Chg: update image tag in helm values to v2.5.0-RC2

Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>

.github/git-release-tool/git-release-tool.sh

@@ -0,0 +1,353 @@
+#!/bin/bash
+set -e
+
+# git-release-tool
+# This script is used to manually cut releases for the TIP OpenWIFI CloudSDK 2.x repos
+# For other details, see "usage" function or simply run script
+
+# Constants
+export PAGER=cat
+
+# Internal vars
+LOG_VERBOSITY_NUMBER=0
+REPO_TAGS_ARRAY=()
+
+# Helper functions
+## Logging functions
+log_notice() {
+  echo "[Notice] "$1
+}
+
+log_error() {
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 0 ]]; then
+    echo "[Error] "$1 >/dev/stderr
+  fi
+}
+
+log_info() {
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 1 ]]; then
+    echo "[Info] "$1
+  fi
+}
+
+log_debug() {
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 2 ]]; then
+    echo "[Debug] "$1
+  fi
+}
+
+## Usage info
+usage() {
+  echo
+  log_notice "$0 - script to cut releases for TIP OpenWIFI CloudSDK 2.x repos"
+  log_notice
+  log_notice "This script requires configuration file 'repositories.yaml' near the script and list of environment variables to work"
+  log_notice
+  log_notice "repositories.yaml file format:"
+  echo "deploy_repo_url: git@github.com:Telecominfraproject/wlan-cloud-ucentral-deploy.git # modify if repo name changes"
+  echo "repositories:"
+  echo "  - name: owgw-ui # should be the same as in image repository in helm values (i.e. tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui)"
+  echo "    url: git@github.com:Telecominfraproject/wlan-cloud-owprov-ui.git # it's up to you to use SSH or HTTPS format and setup credentials for push/pull"
+  echo "    docker_compose_name: OWPROVUI # name of environment variable in docker-compose .env file containing image tag for the service"
+  log_notice
+  log_notice "List of required environment variables:"
+  log_notice "- RELEASE_VERSION - release version that should be applied to repositories. Should comply release nameing policy (valid example - 'v2.0.0')"
+  log_notice "- TAG_TYPE - type of tag that should be created for release (supported values - RC / FINAL)"
+  log_notice "- GIT_PUSH_CONFIRMED - confirmation that any changes should be pushed to git (dry-run if unset, set to 'true' to enable)"
+  log_notice
+  log_notice "You may increase log verbosity by setting environment variable LOG_VERBOSITY to required level (ERROR/INFO/DEBUG)"
+#
+}
+
+## Setting functions
+set_log_verbosity_number() {
+  # Log verbosity levels:
+  # 0 - ERROR
+  # 1 - INFO
+  # 2 - DEBUG
+  case $LOG_VERBOSITY in
+    ERROR )
+      LOG_VERBOSITY_NUMBER=0
+    ;;
+    INFO )
+      LOG_VERBOSITY_NUMBER=1
+    ;;
+    DEBUG )
+      LOG_VERBOSITY_NUMBER=2
+    ;;
+    * )
+      log_notice "Setting LOG_VERBOSITY to INFO by default"
+      LOG_VERBOSITY_NUMBER=1
+    ;;
+  esac
+}
+
+## Git manipulation functions
+modify_deploy_repo_values() {
+  NEW_RELEASE_TAG=$1
+  log_debug "NEW_RELEASE_TAG - $NEW_RELEASE_TAG"
+  REPOSITORIES_AMOUNT=$(cat ../repositories.yaml | yq ".repositories[].name" -r | wc -l)
+  for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
+    REPO_URL=$(cat ../repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+    REPO_NAME_SUFFIXED=$(echo $REPO_URL | awk -F '/' '{print $NF}')
+    REPO_NAME_WITHOUT_SUFFIX=${REPO_NAME_SUFFIXED%.git}
+    REPO_DOCKER_COMPOSE_NAME=$(cat ../repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+    SERVICE_TAG="${REPO_TAGS_ARRAY[$REPO_INDEX]}"
+    log_debug "REPO_NAME_WITHOUT_SUFFIX - $REPO_NAME_WITHOUT_SUFFIX"
+    sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env
+    sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.letsencrypt
+    sed "s/$REPO_DOCKER_COMPOSE_NAME=.*/$REPO_DOCKER_COMPOSE_NAME=$SERVICE_TAG/" -i docker-compose/.env.selfsigned
+    sed "/${REPO_NAME_WITHOUT_SUFFIX#*/}@/s/ref=.*/ref=$SERVICE_TAG\"/g" -i chart/Chart.yaml
+  done
+  LATEST_RELEASE_TAG=$(git tag | grep $CURRENT_RELEASE_VERSION | tail -1)
+  if [[ "$(git diff | wc -l)" -eq "0" ]] && [[ "$(git diff $LATEST_RELEASE_TAG)" -eq "0" ]]; then
+    log_info "No changes in microservices and since the latest tag are found, new release is not required"
+  else
+    sed 's/^version: .*/version: '${NEW_RELEASE_TAG#v}'/' chart/Chart.yaml -i
+    if [[ "$GIT_PUSH_CONFIRMED" == "true" ]]; then
+      log_info "Updating helm dependencies:"
+      cd chart
+      helm dependency update
+      cd ..
+    else
+      log_info "Skipping helm charts update due to GIT_PUSH_CONFIRMED not being set to 'true'"
+    fi
+  fi
+  git diff
+}
+
+modify_values() {
+  NEW_RELEASE_TAG=$1
+  if [[ "$(basename $PWD)" == "deploy" ]]; then
+    modify_deploy_repo_values $NEW_RELEASE_TAG
+  else
+    sed "/repository: tip-tip-wlan-cloud-ucentral.jfrog.io\/$(basename $PWD)/!b;n;s/tag: .*/tag: $NEW_RELEASE_TAG/" -i helm/values.yaml
+  fi
+  if [[ "$LOG_VERBOSITY_NUMBER" -ge 2 ]]; then
+    log_debug "Diff to me commited:"
+    git diff
+  fi
+  git add .
+  git commit -m"Chg: update image tag in helm values to $NEW_RELEASE_TAG"
+}
+
+push_changes() {
+  CURRENT_RELEASE=$(git rev-parse --abbrev-ref HEAD)
+  if [[ "$GIT_PUSH_CONFIRMED" == "true" ]]; then
+    log_info "Pushing branch changes and tags:"
+    git push -u origin $CURRENT_RELEASE
+    git push --tags
+  else
+    log_info "Skipping pushing of branch and tags due to GIT_PUSH_CONFIRMED not being set to 'true'"
+  fi
+}
+
+create_tag() {
+  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
+  TAG_TYPE_LOWERED=$(echo $TAG_TYPE | tr '[:upper:]' '[:lower:]')
+  if [[ "$TAG_TYPE_LOWERED" == "final" ]]; then
+    log_debug "Creating final tag"
+    modify_values $CURRENT_RELEASE_VERSION
+    git tag $CURRENT_RELEASE_VERSION
+    push_changes
+    REPO_TAGS_ARRAY+=($CURRENT_RELEASE_VERSION)
+  else
+    log_debug "Checking if there are tags in the current release branch"
+    LATEST_RELEASE_TAG=$(git tag | grep $CURRENT_RELEASE_VERSION | tail -1)
+    log_debug "Latest release tag found - '$LATEST_RELEASE_TAG'"
+    if [[ -z "$LATEST_RELEASE_TAG" ]]; then
+      log_info "There are no tags in the release branch, creating the first one"
+      NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC1
+      log_debug "New tag - $NEW_RELEASE_TAG"
+      modify_values $NEW_RELEASE_TAG
+      git tag $NEW_RELEASE_TAG
+      push_changes
+      REPO_TAGS_ARRAY+=($NEW_RELEASE_TAG)
+    else
+      if [[ "$(basename $PWD)" == "deploy" ]]; then
+        NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
+        NEW_RC=$(expr $NEW_RC + 1)
+        log_debug "New RC to create - $NEW_RC"
+        NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC$NEW_RC
+        modify_deploy_repo_values $NEW_RELEASE_TAG
+        if [[ "v$(cat chart/Chart.yaml | yq '.version' -r)" == "$NEW_RELEASE_TAG" ]]; then
+          git add .
+          git commit -m"Chg: update image tag in helm values to $NEW_RELEASE_TAG"
+          git tag $NEW_RELEASE_TAG
+          push_changes
+          log_info "New tag $NEW_RELEASE_TAG was created and pushed"
