Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-21 08:39:12 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:NETEXP-3471
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
..
compare: Telecominfraproject:feature/thirdparties
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

25 Commits
NETEXP-347 ... feature/th

Author SHA1 Message Date
4c74356b41
9257b2a067 Merge branch 'master' into feature/thirdparties 2021-01-28 15:36:26 +01:00
4c74356b41
7e568c4ab7 Update testing.yml 2021-01-28 17:21:50 +03:00
4c74356b41
d78131d344 Update README.md 2021-01-28 16:07:39 +03:00
4c74356b41
d8702fd85f Update README.md 2021-01-28 16:03:50 +03:00
Leonid Mirsky
4f1454bcb2 Update README.md with the migration plan for v0.4 to v1.x 2021-01-28 14:06:13 +02:00
4c74356b41
414ffd719f Update README.md 2021-01-28 14:54:28 +03:00
4c74356b41
67087b61d0 Update README.md 2021-01-28 08:02:35 +03:00
4c74356b41
e2db9c038b Update README.md 2021-01-28 08:01:21 +03:00
4c74356b41
1c88325ac7 Update README.md 2021-01-28 08:00:16 +03:00
Gleb Boushev
489345ab5d further yaml formatting 2021-01-27 10:51:47 +03:00
Gleb Boushev
ced36d1b83 fixing yaml files 2021-01-27 10:18:01 +03:00
Gleb Boushev
9697cceba6 fixing cleanup task 2021-01-26 16:07:50 +03:00
Gleb Boushev
7e04919d20 improving namespace support 2021-01-26 15:20:35 +03:00
Gleb Boushev
500c50774d found the culprit 2021-01-25 17:25:09 +03:00
Gleb Boushev
e8106f649f debugging the build 2021-01-25 17:21:27 +03:00
Gleb Boushev
8cea5fea15 debugging the build 2021-01-25 17:19:37 +03:00
Gleb Boushev
f964705a84 fixing another path issue 2021-01-25 17:13:40 +03:00
Gleb Boushev
7e9b11c829 fixing path issues 2021-01-25 17:09:34 +03:00
Gleb Boushev
cfdaf147b2 forgot to fix the namespace in the testing build 2021-01-25 17:07:36 +03:00
Gleb Boushev
3a894f5b81 fixing PR comments, fixing testing build 2021-01-25 17:02:45 +03:00
Gleb Boushev
19a5b59657 fixing missing folder 2021-01-20 13:25:44 +03:00
Gleb Boushev
d3b360ed30 changing storage classes to mimic what minikube has 2021-01-19 19:07:19 +03:00
Gleb Boushev
7d0f4d9a0e removing hardcoded passwords 2021-01-19 12:23:45 +03:00
Gleb Boushev
8d0b5210a0 migration values example for persistence, dev-local example for thirdparties 2021-01-19 07:59:06 +03:00
Gleb Boushev
1382dfe18f thirdparties replaced with latest bitnami charts 2021-01-19 07:45:29 +03:00
133 changed files with 2404 additions and 1660 deletions
Expand all files Collapse all files

37
.github/workflows/enforce-jira-issue-key.yml vendored
View File

@@ -1,37 +0,0 @@
name: Ensure Jira issue is linked
on:
pull_request:
types: [opened, edited, reopened, synchronize]
jobs:
check_for_issue_key:
runs-on: ubuntu-latest
steps:
- name: Log into Jira
uses: atlassian/gajira-login@v2.0.0
env:
JIRA_BASE_URL: ${{ secrets.TIP_JIRA_URL }}
JIRA_USER_EMAIL: ${{ secrets.TIP_JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.TIP_JIRA_API_TOKEN }}
- name: Find issue key in PR title
id: issue_key_pr_title
continue-on-error: true
uses: atlassian/gajira-find-issue-key@v2.0.2
with:
string: ${{ github.event.pull_request.title }}
from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
- name: Find issue key in branch name
continue-on-error: true
id: issue_key_branch_name
uses: atlassian/gajira-find-issue-key@v2.0.2
with:
string: ${{ github.event.pull_request.head.ref }}
from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
- name: Check if issue key was found
run: |
if [[ -z "${{ steps.issue_key_pr_title.outputs.issue }}" && -z "${{ steps.issue_key_branch_name.outputs.issue }}" ]]; then
echo "Jira issue key could not be found!"
exit 1
fi

