          secret:
            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -739,7 +580,7 @@ owsub:
          secret:
            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
@@ -756,8 +597,8 @@ owrrm:
        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,16790"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,17007"

  resources:
    requests:
@@ -774,12 +615,9 @@ owrrm:
    SELFSIGNED_CERTS: "true"
    SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
    DATABASECONFIG_DBNAME: owrrm
    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-    # Empty string will disable DB usage
-    DATABASECONFIG_SERVER: ""
-    # Uncomment these parameters to enable DB usage + enable mysql below
-    #DATABASECONFIG_SERVER: owrrm-mysql:3306

  secret_env_variables:
    DATABASECONFIG_USER: root
@@ -794,14 +632,14 @@ owrrm:
            claimName: {{ template "owrrm.fullname" . }}-pvc

      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
        subPath: ca.crt
        volumeDefinition: |
          secret:
            secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls

  mysql:
-    enabled: false
+    enabled: true
    fullnameOverride: "owrrm-mysql"

    resources:
@@ -856,8 +694,8 @@ haproxy:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16006,17006"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007,16006,17006"
      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip

 restapiCerts:
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -29,7 +29,7 @@ owprov:
  configProperties:
    openwifi.kafka.enable: "true"
    openwifi.kafka.brokerlist: kafka:9092
-
+      #
 # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
 owanalytics:
  fullnameOverride: owanalytics
@@ -58,6 +58,9 @@ owsub:
 owrrm:
  fullnameOverride: owrrm

+  public_env_variables:
+    UCENTRALCONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:17007
+
  mysql:
    enabled: true

@@ -85,7 +88,7 @@ clustersysteminfo:
  images:
    clustersysteminfo:
      repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: main
+      tag: v2.7.0-RC5
      pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
--- a/docker-compose/.env
+++ b/docker-compose/.env
@@ -1,19 +1,19 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
+OWGW_TAG=v2.7.0-RC4
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC4
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC4
+OWSUB_TAG=v2.7.0-RC3
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=3.8
-POSTGRESQL_TAG=15.0
+POSTGRESQL_TAG=latest
 MYSQL_TAG=latest
 # NOTE currently OWRRM is only supported in LB installations
-#OWRRM_TAG=main
+#OWRRM_TAG=v2.7.0-RC3

 # Microservice root/config directories
 OWGW_ROOT=/owgw-data
--- a/docker-compose/.env.letsencrypt
+++ b/docker-compose/.env.letsencrypt
@@ -1,16 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-OWRRM_TAG=main
+OWGW_TAG=v2.7.0-RC4
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC4
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC4
+OWSUB_TAG=v2.7.0-RC3
+OWRRM_TAG=v2.7.0-RC3
 KAFKA_TAG=latest
-ZOOKEEPER_TAG=3.8
+ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
 MYSQL_TAG=latest
--- a/docker-compose/.env.selfsigned
+++ b/docker-compose/.env.selfsigned
@@ -1,16 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=master
-OWGWUI_TAG=main
-OWSEC_TAG=main
-OWFMS_TAG=main
-OWPROV_TAG=main
-OWPROVUI_TAG=main
-OWANALYTICS_TAG=main
-OWSUB_TAG=main
-OWRRM_TAG=main
+OWGW_TAG=v2.7.0-RC4
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC4
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC4
+OWSUB_TAG=v2.7.0-RC3
+OWRRM_TAG=v2.7.0-RC3
 KAFKA_TAG=latest
-ZOOKEEPER_TAG=3.8
+ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
 MYSQL_TAG=latest
--- a/docker-compose/README.md
+++ b/docker-compose/README.md
@@ -56,9 +56,9 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owgw-ui.env
-| Variable                    | Description                                                                |
-| --------------------------- | -------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 ### owsec.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
@@ -184,9 +184,9 @@ For the Let's Encrypt challenge to work you need a public IP address. The hostna
 | `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |

 ### owgw-ui.env
-| Variable                    | Description                                                                   |
-| --------------------------- | ----------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |

 ### owsec.env
 | Variable            | Description                                                                   |
--- a/docker-compose/deploy.sh
+++ b/docker-compose/deploy.sh
@@ -53,10 +53,7 @@ usage () {
  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
  echo;
  echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
-  echo;
  echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
-  echo;
-  echo "- CERTIFICATES_ALLOWMISMATCH - boolean flag to allow certificates serial mismatch";
 }

 # Check if required environment variables were passed
@@ -145,7 +142,7 @@ if [[ ! -z "$SIMULATORID" ]]; then
  sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
 fi

-sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
+sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env

 if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
  sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
@@ -188,10 +185,6 @@ if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
  sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
 fi

-if [[ ! -z "$CERTIFICATES_ALLOWMISMATCH" ]]; then
-  sed -i "s~.*CERTIFICATES_ALLOWMISMATCH=.*~CERTIFICATES_ALLOWMISMATCH=$CERTIFICATES_ALLOWMISMATCH~" owgw.env
-fi
-
 # Run the deployment
 if [[ ! -z "$SDKHOSTNAME" ]]; then
  docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d
--- a/docker-compose/docker-compose.lb.letsencrypt.yml
+++ b/docker-compose/docker-compose.lb.letsencrypt.yml
@@ -269,6 +269,3 @@ services:
      - "5912:5912"
      - "5913:5913"
      - "16789:16789"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"
--- a/docker-compose/docker-compose.lb.selfsigned.yml
+++ b/docker-compose/docker-compose.lb.selfsigned.yml
@@ -263,6 +263,3 @@ services:
      - "5912:5912"
      - "5913:5913"
      - "16789:16789"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"
--- a/docker-compose/docker-compose.postgresql.yml
+++ b/docker-compose/docker-compose.postgresql.yml
@@ -39,12 +39,6 @@ services:
    image: "postgres:${POSTGRESQL_TAG}"
    networks:
      openwifi:
-    command:
-      - "postgres"
-      - "-c"
-      - "max_connections=400"
-      - "-c"
-      - "shared_buffers=20MB"    
    env_file:
      - postgresql.env
    restart: unless-stopped
--- a/docker-compose/docker-compose.yml
+++ b/docker-compose/docker-compose.yml
@@ -12,7 +12,6 @@ volumes:
  mysql_data:
    driver: local

-
 networks:
  openwifi:

@@ -38,9 +37,6 @@ services:
      - "16003:16003"
      - "5912:5912"
      - "5913:5913"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"
    sysctls:
      - net.ipv4.tcp_keepalive_intvl=5
      - net.ipv4.tcp_keepalive_probes=2
@@ -180,6 +176,23 @@ services:
      - "16006:16006"
      - "16106:16106"

+# NOTE currently OWRRM is only supported in LB installations
+#  owrrm:
+#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+#    networks:
+#      openwifi:
+#        aliases:
+#          - ${INTERNAL_OWRRM_HOSTNAME}
+#    env_file:
+#      - owrrm.env
+#    depends_on:
+#      - mysql
+#      - kafka
+#    restart: unless-stopped
+#    volumes:
+#      - owrrm_data:/owrrm-data
+#    ports:
+#      - "16789:16789"

  zookeeper:
    image: "zookeeper:${ZOOKEEPER_TAG}"
@@ -221,29 +234,12 @@ services:
          --partitions 1 --bootstrap-server kafka:9092
        done && echo "Successfully created Kafka topics, exiting." && exit 0