+          REPO_TAGS_ARRAY+=($NEW_RELEASE_TAG)
+        else
+          log_info "New tag for deploy repo is not required, saving existing one ($LATEST_RELEASE_TAG)"
+          REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
+        fi
+      else
+        log_debug "Checking if the latest tag is on the latest commit"
+        LATEST_REVISION=$(git rev-parse HEAD)
+        LATEST_RELEASE_TAG_REVISION=$(git rev-parse $LATEST_RELEASE_TAG)
+        log_debug "Latest revision ----- $LATEST_REVISION"
+        log_debug "Latest tag revision - $LATEST_RELEASE_TAG_REVISION"
+        if [[ "$LATEST_REVISION" == "$LATEST_RELEASE_TAG_REVISION" ]]; then
+          log_info "Existing tag $LATEST_RELEASE_TAG is pointing to the latest commit in the release branch"
+          REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
+        else
+          NEW_RC=$(echo $LATEST_RELEASE_TAG | awk -F 'RC' '{print $2}')
+          NEW_RC=$(expr $NEW_RC + 1)
+          log_debug "New RC to create - $NEW_RC"
+          NEW_RELEASE_TAG=$CURRENT_RELEASE_VERSION-RC$NEW_RC
+          modify_values $NEW_RELEASE_TAG
+          git tag $NEW_RELEASE_TAG
+          push_changes
+          log_info "New tag $NEW_RELEASE_TAG was created and pushed"
+          REPO_TAGS_ARRAY+=($NEW_RELEASE_TAG)
+        fi
+      fi
+    fi
+  fi
+}
+
+check_final_tag() {
+  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
+  log_debug "Amount of final tags found - $(git tag | grep -x $CURRENT_RELEASE_VERSION | wc -l)"
+  if [[ "$(git tag | grep -x $CURRENT_RELEASE_VERSION | wc -l)" -gt "0" ]]; then
+    log_error "Final tag $CURRENT_RELEASE_VERSION already exists in release branch"
+    exit 1
+  fi
+}
+
+check_git_tags() {
+  CURRENT_RELEASE_VERSION=$(git rev-parse --abbrev-ref HEAD | awk -F 'release/' '{print $2}')
+  RELEASE_TAGS_AMOUNT=$(git tag | grep $CURRENT_RELEASE_VERSION | wc -l)
+  log_debug "Amount of tags linked with the release - $RELEASE_TAGS_AMOUNT"
+  if [[ "$RELEASE_TAGS_AMOUNT" -gt "0" ]]; then
+    check_final_tag
+  fi
+  create_tag
+}
+
+check_release_branch() {
+  RELEASE_BRANCH=$1
+  git checkout $RELEASE_BRANCH -q
+  check_git_tags
+}
+
+create_release_branch() {
+  git checkout -b release/$RELEASE_VERSION -q
+  check_release_branch release/$RELEASE_VERSION
+}
+
+check_if_release_branch_required() {
+  LATEST_RELEASE_BRANCH=$(git branch -r | grep 'release/' | tail -1 | xargs)
+  log_debug "Latest release branch available - $LATEST_RELEASE_BRANCH"
+  if [[ -z "$LATEST_RELEASE_BRANCH" ]]; then
+    log_info "Could not find a single release branch, creating it"
+    create_release_branch $RELEASE_VERSION
+  else
+    LAST_RELEASE_DIFF_LINES_AMOUNT=$(git diff $LATEST_RELEASE_BRANCH ':(exclude)helm/values.yaml' | wc -l)
+    if [[ "$LAST_RELEASE_DIFF_LINES_AMOUNT" -eq "0" ]]; then
+      log_info "There are no changes in project since the latest release branch $LATEST_RELEASE_BRANCH so we will use tag from it"
+      LATEST_RELEASE=$(echo $LATEST_RELEASE_BRANCH | awk -F 'origin/' '{print $2}')
+      LATEST_RELEASE_TAG=$(git tag | grep -x $LATEST_RELEASE | tail -1)
+      if [[ -z "$LATEST_RELEASE_TAG" ]]; then
+        log_info "Could not find any tags for $LATEST_RELEASE release, creating it"
+        check_release_branch $LATEST_RELEASE
+      else
+        log_info "Latest release tag found - $LATEST_RELEASE_TAG"
+        REPO_TAGS_ARRAY+=($LATEST_RELEASE_TAG)
+      fi 
+    else
+      create_release_branch $RELEASE_VERSION
+    fi
+  fi
+}
+
+create_repo_version() {
+  CWD=$PWD
+  REPO_NAME=$1
+  REPO_URL=$2
+  rm -rf $REPO_NAME
+  git clone -q $REPO_URL $REPO_NAME
+  cd $REPO_NAME
+  DEFAULT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+  RELEASE_BRANCH=$(git branch -r | grep $RELEASE_VERSION | awk -F 'origin/' '{print $2}' | xargs)
+  log_debug "Release branch to check - '$RELEASE_BRANCH'"
+  if [[ ! -z "$RELEASE_BRANCH" ]]; then
+    log_info "Release branch $RELEASE_BRANCH exists in the repository, checking if it has tags"
+    check_release_branch $RELEASE_BRANCH
+  else
+    log_info "Release branch does not exists in the repository, checking if we need to create it"
+    check_if_release_branch_required $DEFAULT_BRANCH
+  fi
+  log_info "Release commit info:"
+  git show
+  cd $CWD
+  rm -rf $REPO_NAME
+}
+
+# Log level setup
+set_log_verbosity_number
+
+# Check system requirements
+if ! command -v yq &> /dev/null; then
+    log_error "Command yq could not be found"
+    usage
+    exit 2
+fi
+if ! command -v sed &> /dev/null; then
+    log_error "Command sed could not be found"
+    usage
+    exit 2
+fi
+if ! command -v helm &> /dev/null; then
+    log_error "Command helm could not be found"
+    usage
+    exit 2
+fi
+if [[ "$(helm plugin list | grep -wP '(helm-git|diff)' | wc -l)" -ne "2" ]]; then
+    log_error "Helm plugins (helm-git and/or diff) are missing"
+    usage
+    exit 2
+fi
+
+# Check variables
+log_debug "Release version: ${RELEASE_VERSION}"
+[ -z ${RELEASE_VERSION+x} ] && echo "RELEASE_VERSION is unset" && usage && exit 3
+echo "${RELEASE_VERSION}" | grep -xP "v(\d)+\.(\d)+\.\d+" >/dev/null || (log_error "RELEASE_VERSION is not in the right notation (correct example - v2.2.0)" && usage && exit 3)
+log_debug "Tag type: ${TAG_TYPE}"
+[ -z ${TAG_TYPE+x} ] && echo "TAG_TYPE is unset" && usage && exit 3
+echo "${TAG_TYPE}" | tr '[:upper:]' '[:lower:]' | grep -xP "(rc|final)" >/dev/null || (log_error "TAG_TYPE is not in the supported values ('rc' or 'final', case insensitive)" && usage && exit 3)
+
+# Main body
+REPOSITORIES_AMOUNT=$(cat repositories.yaml | yq ".repositories[].name" -r | wc -l)
+DEPLOY_REPO_URL=$(cat repositories.yaml | yq ".deploy_repo_url" -r)
+log_debug "DEPLOY_REPO_URL - $DEPLOY_REPO_URL"
+
+log_info "Checking repositories"
+log_info "Found $REPOSITORIES_AMOUNT repos to process"
+for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
+  echo
+  REPO_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  REPO_URL=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].url" -r)
+  REPO_DOCKER_COMPOSE_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].docker_compose_name" -r)
+  log_debug "REPO_NAME - $REPO_NAME"
+  log_debug "REPO_URL - $REPO_URL"
+  log_debug "REPO_DOCKER_COMPOSE_NAME - $REPO_DOCKER_COMPOSE_NAME"
+  log_info "Processing repository '$REPO_NAME'"
+  create_repo_version $REPO_NAME $REPO_URL
+done
+log_debug "Tags per project: ${REPO_TAGS_ARRAY[*]}"
+
+echo
+log_info "Preparing changes in deploy repo"
+create_repo_version "deploy" $DEPLOY_REPO_URL
+
+echo
+log_info "Services versions:"
+for REPO_INDEX in $(seq 0 $(expr $REPOSITORIES_AMOUNT - 1)); do
+  REPO_NAME=$(cat repositories.yaml | yq ".repositories[$REPO_INDEX].name" -r)
+  log_info "- $REPO_NAME - ${REPO_TAGS_ARRAY[$REPO_INDEX]}"
+done
+log_info "Deployment repo version - ${REPO_TAGS_ARRAY[-1]}"
+if [[ "$GIT_PUSH_CONFIRMED" != "true" ]]; then
+  log_info "To apply changes described above, set GIT_PUSH_CONFIRMED to 'true' and rerun this script"
+fi