60
.github/workflows/helm-build.yml vendored
View File

@@ -3,60 +3,28 @@ name: Helm CI - TIP WLAN Cloud Master
on: on:
push: push:
branches: [ master ] branches: [ master ]
tags: [ "v*" ]
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
with:
ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
submodules: true
- name: Login to TIP Docker registry
uses: azure/docker-login@v1
with:
login-server: tip-tip-wlan-cloud-docker-repo.jfrog.io
username: build-pipeline
password: ${{ secrets.DOCKER_REPO_PASSWORD }}
- name: Login to TIP Helm chart registry - name: Login to TIP Helm chart registry
run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }} run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }}
- name: Build tip-wlan chart file - name: Build tip-wlan chart file
run: | run: tar -czf tip-wlan.tgz tip-wlan
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
PACKAGE_OPTS="--version ${GITHUB_REF#refs/tags/v}"
else
PACKAGE_OPTS=""
fi
helm package $PACKAGE_OPTS -u tip-wlan
- name: Store chart as artifact
uses: actions/upload-artifact@v2
with:
name: helm-chart
path: tip-wlan-*.tgz
- name: Upload tip-wlan chart to the TIP helm registry - name: Upload tip-wlan chart to the TIP helm registry
run: curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan.tgz"
- name: Verify that chart was uploaded successfully
run: | run: |
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then helm repo update
curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-${GITHUB_REF#refs/tags/v}.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-${GITHUB_REF#refs/tags/v}.tgz" helm search repo tip
else
curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-*.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-master.tgz"
fi
release:
runs-on: ubuntu-latest
needs: [ build ]
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v2
- name: setup Python
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: install keepachangelog
run: pip install keepachangelog
- name: create release description
continue-on-error: true
run: python .github/workflows/prepare-release-description.py ${GITHUB_REF#refs/tags/v} > RELEASE.md
- name: download Helm chart artifact
uses: actions/download-artifact@v2
with:
name: helm-chart
- name: create release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: tip-wlan-*.tgz
body_path: RELEASE.md
prerelease: ${{ contains(github.ref, 'rc') }}

98
.github/workflows/nightly-scenario-test.yml vendored
View File

@@ -1,98 +0,0 @@
name: Nightly testing of all supported deployment scenarios
on:
workflow_dispatch:
schedule:
- cron: '15 0 * * *'
defaults:
run:
shell: bash
jobs:
microk8s:
runs-on: ubuntu-latest
steps:
- name: Checkout PKI scripts repo
uses: actions/checkout@v2
with:
path: wlan-pki-cert-scripts
repository: Telecominfraproject/wlan-pki-cert-scripts
- name: Checkout Cloud SDK repo
uses: actions/checkout@v2
with:
path: wlan-cloud-helm
repository: Telecominfraproject/wlan-cloud-helm
- name: Generate and copy certs
working-directory: wlan-pki-cert-scripts
run: |
./generate_all.sh
./copy-certs-to-helm.sh ../wlan-cloud-helm
- name: Determine public IP address
id: ip
uses: haythem/public-ip@v1.2
- uses: balchua/microk8s-actions@v0.2.1
with:
channel: 'latest/stable'
addons: '["dns", "helm3", "storage", "metallb:${{ steps.ip.outputs.ipv4 }}-${{ steps.ip.outputs.ipv4 }}"]'
- name: Deploy Cloud SDK
working-directory: wlan-cloud-helm
run: |
helm dependency update tip-wlan
# Github runners only have 2 CPU cores and 7GB of RAM. Thus we need to disable some of our resource requests
helm upgrade --install tip-wlan tip-wlan -f tip-wlan/example-values/microk8s-basic/values.yaml --create-namespace --namespace tip --set cassandra.resources=null --wait --timeout 10m
- name: Show pod state on deployment failure
if: failure()
run: |
kubectl get pods -n tip
kubectl describe pods -n tip
- name: Set custom DNS entries
run: |
sudo sh -c "echo -n \"\n${{ steps.ip.outputs.ipv4 }} wlan-ui.wlan.local wlan-ui-graphql.wlan.local\" >> /etc/hosts"
- name: Test HTTP endpoints
run: |
# this is needed to make until work
set +e
urls="https://wlan-ui.wlan.local https://wlan-ui-graphql.wlan.local/graphql"
for url in $urls; do
max_retry=300
counter=0
until curl --silent --insecure $url > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $url not reachable. trying again..."
((counter++))
done
echo Successfully reached URL $url
done
- name: Test MQTT and OpenSync endpoints
working-directory: wlan-cloud-helm/tip-wlan/resources/certs
run: |
# this is needed to make until work
set +e
endpoints="${{ steps.ip.outputs.ipv4 }}:1883 ${{ steps.ip.outputs.ipv4 }}:6640 ${{ steps.ip.outputs.ipv4 }}:6643"
for endpoint in $endpoints; do
max_retry=300
counter=0
until echo Q | openssl s_client -connect $endpoint -CAfile cacert.pem -cert clientcert.pem -key clientkey.pem > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$endpoint not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $endpoint not reachable. trying again..."
((counter++))
done
echo Successfully reached endpoint $endpoint
done

