WIFI-13871 Correct log setting and point to chart

Signed-off-by: Carsten Schafer <Carsten.Schafer@kinarasystems.com>
Merge pull request #273 from Telecominfraproject/WIFI-13836
2026-03-20 03:40:49 +00:00 · 2024-06-27 09:13:25 -04:00 · 2024-06-26 10:16:54 -04:00 · 2024-06-25 14:51:41 -04:00 · 2024-06-19 07:26:44 -04:00 · 2024-06-10 15:58:46 -04:00
7 changed files with 290 additions and 3 deletions
--- a/.github/workflows/git-release.yml
+++ b/.github/workflows/git-release.yml
@@ -55,5 +55,5 @@ jobs:
        git config --global user.email "tip-automation@telecominfraproject.com"
        git config --global user.name "TIP Automation User"
        #helm repo add bitnami https://charts.bitnami.com/bitnami
-        helm repo update
+        #helm repo update
        ./git-release-tool.sh
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -43,8 +43,6 @@ jobs:
        working-directory: wlan-cloud-ucentral-deploy/chart
        run: |
          helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
-          #helm repo add bitnami https://charts.bitnami.com/bitnami
-          helm repo update
          helm dependency update
          mkdir dist
          helm package . -d dist
--- a/cgw/.sops.yaml
+++ b/cgw/.sops.yaml
@@ -0,0 +1,2 @@
+creation_rules:
+- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'
--- a/cgw/README.md
+++ b/cgw/README.md
@@ -0,0 +1,35 @@
+# CGW Charts
+
+## Pre-requisites
+
+The following binaries are needed:
+- [helmfile](https://github.com/helmfile/helmfile/releases/download/v0.165.0/helmfile_0.165.0_linux_amd64.tar.gz)
+- helm
+- kubectl
+
+The following helm plugins are needed:
+```bash
+helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0
+helm plugin install https://github.com/databus23/helm-diff
+helm plugin install https://github.com/jkroepke/helm-secrets
+```
+
+## Configuration
+
+_helmfile.yaml_ contains the configuration for all the environments. External values files are used for secrets or where appropriate. Each environment needs to be created in this file before it can be deployed.  The files in ./secrets/ are encrypted with SOPS. Use `helm secrets edit secrets/FILE` to edit.
+
+## Installation
+
+To install the entire stack: `helm --environment ENVNAME apply`.
+To install just cgw: `helm --environment ENVNAME -l app=cgw apply`.
+To install just cgw with a specific image tag: `helm --environment ENVNAME -l app=cgw apply --state-values-set "cgw.tag=latest"`.
+
+## Removal
+
+To remove the entire stack: `helm --environment ENVNAME delete`.
+To remove just cgw: `helm --environment ENVNAME -l app=cgw delete`.
+Delete the namespace manually if it is no longer required.
+
+# Re-installation
+
+Note that the kafka, postgres and redis charts do not want to be reinstalled so will have to be removed and installed. If you wish to upgrade these then you must follow the respective Bitnami instructions on how to upgrade these charts.
--- a/cgw/helmfile.yaml
+++ b/cgw/helmfile.yaml
@@ -0,0 +1,211 @@
+environments:
+  default:
+    secrets:
+      - secrets/values.postgres.yaml
+      - secrets/certs.tip.yaml
+    values:
+    - global:
+        name: devcgw
+        namespace: openwifi-devcgw
+        domain: cicd.lab.wlan.tip.build
+        certificateARN: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be
+    - kafka:
+        enabled: true
+    - redis:
+        enabled: true
+    - postgres:
+        enabled: true
+    - cgw:
+        enabled: true
+        tag: next
+  cgw01:
+    secrets:
+      - secrets/values.postgres.yaml
+      - secrets/certs.tip.yaml
+    values:
+    - global:
+        name: cgw01
+        namespace: openlan-cgw01
+        domain: cicd.lab.wlan.tip.build
+        certificateARN: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
+    - kafka:
+        enabled: true
+    - redis:
+        enabled: true
+    - postgres:
+        enabled: true
+    - cgw:
+        enabled: true
+        tag: next
+