.github/git-release-tool/repositories.yaml

@@ -12,3 +12,9 @@ repositories:
   - name: owgw-ui
     url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui.git
     docker_compose_name: OWGWUI_TAG
+  - name: owprov-ui
+    url: https://github.com/Telecominfraproject/wlan-cloud-owprov-ui.git
+    docker_compose_name: OWPROVUI_TAG
+  - name: owprov
+    url: https://github.com/Telecominfraproject/wlan-cloud-owprov.git
+    docker_compose_name: OWPROV_TAG

.github/workflows/enforce-jira-issue-key.yml

@@ -0,0 +1,22 @@
+name: Ensure Jira issue is linked
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  check_for_issue_key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout actions repo
+        uses: actions/checkout@v2
+        with:
+          repository: Telecominfraproject/.github
+          path: github
+
+      - name: Run JIRA check
+        uses: ./github/composite-actions/enforce-jira-issue-key
+        with:
+          jira_base_url: ${{ secrets.TIP_JIRA_URL }}
+          jira_user_email: ${{ secrets.TIP_JIRA_USER_EMAIL }}
+          jira_api_token: ${{ secrets.TIP_JIRA_API_TOKEN }}

.github/workflows/git-release.yml

@@ -0,0 +1,59 @@
+name: Create new release for OpenWIFI 2.x services
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Release version to create (i.e. v2.4.0)'
+        required: true
+      tag_type:
+        default: 'rc'
+        description: 'Tag type to create (final OR rc)'
+        required: true
+      push_confirm:
+        default: ''
+        description: 'Set to "true" if changes should be pushed (dry-run enabled by default)'
+        required: false
+      log_level:
+        default: 'INFO'
+        description: 'Log level for the script (ERROR/INFO/DEBUG)'
+        required: false
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  create_release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-cloud-ucentral-deploy
+
+    - name: Install system dependencies
+      run: |
+        pip3 install yq
+        helm plugin install https://github.com/databus23/helm-diff
+        helm plugin install https://github.com/aslafy-z/helm-git
+        ls ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh || true
+        sed 's/--skip-refresh //' -i ~/.local/share/helm/plugins/helm-git/helm-git-plugin.sh
+
+    - name: Run release creation script
+      working-directory: wlan-cloud-ucentral-deploy/.github/git-release-tool
+      run: |
+        export RELEASE_VERSION=${{ github.event.inputs.release_version }}
+        export TAG_TYPE=${{ github.event.inputs.tag_type }}
+        export GIT_PUSH_CONFIRMED=${{ github.event.inputs.push_confirm }}
+        export LOG_VERBOSITY=${{ github.event.inputs.log_level }}
+        mkdir -p ~/.ssh
+        chmod -R 700 ~/.ssh
+        ssh-keyscan -H github.com >> ~/.ssh/known_hosts
+        echo https://tip-automation:${{ secrets.GIT_PUSH_PAT }}@github.com > ~/.git-credentials
+        git config --global credential.helper store
+        git config --global user.email "tip-automation@telecominfraproject.com"
+        git config --global user.name "TIP Automation User"
+        helm repo add bitnami https://charts.bitnami.com/bitnami
+        helm repo update
+        ./git-release-tool.sh

.github/workflows/release.yml

@@ -22,22 +22,22 @@ jobs:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy
 
-      - name: Run pre-checks
-        working-directory: wlan-cloud-ucentral-deploy/chart
-        run: |
-          pip3 install yq -q
-          export CHART_VERSION=$(cat Chart.yaml | yq .version -r)
-          export GIT_TAG=$(echo ${GITHUB_REF} | sed -e 's/refs\/tags\/[v]//' | tr '/' '-')
-          if [ "$CHART_VERSION" != "$GIT_TAG" ]; then
-            echo "Chart version in Chart.yaml ($CHART_VERSION) is different from Git tag ($GIT_TAG)";
-            exit 1
-          fi
-
-          #if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
-          #  echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
-          #  cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
-          #  exit 1
-          #fi
+#      - name: Run pre-checks
+#        working-directory: wlan-cloud-ucentral-deploy/chart
+#        run: |
+#          pip3 install yq -q
+#          export CHART_VERSION=$(cat Chart.yaml | yq .version -r)
+#          export GIT_TAG=$(echo ${GITHUB_REF} | sed -e 's/refs\/tags\/[v]//' | tr '/' '-')
+#          if [ "$CHART_VERSION" != "$GIT_TAG" ]; then
+#            echo "Chart version in Chart.yaml ($CHART_VERSION) is different from Git tag ($GIT_TAG)";
+#            exit 1
+#          fi
+#
+#          if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
+#            echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
+#            cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
+#            exit 1
+#          fi
 
       - name: Build package
         working-directory: wlan-cloud-ucentral-deploy/chart

chart/Chart.lock

@@ -1,24 +1,24 @@
 dependencies:
 - name: owgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.5.0-RC1
   version: 0.1.0
 - name: owsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.5.0-RC1
   version: 0.1.0
 - name: owfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.5.0-RC1
   version: 0.1.0
 - name: owprov
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.5.0-RC1
   version: 0.1.0
 - name: owgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.5.0-RC1
   version: 0.1.0
 - name: owprovui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.5.0-RC1
   version: 0.1.0
 - name: rttys
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=main
   version: 0.1.0
 - name: kafka
   repository: https://charts.bitnami.com/bitnami
@@ -29,5 +29,8 @@ dependencies:
 - name: owlsui
   repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master
   version: 0.1.0
-digest: sha256:3a71cf3bac846757ed3c60cce296c73c7ecdb31bef474126d4205053019f842e
-generated: "2021-12-17T05:46:32.701924621+03:00"
+- name: haproxy
+  repository: https://charts.bitnami.com/bitnami
+  version: 0.2.21
+digest: sha256:44b4e5b6c7eee42a3c7d9de22896283acd8e5cc14f9cc597f314c67f300b2c2a
+generated: "2022-02-11T16:34:37.809225701Z"

chart/Chart.yaml

@@ -2,31 +2,31 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.4.1
+version: 2.5.0-RC2
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.5.0-RC1"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.5.0-RC1"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.5.0-RC1"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.5.0-RC1"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.5.0-RC1"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.5.0-RC1"
   version: 0.1.0
 - name: rttys
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=main"
   version: 0.1.0
 - name: kafka
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  repository: https://charts.bitnami.com/bitnami
   version: 13.0.2
 - name: owls
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
@@ -37,6 +37,6 @@ dependencies:
   version: 0.1.0
   condition: owlsui.enabled
 - name: haproxy
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  repository: https://charts.bitnami.com/bitnami
   version: 0.2.21
   condition: haproxy.enabled

chart/README.md

@@ -7,6 +7,7 @@ This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencie
 [helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so intall it if you don't have it already.
 
 ```bash
+$ helm dependency update
 $ helm install .
 ```
 
