[WIFI-10236] Fix: services env files

Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>

README.md

@@ -18,3 +18,4 @@ This is a short version of [uCentral branching model](https://telecominfraprojec
 3. Also increase the microservice image tags used by the Docker Compose deployments according to the release in the 'Image tags' section of the `docker-compose/.env`, `docker-compose/.env.selfsigned` and `docker-compose/.env.letsencrypt` files.
 4. Create new git tag from release branch. The Git tag should have the same name as the intended release version. Once the tag is pushed to the repo, Github will trigger a build process that will create an assembly Helm chart bundle with all version fixed to the release equal to the Git tag name and will publish it to the public Artifactory and as GitHub release asset.
 5. Release to the QA namespace using the packaged Helm assembly chart to verify there are no issues related to the deployment.
+

chart/Chart.lock

@@ -1,33 +0,0 @@
-dependencies:
-- name: owgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.0
-  version: 0.1.0
-- name: owsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.0
-  version: 0.1.0
-- name: owfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.0
-  version: 0.1.0
-- name: owprov
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main
-  version: 0.1.0
-- name: owgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0
-  version: 0.1.0
-- name: owprovui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main
-  version: 0.1.0
-- name: rttys
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0
-  version: 0.1.0
-- name: kafka
-  repository: https://charts.bitnami.com/bitnami
-  version: 13.0.2
-- name: owls
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main
-  version: 0.1.0
-- name: owlsui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master
-  version: 0.1.0
-digest: sha256:3a71cf3bac846757ed3c60cce296c73c7ecdb31bef474126d4205053019f842e
-generated: "2021-12-17T05:46:32.701924621+03:00"

chart/Chart.yaml

@@ -2,22 +2,22 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.4.1
+version: 2.4.2
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.2"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.2"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.2"
   version: 0.1.0
 - name: owprov
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.2"
   version: 0.1.0
 - name: owprovui
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"

chart/docker/clustersysteminfo

@@ -55,6 +55,9 @@ sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owsec_cli -i
 sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owgw_cli  -i
 sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owfms_cli -i
 sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owprov_cli -i
+# -> Configuration using env variables
+export OWSEC_USERNAME=${OWSEC_DEFAULT_USERNAME}
+export OWSEC_PASSWORD=${OWSEC_NEW_PASSWORD}
 
 echo "Running systeminfo checks for all components until all of them are available OR check tries are exausted ($CHECK_RETRIES)"
 exit_code_sum=1

chart/environment-values/deploy.sh

@@ -138,14 +138,6 @@ for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
   EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
 done
 
-if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
-  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
-else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
-  export OWGW_SERVICE_DNS_RECORDS=""
-fi
-
 # Run the deployment
 helm upgrade --install --create-namespace --wait --timeout 60m \
   --namespace openwifi-${NAMESPACE} \
@@ -193,8 +185,6 @@ helm upgrade --install --create-namespace --wait --timeout 60m \
   --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
   --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
   --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
-  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
   ${EXTRA_VALUES_FLAGS[*]} \
   --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
   --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \

chart/environment-values/values.openwifi-qa.yaml

@@ -1,4 +1,15 @@
 owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
   # https://telecominfraproject.atlassian.net/browse/WIFI-5840
   checks:
     owgw:
@@ -103,6 +114,17 @@ owgw:
             secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
 
 owsec:
+  services:
+    owsec:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
   # https://telecominfraproject.atlassian.net/browse/WIFI-5840
   checks:
     owsec:
@@ -190,6 +212,17 @@ owsec:
             secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
 
 rttys:
+  services:
+    rttys:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5912"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
   resources:
     requests:
       cpu: 10m
@@ -202,6 +235,9 @@ rttys:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
 owgwui:
+  services:
+    owgwui:
+      type: NodePort
   ingresses:
     default:
       enabled: true
@@ -229,6 +265,17 @@ owgwui:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
 owfms:
+  services:
+    owfms:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
   # https://telecominfraproject.atlassian.net/browse/WIFI-5840
   checks:
     owfms:
@@ -316,6 +363,17 @@ owfms:
             secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
 
 owprov:
+  services:
+    owprov:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005"
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
   checks:
     owprov:
       readiness:
@@ -402,6 +460,9 @@ owprov:
             secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
 
 owprovui:
+  services:
+    owprovui:
+      type: NodePort
   ingresses:
     default:
       enabled: true
@@ -420,7 +481,6 @@ owprovui:
   podAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
-
 kafka:
   commonAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
@@ -452,15 +512,5 @@ clustersysteminfo:
   enabled: true
   delay: 60 # delaying to wait for AWS Route53 DNS propagation
 
-haproxy:
-  service:
-    annotations:
-      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
-      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009"
-      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
-
 restapiCerts:
   enabled: true

chart/templates/certificate-restapi.yaml

@@ -0,0 +1,51 @@
+{{- $root := . -}}
+{{- if .Values.restapiCerts.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ow-wildcard
+spec:
+  secretName: ow-wildcard-tls
+  commonName: {{ .Release.Namespace }}.svc.{{ .Values.restapiCerts.clusterDomain }}
+  isCA: true
+  usages:
+    - server auth
+    - client auth
+  issuerRef:
+    name: selfsigned-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: ow-ca-issuer
+spec:
+  ca:
+    secretName: ow-wildcard-tls
+{{ range .Values.restapiCerts.services }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ . }}-restapi
+spec:
+  secretName: {{ . }}-restapi-tls
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - "{{ . }}"
+  - "{{ . }}.{{ $root.Release.Namespace }}.svc"
+  - "{{ . }}.{{ $root.Release.Namespace }}.svc.{{ $root.Values.restapiCerts.clusterDomain }}"
+  issuerRef:
+    name: ow-ca-issuer
+{{- end }}
+{{- end }}

chart/values.yaml

@@ -72,7 +72,7 @@ clustersysteminfo:
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: v2.4.1
+      tag: v2.4.2
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -366,3 +366,15 @@ haproxy:
     backend back_rttys_web
       mode tcp
       server svc_rttys_web rttys-rttys:5914
+
+# Cert-manager RESTAPI certs
+restapiCerts:
+  enabled: false
+
+  services:
+    - owgw-owgw
+    - owsec-owsec
+    - owfms-owfms
+    - owprov-owprov
+
+  clusterDomain: cluster.local

docker-compose/.env

@@ -1,9 +1,9 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.1
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.1
-OWFMS_TAG=v2.4.1
+OWGW_TAG=v2.4.2
+OWGWUI_TAG=v2.4.2
+OWSEC_TAG=v2.4.2
+OWFMS_TAG=v2.4.2
 OWPROV_TAG=main
 OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0

docker-compose/.env.letsencrypt

@@ -1,9 +1,9 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.1
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.1
-OWFMS_TAG=v2.4.1
+OWGW_TAG=v2.4.2
+OWGWUI_TAG=v2.4.2
+OWSEC_TAG=v2.4.2
+OWFMS_TAG=v2.4.2
 OWPROV_TAG=main
 OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0

docker-compose/.env.selfsigned

@@ -1,9 +1,9 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.1
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.1
-OWFMS_TAG=v2.4.1
+OWGW_TAG=v2.4.2
+OWGWUI_TAG=v2.4.2
+OWSEC_TAG=v2.4.2
+OWFMS_TAG=v2.4.2
 OWPROV_TAG=main
 OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0