24
.github/workflows/prepare-release-description.py vendored
View File

@@ -1,24 +0,0 @@
import sys
import keepachangelog
CATEGORIES = ['added', 'changed', 'deprecated', 'removed', 'fixed', 'security']
version = sys.argv[1]
try:
changes = keepachangelog.to_dict("CHANGELOG.md")[version]
except KeyError:
print(f'No changelog entry for version {version}', file=sys.stderr)
exit(1)
print('## Changelog')
for category in CATEGORIES:
entries = changes.get(category, [])
if entries:
print(f'### {category.capitalize()}')
for entry in entries:
print(f'- {entry}')

58
CHANGELOG.md
View File

@@ -5,59 +5,13 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased] - YYYY-MM-DD ## [Unreleased]
## [0.4.0](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4) - 2021-01-28
### Added ### Added
- export servo MBeans with JMX Prometheus exporter [#65](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/65) - Initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
- render post-deployment message [#73](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/73)
### Changed
- migrate to networking.k8s.io/v1 API version for Ingress resources [#74](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/74)
## [1.0.1] - 2021-04-12
### Changed
- bump cloud controller version to 1.0.1
### Fixed
- correct SQL and CQL schema URLs
### Changed
- make images for all init containers configurable [#67](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/67)
## [1.0.0] - 2021-04-01
### Added
- replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
- centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
### Changed
- improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
### Removed
- removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- various outdated sections in values.yaml and environment files
- various secrets in subcharts as they are now part of the parent chart
- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
### Fixed
- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
## [0.4.0] - 2021-01-28
### Added
- initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
- [changes since first commit](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4)

