Chg: update image tag in helm values to v2.7.0-RC5

.github/workflows/ci.yml

@@ -9,7 +9,6 @@ on:
     branches:
       - main
       - 'release/*'
-  workflow_dispatch: {}
 
 defaults:
   run:
@@ -29,19 +28,19 @@ jobs:
       id: get_branch_names
       if: startsWith(github.ref, 'refs/pull/')
       run: |
-        echo "pr_branch=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_OUTPUT
+        echo ::set-output name=pr_branch::$(echo ${GITHUB_HEAD_REF})
 
     - name: Get created deployment tag and set as output
       id: get_deployment_upgrade_tag
       if: startsWith(github.ref, 'refs/tags/v')
       run: |
-        echo "tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
+        echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
 
     - name: Get previous deployment tag
       id: get_deployment_tag
       if: startsWith(github.ref, 'refs/tags/v')
       run: |
-        echo "tag=$(git tag | grep -v RC | tail -2 | head -1)" >> $GITHUB_OUTPUT
+        echo ::set-output name=tag::$(git tag | grep -v RC | tail -2 | head -1)
 
   trigger-docker-compose-testing:
     if: startsWith(github.ref, 'refs/pull/')
@@ -49,7 +48,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -72,7 +71,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: Telecominfraproject/.github
         path: github
@@ -95,7 +94,7 @@ jobs:
     needs: envs
     steps:
     - name: Checkout actions repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         repository: Telecominfraproject/.github
         path: github

.github/workflows/clustersysteminfo_image_ci.yml

@@ -22,7 +22,7 @@ jobs:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v2
 
     - name: Build Docker image
       working-directory: chart/docker
@@ -55,7 +55,7 @@ jobs:
 
     - name: Log into Docker registry
       if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
-      uses: docker/login-action@v2
+      uses: docker/login-action@v1
       with:
         registry: ${{ env.DOCKER_REGISTRY_URL }}
         username: ${{ env.DOCKER_REGISTRY_USERNAME }}

.github/workflows/enforce-jira-issue-key.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout actions repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           repository: Telecominfraproject/.github
           path: github

.github/workflows/git-release.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: wlan-cloud-ucentral-deploy
 

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
       HELM_REPO_USERNAME: ucentral
     steps:
       - name: Checkout uCentral assembly chart repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           path: wlan-cloud-ucentral-deploy
           repository: Telecominfraproject/wlan-cloud-ucentral-deploy

chart/.helmignore

@@ -20,7 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
-# Chart dependencies
-docker/
-environment-values/
-feature-values/

chart/Chart.yaml

@@ -2,39 +2,38 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 3.0.0
+version: 2.7.0-RC5
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.7.0-RC4"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owprov
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=v2.7.0-RC4"
   version: 0.1.0
 - name: owanalytics
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-analytics@helm?ref=v2.7.0-RC4"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.7.0-RC2"
   version: 0.1.0
 - name: owprovui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=v2.7.0-RC2"
   version: 0.1.0
 - name: owsub
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v3.0.2-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: owrrm
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=v2.8.0"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=v2.7.0-RC3"
   version: 0.1.0
 - name: kafka
   repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 13.0.2
-  condition: kafka.enabled
 - name: owls
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
   version: 0.1.0
@@ -44,14 +43,10 @@ dependencies:
   version: 0.1.0
   condition: owlsui.enabled
 - name: haproxy
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 0.13.3
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 0.2.21
   condition: haproxy.enabled
-#- name: postgresql-ha
-#  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-#  version: 8.6.13
-#  condition: postgresql-ha.enabled
-- name: postgresql
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.4.3
-  condition: postgresql.enabled
+- name: postgresql-ha
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 8.6.13
+  condition: postgresql-ha.enabled

chart/README.md

@@ -1,72 +1,18 @@
 # openwifi
 
-This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. The purpose of this chart is to set up the correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
+This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencies to the Kubernetes clusters. Purpose of this chart is to setup correct connections between other microservices and other dependencies with correct Values and other charts as dependencies in [chart definition](Chart.yaml)
 
 ## TL;DR;
 
-[helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so install it if you don't have it already.
-
-Using that you can deploy Cloud SDK with 2 setups - without TLS certificates for RESTAPI endpoints and with them.
-
-In both cases Websocket endpoint should be exposed through LoadBalancer. In order to get IP address or DNS FQDN of that endpoint you may refer to `kubectl get svc | grep proxy | awk -F ' ' '{print $4}'`. Used port is 15002, but you would need to disable TLS check on AP side since certificate is issued for `*.wlan.local`.
-
-### Deployment with TLS certificates
-
-This deployment method requires usage of [cert-manager](https://cert-manager.io/docs/) (tested minimal Helm chart version is `v1.6.1`) in your Kubernetes installation in order to issue self-signed PKI for internal communication. In this case you will have to trust the self-signed certificates via your browser. Just like in previous method you still need OWGW Websocket TLS certificate, so you can use the same certificates with another values file using these commands:
+[helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation as it pull charts from other repositories for the deployment, so intall it if you don't have it already.
 
 ```bash
 $ helm dependency update
-$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
-$ helm upgrade --install -f environment-values/values.base.secure.yaml openwifi .
+$ helm install .
 ```
 
-In order to access the UI and other RESTAPI endpoints you should run the following commands after the deployment:
-
-```
-$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
-$ kubectl port-forward deployment/owrrm 16789 &
-$ kubectl port-forward deployment/owgwui 8080:80 &
-$ kubectl port-forward deployment/owprovui 8088:80 &
-```
-
-From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
-
-### Deployment without TLS certificates
-
-**IMPORTANT** Currently this method is not available due to issues in current implementation on microservices side (not being able to use Web UI because of error on Websocket upgrade on OWGW connections), please use TLS method for now.
-
-For this deployment method you will need to disable usage of TLS certificates, yet you will still need a TLS certificate for Websocket endpoint of OWGW. Here are the required steps for the deployment where websocket certificates from [docker-compose certs directory](../docker-compose/certs) and special values file to disable TLS for REST API endpoint will be used:
-
-```bash
-$ helm dependency update
-$ kubectl create secret generic openwifi-certs --from-file=../docker-compose/certs/
-$ helm upgrade --install -f environment-values/values.base.insecure.yaml openwifi .
-```
-
-In order to access the UI and other RESTAPI endpoints you should run the following commands after the deployment:
-
-```
-$ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 &
-$ kubectl port-forward deployment/owrrm 16789 &
-$ kubectl port-forward deployment/owgwui 8080:80 &
-$ kubectl port-forward deployment/owprovui 8088:80 &
-```
-
-From here Web UI may be accessed using http://localhost:8080 and Provisioning UI may be accessed using http://localhost:8088 .
-
-During the requests through UI errors may happen - that means that you haven't added certificate exception in browser. In order to that open browser dev tools (F12), open Network tab and see what requests are failing, open them and accept the exceptions.
-
-### Default password change
-
 Then change the default password as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password).
 