@@ -20,23 +21,35 @@ Current dependencies may be found in [chart definition](Chart.yaml) and list wil
 
 ## Installing the Chart
 
-To install the chart with the release name `my-release`:
+There are multiple ways to install this chart. Described commands will deploy the OpenWIFI Cloud SDK on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that will be overwritten above default values from dependent charts.
+
+### Installation using local git repo
+
+To install the chart from local git repo with the release name `my-release` you need to first update dependencies as it is required with dependencies deployed by helm-git:
 
 ```bash
-$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/@chart?ref=main
+$ helm dependency update
+$ helm install .
 ```
 
-The command deploys the OpenWIFI Cloud SDK on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that will be overwritten above default values from dependent charts.
+### Installation using remote chart
 
-> **Tip**: List all releases using `helm list`
-
-If you need to update your release, it could be required to update your helm charts dependencies before installation:
+To install the chart with the release name `my-release` you need to first update dependencies as it is required with dependencies deployed by helm-git:
 
 ```bash
-helm dependency update
+$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy@chart/openwifi-0.1.0.tgz?ref=main
 ```
 
-#### Required password changing on the first startup
+### Installation using external repo
+
+This approach requires adding external helm repo and new versions are build for every [release](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/releases):
+
+```bash
+helm repo add tip-wlan https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+helm install my-release tip-wlan/openwifi
+```
+
+## Required password changing on the first startup
 
 One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
 
@@ -62,6 +75,8 @@ The following table lists the configurable parameters that overrides microservic
 | `owsec.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Security to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `owfms.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Firmware to use Kafka for communication | `'true'` |
 | `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owprov.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Provisioning to use Kafka for communication | `'true'` |
+| `owprov.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Provisioning to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
 | `rttys.config.token` | string | Sets default rttys token |  |
 | `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
@@ -70,6 +85,21 @@ The following table lists the configurable parameters that overrides microservic
 | `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
 | `kafka.image.tag` | string | Kafka Docker image tag | `'2.8.0-debian-10-r43'` |
 | `kafka.minBrokerId` | number | Sets Kafka minimal broker ID (useful for multi-node Kafka installations) | `100` |
+| `clustersysteminfo.enabled` | boolean | Enables post-install check that makes sure that all services are working correctly using systeminfo RESTAPI method | `false` |
+| `clustersysteminfo.delay` | integer | Number of seconds to delay clustersysteminfo execution | `0` |
+| `clustersysteminfo.public_env_variables` | hash | Map of public environment variables that will be passed to the script (required for configuration) |  |
+| `clustersysteminfo.secret_env_variables` | hash | Map of secret environment variables that will be passed to the script (for example, password) |  |
+| `clustersysteminfo.activeDeadlineSeconds` | integer | Number of seconds that are allowed for job to run before failing with Dealine Exceeded error | `2400` |
+| `clustersysteminfo.backoffLimit` | integer | Number of jobs retries before job failure | `5` |
+| `owls.enabled` | boolean | Install OpenWIFI Load Simulator in the release | `false` |
+| `owls.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Load Simulator to use Kafka for communication | `'true'` |
+| `owls.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Load Simulator to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
+| `owlsui.enabled` | boolean | Install OpenWIFI Load Simulator Web UI in the release | `false` |
+| `haproxy.enabled` | boolean | Install HAproxy as a unified TCP proxy for services | `true` |
+| `haproxy.replicaCount` | Integer | Amount of HAproxy pods to start | `3` |
+| `restapiCerts.enabled` | boolean | Enable generation of self-signed certificates for REST API private endpoints (see details below) | `false` |
+| `restapiCerts.services` | array | List of services that require certificates generation |  |
+| `restapiCerts.clusterDomain` | string | Kubernetes cluster domain | `cluster.local` |
 
 If required, further overrides may be passed. They will be merged with default values from this chart and other subcharts with priority to values you'll pass.
 