-# NOTE currently OWRRM is only supported in LB installations
-#  owrrm:
-#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
-#    networks:
-#      openwifi:
-#        aliases:
-#          - ${INTERNAL_OWRRM_HOSTNAME}
-#    env_file:
-#      - owrrm.env
-#    depends_on:
-#      - mysql
-#      - kafka
-#    restart: unless-stopped
-#    volumes:
-#      - owrrm_data:/owrrm-data
-#    ports:
-#      - "16789:16789"
-#  mysql:
-#    image: "mysql:${MYSQL_TAG}"
-#    networks:
-#      openwifi:
-#    env_file:
-#      - mysql.env
-#    restart: unless-stopped
-#    volumes:
-#      - mysql_data:/var/lib/mysql
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql
--- a/docker-compose/kafka.env
+++ b/docker-compose/kafka.env
@@ -1,3 +1,3 @@
 KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
 ALLOW_PLAINTEXT_LISTENER=yes
-TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan rrm
+TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan
--- a/docker-compose/owanalytics.env
+++ b/docker-compose/owanalytics.env
@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWANALYTICS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owanalytics.wlan.local:17009
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16009
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite
--- a/docker-compose/owfms.env
+++ b/docker-compose/owfms.env
@@ -21,7 +21,6 @@ SYSTEM_DATA=$OWFMS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #S3_BUCKETNAME=ucentral-ap-firmware
 #S3_REGION=us-east-1
 S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI
--- a/docker-compose/owgw-ui.env
+++ b/docker-compose/owgw-ui.env
@@ -1 +1,2 @@
-REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false
--- a/docker-compose/owgw.env
+++ b/docker-compose/owgw.env
@@ -37,7 +37,6 @@ SYSTEM_DATA=$OWGW_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #SIMULATORID=
 #IPTOCOUNTRY_PROVIDER=ipinfo
 #IPTOCOUNTRY_IPINFO_TOKEN=
@@ -50,10 +49,6 @@ RTTY_SERVER=openwifi.wlan.local
 #RTTY_TIMEOUT=60
 #RTTY_VIEWPORT=5913
 #RTTY_ASSETS=$OWGW_ROOT/rtty_ui
-RADIUS_PROXY_ENABLE=true
-#RADIUS_PROXY_ACCOUNTING_PORT=1813
-#RADIUS_PROXY_AUTHENTICATION_PORT=1812
-#RADIUS_PROXY_COA_PORT=3799
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite
@@ -67,4 +62,3 @@ KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE_MYSQL_PASSWORD=owgw
 #STORAGE_TYPE_MYSQL_DATABASE=owgw
 #STORAGE_TYPE_MYSQL_PORT=3306
-#CERTIFICATES_ALLOWMISMATCH=false
--- a/docker-compose/owls/deploy_owls.sh
+++ b/docker-compose/owls/deploy_owls.sh
@@ -57,7 +57,7 @@ cd wlan-cloud-ucentral-deploy/docker-compose/owls
 sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
 sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env

-sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
+sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env

 sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
 sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
--- a/docker-compose/owls/owls-ui.env
+++ b/docker-compose/owls/owls-ui.env
@@ -1 +1,2 @@
-REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+DEFAULT_UCENTRALSEC_URL=https://openwifi-owls.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false
--- a/docker-compose/owprov.env
+++ b/docker-compose/owprov.env
@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWPROV_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owprov.wlan.local:17005
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16005
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite
--- a/docker-compose/owsec.env
+++ b/docker-compose/owsec.env
@@ -22,7 +22,6 @@ SYSTEM_DATA=$OWSEC_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16001
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
 #SERVICE_KEY_PASSWORD=mypassword
 #MAILER_HOSTNAME=localhost
--- a/docker-compose/owsub.env
+++ b/docker-compose/owsub.env
@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWSUB_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsub.wlan.local:17006
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16006
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite
--- a/docker-compose/postgresql.env
+++ b/docker-compose/postgresql.env
@@ -15,6 +15,6 @@ OWPROV_DB_PASSWORD=owprov
 OWANALYTICS_DB=owanalytics
 OWANALYTICS_DB_USER=owanalytics
 OWANALYTICS_DB_PASSWORD=owanalytics
-OWSUB_DB=owsub
-OWSUB_DB_USER=owsub
-OWSUB_DB_PASSWORD=owsub
+OWUSB_DB=owsub
+OWUSB_DB_USER=owsub
+OWUSB_DB_PASSWORD=owsub
--- a/docker-compose/postgresql/init-db.sh
+++ b/docker-compose/postgresql/init-db.sh
@@ -3,15 +3,21 @@ set -e