-Values files passed in the installation is using default certificates that may be used for initial evaluation (same certificates are used in [docker-compose](../docker-compose/certs) method) using `*.wlan.local` domains. If you want to change those certificates, please set them in Helm values files instead of default certificates (see default values in `values.yaml` file).
-
-If you are using default values without changing [OWSEC config properties](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/939869948f77575ba0e92c0fb12f2197802ffe71/helm/values.yaml#L212-L213) in your values file, you may access the WebUI using following credentials:
-
-> Username: tip@ucentral.com
-> Password: openwifi
-
 ## Introduction
 
 This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@@ -125,27 +71,20 @@ The following table lists the configurable parameters that overrides microservic
 |-----------|------|-------------|---------|
 | `owgw.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Gateway to use Kafka for communication | `'true'` |
 | `owgw.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Gateway to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owgw.certs` | map | Map with multiline string containing TLS certificates and private keys required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
-| `owgw.certsCAs` | map | Map with multiline string containing TLS CAs required for service (see [OWGW repo](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) for details) |  |
 | `owsec.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Security to use Kafka for communication | `'true'` |
-| `owsec.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owsec.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Security to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
 | `owfms.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Firmware to use Kafka for communication | `'true'` |
 | `owfms.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Firmware to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owfms.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owprov.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Provisioning to use Kafka for communication | `'true'` |
 | `owprov.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Provisioning to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owprov.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
 | `owanalytics.enabled` | boolean | Install OpenWIFI Analytics in the release | `false` |
 | `owanalytics.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Analytics to use Kafka for communication | `'true'` |
 | `owanalytics.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Analytics to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owanalytics.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
-| `owsub.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Subscription to use Kafka for communication | `'true'` |
-| `owsub.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Subscription to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` |
-| `owsub.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API |  |
-| `owrrm.public_env_variables` | map | Map of public environment variables passed to OpenWIFI RRM service |  |
-| `owrrm.mysql.enabled` | boolean | Flag to enable MySQL database deployment of OpenWIFI RRM service using subchart | `true` |
-| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `true` |
+| `rttys.enabled` | boolean | Enables [rttys](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty) deployment | `True` |
+| `rttys.internal` | boolean | Whether to use the built-in rttys server | `True` |
+| `rttys.enabled` | boolean | Enable or disable rttys | `True` |
+| `rttys.config.token` | string | Sets default rttys token |  |
+| `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `True` |
 | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` |
 | `kafka.image.registry` | string | Kafka Docker image registry | `'docker.io'` |
 | `kafka.image.repository` | string | Kafka Docker image repository | `'bitnami/kafka'` |
@@ -167,7 +106,7 @@ The following table lists the configurable parameters that overrides microservic
 | `restapiCerts.services` | array | List of services that require certificates generation |  |
 | `restapiCerts.clusterDomain` | string | Kubernetes cluster domain | `cluster.local` |
 
-If required, further overrides may be passed. They will be merged with default values from this chart and other sub-charts with priority to values you'll pass.
+If required, further overrides may be passed. They will be merged with default values from this chart and other subcharts with priority to values you'll pass.
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
@@ -200,7 +139,7 @@ By setting `clusterinfo.enabled` to `true` you may enable job on post-install/po
 1. Change default security credentials from credentials set in OWSEC configuration file (see 'Required password changing on the first startup' block above)
 2. Check if all services started responding correctly after the deployment using systeminfo REST API method
 
-In order to do that, you need to additionally set multiple parameters:
+In order to do that, you need to additionaly set multiple parameters:
 
 1. clusterinfo.public_env_variables.OWSEC - OWSEC endpoint to use for CLI tools
 2. clusterinfo.secret_env_variables.OWSEC_DEFAULT_USERNAME - username used for CLI requests (see OWSEC configuration file for details)
@@ -221,17 +160,17 @@ You may see example values to enable this feature in [values.enable-owls.yaml](.
 
 In order to use single point of entry for all services (may be used for one cloud Load Balancer per installation) HAproxy is installed by default with other services. HAproxy is working in TCP proxy mode, so every TLS certificate is managed by services themself, while it is possible to pass requests from cloud load balancer to services using same ports (configuration of cloud load balancer may vary from cloud provider to provider).
 
-By default, this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
+By default this option is enabled, but you may disable it and make per-service LoadBalancer using values in [values.disable-haproxy.yaml](./feature-values/values.disable-haproxy.yaml).
 
 ### OWGW unsafe sysctls
 
-By default, Linux is using quite adequate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
+By default Linux is using quite adeqate sysctl values for TCP keepalive, but OWGW may keep disconnected APs in stuck state preventing it from connecting back. This may be changed by setting some sysctls to lower values:
 
 - net.ipv4.tcp_keepalive_intvl
 - net.ipv4.tcp_keepalive_probes - 2
 - net.ipv4.tcp_keepalive_time - 45
 