@@ -90,3 +120,78 @@ $ helm install --name my-release -f values.yaml .
 ```
 
 > **Tip**: You can use the default [values.yaml](values.yaml) as a base for customization.
+
+## Optional features
+
+Some features of the SDK are not enabled by default, but you may enable them by changing your values file. Below you may find information about supported features and values that may be used as a base to enable these changes. As an example of used values you may check values files in [wlan-testing](https://github.com/Telecominfraproject/wlan-testing/tree/master/helm/ucentral) repository that are used for different automated testing pipelines.
+
+If you want to enable different features, you may try passing additional values files using `-f` flag during `helm install/upgrade` commands.
+
+### Cluster systeminfo check
+
+By setting `clusterinfo.enabled` to `true` you may enable job on post-install/post-upgrade step that will do the following:
+
+1. Change default security credentials from credentials set in OWSEC configuration file (see 'Required password changing on the first startup' block above)
+2. Check if all services started responding correctly after the deployment using systeminfo REST API method
+
+In order to do that, you need to additionaly set multiple parameters:
+
+1. clusterinfo.public_env_variables.OWSEC - OWSEC endpoint to use for CLI tools
+2. clusterinfo.secret_env_variables.OWSEC_DEFAULT_USERNAME - username used for CLI requests (see OWSEC configuration file for details)
+3. clusterinfo.secret_env_variables.OWSEC_DEFAULT_PASSWORD - default password stored in OWSEC configuration that is required for initial password change
+4. clusterinfo.secret_env_variables.OWSEC_NEW_PASSWORD - new password that should be set instead of default OWSEC password. It is set only once, then used all the time. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+
+If you are interested in script itself, see [script](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/blob/main/chart/docker/clustersysteminfo).
+
+You may see example values to enable this feature in [values.enable-clustersysteminfo.yaml](./feature-values/values.enable-clustersysteminfo.yaml).
+
+### Load simulation
+
+Chart also allows to install [OWLS](https://github.com/Telecominfraproject/wlan-cloud-owls) and [OWLS-UI](https://github.com/Telecominfraproject/wlan-cloud-owls-ui) alongside your installation if you are interested in load testing your installation. See services repositories for available options and configuration details.
+
+You may see example values to enable this feature in [values.enable-owls.yaml](./feature-values/values.enable-owls.yaml).
+
+### HAproxy
+
+In order to use single point of entry for all services (may be used for one cloud Load Balancer per installation) HAproxy is installed by default with other services. HAproxy is working in TCP proxy mode, so every TLS certificate is managed by services themself, while it is possible to pass requests from cloud load balancer to services using same ports (configuration of cloud load balancer may vary from cloud provider to provider).
+
+By default this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
+
+### OWGW unsafe sysctls
+
+By default Linux is using quite adeqate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
+
+- net.ipv4.tcp_keepalive_intvl
+- net.ipv4.tcp_keepalive_probes - 2
+- net.ipv4.tcp_keepalive_time - 45
+
+However this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls) and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
+
+```
+--allowed-unsafe-sysctls net.ipv4.tcp_keepalive_intvl,net.ipv4.tcp_keepalive_probes,net.ipv4.tcp_keepalive_time
+```
+
+After this change you may pass additional parameters to OWGW helm chart. You may see example values in [values.owgw-unsafe-sysctl.yaml](./feature-values/values.owgw-unsafe-sysctl.yaml)
+
+### Private REST API cert-manager managed certificates
+
+All services have 2 REST API endpoints - private and public one. Private endpoint is used for inter-service communication and should not be exposed to the world, but since it also requires TLS in order to work correctly, additional optional logic was implemented that allows to manage TLS certificates for such endpoints to be managed by [cert-manager](https://github.com/jetstack/cert-manager). In order to activate this feature following steps are required:
+
+0. Install and configure [cert-manager](https://cert-manager.io/docs/) in your cluster
+1. Enable option by setting `restapiCerts.enabled`
+2. If you have a different Kubernetes cluster domain, adapt `restapiCerts.clusterDomain` to your cluster domain
+3. Add additional parameters for services in order to mount certificates secrets in pods, use certificates by service and add public environment variable that will add cert-manager managed CA certificate to pod's trusted chain (see [OWGW docker-entrypoint.sh](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/docker-entrypoint.sh) as example of how it is done)
+
+You may see example values to enable this feature in [values.restapi-certmanager-certs.yaml](./feature-values/values.restapi-certmanager-certs.yaml).
+
+## Environment specific values
+
+This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).
+
+Some environments are using [external-dns](https://github.com/kubernetes-sigs/external-dns) service to dynamically set DNS records, but you may manage your records manually
+
+### AWS EKS
+
+EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also it is assumed that you have Route53 managed DNS zone and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
+
+You may see example values for this environment in [values.aws.yaml](./environment-values/values.aws.yaml).

chart/docker/clustersysteminfo

@@ -44,17 +44,9 @@ then
   exit 3
 fi
 
-# Adapt scripts for the security credentials
-# -> Username
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owsec_cli -i
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owgw_cli -i
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owfms_cli -i
-sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owprov_cli -i
-# -> Password
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owsec_cli -i
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owgw_cli  -i
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owfms_cli -i
-sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owprov_cli -i
+# Prepare security credentials for cli usage
+export OWSEC_USERNAME=${OWSEC_DEFAULT_USERNAME}
+export OWSEC_PASSWORD=${OWSEC_NEW_PASSWORD}
 
 echo "Running systeminfo checks for all components until all of them are available OR check tries are exausted ($CHECK_RETRIES)"
 exit_code_sum=1

chart/environment-values/deploy.sh

@@ -1,215 +0,0 @@
-#!/bin/bash
-set -e
-
-# Usage function
-usage () {
-  echo;
-  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables";
-  echo;
-  echo "Required environment variables:"
-  echo;
-  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')";
-  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0";
-  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)";
-  echo;
-  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment";
-  echo "- RTTY_TOKEN - token to be used for rttys and OpenWIFI Gateway for remote tty sessions";
-  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security";
-  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
-  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket";
-  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket";
-  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties";
-  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services";
-  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services";
-  echo;
-  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):"
-  echo;
-  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
-  echo;
-  echo "Optional environment variables:"
-  echo;
-  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)"
-  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator";
-  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator";
-  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services"
-}
-
-# Global variables
-VALUES_FILE_LOCATION_SPLITTED=()
-EXTRA_VALUES_SPLITTED=()
-
-# Helper functions
-check_if_chart_version_is_release() {
-  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
-  if [[ -z "$PARSED_CHART_VERSION" ]]; then
-    return 1
-  else
-    return 0
-  fi
-}
-
-# Check if required environment variables were passed
-## Deployment specifics
-[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" && usage && exit 1
-[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" && usage && exit 1
-if check_if_chart_version_is_release; then
-  echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
-else
-  echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
-  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" && usage && exit 1
-  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" && usage && exit 1
-  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" && usage && exit 1
-  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" && usage && exit 1
-  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" && usage && exit 1
-  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" && usage && exit 1
-fi
-## Environment specifics
-[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" && usage && exit 1
-## Variables specifics
-[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" && usage && exit 1
-[ -z ${RTTY_TOKEN+x} ] && echo "RTTY_TOKEN is unset" && usage && exit 1
-[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" && usage && exit 1
-[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" && usage && exit 1
-[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
-[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
-[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" && usage && exit 1
-[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" && usage && exit 1
-[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" && usage && exit 1
-
-[ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
-[ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
-
-# Transform some environment variables
-export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
-export OWGWUI_VERSION_TAG=$(echo ${OWGWUI_VERSION} | tr '/' '-')
-export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-')
-export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-')
-export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
-export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
-
-# Debug get bash version
-bash --version > /dev/stderr
-
-# Check deployment method that's required for this environment
-helm plugin install https://github.com/databus23/helm-diff || true
-if [[ "$DEPLOY_METHOD" == "git" ]]; then
-  helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
-  rm -rf wlan-cloud-ucentral-deploy || true
-  git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
-  cd wlan-cloud-ucentral-deploy
-  git checkout $CHART_VERSION
-  cd chart