15
README.md
View File

@@ -1,11 +1,11 @@
# wlan-cloud-helm # wlan-cloud-helm
This repository contains helm charts for various deployment types of the tip wlan cloud services. This repository contains helm charts for various deployment types of the tip wlan cloud services.
# IMPORTANT - Cloud Controller Helm charts v0.4 to v1.x migration procedure # IMPORTANT - CloudSDK Helm charts v0.4 to v1.x migration procedure
We've introduced breaking changes to how Cloud Controller database charts are managed. We've introduced breaking changes to how CloudSDK database charts are managed.
If you want to preserve your data when moving from v0.4 to v1.x of the Cloud Controller Helm charts, follow the steps outlined below. If you want to preserve your data when moving from v0.4 to v1.x of the CloudSDK Helm charts, follow the steps outlined below.
If you can re-install your Cloud Controller and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure. If you can re-install your CloudSDK and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.
## Prerequisites ## Prerequisites
@@ -61,7 +61,7 @@ More details can be found here: https://telecominfraproject.atlassian.net/wiki/s
# Deleting the wlan-cloud deployment: # Deleting the wlan-cloud deployment:
Run the following command: Run the following command:
``` ```
helm del tip-wlan -n tip (replace the namespace with your namespace) helm del tip-wlan -n default
``` ```
(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.) (Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)
@@ -98,6 +98,7 @@ helm del tip-wlan -n tip (replace the namespace with your namespace)
- helm test <RELEASE_NAME> -n default - helm test <RELEASE_NAME> -n default
(For more details add --debug flag to the above command) (For more details add --debug flag to the above command)
# Local environment # Local environment
In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below: In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
@@ -108,6 +109,7 @@ mqtt-server.cnf:
-commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build -commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build
+commonName_default = opensync-mqtt-broker.wlan.local +commonName_default = opensync-mqtt-broker.wlan.local
openssl-server.cnf: openssl-server.cnf:
-DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build -DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build
-DNS.2 = opensync-controller.zone1.lab.wlan.tip.build -DNS.2 = opensync-controller.zone1.lab.wlan.tip.build
@@ -148,7 +150,7 @@ minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.
Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers. Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
Deploy Cloud Controller chart: Deploy CloudSDK chart:
``` ```
helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default
@@ -187,6 +189,7 @@ Firefox:
2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`. 2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
Repeat the step for `https://wlan-ui-graphql.wlan.local` Repeat the step for `https://wlan-ui-graphql.wlan.local`
Chrome and other browsers using system certificate store: Chrome and other browsers using system certificate store:
1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143): 1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):

1
glusterfs/README.md
View File

@@ -28,6 +28,7 @@ For other issues faced during deployment, see here:
- If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources. - If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources.
- If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources. - If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources.
- Deletion: - Deletion:
./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE> ./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE>
- Note: - Note:

1
glusterfs/gk-deploy
View File

@@ -990,6 +990,7 @@ parameters:
output "" output ""
fi fi
if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then
if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then
eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs" eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs"

4
tip-wlan/Chart.yaml
View File

@@ -14,11 +14,11 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
version: 1.0.0 version: 0.4.0
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. # incremented each time you make changes to the application.
appVersion: 1.0.0 appVersion: 1.16.0
home: https://telecominfraproject.com/wifi/ home: https://telecominfraproject.com/wifi/
sources: sources:

2
tip-wlan/charts/common/templates/_ports.tpl
View File

@@ -10,6 +10,7 @@
{{- printf "%d%d" $portPrefix $start -}} {{- printf "%d%d" $portPrefix $start -}}
{{- end -}} {{- end -}}
{{- define "apDebugPortsEnd" -}} {{- define "apDebugPortsEnd" -}}
{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}} {{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
{{- $start := $.Values.accessPointDebugPortRange.start | int -}} {{- $start := $.Values.accessPointDebugPortRange.start | int -}}
@@ -18,6 +19,7 @@
{{- end -}} {{- end -}}
{{- define "container.dev.apDebugPorts" -}} {{- define "container.dev.apDebugPorts" -}}
{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}} {{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
{{- range $index, $port := $accessPointDebugPorts }} {{- range $index, $port := $accessPointDebugPorts }}

1
tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