-However, this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls), and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
+However this change is [not considered safe by Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls) and it requires to pass additional argument to your Kubelets services in your Kubernetes cluster:
 
 ```
 --allowed-unsafe-sysctls net.ipv4.tcp_keepalive_intvl,net.ipv4.tcp_keepalive_probes,net.ipv4.tcp_keepalive_time
@@ -256,18 +195,14 @@ If you want, you may use configuration property `openwifi.security.restapi.disab
 
 You may see example values to enable this feature in [values.restapi-disable-tls.yaml](./feature-values/values.restapi-disable-tls.yaml).
 
-### PostgreSQL storage option for services
-
-By default, all microservices except RRM service use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used.
-
 ## Environment specific values
 
-This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime environments (including different cloud deployments).
+This repository contains values files that may be used in the same manner as feature values above to deploy to specific runtime envionemnts (including different cloud deployments).
 
 Some environments are using [external-dns](https://github.com/kubernetes-sigs/external-dns) service to dynamically set DNS records, but you may manage your records manually
 
 ### AWS EKS
 
-EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also, it is assumed that you have Route53 managed DNS zone, and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
+EKS based installation assumes that you are using [AWS Load Balancer controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) so that all required ALBs and NLBs are created automatically. Also it is assumed that you have Route53 managed DNS zone and you've issued wildcard certificate for one of your zones that may be used by Load Balancers.
 
 You may see example values for this environment in [values.aws.yaml](./environment-values/values.aws.yaml).

chart/docker/change_credentials

@@ -61,7 +61,7 @@ then
         echo "Logged in with new credentials:"
     fi
 else
-    echo "Credentials check failed with unexpected ErrorCode, please review the response body:"
+    echo "Credentials check failed with unexpected ErrorCode, please review the responce body:"
     jq < ${result_file}
     exit 2
 fi

chart/environment-values/cleanup.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-[ -z "$NAMESPACE" ] && echo "No NAMESPACE set" && exit 1
-helm -n openwifi-"$NAMESPACE" delete tip-openwifi
-if [[ "$1" == "full" ]] ; then
-    sleep 30
-    kubectl delete ns openwifi-"$NAMESPACE"
-fi
-exit 0

chart/environment-values/deploy.sh

@@ -2,47 +2,47 @@
 set -e
 
 # Usage function
-function usage()
-{
-    cat <<-EOF >&2
-
-This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables
-
-Required environment variables:
-- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')
-- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart), 'bundle' (will use chart stored in the Artifactory) or local
-- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)
-- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment
-- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build
-- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security
-- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)
-- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket
-- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket
-- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties
-- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services
-- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services
-
-The following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):
-- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)
-
-Optional environment variables:
-- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)
-- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator
-- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator
-- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services
-- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)
-- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed
-- MAILER_USERNAME - SMTP username used for OWSEC mailer
-- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)
-EOF
+usage () {
+  echo >&2;
+  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
+  echo >&2;
+  echo "Required environment variables:" >&2;
+  echo >&2;
+  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
+  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
+  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
+  echo >&2;
+  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
+  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
+  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
+  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
+  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
+  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
+  echo >&2;
+  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
+  echo >&2;
+  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
+  echo >&2;
+  echo "Optional environment variables:" >&2;
+  echo >&2;
+  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
+  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
+  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
+  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
+  echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
+  echo "- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed" >&2;
+  echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
+  echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
 }
 
 # Global variables
@@ -50,30 +50,32 @@ VALUES_FILE_LOCATION_SPLITTED=()
 EXTRA_VALUES_SPLITTED=()
 
 # Helper functions
-function check_if_chart_version_is_release()
-{
-    [[ "$CHART_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]]
+check_if_chart_version_is_release() {
+  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
+  if [[ -z "$PARSED_CHART_VERSION" ]]; then
+    return 1
+  else
+    return 0
+  fi
 }
 
 # Check if required environment variables were passed
 ## Deployment specifics
 [ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
 [ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
-if [[ "$DEPLOY_METHOD" != "local" ]] ; then
-    if check_if_chart_version_is_release ; then
-        echo "Chart version ($CHART_VERSION) is a release version, ignoring services versions"
-    else
-        echo "Chart version ($CHART_VERSION) is not a release version, checking if services versions are set"
-        [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
-        [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
-    fi
+if check_if_chart_version_is_release; then
+  echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
+else
+  echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
+  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
+  [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1
 fi
 ## Environment specifics
 [ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
@@ -92,7 +94,6 @@ fi
 [ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
 export MAILER_ENABLED="false"
 [ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
-[ -z "${DOMAIN}" ] && echo "DOMAIN is unset, using cicd.lab.wlan.tip.build" && export DOMAIN="cicd.lab.wlan.tip.build"
 
 # Transform some environment variables
 export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
@@ -105,71 +106,129 @@ export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
 export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
 export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-')
 
+# Debug get bash version
+bash --version >&2
+
 # Check deployment method that's required for this environment
 helm plugin install https://github.com/databus23/helm-diff || true
-if [[ "$DEPLOY_METHOD" == "git" ]] ; then
-    helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
-    rm -rf wlan-cloud-ucentral-deploy || true
-    git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
-    cd wlan-cloud-ucentral-deploy
-    git checkout $CHART_VERSION
-    cd chart
-    if ! check_if_chart_version_is_release ; then
-        sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
-        sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
-    fi
-    helm repo add bitnami https://charts.bitnami.com/bitnami
-    helm repo update
-    [ -z "$SKIP_DEPS" ] && helm dependency update
-    cd ../..
-    export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
-elif [[ "$DEPLOY_METHOD" == "bundle" ]] ; then
+if [[ "$DEPLOY_METHOD" == "git" ]]; then
+  helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
+  rm -rf wlan-cloud-ucentral-deploy || true
+  git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+  cd wlan-cloud-ucentral-deploy
+  git checkout $CHART_VERSION
+  cd chart
+  if ! check_if_chart_version_is_release; then
+    sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml
+  fi
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  helm repo update
+  helm dependency update
+  cd ../..
+  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
+else
+  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
     helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
     export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
-elif [[ "$DEPLOY_METHOD" == "local" ]] ; then
-    export DEPLOY_SOURCE=".."
-    pushd ..
-    [ -z "$SKIP_DEPS" ] && helm dependency update
-    popd
-else
-    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git, bundle or local" >&2
+  else
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
     exit 1
+  fi
 fi
 
 VALUES_FILES_FLAGS=()
 IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
 for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
-    VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
+  VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
 done
 EXTRA_VALUES_FLAGS=()
 IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
 for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
-    EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
+  EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
 done
 
-if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]] ; then
-  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
-  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN}"
+if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
 else
-  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN},sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}"
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
   export OWGW_SERVICE_DNS_RECORDS=""
 fi
 
-envsubst < values.custom.tpl.yaml > values.custom-${NAMESPACE}.yaml
-
-set -x
+# Run the deployment
 helm upgrade --install --create-namespace --wait --timeout 60m \
   --namespace openwifi-${NAMESPACE} \
   ${VALUES_FILES_FLAGS[*]} \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
+  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
+  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
+  --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
+  --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
+  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
+  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
+  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."iptocountry\.ipinfo\.token"="${IPTOCOUNTRY_IPINFO_TOKEN}" \
+  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
+  --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
+  --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
+  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owrrm.public_env_variables.SERVICECONFIG_PUBLICENDPOINT=https://rrm-${NAMESPACE}.cicd.lab.wlan.tip.build:16789 \
+  --set owrrm.services.owrrm.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rrm-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
   ${EXTRA_VALUES_FLAGS[*]} \
-  -f values.custom-${NAMESPACE}.yaml \
   --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
   --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
   --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \

chart/environment-values/values.aws.yaml

@@ -15,11 +15,11 @@ owgwui:
   ingresses:
     default:
       enabled: true
-      className: alb
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/hostname: webui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -29,7 +29,7 @@ owgwui:
         servicePort: http
 
   public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
+    DEFAULT_UCENTRALSEC_URL: https://sec.cicd.lab.wlan.tip.build:16001 # TODO change to OWSEC RESTAPI url
 
 owsec:
   configProperties: # TODO change FQDNs and credentials
@@ -65,11 +65,11 @@ owprovui:
   ingresses:
     default:
       enabled: true
-      className: alb
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/hostname: provui.cicd.lab.wlan.tip.build # TODO change FQDN
@@ -99,7 +99,7 @@ haproxy:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 # TODO change certificate
       service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
       external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs

chart/environment-values/values.base.insecure.yaml

@@ -1,86 +0,0 @@
-owgw:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16002
-    openwifi.system.uri.private: http://owgw-owgw:17002
-    openwifi.system.uri.ui: http://localhost
-
-owsec:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16001
-    openwifi.system.uri.private: http://owsec-owsec:17001
-    openwifi.system.uri.ui: http://localhost
-
-owfms:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16004
-    openwifi.system.uri.private: http://owfms-owfms:17004
-    openwifi.system.uri.ui: http://localhost
-
-owprov:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16005
-    openwifi.system.uri.private: http://owprov-owprov:17005
-    openwifi.system.uri.ui: http://localhost
-
-owanalytics:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16009
-    openwifi.system.uri.private: http://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: http://localhost
-
-owsub:
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.security.restapi.disable: "true"
-    openwifi.system.uri.public: http://localhost:16006
-    openwifi.system.uri.private: http://owsub-owsub:17006
-    openwifi.system.uri.ui: http://localhost
-
-owrrm:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  mysql:
-    enabled: true
-    fullnameOverride: "owrrm-mysql"
-
-owgwui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
-
-owprovui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: http://localhost:16001
-
-kafka:
-  heapOpts: -Xmx512m -Xms512m
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    heapSize: 256

chart/environment-values/values.base.secure.yaml

@@ -1,335 +0,0 @@
-owgw:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16002
-    openwifi.system.uri.private: https://owgw-owgw:17002
-    openwifi.system.uri.ui: http://localhost:8443
-    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owgw:
-      - name: config
-        mountPath: /owgw-data/owgw.properties
-        subPath: owgw.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-config
-      - name: certs
-        mountPath: /owgw-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owgw.fullname" . }}-certs{{ end }}
-      - name: certs-cas
-        mountPath: /owgw-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-certs-cas
-      - name: persist
-        mountPath: /owgw-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owgw.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owgw-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
-
-owsec:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16001
-    openwifi.system.uri.private: https://owsec-owsec:17001
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsec:
-      - name: config
-        mountPath: /owsec-data/owsec.properties
-        subPath: owsec.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-config
-      - name: certs
-        mountPath: /owsec-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owsec-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsec.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsec-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
-
-owfms:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16004
-    openwifi.system.uri.private: https://owfms-owfms:17004
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owfms:
-      - name: config
-        mountPath: /owfms-data/owfms.properties
-        subPath: owfms.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-config
-      - name: certs
-        mountPath: /owfms-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owfms.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owfms-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owfms.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owfms-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
-
-owprov:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16005
-    openwifi.system.uri.private: https://owprov-owprov:17005
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owprov:
-      - name: config
-        mountPath: /owprov-data/owprov.properties
-        subPath: owprov.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-config
-      - name: certs
-        mountPath: /owprov-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owprov.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owprov-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owprov.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owprov-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
-
-owanalytics:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16009
-    openwifi.system.uri.private: https://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owanalytics:
-      - name: config
-        mountPath: /owanalytics-data/owanalytics.properties
-        subPath: owanalytics.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-config
-      - name: certs
-        mountPath: /owanalytics-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owanalytics.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owanalytics-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owanalytics.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owanalytics-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
-
-
-owsub:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  existingCertsSecret: openwifi-certs
-
-  configProperties:
-    openwifi.system.uri.public: https://localhost:16006
-    openwifi.system.uri.private: https://owsub-owsub:17006
-    openwifi.system.uri.ui: http://localhost:8080
-    openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owsub:
-      - name: config
-        mountPath: /owsub-data/owsub.properties
-        subPath: owsub.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-config
-      - name: certs
-        mountPath: /owsub-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsub.fullname" . }}-certs{{ end }}
-      - name: persist
-        mountPath: /owsub-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owsub.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owsub-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
-
-owrrm:
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-    KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
-    DATABASECONFIG_SERVER: owrrm-mysql:3306
-    DATABASECONFIG_DBNAME: owrrm
-    DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-
-  secret_env_variables:
-    DATABASECONFIG_USER: root
-    DATABASECONFIG_PASSWORD: openwifi
-
-  mysql:
-    enabled: true
-    fullnameOverride: "owrrm-mysql"
-
-owgwui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
-
-owprovui:
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://localhost:16001
-
-kafka:
-  heapOpts: -Xmx512m -Xms512m
-  readinessProbe:
-    initialDelaySeconds: 45
-  livenessProbe:
-    initialDelaySeconds: 60
-  zookeeper:
-    heapSize: 256
-
-restapiCerts:
-  enabled: true

chart/environment-values/values.custom.tpl.yaml

@@ -1,128 +0,0 @@
-owgw:
-  services:
-    owgw:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: "$OWGW_SERVICE_DNS_RECORDS"
-  configProperties:
-    openwifi.fileuploader.host.0.name: gw-${NAMESPACE}.${DOMAIN}
-    rtty.server: gw-${NAMESPACE}.${DOMAIN}
-    openwifi.system.uri.public: https://gw-${NAMESPACE}.${DOMAIN}:16002
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsec:
-  configProperties:
-    authentication.default.username: "${OWGW_AUTH_USERNAME}"
-    authentication.default.password: "${OWGW_AUTH_PASSWORD}"
-    openwifi.system.uri.public: https://sec-${NAMESPACE}.${DOMAIN}:16001
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001
-    openwifi.ystem.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-    mailer.sender: "sec-${NAMESPACE}@${DOMAIN}"
-    mailer.enabled: $MAILER_ENABLED
-    mailer.username: "$MAILER_USERNAME"
-    mailer.password: "$MAILER_PASSWORD"
-  services:
-    owsec:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sec-${NAMESPACE}.${DOMAIN}
-owfms:
-  configProperties:
-    s3.secret: "${OWFMS_S3_SECRET}"
-    s3.key: "${OWFMS_S3_KEY}"
-    openwifi.system.uri.public: https://fms-${NAMESPACE}.${DOMAIN}:16004
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  services:
-    owfms:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: fms-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owgwui:
-  ingresses:
-    default:
-      hosts:
-      - webui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owprov:
-  services:
-    owprov:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: prov-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://prov-${NAMESPACE}.${DOMAIN}:16005
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005
-    openwifi.system.uri.ui: https://provui-${NAMESPACE}.${DOMAIN}
-    iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}"
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owprovui:
-  ingresses:
-    default:
-      hosts:
-      - provui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: provui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owanalytics:
-  services:
-    owanalytics:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: analytics-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://analytics-${NAMESPACE}.${DOMAIN}:16009
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-owsub:
-  services:
-    owsub:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: sub-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://sub-${NAMESPACE}.${DOMAIN}:16006
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-clustersysteminfo:
-  public_env_variables:
-    OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001
-  secret_env_variables:
-    OWSEC_NEW_PASSWORD: "${OWSEC_NEW_PASSWORD}"
-owls:
-  services:
-    owls:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: ls-${NAMESPACE}.${DOMAIN}
-  configProperties:
-    openwifi.system.uri.public: https://ls-${NAMESPACE}.${DOMAIN}:16007
-    openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007
-    openwifi.system.uri.ui: https://webui-${NAMESPACE}.${DOMAIN}
-owlsui:
-  ingresses:
-    default:
-      hosts:
-      - lsui-${NAMESPACE}.${DOMAIN}
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: lsui-${NAMESPACE}.${DOMAIN}
-  public_env_variables:
-    REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001
-owrrm:
-  public_env_variables:
-    SERVICECONFIG_PUBLICENDPOINT: https://rrm-${NAMESPACE}.${DOMAIN}:16789
-  services:
-    owrrm:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: rrm-${NAMESPACE}.${DOMAIN}
-haproxy:
-  service:
-    annotations:
-      external-dns.alpha.kubernetes.io/hostname: "$HAPROXY_SERVICE_DNS_RECORDS"

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -1,4 +1,3 @@
-# This helm values file is to be used when OWLS is run in the same namespace.
 owgw:
   services:
     owgw:
@@ -8,7 +7,7 @@ owgw:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
 
   configProperties:
@@ -18,7 +17,6 @@ owgw:
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"
 
   resources:
     requests:
@@ -31,13 +29,13 @@ owgw:
   postgresql:
     enabled: true
     fullnameOverride: owgw-pgsql
+
     postgresqlDatabase: owgw
     postgresqlUsername: owgw
     postgresqlPassword: owgw
 
 owls:
   enabled: true
-
   services:
     owls:
       type: LoadBalancer
@@ -46,7 +44,7 @@ owls:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
         external-dns.alpha.kubernetes.io/ttl: "60"
 
@@ -55,10 +53,10 @@ owls:
 
   resources:
     requests:
-      cpu: 6000m
+      cpu: 3000m
       memory: 8000Mi
     limits:
-      cpu: 6000m
+      cpu: 3000m
       memory: 8000Mi
 
   checks:
@@ -142,7 +140,7 @@ owls:
           secret:
             secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -162,145 +160,7 @@ owlsui:
         kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
-        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
-        external-dns.alpha.kubernetes.io/ttl: "60"
-      paths:
-      - path: /*
-        serviceName: owlsui
-        servicePort: http
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-owls:
-  enabled: true
-
-  services:
-    owls:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
-        external-dns.alpha.kubernetes.io/ttl: "60"
-
-  podAnnotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-
-  resources:
-    requests:
-      cpu: 6000m
-      memory: 8000Mi
-    limits:
-      cpu: 6000m
-      memory: 8000Mi
-
-  checks:
-    owls:
-      liveness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-      readiness:
-        httpGet:
-          path: /
-          port: 16107
-        failureThreshold: 900
-
-  certs:
-    restapi-ca.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  public_env_variables:
-    SELFSIGNED_CERTS: "true"
-
-  configProperties:
-    openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-    openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
-    openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
-    openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
-
-  volumes:
-    owls:
-      - name: config
-        mountPath: /owls-data/owls.properties
-        subPath: owls.properties
-        # Template below will be rendered in template
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-config
-      - name: certs
-        mountPath: /owls-data/certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs
-      - name: certs-cas
-        mountPath: /owls-data/certs/cas
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-certs-cas
-      # Change this if you want to use another volume type
-      - name: persist
-        mountPath: /owls-data/persist
-        volumeDefinition: |
-          persistentVolumeClaim:
-            claimName: {{ template "owls.fullname" . }}-pvc
-
-      - name: restapi-certs
-        mountPath: /owls-data/certs/restapi-certs
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-      - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
-        subPath: ca.crt
-        volumeDefinition: |
-          secret:
-            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
-
-owlsui:
-  enabled: true
-
-  services:
-    owlsui:
-      type: NodePort
-
-  ingresses:
-    default:
-      enabled: true
-      annotations:
-        kubernetes.io/ingress.class: alb
-        alb.ingress.kubernetes.io/scheme: internet-facing
-        alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
         external-dns.alpha.kubernetes.io/ttl: "60"

chart/environment-values/values.openwifi-qa.owls-external.yaml

@@ -1,36 +0,0 @@
-# This helm values file is to be used when OWLS is run externally.
-owgw:
-  services:
-    owgw:
-      type: LoadBalancer
-      annotations:
-        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
-        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
-        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
-
-  configProperties:
-    simulatorid: 53494D020202
-    storage.type: postgresql
-    storage.type.postgresql.host: owgw-pgsql
-    storage.type.postgresql.database: owgw
-    storage.type.postgresql.username: owgw
-    storage.type.postgresql.password: owgw
-    openwifi.certificates.allowmismatch: "true"
-
-  resources:
-    requests:
-      cpu: 2000m
-      memory: 3000Mi
-    limits:
-      cpu: 2000m
-      memory: 3000Mi
-
-  postgresql:
-    enabled: true
-    fullnameOverride: owgw-pgsql
-    postgresqlDatabase: owgw
-    postgresqlUsername: owgw
-    postgresqlPassword: owgw

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -7,7 +7,7 @@ owgw:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
 
 owsec:
@@ -19,7 +19,7 @@ owsec:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
 
 owfms:
@@ -31,7 +31,7 @@ owfms:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
 
 owprov:
@@ -43,7 +43,7 @@ owprov:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
 
 owanalytics:
@@ -55,7 +55,7 @@ owanalytics:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
 
 owsub:
@@ -67,7 +67,7 @@ owsub:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
         service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
 
 haproxy:

chart/environment-values/values.openwifi-qa.single-external-db.yaml

@@ -1,8 +1,7 @@
 owgw:
   configProperties:
-    simulatorid: 53494D020202
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
@@ -10,7 +9,7 @@ owgw:
 owsec:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owsec
     storage.type.postgresql.username: owsec
     storage.type.postgresql.password: owsec
@@ -18,7 +17,7 @@ owsec:
 owfms:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owfms
     storage.type.postgresql.username: owfms
     storage.type.postgresql.password: owfms
@@ -26,7 +25,7 @@ owfms:
 owprov:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owprov
     storage.type.postgresql.username: owprov
     storage.type.postgresql.password: owprov