-  if ! check_if_chart_version_is_release; then
-    sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
-    sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
-  fi
-  helm repo add bitnami https://charts.bitnami.com/bitnami
-  helm repo update
-  helm dependency update
-  cd ../..
-  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
-else
-  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
-    helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
-    export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
-  else
-    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle"
-    exit 1
-  fi
-fi
-
-VALUES_FILES_FLAGS=()
-IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
-for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
-  VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
-done
-EXTRA_VALUES_FLAGS=()
-IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
-for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
-  EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
-done
-
-if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
-  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
-else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
-  export OWGW_SERVICE_DNS_RECORDS=""
-fi
-
-# Run the deployment
-helm upgrade --install --create-namespace --wait --timeout 60m \
-  --namespace openwifi-${NAMESPACE} \
-  ${VALUES_FILES_FLAGS[*]} \
-  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgw.configProperties."rtty\.server"=rtty-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
-  --set owgw.configProperties."openwifi\.system\.uri\.private"=https://owgw-owgw:17002 \
-  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgw.configProperties."rtty\.token"=${RTTY_TOKEN} \
-  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
-  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
-  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set owsec.configProperties."openwifi\.system\.uri\.private"=https://owsec-owsec:17001 \
-  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
-  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
-  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
-  --set owfms.configProperties."openwifi\.system\.uri\.private"=https://owfms-owfms:17004 \
-  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
-  --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
-  --set owprov.configProperties."openwifi\.system\.uri\.private"=https://owprov-owprov:17005 \
-  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
-  --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set rttys.config.token=${RTTY_TOKEN} \
-  --set rttys.services.rttys.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rtty-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
-  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
-  --set owls.configProperties."openwifi\.system\.uri\.private"=https://owls-owls:17007 \
-  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
-  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
-  --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
-  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
-  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
-  ${EXTRA_VALUES_FLAGS[*]} \
-  --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
-  --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
-  --set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \
-  --set-file rttys.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file rttys.certs."restapi-key\.pem"=$KEY_LOCATION \
-  --set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \
-  --set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file owfms.certs."restapi-key\.pem"=$KEY_LOCATION \
-  --set-file owprov.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file owprov.certs."restapi-key\.pem"=$KEY_LOCATION \
-  --set-file owls.certs."restapi-cert\.pem"=$CERT_LOCATION \
-  --set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \
-  --set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \
-  --set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \
-  tip-openwifi $DEPLOY_SOURCE

chart/environment-values/values.aws.yaml

@@ -0,0 +1,91 @@
+# TODO adapt config for your environments - change FQDNs, certificates and security credentials
+owgw:
+  configProperties: # TODO change FQDNs
+    openwifi.fileuploader.host.0.name: gw.cicd.lab.wlan.tip.build
+    openwifi.system.uri.public: https://gw.cicd.lab.wlan.tip.build:16002
+    openwifi.system.uri.private: https://gw.cicd.lab.wlan.tip.build:17002
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+    rtty.server: rtty.cicd.lab.wlan.tip.build
+    rtty.token: TOFILL # TODO change rttys token to the same used in rttys below
+
+owgwui:
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+        external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN
+      paths:
+      - path: /*
+        serviceName: owgwui
+        servicePort: http
+
+  public_env_variables:
+    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+
+owsec:
+  configProperties: # TODO change FQDNs and credentials
+    authentication.default.username: tip@ucentral.com
+    authentication.default.password: TOFILL # TODO change password to default hashed password (see OWSEC readme for details)
+    openwifi.system.uri.public: https://sec.cicd.lab.wlan.tip.build:16001
+    openwifi.system.uri.private: https://sec.cicd.lab.wlan.tip.build:17001
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owfms:
+  configProperties: # TODO change FQDNs and credentials
+    s3.key: TOFILL # TODO change these values to S3 credentials to get firmwares from bucket
+    s3.secret: TOFILL
+    # TODO uncomment and change these values if you are using your own S3 bucket with firmwares
+    #s3.bucketname: ucentral-ap-firmware
+    #s3.region: us-east-1
+    #s3.bucket.uri: ucentral-ap-firmware.s3.amazonaws.com
+    openwifi.system.uri.public: https://fms.cicd.lab.wlan.tip.build:16001
+    openwifi.system.uri.private: https://fms.cicd.lab.wlan.tip.build:17001
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owprov:
+  configProperties: # TODO change FQDNs
+    openwifi.system.uri.public: https://prov.cicd.lab.wlan.tip.build:16001
+    openwifi.system.uri.private: https://prov.cicd.lab.wlan.tip.build:17001
+    openwifi.system.uri.ui: https://webui.cicd.lab.wlan.tip.build
+
+owprovui:
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+        external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN
+      paths:
+      - path: /*
+        serviceName: owprovui
+        servicePort: http
+
+  public_env_variables:
+    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+
+rttys:
+  config:
+    token: TOFILL # TODO change rttys token and set it in OWGW section above
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913"
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+      external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build"
+

chart/environment-values/values.openwifi-qa.external-db.yaml

@@ -1,14 +0,0 @@
-owgw:
-  configProperties:
-    storage.type: postgresql
-    storage.type.postgresql.host: owgw-pgsql
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-
-  postgresql:
-    enabled: true
-    fullnameOverride: owgw-pgsql
-    postgresqlDatabase: owgw
-    postgresqlUsername: owgw
-    postgresqlPassword: owgw

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -1,173 +0,0 @@
-owgw:
-  services:
-    owgw:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
-
-  configProperties:
-    simulatorid: 53494D020202
-    storage.type: postgresql
-    storage.type.postgresql.host: owgw-pgsql
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-
-  resources:
-    requests:
-      cpu: 2000m
-      memory: 3000Mi
-    limits:
-      cpu: 2000m
-      memory: 3000Mi
-
-  postgresql:
-    enabled: true
-    fullnameOverride: owgw-pgsql
-
-    postgresqlDatabase: owgw
-    postgresqlUsername: owgw
-    postgresqlPassword: owgw
-
-owls:
-  enabled: true
-  services:
-    owls:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
-        external-dns.alpha.kubernetes.io/ttl: "60"
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  resources:
-    requests:
-      cpu: 3000m
-      memory: 8000Mi
-    limits:
-      cpu: 3000m
-      memory: 8000Mi
-
-  checks:
-    owls:
-      liveness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-      readiness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owls:
-      - name: config
-        mountPath: /owls-data/owls.properties
-        subPath: owls.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-config
-      - name: certs
-        mountPath: /owls-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs
-      - name: certs-cas
-        mountPath: /owls-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs-cas
-      # Change this if you want to use another volume type
-      - name: persist
-        mountPath: /owls-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owls.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owls-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-
-owlsui:
-  enabled: true
-
-  services:
-    owlsui:
-      type: NodePort
-
-  ingresses:
-    default:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: alb
-        alb.ingress.kubernetes.io/scheme: internet-facing
-        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
-        external-dns.alpha.kubernetes.io/ttl: "60"
-      paths:
-      - path: /*
-        serviceName: owlsui
-        servicePort: http
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -1,62 +0,0 @@
-owgw:
-  services:
-    owgw:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
-
-owsec:
-  services:
-    owsec:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
-
-rttys:
-  services:
-    rttys:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
-
-owfms:
-  services:
-    owfms:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
-
-owprov:
-  services:
-    owprov:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
-
-haproxy:
-  enabled: false

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -1,118 +0,0 @@
-owgw:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-  postgresql:
-    primary:
-      nodeSelector:
-        env: tests
-      tolerations:
-      - key: "tests"
-        operator: "Exists"
-        effect: "NoSchedule"
-    readReplicas:
-      nodeSelector:
-        env: tests
-      tolerations:
-      - key: "tests"
-        operator: "Exists"
-        effect: "NoSchedule"
-
-owsec:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-owgwui:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-owfms:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-owprov:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-owprovui:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-owls:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-  postgresql:
-    primary:
-      nodeSelector:
-        env: tests
-      tolerations:
-      - key: "tests"
-        operator: "Exists"
-        effect: "NoSchedule"
-    readReplicas:
-      nodeSelector:
-        env: tests
-      tolerations:
-      - key: "tests"
-        operator: "Exists"
-        effect: "NoSchedule"
-
-rttys:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-owlsui:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-
-kafka:
-  nodeSelector:
-    env: tests
-  tolerations:
-  - key: "tests"
-    operator: "Exists"
-    effect: "NoSchedule"
-  zookeeper:
-    nodeSelector:
-      env: tests
-    tolerations:
-    - key: "tests"
-      operator: "Exists"
-      effect: "NoSchedule"

chart/environment-values/values.openwifi-qa.yaml

@@ -1,466 +0,0 @@
-owgw:
-  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
-  checks:
-    owgw:
-      readiness:
-        exec:
-          command: ["true"]
-
-  resources:
-    requests:
-      cpu: 100m
-      memory: 100Mi
-    limits:
-      cpu: 100m
-      memory: 200Mi
-
-  securityContext:
-    sysctls:
-    - name: net.ipv4.tcp_keepalive_intvl
-      value: "5"
-    - name: net.ipv4.tcp_keepalive_probes
-      value: "2"
-    - name: net.ipv4.tcp_keepalive_time
-      value: "45"
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  podSecurityPolicy:
-    enabled: true
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owgw:
-      - name: config
-        mountPath: /owgw-data/owgw.properties
-        subPath: owgw.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-config
-      - name: certs
-        mountPath: /owgw-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-certs
-      - name: certs-cas
-        mountPath: /owgw-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-certs-cas
-      - name: persist
-        mountPath: /owgw-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owgw.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owgw-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-
-owsec:
-  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
-  checks:
-    owsec:
-      readiness:
-        exec:
-          command: ["true"]
-
-  resources:
-    requests:
-      cpu: 10m
-      memory: 15Mi
-    limits:
-      cpu: 100m
-      memory: 100Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsec:
-      - name: config
-        mountPath: /owsec-data/owsec.properties
-        subPath: owsec.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-config
-      - name: certs
-        mountPath: /owsec-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-certs
-      - name: persist
-        mountPath: /owsec-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsec.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsec-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-
-rttys:
-  resources:
-    requests:
-      cpu: 10m
-      memory: 15Mi
-    limits:
-      cpu: 100m
-      memory: 100Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-owgwui:
-  ingresses:
-    default:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: alb
-        alb.ingress.kubernetes.io/scheme: internet-facing
-        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
-      paths:
-      - path: /*
-        serviceName: owgwui
-        servicePort: http
-
-  resources:
-    requests:
-      cpu: 10m
-      memory: 30Mi
-    limits:
-      cpu: 10m
-      memory: 30Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-owfms:
-  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
-  checks:
-    owfms:
-      readiness:
-        exec:
-          command: ["true"]
-
-  resources:
-    requests:
-      cpu: 10m
-      memory: 30Mi
-    limits:
-      cpu: 50m
-      memory: 80Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owfms:
-      - name: config
-        mountPath: /owfms-data/owfms.properties
-        subPath: owfms.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-config
-      - name: certs
-        mountPath: /owfms-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-certs
-      - name: persist
-        mountPath: /owfms-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owfms.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owfms-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-
-owprov:
-  checks:
-    owprov:
-      readiness:
-        exec:
-          command: ["true"]
-
-  resources:
-    requests:
-      cpu: 10m
-      memory: 20Mi
-    limits:
-      cpu: 100m
-      memory: 100Mi
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owprov:
-      - name: config
-        mountPath: /owprov-data/owprov.properties
-        subPath: owprov.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-config
-      - name: certs
-        mountPath: /owprov-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-certs
-      - name: persist
-        mountPath: /owprov-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owprov.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owprov-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-
-owprovui:
-  ingresses:
-    default:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: alb
-        alb.ingress.kubernetes.io/scheme: internet-facing
-        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
-      paths:
-      - path: /*
-        serviceName: owprovui
-        servicePort: http
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-
-kafka:
-  commonAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-  heapOpts: -Xmx512m -Xms512m
-  resources:
-    requests:
-      cpu: 100m
-      memory: 512Mi
-    limits:
-      cpu: 500m
-      memory: 1Gi
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    commonAnnotations:
-      cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-    heapSize: 256
-    resources:
-      requests:
-        cpu: 100m
-        memory: 256Mi
-      limits:
-        cpu: 200m
-        memory: 384Mi
-
-clustersysteminfo:
-  enabled: true
-  delay: 60 # delaying to wait for AWS Route53 DNS propagation
-
-haproxy:
-  service:
-    annotations:
-      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
-      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009"
-      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
-
-restapiCerts:
-  enabled: true

chart/feature-values/values.disable-haproxy.yaml

@@ -0,0 +1,27 @@
+owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+
+owsec:
+  services:
+    owsec:
+      type: LoadBalancer
+
+rttys:
+  services:
+    rttys:
+      type: LoadBalancer
+
+owfms:
+  services:
+    owfms:
+      type: LoadBalancer
+
+owprov:
+  services:
+    owprov:
+      type: LoadBalancer
+
+haproxy:
+  enabled: false

chart/feature-values/values.enable-clustersysteminfo.yaml

@@ -0,0 +1,15 @@
+clustersysteminfo:
+  enabled: true
+  delay: 0 # you may change this if you need to wait for DNS propogation or other things
+
+  public_env_variables:
+    OWSEC: owsec-owsec:16001
+    # Uncomment these options if you want to run systeminfo checks inside of cluster
+    #OWGW_OVERRIDE: owgw-owgw:16002
+    #OWFMS_OVERRIDE: owfms-owfms:16004
+    #OWPROV_OVERRIDE: owprov-owprov:16005
+
+  secret_env_variables:
+    OWSEC_DEFAULT_USERNAME: tip@ucentral.com
+    OWSEC_DEFAULT_PASSWORD: openwifi
+    OWSEC_NEW_PASSWORD: TOFILL # TODO adapt password to your new password with password policy in mind

chart/feature-values/values.enable-owls.yaml

@@ -0,0 +1,9 @@
+owgw:
+  configProperties:
+    simulatorid: 53494D020202 # This value should be set to serial number of certificate that was provided to OWLS
+
+owls:
+  enabled: true
+
+owlsui:
+  enabled: true

chart/feature-values/values.owgw-unsafe-sysctl.yaml

@@ -0,0 +1,12 @@
+owgw:
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
+
+  podSecurityPolicy:
+    enabled: true

chart/feature-values/values.restapi-certmanager-certs.yaml

@@ -0,0 +1,183 @@
+owgw:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owgw:
+      - name: config
+        mountPath: /owgw-data/owgw.properties
+        subPath: owgw.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-config
+      - name: certs
+        mountPath: /owgw-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs
+      - name: certs-cas
+        mountPath: /owgw-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs-cas
+      - name: persist
+        mountPath: /owgw-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owgw.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owgw-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+
+owsec:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsec:
+      - name: config
+        mountPath: /owsec-data/owsec.properties
+        subPath: owsec.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-config
+      - name: certs
+        mountPath: /owsec-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsec-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsec.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsec-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+
+owfms:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owfms:
+      - name: config
+        mountPath: /owfms-data/owfms.properties
+        subPath: owfms.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-config
+      - name: certs
+        mountPath: /owfms-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-certs
+      - name: persist
+        mountPath: /owfms-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owfms.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owfms-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+
+owprov:
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owprov:
+      - name: config
+        mountPath: /owprov-data/owprov.properties
+        subPath: owprov.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-config
+      - name: certs
+        mountPath: /owprov-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-certs
+      - name: persist
+        mountPath: /owprov-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owprov.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owprov-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+
+restapiCerts:
+  enabled: true

chart/templates/certificate-restapi.yaml

@@ -0,0 +1,51 @@
+{{- $root := . -}}
+{{- if .Values.restapiCerts.enabled }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ow-wildcard
+spec:
+  secretName: ow-wildcard-tls
+  commonName: {{ .Release.Namespace }}.svc.{{ .Values.restapiCerts.clusterDomain }}
+  isCA: true
+  usages:
+    - server auth
+    - client auth
+  issuerRef:
+    name: selfsigned-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: ow-ca-issuer
+spec:
+  ca:
+    secretName: ow-wildcard-tls
+{{ range .Values.restapiCerts.services }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ . }}-restapi
+spec:
+  secretName: {{ . }}-restapi-tls
+  isCA: false
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+  - "{{ . }}"
+  - "{{ . }}.{{ $root.Release.Namespace }}.svc"
+  - "{{ . }}.{{ $root.Release.Namespace }}.svc.{{ $root.Values.restapiCerts.clusterDomain }}"
+  issuerRef:
+    name: ow-ca-issuer
+{{- end }}
+{{- end }}

chart/templates/job-clustersysteminfo.yaml

@@ -30,6 +30,10 @@ spec:
         app.kubernetes.io/instance: {{ .Release.Name }}
         app.kubernetes.io/managed-by: {{ .Release.Service }}
     spec:
+      initContainers:
+        - name: delay
+          image: "alpine:latest"
+          command: ["/bin/sleep","{{ default 0 .Values.clustersysteminfo.delay }}"]
       containers:
         - name: clustersysteminfo-check
           image: "{{ .Values.clustersysteminfo.images.clustersysteminfo.repository }}:{{ .Values.clustersysteminfo.images.clustersysteminfo.tag }}"

chart/values.yaml

@@ -66,13 +66,12 @@ kafka:
 # clustersysteminfo check
 clustersysteminfo:
   enabled: false
-
-  fullnameOverride: clustersysteminfo
+  delay: 0 # number of seconds to delay clustersysteminfo execution
 
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: v2.4.1
+      tag: main
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -99,7 +98,7 @@ clustersysteminfo:
 
   public_env_variables:
     FLAGS: "-s --connect-timeout 3"
-    OWSEC: sec:16001
+    OWSEC: owsec-owsec:16001
     CHECK_RETRIES: 30
 
   secret_env_variables:
@@ -129,7 +128,7 @@ owlsui:
 
 # HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
 haproxy:
-  enabled: false
+  enabled: true
 
   fullnameOverride: proxy
 
@@ -366,3 +365,16 @@ haproxy:
     backend back_rttys_web
       mode tcp
       server svc_rttys_web rttys-rttys:5914
+
+# Cert-manager RESTAPI certs
+restapiCerts:
+  enabled: false
+
+  services:
+    - owgw-owgw
+    - owsec-owsec
+    - owfms-owfms
+    - owprov-owprov
+    - owls-owls
+
+  clusterDomain: cluster.local

docker-compose/.env

@@ -1,11 +1,11 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.1
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.1
-OWFMS_TAG=v2.4.1
-OWPROV_TAG=main
-OWPROVUI_TAG=main
+OWGW_TAG=v2.5.0-RC1
+OWGWUI_TAG=v2.5.0-RC1
+OWSEC_TAG=v2.5.0-RC1
+OWFMS_TAG=v2.5.0-RC1
+OWPROV_TAG=v2.5.0-RC1
+OWPROVUI_TAG=v2.5.0-RC1
 RTTYS_TAG=3.5.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest

docker-compose/.env.letsencrypt

@@ -1,11 +1,11 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.1
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.1
-OWFMS_TAG=v2.4.1
-OWPROV_TAG=main
-OWPROVUI_TAG=main
+OWGW_TAG=v2.5.0-RC1
+OWGWUI_TAG=v2.5.0-RC1
+OWSEC_TAG=v2.5.0-RC1
+OWFMS_TAG=v2.5.0-RC1
+OWPROV_TAG=v2.5.0-RC1
+OWPROVUI_TAG=v2.5.0-RC1
 RTTYS_TAG=3.5.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest

docker-compose/.env.selfsigned

@@ -1,11 +1,11 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.4.1
-OWGWUI_TAG=v2.4.0
-OWSEC_TAG=v2.4.1
-OWFMS_TAG=v2.4.1
-OWPROV_TAG=main
-OWPROVUI_TAG=main
+OWGW_TAG=v2.5.0-RC1
+OWGWUI_TAG=v2.5.0-RC1
+OWSEC_TAG=v2.5.0-RC1
+OWFMS_TAG=v2.5.0-RC1
+OWPROV_TAG=v2.5.0-RC1
+OWPROVUI_TAG=v2.5.0-RC1
 RTTYS_TAG=3.5.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest

docker-compose/deploy.sh

@@ -1,125 +0,0 @@
-#!/bin/bash
-set -e
-
-# Usage function
-usage () {
-  echo;
-  echo "This script is intended for OpenWiFi cloud SDK deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose). Configuration is done based on shell environment variables.";
-  echo;
-  echo "Required environment variables:"
-  echo;
-  echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
-  echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
-  echo "- RTTY_TOKEN - token to be used for rttys and OWGW for remote tty sessions"
-  echo;
-#  echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication"
-#  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
-#  echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication"
-#  echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication"
-#  echo;
-  echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload";
-  echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload";
-#  echo "- OWGW_SYSTEM_URI_PRIVATE - private URL to be used for OWGW";
-  echo "- OWGW_SYSTEM_URI_PUBLIC - public URL to be used for OWGW";
-  echo "- OWGW_RTTY_SERVER - public hostname of the RTTY server";
-  echo;
-#  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
-  echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
-  echo;
-#  echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
-  echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
-  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
-  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
-  echo;
-#  echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
-  echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
-}
-
-# Check if required environment variables were passed
-## Configuration variables applying to multiple microservices
-[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
-[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
-[ -z ${RTTY_TOKEN+x} ] && echo "RTTY_TOKEN is unset" && usage && exit 1
-## Internal microservice hostnames
-#[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1
-#[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
-#[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1
-#[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1
-## OWGW configuration variables
-[ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1
-[ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1
-#[ -z ${OWGW_SYSTEM_URI_PRIVATE+x} ] && echo "OWGW_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
-[ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-[ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
-## OWSec configuration variables
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
-#[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
-[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-## OWFms configuration variables
-#[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
-[ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
-[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
-## OWProv configuration variables
-#[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
-[ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-
-# Search and replace image version tags if set
-if [[ ! -z "$OWGW_VERSION" ]]; then
-  sed -i "s~.*OWGW_TAG=.*~OWGW_TAG=$OWGW_VERSION~" .env
-fi
-if [[ ! -z "$OWSEC_VERSION" ]]; then
-  sed -i "s~.*OWSEC_TAG=.*~OWSEC_TAG=$OWSEC_VERSION~" .env
-fi
-if [[ ! -z "$OWFMS_VERSION" ]]; then
-  sed -i "s~.*OWFMS_TAG=.*~OWFMS_TAG=$OWFMS_VERSION~" .env
-fi
-if [[ ! -z "$OWPROV_VERSION" ]]; then
-  sed -i "s~.*OWPROV_TAG=.*~OWPROV_TAG=$OWPROV_VERSION~" .env
-fi
-
-# Search and replace variable values in env files
-#sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env
-#sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
-#sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env
-#sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env
-
-sed -i "s~.*FILEUPLOADER_HOST_NAME=.*~FILEUPLOADER_HOST_NAME=$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
-sed -i "s~.*FILEUPLOADER_URI=.*~FILEUPLOADER_URI=$OWGW_FILEUPLOADER_URI~" owgw.env
-sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWGW_SYSTEM_URI_PUBLIC~" owgw.env
-#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWGW_SYSTEM_URI_PRIVATE~" owgw.env
-sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owgw.env
-sed -i "s~.*RTTY_SERVER=.*~RTTY_SERVER=$OWGW_RTTY_SERVER~" owgw.env
-sed -i "s~.*RTTY_TOKEN=.*~RTTY_TOKEN=$RTTY_TOKEN~" owgw.env
-
-if [[ ! -z "$SIMULATORID" ]]; then
-  sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
-fi
-
-sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
-
-sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
-sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
-#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
-sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
-sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
-
-#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
-sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
-sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owfms.env
-sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
-sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
-
-#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
-sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
-sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owprov.env
-
-sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
-
-sed -i "s~\(^token:\).*~\1 $RTTY_TOKEN~" rttys/rttys.conf
-
-# Run the deployment
-docker-compose up -d

docker-compose/owls/deploy_owls.sh

@@ -1,74 +0,0 @@
-#!/bin/bash
-set -e
-
-# Usage function
-usage () {
-  echo;
-  echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
-  echo;
-  echo "Required environment variables:"
-  echo;
-  echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
-  echo;
-  echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
-  echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
-  echo;
-  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
-  echo;
-  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
-  echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
-  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
-  echo;
-  echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS";
-  echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS";
-  echo;
-  echo "- DEVICE_CERT - path to the device certificate";
-  echo "- DEVICE_KEY - path to the device key";
-}
-
-# Check if required environment variables were passed
-## Deployment specifics
-[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
-## Configuration variables applying to multiple microservices
-[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
-[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
-## Internal microservice hostnames
-[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
-## OWSec configuration variables
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
-[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
-[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
-[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-# OWLS configuration variables
-[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
-[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
-## cert related variables
-[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1
-[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1
-
-# Clone repo and copy certificates
-mkdir wlan-cloud-ucentral-deploy-tmp
-git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp 
-mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
-cd wlan-cloud-ucentral-deploy/docker-compose/owls
-
-# Search and replace variable values in env files
-sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
-sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
-
-sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
-
-sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
-sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
-sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
-sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
-sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
-
-sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env
-sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env
-
-# Run the deployment and attach to logs
-cat $DEVICE_CERT > ../certs/device-cert.pem
-cat $DEVICE_KEY > ../certs/device-key.pem
-exec docker-compose up --attach-dependencies