+---
+
+helmDefaults:
+  force: false
+  timeout: 300
+  createNamespace: true
+
+releases:
+- name: kafka
+  version: 28.3.0
+  namespace: {{ .Environment.Values.global.namespace }}
+  condition: kafka.enabled
+  chart: oci://registry-1.docker.io/bitnamicharts/kafka
+  labels:
+    group: base
+    app: kafka
+  values:
+    - fullnameOverride: kafka
+    - volumePermissions:
+        enabled: true
+    - commonAnnotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+    - readinessProbe:
+        initialDelaySeconds: 45
+    - livenessProbe:
+        initialDelaySeconds: 60
+    - heapOpts: -Xmx1024m -Xms1024m
+    - kraft:
+        enabled: true
+    - zookeeper:
+        enabled: false
+    - provisioning:
+        enabled: true
+        topics:
+          - name: CnC
+            partitions: 1
+            replicationFactor: 1
+          - name: CnC_Res
+            partitions: 1
+            replicationFactor: 1
+    - controller:
+        replicaCount: 1
+        extraConfig: |-
+          maxMessageBytes = 1048588
+        extraEnvVars:
+          - name: ALLOW_PLAINTEXT_LISTENER
+            value: "yes"
+        resources:
+          requests:
+            cpu: 500m
+            memory: 512Mi
+          limits:
+            cpu: 750m
+            memory: 2Gi
+    - listeners:
+        client:
+          protocol: PLAINTEXT
+          containerPort: 9092
+        controller:
+          protocol: "PLAINTEXT"
+    - broker:
+        replicaCount: 2
+        persistence:
+          size: 20Gi
+        resources:
+          requests:
+            cpu: 500m
+            memory: 512Mi
+          limits:
+            cpu: 750m
+            memory: 2Gi
+
+- name: postgres
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: oci://registry-1.docker.io/bitnamicharts/postgresql
+  version: 13.4.3
+  condition: postgres.enabled
+  labels:
+    group: base
+    app: postgres
+  values:
+    - fullnameOverride: pgsql
+    # workaround for: postgresql.conf file not detected. Generating it...
+    # cp: cannot create regular file '/bitnami/postgresql/conf/postgresql.conf': Permission denied
+    - volumePermissions:
+        enabled: true
+    - global:
+        postgresql:
+          auth:
+            postgresPassword: {{ .Environment.Values.postgres.pgUser.password }}
+    - auth:
+        postgresPassword: {{ .Environment.Values.postgres.pgUser.password }}
+    - primary:
+        extendedConfiguration: |-
+          max_connections = 550
+          shared_buffers = 128MB
+          log_error_verbosity = verbose
+          tcp_keepalives_idle = 300
+          tcp_keepalives_interval = 30
+          tcp_user_timeout = 300
+        initdb:
+          scripts:
+            initusers.sql: |-
+              CREATE USER {{ .Environment.Values.postgres.cgwUser.name }};
+              ALTER USER cgw WITH ENCRYPTED PASSWORD '{{ .Environment.Values.postgres.cgwUser.password }}';
+              CREATE DATABASE cgw OWNER {{ .Environment.Values.postgres.cgwUser.name }};
+              \c cgw
+              CREATE TABLE infrastructure_groups (id INT PRIMARY KEY, reserved_size INT, actual_size INT);
+              CREATE TABLE infras (mac MACADDR PRIMARY KEY, infra_group_id INT, FOREIGN KEY(infra_group_id) REFERENCES infrastructure_groups(id) ON DELETE CASCADE);
+
+- name: redis
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: oci://registry-1.docker.io/bitnamicharts/redis
+  version: 19.5.2
+  condition: redis.enabled
+  labels:
+    group: base
+    app: redis
+  values:
+    - architecture: standalone
+    - auth:
+        enabled: false
+    - master:
+        extraEnvVars:
+          - name: ALLOW_EMPTY_PASSWORD
+            value: "yes"
+
+- name: cgw
+  namespace: {{ .Environment.Values.global.namespace }}
+  #chart: ../../openlan-cgw/helm
+  chart: "git+https://github.com/Telecominfraproject/openlan-cgw@helm?ref=next"
+  version: 0.1.0
+  condition: cgw.enabled