 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
    CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
-    CREATE DATABASE $OWGW_DB OWNER $OWGW_DB_USER;
+    CREATE DATABASE $OWGW_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWGW_DB TO $OWGW_DB_USER;
    CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
-    CREATE DATABASE $OWSEC_DB OWNER $OWSEC_DB_USER;
+    CREATE DATABASE $OWSEC_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSEC_DB TO $OWSEC_DB_USER;
    CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
-    CREATE DATABASE $OWFMS_DB OWNER $OWFMS_DB_USER;
+    CREATE DATABASE $OWFMS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWFMS_DB TO $OWFMS_DB_USER;
    CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
-    CREATE DATABASE $OWPROV_DB OWNER $OWPROV_DB_USER;
+    CREATE DATABASE $OWPROV_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
    CREATE USER $OWANALYTICS_DB_USER WITH ENCRYPTED PASSWORD '$OWANALYTICS_DB_PASSWORD';
-    CREATE DATABASE $OWANALYTICS_DB OWNER $OWANALYTICS_DB_USER;
+    CREATE DATABASE $OWANALYTICS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWANALYTICS_DB TO $OWANALYTICS_DB_USER;
    CREATE USER $OWSUB_DB_USER WITH ENCRYPTED PASSWORD '$OWSUB_DB_PASSWORD';
-    CREATE DATABASE $OWSUB_DB OWNER $OWSUB_DB_USER;
+    CREATE DATABASE $OWSUB_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSUB_DB TO $OWSUB_DB_USER;
 EOSQL
--- a/docker-compose/traefik.env
+++ b/docker-compose/traefik.env
@@ -3,9 +3,6 @@ TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
 TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
 TRAEFIK_ENTRYPOINTS_OWGWRTTYS_ADDRESS=:5912
 TRAEFIK_ENTRYPOINTS_OWGWRTTYSVIEW_ADDRESS=:5913
-TRAEFIK_ENTRYPOINTS_OWGWRADACC_ADDRESS=:1813/udp
-TRAEFIK_ENTRYPOINTS_OWGWRADAUTH_ADDRESS=:1812/udp
-TRAEFIK_ENTRYPOINTS_OWGWRADCOA_ADDRESS=:3799/udp
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
 TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_ADDRESS=:8080
--- a/docker-compose/traefik/openwifi_letsencrypt.yaml
+++ b/docker-compose/traefik/openwifi_letsencrypt.yaml
@@ -147,29 +147,3 @@ tcp:
      rule: "HostSNI(`*`)"
      tls:
        passthrough: true
-
-udp:
-  services:
-    owgw-radius-acc:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1813"
-    owgw-radius-auth:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1812"
-    owgw-radius-coa:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:3799"
-
-  routers:
-    owgw-radius-acc:
-      entryPoints: "owgwradacc"
-      service: "owgw-radius-acc"
-    owgw-radius-auth:
-      entryPoints: "owgwradauth"
-      service: "owgw-radius-auth"
-    owgw-radius-coa:
-      entryPoints: "owgwradcoa"
-      service: "owgw-radius-coa"
--- a/docker-compose/traefik/openwifi_selfsigned.yaml
+++ b/docker-compose/traefik/openwifi_selfsigned.yaml
@@ -153,29 +153,3 @@ tcp:
      rule: "HostSNI(`*`)"
      tls:
        passthrough: true
-
-udp:
-  services:
-    owgw-radius-acc:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1813"
-    owgw-radius-auth:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1812"
-    owgw-radius-coa:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:3799"
-
-  routers:
-    owgw-radius-acc:
-      entryPoints: "owgwradacc"
-      service: "owgw-radius-acc"
-    owgw-radius-auth:
-      entryPoints: "owgwradauth"
-      service: "owgw-radius-auth"
-    owgw-radius-coa:
-      entryPoints: "owgwradcoa"
-      service: "owgw-radius-coa"
Author	SHA1	Message	Date
TIP Automation User	cbb8072d42	Chg: update image tag in helm values to v2.7.0-RC5	2022-10-01 00:58:26 +00:00
TIP Automation User	4c41175770	Chg: update image tag in helm values to v2.7.0-RC4	2022-09-30 19:49:07 +00:00
TIP Automation User	4039605e05	Chg: update image tag in helm values to v2.7.0-RC3	2022-09-30 16:31:47 +00:00
TIP Automation User	1b6e24e539	Chg: update image tag in helm values to v2.7.0-RC2	2022-09-29 23:27:55 +00:00
TIP Automation User	f69300d464	Chg: update image tag in helm values to v2.7.0-RC1	2022-09-16 19:55:16 +00:00