View File

@@ -8,4 +8,3 @@ metadata:
data: data:
external-status-address: {{ .Values.controller.config.externalStatusAddress }} external-status-address: {{ .Values.controller.config.externalStatusAddress }}
client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }} client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
error-log-level: {{ .Values.controller.config.errorLogLevel }}

2
tip-wlan/charts/nginx-ingress-controller/values.yaml
View File

@@ -56,8 +56,6 @@ controller:
## Max message size coming from the Client ## Max message size coming from the Client
clientMaxBodySize: "20m" clientMaxBodySize: "20m"
## Error
errorLogLevel: "error"
## It is recommended to use your own TLS certificates and keys ## It is recommended to use your own TLS certificates and keys
defaultTLS: defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.

2
tip-wlan/resources/certs/README.md → tip-wlan/charts/opensync-gw-cloud/resources/config/certs/README.md
View File

@@ -1,2 +1,2 @@
Contains certs needed for cloud controller to work Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

4
tip-wlan/resources/certs/httpClientConfig.json → tip-wlan/charts/opensync-gw-cloud/resources/config/certs/httpClientConfig.json
View File

@@ -4,11 +4,11 @@
"truststoreType": "JKS", "truststoreType": "JKS",
"truststoreProvider": "SUN", "truststoreProvider": "SUN",
"truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks", "truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass": "{{ .Values.global.certificatePasswords.sslTruststore }}", "truststorePass": "mypassword",
"keystoreType": "JKS", "keystoreType": "JKS",
"keystoreProvider": "SUN", "keystoreProvider": "SUN",
"keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks", "keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass": "{{ .Values.global.certificatePasswords.sslKeystore }}", "keystorePass": "mypassword",
"keyAlias": "clientkeyalias", "keyAlias": "clientkeyalias",
"credentialsList": [ "credentialsList": [
{ {

5
tip-wlan/resources/certs/ssl.properties → tip-wlan/charts/opensync-gw-cloud/resources/config/certs/ssl.properties
View File

@@ -1,12 +1,13 @@
truststorePass={{ .Values.global.certificatePasswords.sslTruststore }} truststorePass=mypassword
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS truststoreType=JKS
truststoreProvider=SUN truststoreProvider=SUN
keyAlias=1 keyAlias=1
keystorePass={{ .Values.global.certificatePasswords.sslKeystore }} keystorePass=mypassword
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12 keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12 keystoreType=pkcs12
keystoreProvider=SunJSSE keystoreProvider=SunJSSE
sslProtocol=TLS sslProtocol=TLS

2
tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

23
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -27,9 +27,8 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: wait-for-services - name: wait-for-services
image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }} image: opsfleet/depends-on:latest
args: args:
- "-service={{ .Release.Name }}-opensync-mqtt-broker" - "-service={{ .Release.Name }}-opensync-mqtt-broker"
- "-service={{ .Release.Name }}-wlan-prov-service" - "-service={{ .Release.Name }}-wlan-prov-service"
@@ -37,7 +36,7 @@ spec:
- -check_interval=5 - -check_interval=5
{{- if .Values.global.integratedDeployment }} {{- if .Values.global.integratedDeployment }}
- name: {{ include "common.name" . }}-readiness-int-cloud - name: {{ include "common.name" . }}-readiness-int-cloud
image: {{ .Values.intCloudReadiness.registry }}/{{ .Values.intCloudReadiness.repository }}:{{ .Values.intCloudReadiness.tag }} image: alpine
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command: command:
- sh - sh
@@ -68,9 +67,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
@@ -90,11 +89,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
env: env:
{{- include "common.env" . | nindent 12 }} {{- include "common.env" . | nindent 12 }}
@@ -148,7 +142,7 @@ spec:
- name: tip_wlan_maxHttpThreads - name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}" value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS - name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}" value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates name: certificates
@@ -170,8 +164,6 @@ spec:
subPath: logback.xml subPath: logback.xml
- mountPath: {{ $file_store_path }} - mountPath: {{ $file_store_path }}
name: file-store-data name: file-store-data
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports: ports:
- name: {{ .Values.service.name1 }} - name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }} containerPort: {{ .Values.service.port1 }}
@@ -190,7 +182,6 @@ spec:
containerPort: {{ .Values.service.port5 }} containerPort: {{ .Values.service.port5 }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@@ -209,7 +200,7 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-opensync-gw-certs secretName: {{ include "common.fullname" . }}-certs
- name: logback-config - name: logback-config
configMap: configMap:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
@@ -220,5 +211,3 @@ spec:
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/opensync-gw-cloud/templates/pod-monitor.yaml
View File

@@ -1 +0,0 @@
{{ include "jmxPrometheus.podMonitor" . }}

8
tip-wlan/charts/opensync-gw-cloud/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

2
tip-wlan/charts/opensync-gw-cloud/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