+  labels:
+    group: apps
+    app: cgw
+  secrets:
+    - secrets/certs.tip.yaml
+  values:
+    - images:
+        cgw:
+          tag: {{ .Environment.Values.cgw.tag }}
+    - public_env_variables:
+        CGW_DB_HOST: pgsql
+        CGW_DB_PORT: "5432"
+        CGW_DB_USERNAME: "{{ .Environment.Values.postgres.cgwUser.name }}"
+        CGW_KAFKA_HOST: kafka
+        CGW_KAFKA_PORT: "9092"
+        CGW_REDIS_HOST: redis-master
+        CGW_REDIS_PORT: "6379"
+        CGW_ALLOW_CERT_MISMATCH: "yes"
+        # use (#cpus * 2) - 2
+        DEFAULT_WSS_THREAD_NUM: "4"
+        # Useful for debugging:
+        #CGW_LOG_LEVEL: "debug"
+        #RUST_BACKTRACE: "full"
+    - secret_env_variables:
+        CGW_DB_PASSWORD: "{{ .Environment.Values.postgres.cgwUser.password }}"
+    - services:
+        cgw:
+          type: LoadBalancer
+          annotations:
+            external-dns.alpha.kubernetes.io/hostname: cgw-{{ .Environment.Values.global.name }}.{{ .Environment.Values.global.domain }}
+            #service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+            service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+            service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+            service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.global.certificateARN }}
+            service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15003"
+            service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
+            service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002"
+            alb.ingress.kubernetes.io/healthcheck-path: /health
--- a/cgw/secrets/certs.tip.yaml
+++ b/cgw/secrets/certs.tip.yaml
--- a/cgw/secrets/values.postgres.yaml
+++ b/cgw/secrets/values.postgres.yaml
@@ -0,0 +1,21 @@
+postgres:
+    pgUser:
+        password: ENC[AES256_GCM,data:QHV7Y5Jfes4=,iv:QTs0fu7behn1g2CLheoJROFHNYvN6OpS/vcQQC0NrMs=,tag:PeaRcoDsOrEjDN9KgHUEPA==,type:str]
+    cgwUser:
+        name: ENC[AES256_GCM,data:g6J6,iv:H4HxE5orLFXZFDDVD2tAS0PkOqNJ9j6SNu1ief7Snk0=,tag:Tuj9yjBcJzZBBZRtwAY33w==,type:str]
+        password: ENC[AES256_GCM,data:5K0f,iv:+g61dhYOOTbr8TwnwwLHgW17R+6zXpQT2PfgjvofvlI=,tag:1nSVXgkTC41d1AnDDE19Hg==,type:int]
+sops:
+    kms:
+        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
+          created_at: "2024-06-12T13:45:13Z"
+          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEPrxIAaT+xE4C1IFYmWvmkAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMrFaPNxf0atKVKnFsAgEQgDu8uqj035qrcelG0Dq4/Ond4H5bmpUHNRVEj0C8BFxg+a4R3loIk4NBeyuA0yqC0cQeWnA5e+/SjVtGAA==
+          aws_profile: ""
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-06-25T17:29:15Z"
+    mac: ENC[AES256_GCM,data:gbXt2MRhlx9zGcm9ZvXjWuwSPh/QHkNngGx0j0UQ61jZTINRh4ZgERuUj7Vpo1tg/blIFWbl768wB89RAGq3n1C4AcQpX3xvC33QyCT0i4pitQmnec9RnJL0L197mioOikPxl8z56WE1014EV+Vvbk7rf1CQkqrrEIJINoqSdfE=,iv:ThbvKhY0fsaXJz9rORnvxY64vMWyM/IOgSI+kuFFbAQ=,tag:fSF4tdyf3wc5+uIfoYLc5g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
Author	SHA1	Message	Date
Carsten Schafer	a3d8615d79	WIFI-13871 Correct log setting and point to chart Signed-off-by: Carsten Schafer <Carsten.Schafer@kinarasystems.com>	2024-06-27 09:13:25 -04:00
Carsten Schafer	e49bd3a6c9	Merge pull request #273 from Telecominfraproject/WIFI-13836 WIFI-13836: first cgw helmfile checkin	2024-06-26 10:16:54 -04:00
Carsten Schafer	5b2ff48836	More helmfile tweaks Signed-off-by: Carsten Schafer <Carsten.Schafer@kinarasystems.com>	2024-06-25 14:51:41 -04:00
Carsten Schafer	d9bb26ec4c	Update git-release.yml No repo added, don't run helm repo update.	2024-06-19 07:26:44 -04:00
jaspreetsachdev	065f719d1f	Merge pull request #272 from Telecominfraproject/WIFI-13821-main WIFI-13821 copy GH fixes from 3.1.0	2024-06-10 15:58:46 -04:00
Carsten Schafer	3cb9debe91	copy GH fixes from 3.1.0 Signed-off-by: Carsten Schafer <Carsten.Schafer@kinarasystems.com>	2024-06-10 15:50:54 -04:00