@@ -34,7 +33,7 @@ owprov:
 owanalytics:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owanalytics
     storage.type.postgresql.username: owanalytics
     storage.type.postgresql.password: owanalytics
@@ -42,37 +41,15 @@ owanalytics:
 owsub:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql
+    storage.type.postgresql.host: pgsql-pgpool
     storage.type.postgresql.database: owsub
     storage.type.postgresql.username: owsub
     storage.type.postgresql.password: owsub
 
-postgresql:
+postgresql-ha:
   enabled: true
   initDbScriptSecret:
     enabled: true
-    initdbScriptsSecret: tip-openwifi-initdb-scripts
-  volumePermissions:
-    enabled: true
-  global:
-    postgresql:
-      auth:
-        postgresPassword: postgres
-  auth:
-    postgresPassword: postgres
-  primary:
-    extendedConfiguration: |-
-      max_connections = 550
-      shared_buffers = 128MB
-    #  log_error_verbosity = verbose
-    initdb:
-      scriptsSecret: tip-openwifi-initdb-scripts
-
-postgresql-ha:
-  enabled: false
-  initDbScriptSecret:
-    enabled: false
-    initdbScriptsSecret: tip-openwifi-initdb-scripts
   pgpool:
     adminPassword: admin
     resources:
@@ -84,12 +61,10 @@ postgresql-ha:
         memory: 1024Mi
     initdbScriptsSecret: tip-openwifi-initdb-scripts
   postgresql:
-    replicaCount: 1
-    password: postgres
+    replicaCount: 1 # TODO change after tests
+    password: password
     postgresPassword: postgres
     repmgrPassword: repmgr
-    maxConnections: 1000
-
     resources:
       requests:
         cpu: 250m

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -112,7 +112,7 @@ owprovui:
 
 owls:
   nodeSelector:
-    env: owls
+    env: tests
   tolerations:
   - key: "tests"
     operator: "Exists"

chart/environment-values/values.openwifi-qa.yaml

@@ -15,22 +15,22 @@ owgw:
       memory: 100Mi
     limits:
       cpu: 2000m
-      memory: 2Gi
+      memory: 500Mi
 
-#  securityContext:
-#    sysctls:
-#    - name: net.ipv4.tcp_keepalive_intvl
-#      value: "5"
-#    - name: net.ipv4.tcp_keepalive_probes
-#      value: "2"
-#    - name: net.ipv4.tcp_keepalive_time
-#      value: "45"
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
 
   podAnnotations:
     cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
 
-#  podSecurityPolicy:
-#    enabled: true
+  podSecurityPolicy:
+    enabled: true
 
   certs:
     restapi-ca.pem: |
@@ -56,160 +56,6 @@ owgw:
       L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
       5IOM7ItsRmen6u3qu+JXros54e4juQ==
       -----END CERTIFICATE-----
-    clientcas.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-    issuer.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-    root.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
-
-  certsCAs:
-    issuer.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIEnDCCA4SgAwIBAgIUVpyCUx1MUeUwxg+7I1BvGFTz7HkwDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjUxMjZaFw0yNjA0MTMyMjM4NDZaMGwx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEpMCcGA1UEAxMgVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtKBrq
-      qd2aKVSk25KfL5xHu8X7/8rJrz3IvyPuVKWhk/N1zabot3suBcGaYNKjnRHxg78R
-      yKwKzajKYWtiQFqztu24g16LQeAnoUxZnF6a0z3JkkRPsz14A2y8TUhdEe1tx+UU
-      4VGsk3n+FMmOQHL+79FO57zQC1LwylgfLSltrI6mF3jowVUQvnwzKhUzT87AJ6EO
-      ndK/q0T/Bgi+aI39zfVOjJjsTJwghvrmYW3iarP1THSKxeib2s02bZKrvvHa5HL4
-      UI8+LvREpVZl4mzt1z6Nl344Y6f+UeJlYa/Ci0jJqaXJmyVnUbAz+c0i5JfwAVn3
-      YQzfC4eLnZCmdF8zAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-      DgQWBBSzG1S44EerPfM4gOQ85f0AYW3R6DAfBgNVHSMEGDAWgBQCRpZgebFT9qny
-      98WfIUDk6ZEB+jAOBgNVHQ8BAf8EBAMCAYYwgYMGCCsGAQUFBwEBBHcwdTAoBggr
-      BgEFBQcwAYYcaHR0cDovL29jc3Aub25lLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcw
-      AoY9aHR0cDovL2NhY2VydHMub25lLmRpZ2ljZXJ0LmNvbS9UZWxlY29tSW5mcmFQ
-      cm9qZWN0Um9vdENBLmNydDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY3JsLm9u
-      ZS5kaWdpY2VydC5jb20vVGVsZWNvbUluZnJhUHJvamVjdFJvb3RDQS5jcmwwDQYJ
-      KoZIhvcNAQELBQADggEBAFbz+K94bHIkBMJqps0dApniUmOn0pO6Q6cGh47UP/kX
-      IiPIsnYgG+hqYD/qtsiqJhaWi0hixRWn38UmvZxMRk27aSTGE/TWx0JTC3qDGsSe
-      XkUagumbSfmS0ZyiTwMPeGAjXwyzGorqZWeA95eKfImntMiOf3E7//GK0K7HpCx8
-      IPCnLZsZD2q/mLyBsduImFIRQJbLAhwIxpcd1qYJk+BlGFL+HtBpEbq6JxW2Xy+v
-      DpNWc2WIsUTle0rTc9JNJrLX4ChUJmKqf8obKHap3Xh3//qw/jDB9pOAinA33FLJ
-      EmCnwBvQr9mfNmPBGMYZVU8cPruDQJ57GjmmvdisbJY=
-      -----END CERTIFICATE-----
-    root.pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
-      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
-      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
-      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
-      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
-      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
-      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
-      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
-      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
-      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
-      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
-      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
-      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
-      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
-      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
-      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
-      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
-      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
-      5IOM7ItsRmen6u3qu+JXros54e4juQ==
-      -----END CERTIFICATE-----
 
   public_env_variables:
     SELFSIGNED_CERTS: "true"
@@ -253,7 +99,7 @@ owgw:
           secret:
             secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -314,7 +160,6 @@ owsec:
     openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
     mailer.hostname: email-smtp.us-east-2.amazonaws.com
-    openwifi.certificates.allowmismatch: "false"
 
   volumes:
     owsec:
@@ -342,7 +187,7 @@ owsec:
           secret:
             secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -357,9 +202,10 @@ owgwui:
     default:
       enabled: true
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
       paths:
@@ -424,8 +270,6 @@ owfms:
 
   public_env_variables:
     SELFSIGNED_CERTS: "true"
-    # This has no effect as template based config is not enabled (see configProperties)
-    FIRMWAREDB_MAXAGE: "360"
 
   configProperties:
     openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
@@ -434,7 +278,6 @@ owfms:
     openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
     openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
-    firmwaredb.maxage: 360
 
   volumes:
     owfms:
@@ -462,7 +305,7 @@ owfms:
           secret:
             secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -521,7 +364,6 @@ owprov:
     openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
     openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
     openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
-    rrm.providers: owrrm
 
   volumes:
     owprov:
@@ -549,7 +391,7 @@ owprov:
           secret:
             secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -564,9 +406,10 @@ owprovui:
     default:
       enabled: true
       annotations:
+        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
-        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
         alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
         alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
       paths:
@@ -657,7 +500,7 @@ owanalytics:
           secret:
             secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -737,7 +580,7 @@ owsub:
           secret:
             secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
@@ -754,8 +597,8 @@ owrrm:
         service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
         service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789"
         service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c"
-        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,16790"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,17007"
 
   resources:
     requests:
@@ -772,12 +615,9 @@ owrrm:
     SELFSIGNED_CERTS: "true"
     SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789
     KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092
+    DATABASECONFIG_SERVER: owrrm-mysql:3306
     DATABASECONFIG_DBNAME: owrrm
     DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1"
-    # Empty string will disable DB usage
-    DATABASECONFIG_SERVER: ""
-    # Uncomment these parameters to enable DB usage + enable mysql below
-    #DATABASECONFIG_SERVER: owrrm-mysql:3306
 
   secret_env_variables:
     DATABASECONFIG_USER: root
@@ -792,14 +632,14 @@ owrrm:
             claimName: {{ template "owrrm.fullname" . }}-pvc
 
       - name: restapi-ca
-        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
         subPath: ca.crt
         volumeDefinition: |
           secret:
             secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls
 
   mysql:
-    enabled: false
+    enabled: true
     fullnameOverride: "owrrm-mysql"
 
     resources:
@@ -844,18 +684,18 @@ clustersysteminfo:
 haproxy:
   resources:
     requests:
-      cpu: 50m
-      memory: 50Mi
+      cpu: 10m
+      memory: 20Mi
     limits:
-      cpu: 50m
-      memory: 50Mi
+      cpu: 10m
+      memory: 20Mi
   service:
     annotations:
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
       service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
-      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16006,17006"
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007,16006,17006"
       service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
 
 restapiCerts:

chart/templates/_initdb_sql.tpl

@@ -1,13 +0,0 @@
-{{- define "openwifi.user_creation_script_sql" -}}
-{{- $root := . -}}
-{{- $postgresqlBase := index .Values "postgresql" }}