25
tip-wlan/charts/opensync-gw-cloud/values.yaml
View File

@@ -11,22 +11,7 @@ replicaCount: 1
image: image:
name: opensync-gateway-cloud name: opensync-gateway-cloud
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
waitForServicesImage:
registry: tip-docker-cache-repo.jfrog.io
repository: opsfleet/depends-on
tag: v1.0.0
intCloudReadinessImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -67,9 +52,6 @@ probes:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
startupProbe:
periodSeconds: 30
failureThreshold: 500
# Enable/Disable Helm tests # Enable/Disable Helm tests
testsEnabled: false testsEnabled: false
@@ -133,6 +115,7 @@ portal:
name: file-store-data name: file-store-data
ordinal: 0 ordinal: 0
# These are the address and ports for the externalhost # These are the address and ports for the externalhost
# This is important for ovsdb and mqtt since # This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override # that's what AP sees. Please make sure to override
@@ -146,6 +129,8 @@ externalhost:
ovsdb: 6640 ovsdb: 6640
mqtt: 1883 mqtt: 1883
ethernetType: ethernetType:
lanName: "lan" lanName: "lan"
lanType: "bridge" lanType: "bridge"
@@ -186,7 +171,7 @@ resources:
cpu: 500m cpu: 500m
memory: 750Mi memory: 750Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 500Mi memory: 500Mi
nodeSelector: {} nodeSelector: {}

2
tip-wlan/charts/opensync-gw-static/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

21
tip-wlan/charts/opensync-gw-static/resources/config/certs/httpClientConfig.json Normal file
View File

@@ -0,0 +1,21 @@
{
"maxConnectionsTotal": 100,
"maxConnectionsPerRoute": 10,
"truststoreType": "JKS",
"truststoreProvider": "SUN",
"truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass": "mypassword",
"keystoreType": "JKS",
"keystoreProvider": "SUN",
"keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass": "mypassword",
"keyAlias": "clientkeyalias",
"credentialsList": [
{
"host": "localhost",
"port": -1,
"user": "user",
"password": "password"
}
]
}

13
tip-wlan/charts/opensync-gw-static/resources/config/certs/ssl.properties Normal file
View File

@@ -0,0 +1,13 @@
truststorePass=mypassword
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass=mypassword
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS

2
tip-wlan/charts/opensync-gw-static/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

11
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
@@ -47,11 +47,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -97,7 +92,7 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-opensync-gw-certs secretName: {{ include "common.fullname" . }}-certs
- name: logback-config - name: logback-config
configMap: configMap:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config

8
tip-wlan/charts/opensync-gw-static/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

2
tip-wlan/charts/opensync-gw-static/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

10
tip-wlan/charts/opensync-gw-static/values.yaml
View File

@@ -11,12 +11,7 @@ replicaCount: 1
image: image:
name: opensync-gateway-static name: opensync-gateway-static
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -57,9 +52,6 @@ probes:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
startupProbe:
periodSeconds: 30
failureThreshold: 500
# Enable/Disable Helm tests # Enable/Disable Helm tests
testsEnabled: false testsEnabled: false

2
tip-wlan/charts/opensync-mqtt-broker/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

2
tip-wlan/charts/opensync-mqtt-broker/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: mosquitto-config name: mosquitto-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/mosquitto.conf").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}

8
tip-wlan/charts/opensync-mqtt-broker/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: opensync-mqtt-broker-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

11
tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
View File

@@ -45,7 +45,7 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
- name: {{ include "common.name" . }}-init-dir-ownership-change - name: {{ include "common.name" . }}-init-dir-ownership-change
image: {{ .Values.alpine.registry }}/{{ .Values.alpine.repository }}:{{ .Values.alpine.tag }} image: {{ .Values.alpine.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
# Change ownership to `mosquitto` user for a mounted volume # Change ownership to `mosquitto` user for a mounted volume
command: command:
@@ -63,7 +63,7 @@ spec:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
livenessProbe: livenessProbe:
@@ -82,11 +82,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /certs/cacert.pem - mountPath: /certs/cacert.pem
@@ -129,7 +124,7 @@ spec:
volumes: volumes:
- name: opensync-mqtt-broker-truststore - name: opensync-mqtt-broker-truststore
secret: secret:
secretName: tip-common-opensync-mqtt-broker-certs secretName: opensync-mqtt-broker-certs
- name: opensync-mqtt-broker-conf - name: opensync-mqtt-broker-conf
configMap: configMap:
name: mosquitto-config name: mosquitto-config

2
tip-wlan/charts/opensync-mqtt-broker/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

19
tip-wlan/charts/opensync-mqtt-broker/values.yaml
View File

@@ -5,19 +5,11 @@
replicaCount: 1 replicaCount: 1
image: image:
registry: tip-docker-cache-repo.jfrog.io name: eclipse-mosquitto
repository: library/eclipse-mosquitto
tag: 2.0.3 tag: 2.0.3