-{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql") "Release" $.Release) }}
-{{ range index .Values "postgresql" "initDbScriptSecret" "services" }}
-CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
-ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}';
-CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }};
-GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
-ALTER DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} OWNER TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
-{{ end }}
-{{- end -}}
-

chart/templates/secret-pgpool-initdb.yaml

@@ -0,0 +1,16 @@
+{{- $root := . -}}
+{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-initdb-scripts
+kind: Secret
+type: Opaque
+data:
+  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
+{{- end }}

chart/templates/secret-postgresql-initdb.yaml

@@ -1,31 +0,0 @@
-{{- $root := . -}}
-{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
----
-apiVersion: v1
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ include "openwifi.name" . }}
-    helm.sh/chart: {{ include "openwifi.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  name: {{ include "openwifi.fullname" . }}-initdb-scripts
-kind: Secret
-type: Opaque
-data:
-  users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
-{{- end }}
-{{- if index .Values "postgresql" "initDbScriptSecret" "enabled" }}
----
-apiVersion: v1
-metadata:
-  labels:
-    app.kubernetes.io/name: {{ include "openwifi.name" . }}
-    helm.sh/chart: {{ include "openwifi.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  name: {{ include "openwifi.fullname" . }}-initdb-scripts
-kind: Secret
-type: Opaque
-data:
-  initdb.sql: {{ include "openwifi.user_creation_script_sql" . | b64enc | quote }}
-{{- end }}

chart/values.yaml

@@ -1,6 +1,7 @@
 # OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
 owgw:
   fullnameOverride: owgw
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -8,6 +9,7 @@ owgw:
 # OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
 owsec:
   fullnameOverride: owsec
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -15,6 +17,7 @@ owsec:
 # OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
 owfms:
   fullnameOverride: owfms
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -22,13 +25,15 @@ owfms:
 # OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/)
 owprov:
   fullnameOverride: owprov
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
-
+      #
 # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
 owanalytics:
   fullnameOverride: owanalytics
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -44,6 +49,7 @@ owprovui:
 # OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/)
 owsub:
   fullnameOverride: owsub
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -51,18 +57,26 @@ owsub:
 # OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
 owrrm:
   fullnameOverride: owrrm
+
+  public_env_variables:
+    UCENTRALCONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:17007
+
   mysql:
     enabled: true
 
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
   enabled: true
+
   fullnameOverride: kafka
+
   image:
     registry: docker.io
     repository: bitnami/kafka
     tag: 2.8.0-debian-10-r43
+
   minBrokerId: 100
+
   zookeeper:
     fullnameOverride: zookeeper
 
@@ -70,10 +84,11 @@ kafka:
 clustersysteminfo:
   enabled: false
   delay: 0 # number of seconds to delay clustersysteminfo execution
+
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
-      tag: v3.0.0
+      tag: v2.7.0-RC5
       pullPolicy: Always
 #      regcred:
 #        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
@@ -91,17 +106,23 @@ clustersysteminfo:
     # limits:
     #  cpu: 100m
     #  memory: 128Mi
+
   nodeSelector: {}
+
   tolerations: []
+
   affinity: {}
+
   public_env_variables:
     FLAGS: "-s --connect-timeout 3"
     OWSEC: owsec-owsec:16001
     CHECK_RETRIES: 30
+
   secret_env_variables:
     OWSEC_DEFAULT_USERNAME: tip@ucentral.com
     OWSEC_DEFAULT_PASSWORD: openwifi
     #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+
   activeDeadlineSeconds: 2400
   backoffLimit: 5
   restartPolicy: OnFailure
@@ -109,7 +130,9 @@ clustersysteminfo:
 # OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
 owls:
   enabled: false
+
   fullnameOverride: owls
+
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -117,13 +140,17 @@ owls:
 # OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
 owlsui:
   enabled: false
+
   fullnameOverride: owlsui
 
 # HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
 haproxy:
   enabled: true
+
   fullnameOverride: proxy
-  replicaCount: 1
+
+  replicaCount: 3
+
   service:
     type: LoadBalancer
     ports:
@@ -404,6 +431,7 @@ haproxy:
 # Cert-manager RESTAPI certs
 restapiCerts:
   enabled: false
+
   services:
     - owgw-owgw
     - owsec-owsec
@@ -413,21 +441,8 @@ restapiCerts:
     - owanalytics-owanalytics
     - owsub-owsub
     - owrrm-owrrm
-  clusterDomain: cluster.local
 
-postgresql:
-  enabled: false
-  nameOverride: pgsql
-  fullnameOverride: pgsql
-  initDbScriptSecret:
-    enabled: false
-    services:
-      - owgw
-      - owsec
-      - owfms
-      - owprov
-      - owanalytics
-      - owsub
+  clusterDomain: cluster.local
 
 postgresql-ha:
   enabled: false

docker-compose/.env

@@ -1,20 +1,19 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-
-OWGW_TAG=v3.0.2-RC1
-OWGWUI_TAG=v3.0.2-RC1
-OWSEC_TAG=v3.0.2-RC1
-OWFMS_TAG=v3.0.2-RC1
-OWPROV_TAG=v3.0.2-RC1
-OWPROVUI_TAG=v3.0.2-RC1
-OWANALYTICS_TAG=v3.0.2-RC1
-OWSUB_TAG=v3.0.2-RC1
-KAFKA_TAG=2.8.0-debian-10-r43
+OWGW_TAG=v2.7.0-RC4
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC4
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC4
+OWSUB_TAG=v2.7.0-RC3
+KAFKA_TAG=latest
 ZOOKEEPER_TAG=3.8
-POSTGRESQL_TAG=15.0
+POSTGRESQL_TAG=latest
 MYSQL_TAG=latest
 # NOTE currently OWRRM is only supported in LB installations
-#OWRRM_TAG=v2.8.0
+#OWRRM_TAG=v2.7.0-RC3
 
 # Microservice root/config directories
 OWGW_ROOT=/owgw-data

docker-compose/.env.letsencrypt

@@ -1,17 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-
-OWGW_TAG=v3.0.0
-OWGWUI_TAG=v3.0.0
-OWSEC_TAG=v3.0.0
-OWFMS_TAG=v3.0.0
-OWPROV_TAG=v3.0.0
-OWPROVUI_TAG=v3.0.0
-OWANALYTICS_TAG=v3.0.0
-OWSUB_TAG=v3.0.0
-OWRRM_TAG=v2.8.0
-KAFKA_TAG=2.8.0-debian-10-r43
-ZOOKEEPER_TAG=3.8
+OWGW_TAG=v2.7.0-RC4
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC4
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC4
+OWSUB_TAG=v2.7.0-RC3
+OWRRM_TAG=v2.7.0-RC3
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
 MYSQL_TAG=latest

docker-compose/.env.selfsigned

@@ -1,17 +1,16 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-
-OWGW_TAG=v3.0.0
-OWGWUI_TAG=v3.0.0
-OWSEC_TAG=v3.0.0
-OWFMS_TAG=v3.0.0
-OWPROV_TAG=v3.0.0
-OWPROVUI_TAG=v3.0.0
-OWANALYTICS_TAG=v3.0.0
-OWSUB_TAG=v3.0.0
-OWRRM_TAG=v2.8.0
-KAFKA_TAG=2.8.0-debian-10-r43
-ZOOKEEPER_TAG=3.8
+OWGW_TAG=v2.7.0-RC4
+OWGWUI_TAG=v2.7.0-RC2
+OWSEC_TAG=v2.7.0-RC3
+OWFMS_TAG=v2.7.0-RC3
+OWPROV_TAG=v2.7.0-RC4
+OWPROVUI_TAG=v2.7.0-RC2
+OWANALYTICS_TAG=v2.7.0-RC4
+OWSUB_TAG=v2.7.0-RC3
+OWRRM_TAG=v2.7.0-RC3
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
 ACMESH_TAG=latest
 TRAEFIK_TAG=latest
 MYSQL_TAG=latest

docker-compose/README.md

@@ -56,9 +56,9 @@ export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-comp
 | `RTTY_SERVER`                            | Set this to your OWGW RTTYS hostname, for example `owgw.example.com`.               |
 | `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 ### owgw-ui.env
-| Variable                    | Description                                                                |
-| --------------------------- | -------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 ### owsec.env
 | Variable                                 | Description                                                                         |
 | ---------------------------------------- | ----------------------------------------------------------------------------------- |
@@ -184,9 +184,9 @@ For the Let's Encrypt challenge to work you need a public IP address. The hostna
 | `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://openwifi.example.com`.               |
 
 ### owgw-ui.env
-| Variable                    | Description                                                                   |
-| --------------------------- | ----------------------------------------------------------------------------- |
-| `REACT_APP_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
+| Variable            | Description                                                                   |
+| ------------------- | ----------------------------------------------------------------------------- |
+| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://openwifi.example.com:16001`. |
 
 ### owsec.env
 | Variable            | Description                                                                   |

docker-compose/deploy.sh

@@ -53,10 +53,7 @@ usage () {
   echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
   echo;
   echo "- SDKHOSTNAME - Public hostname which is used for cert generation when using the Letsencrypt deployment method"
-  echo;
   echo "- TRAEFIK_ACME_EMAIL - Email address used for ACME registration"
-  echo;
-  echo "- CERTIFICATES_ALLOWMISMATCH - boolean flag to allow certificates serial mismatch";
 }
 
 # Check if required environment variables were passed
@@ -145,7 +142,7 @@ if [[ ! -z "$SIMULATORID" ]]; then
   sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
 fi
 
-sed -i "s~.*REACT_APP_UCENTRALSEC_URL=.*~REACT_APP_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
+sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
 
 if [[ ! -z "$OWSEC_AUTHENTICATION_DEFAULT_USERNAME" ]]; then
   sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
@@ -188,10 +185,6 @@ if [[ ! -z "$TRAEFIK_ACME_EMAIL" ]]; then
   sed -i "s~.*TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=.*~TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL=$TRAEFIK_ACME_EMAIL~" traefik.env
 fi
 
-if [[ ! -z "$CERTIFICATES_ALLOWMISMATCH" ]]; then
-  sed -i "s~.*CERTIFICATES_ALLOWMISMATCH=.*~CERTIFICATES_ALLOWMISMATCH=$CERTIFICATES_ALLOWMISMATCH~" owgw.env
-fi
-
 # Run the deployment
 if [[ ! -z "$SDKHOSTNAME" ]]; then
   docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -269,6 +269,3 @@ services:
       - "5912:5912"
       - "5913:5913"
       - "16789:16789"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"

docker-compose/docker-compose.lb.selfsigned.yml

@@ -263,6 +263,3 @@ services:
       - "5912:5912"
       - "5913:5913"
       - "16789:16789"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"

docker-compose/docker-compose.postgresql.yml

@@ -39,12 +39,6 @@ services:
     image: "postgres:${POSTGRESQL_TAG}"
     networks:
       openwifi:
-    command:
-      - "postgres"
-      - "-c"
-      - "max_connections=400"
-      - "-c"
-      - "shared_buffers=20MB"    
     env_file:
       - postgresql.env
     restart: unless-stopped

docker-compose/docker-compose.yml

@@ -12,7 +12,6 @@ volumes:
   mysql_data:
     driver: local
 
-
 networks:
   openwifi:
 
@@ -38,9 +37,6 @@ services:
       - "16003:16003"
       - "5912:5912"
       - "5913:5913"
-      - "1812:1812/udp"
-      - "1813:1813/udp"
-      - "3799:3799/udp"
     sysctls:
       - net.ipv4.tcp_keepalive_intvl=5
       - net.ipv4.tcp_keepalive_probes=2
@@ -180,6 +176,23 @@ services:
       - "16006:16006"
       - "16106:16106"
 
+# NOTE currently OWRRM is only supported in LB installations
+#  owrrm:
+#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
+#    networks:
+#      openwifi:
+#        aliases:
+#          - ${INTERNAL_OWRRM_HOSTNAME}
+#    env_file:
+#      - owrrm.env
+#    depends_on:
+#      - mysql
+#      - kafka
+#    restart: unless-stopped
+#    volumes:
+#      - owrrm_data:/owrrm-data
+#    ports:
+#      - "16789:16789"
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
@@ -221,29 +234,12 @@ services:
           --partitions 1 --bootstrap-server kafka:9092
         done && echo "Successfully created Kafka topics, exiting." && exit 0
 
-# NOTE currently OWRRM is only supported in LB installations
-#  owrrm:
-#    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owrrm:${OWRRM_TAG}"
-#    networks:
-#      openwifi:
-#        aliases:
-#          - ${INTERNAL_OWRRM_HOSTNAME}
-#    env_file:
-#      - owrrm.env
-#    depends_on:
-#      - mysql
-#      - kafka
-#    restart: unless-stopped
-#    volumes:
-#      - owrrm_data:/owrrm-data
-#    ports:
-#      - "16789:16789"
-#  mysql:
-#    image: "mysql:${MYSQL_TAG}"
-#    networks:
-#      openwifi:
-#    env_file:
-#      - mysql.env
-#    restart: unless-stopped
-#    volumes:
-#      - mysql_data:/var/lib/mysql
+  mysql:
+    image: "mysql:${MYSQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - mysql.env
+    restart: unless-stopped
+    volumes:
+      - mysql_data:/var/lib/mysql

docker-compose/kafka.env

@@ -1,3 +1,3 @@
 KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
 ALLOW_PLAINTEXT_LISTENER=yes
-TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan rrm
+TOPICS=command connection device_event_queue device telemetry healthcheck provisioning_change service_events state wifiscan

docker-compose/owanalytics.env

@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWANALYTICS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owanalytics.wlan.local:17009
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16009
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/owfms.env

@@ -21,7 +21,6 @@ SYSTEM_DATA=$OWFMS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #S3_BUCKETNAME=ucentral-ap-firmware
 #S3_REGION=us-east-1
 S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI

docker-compose/owgw-ui.env

@@ -1 +1,2 @@
-REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owgw.env

@@ -37,7 +37,6 @@ SYSTEM_DATA=$OWGW_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #SIMULATORID=
 #IPTOCOUNTRY_PROVIDER=ipinfo
 #IPTOCOUNTRY_IPINFO_TOKEN=
@@ -50,10 +49,6 @@ RTTY_SERVER=openwifi.wlan.local
 #RTTY_TIMEOUT=60
 #RTTY_VIEWPORT=5913
 #RTTY_ASSETS=$OWGW_ROOT/rtty_ui
-RADIUS_PROXY_ENABLE=true
-#RADIUS_PROXY_ACCOUNTING_PORT=1813
-#RADIUS_PROXY_AUTHENTICATION_PORT=1812
-#RADIUS_PROXY_COA_PORT=3799
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite
@@ -67,4 +62,3 @@ KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE_MYSQL_PASSWORD=owgw
 #STORAGE_TYPE_MYSQL_DATABASE=owgw
 #STORAGE_TYPE_MYSQL_PORT=3306
-#CERTIFICATES_ALLOWMISMATCH=false

docker-compose/owls/.env

@@ -3,7 +3,7 @@ COMPOSE_PROJECT_NAME=owls
 OWSEC_TAG=main
 OWLS_TAG=main
 OWLSUI_TAG=master
-KAFKA_TAG=2.8.0-debian-10-r43
+KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
 
 # Microservice root/config directories

docker-compose/owls/deploy_owls.sh

@@ -57,7 +57,7 @@ cd wlan-cloud-ucentral-deploy/docker-compose/owls
 sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
 sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
 
-sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
+sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
 
 sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
 sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env

docker-compose/owls/owls-ui.env

@@ -1 +1,2 @@
-REACT_APP_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+DEFAULT_UCENTRALSEC_URL=https://openwifi-owls.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owprov.env

@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWPROV_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owprov.wlan.local:17005
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16005
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/owsec.env

@@ -22,7 +22,6 @@ SYSTEM_DATA=$OWSEC_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16001
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
 #SERVICE_KEY_PASSWORD=mypassword
 #MAILER_HOSTNAME=localhost

docker-compose/owsub.env

@@ -23,7 +23,6 @@ SYSTEM_DATA=$OWSUB_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsub.wlan.local:17006
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16006
 SYSTEM_URI_UI=https://openwifi.wlan.local
-#SECURITY_RESTAPI_DISABLE=false
 #KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
 #STORAGE_TYPE=sqlite

docker-compose/postgresql.env

@@ -15,6 +15,6 @@ OWPROV_DB_PASSWORD=owprov
 OWANALYTICS_DB=owanalytics
 OWANALYTICS_DB_USER=owanalytics
 OWANALYTICS_DB_PASSWORD=owanalytics
-OWSUB_DB=owsub
-OWSUB_DB_USER=owsub
-OWSUB_DB_PASSWORD=owsub
+OWUSB_DB=owsub
+OWUSB_DB_USER=owsub
+OWUSB_DB_PASSWORD=owsub

docker-compose/postgresql/init-db.sh

@@ -3,15 +3,21 @@ set -e
 
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
     CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
-    CREATE DATABASE $OWGW_DB OWNER $OWGW_DB_USER;
+    CREATE DATABASE $OWGW_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWGW_DB TO $OWGW_DB_USER;
     CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
-    CREATE DATABASE $OWSEC_DB OWNER $OWSEC_DB_USER;
+    CREATE DATABASE $OWSEC_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSEC_DB TO $OWSEC_DB_USER;
     CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
-    CREATE DATABASE $OWFMS_DB OWNER $OWFMS_DB_USER;
+    CREATE DATABASE $OWFMS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWFMS_DB TO $OWFMS_DB_USER;
     CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
-    CREATE DATABASE $OWPROV_DB OWNER $OWPROV_DB_USER;
+    CREATE DATABASE $OWPROV_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
     CREATE USER $OWANALYTICS_DB_USER WITH ENCRYPTED PASSWORD '$OWANALYTICS_DB_PASSWORD';
-    CREATE DATABASE $OWANALYTICS_DB OWNER $OWANALYTICS_DB_USER;
+    CREATE DATABASE $OWANALYTICS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWANALYTICS_DB TO $OWANALYTICS_DB_USER;
     CREATE USER $OWSUB_DB_USER WITH ENCRYPTED PASSWORD '$OWSUB_DB_PASSWORD';
-    CREATE DATABASE $OWSUB_DB OWNER $OWSUB_DB_USER;
+    CREATE DATABASE $OWSUB_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSUB_DB TO $OWSUB_DB_USER;
 EOSQL

docker-compose/traefik.env

@@ -3,9 +3,6 @@ TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
 TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
 TRAEFIK_ENTRYPOINTS_OWGWRTTYS_ADDRESS=:5912
 TRAEFIK_ENTRYPOINTS_OWGWRTTYSVIEW_ADDRESS=:5913
-TRAEFIK_ENTRYPOINTS_OWGWRADACC_ADDRESS=:1813/udp
-TRAEFIK_ENTRYPOINTS_OWGWRADAUTH_ADDRESS=:1812/udp
-TRAEFIK_ENTRYPOINTS_OWGWRADCOA_ADDRESS=:3799/udp
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
 TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_ADDRESS=:8080

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -147,29 +147,3 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
-
-udp:
-  services:
-    owgw-radius-acc:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1813"
-    owgw-radius-auth:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1812"
-    owgw-radius-coa:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:3799"
-
-  routers:
-    owgw-radius-acc:
-      entryPoints: "owgwradacc"
-      service: "owgw-radius-acc"
-    owgw-radius-auth:
-      entryPoints: "owgwradauth"
-      service: "owgw-radius-auth"
-    owgw-radius-coa:
-      entryPoints: "owgwradcoa"
-      service: "owgw-radius-coa"

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -153,29 +153,3 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
-
-udp:
-  services:
-    owgw-radius-acc:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1813"
-    owgw-radius-auth:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:1812"
-    owgw-radius-coa:
-      loadBalancer:
-        servers:
-          - address: "owgw.wlan.local:3799"
-
-  routers:
-    owgw-radius-acc:
-      entryPoints: "owgwradacc"
-      service: "owgw-radius-acc"
-    owgw-radius-auth:
-      entryPoints: "owgwradauth"
-      service: "owgw-radius-auth"
-    owgw-radius-coa:
-      entryPoints: "owgwradcoa"
-      service: "owgw-radius-coa"