alpine: alpine:
registry: tip-docker-cache-repo.jfrog.io image: alpine:3.6
repository: library/alpine
tag: 3.6
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -60,9 +52,6 @@ probes:
timeoutSeconds: 5 timeoutSeconds: 5
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
startupProbe:
periodSeconds: 30
failureThreshold: 500
# Enable/Disable Helm tests # Enable/Disable Helm tests
testsEnabled: false testsEnabled: false
@@ -96,8 +85,8 @@ resources:
cpu: 500m cpu: 500m
memory: 128Mi memory: 128Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 5Mi memory: 128Mi
priorityClassName: "" priorityClassName: ""

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.global.pullPolicy }}
env: env:

24
tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml
View File

@@ -1,9 +1,7 @@
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}} {{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}} {{- $svcPort := .Values.service.port -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
{{- else -}} {{- else -}}
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
@@ -38,35 +36,15 @@ spec:
paths: paths:
{{- if $.Values.ingress.lb_https_redirect }} {{- if $.Values.ingress.lb_https_redirect }}
- path: /* - path: /*
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: ImplementationSpecific
{{- end }}
backend: backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: ssl-redirect
port:
name: use-annotation
{{- else -}}
serviceName: ssl-redirect serviceName: ssl-redirect
servicePort: use-annotation servicePort: use-annotation
{{- end }}
{{- end }} {{- end }}
{{- range .paths }} {{- range .paths }}
- path: {{ . }} - path: {{ . }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: ImplementationSpecific
{{- end }}
backend: backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else -}}
serviceName: {{ $fullName }} serviceName: {{ $fullName }}
servicePort: {{ $svcPort }} servicePort: {{ $svcPort }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
tip-wlan/charts/wlan-cloud-graphql-gw/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never restartPolicy: Never

21
tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml
View File

@@ -11,14 +11,9 @@ replicaCount: 1
image: image:
name: wlan-cloud-graphql-gw name: wlan-cloud-graphql-gw
tag: 1.3.0-SNAPSHOT tag: latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -64,22 +59,22 @@ ingress:
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
hosts: [] hosts:
# - host: wlan-ui-graphql.local - host: wlan-ui-graphql.zone3.lab.connectus.ai
# paths: [ paths: [
# / /
# ] ]
tls: [] tls: []
# - secretName: chart-example-tls # - secretName: chart-example-tls
# hosts: # hosts:
# - wlan-ui-graphql.local # - chart-example.local
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 128Mi memory: 128Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 128Mi memory: 128Mi
nodeSelector: {} nodeSelector: {}

4
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:

24
tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml
View File

@@ -1,9 +1,7 @@
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}} {{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}} {{- $svcPort := .Values.service.port -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
{{- else -}} {{- else -}}
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
@@ -38,35 +36,15 @@ spec:
paths: paths:
{{- if $.Values.ingress.lb_https_redirect }} {{- if $.Values.ingress.lb_https_redirect }}
- path: /* - path: /*
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: ImplementationSpecific
{{- end }}
backend: backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: ssl-redirect
port:
name: use-annotation
{{- else -}}
serviceName: ssl-redirect serviceName: ssl-redirect
servicePort: use-annotation servicePort: use-annotation
{{- end }}
{{- end }} {{- end }}
{{- range .paths }} {{- range .paths }}
- path: {{ . }} - path: {{ . }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: ImplementationSpecific
{{- end }}
backend: backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else -}}
serviceName: {{ $fullName }} serviceName: {{ $fullName }}
servicePort: {{ $svcPort }} servicePort: {{ $svcPort }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
tip-wlan/charts/wlan-cloud-static-portal/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never restartPolicy: Never

23
tip-wlan/charts/wlan-cloud-static-portal/values.yaml
View File

@@ -11,14 +11,9 @@ replicaCount: 1
image: image:
name: wlan-cloud-ui name: wlan-cloud-ui
tag: 1.3.0-SNAPSHOT tag: latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -59,23 +54,23 @@ ingress:
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
hosts: [] hosts:
# - host: wlan-ui.local - host: wlan-ui.zone3.lab.connectus.ai
# paths: [ paths: [
# / /
# ] ]
tls: [] tls: []
# - secretName: chart-example-tls # - secretName: chart-example-tls
# hosts: # hosts:
# - wlan-ui.local # - chart-example.local
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 128Mi memory: 128Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 5Mi memory: 128Mi
nodeSelector: {} nodeSelector: {}

2
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

1
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml
View File

@@ -46,6 +46,7 @@
</triggeringPolicy> </triggeringPolicy>
</appender> </appender>
<!-- <!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration details: http://logback.qos.ch/manual/configuration.html#auto_configuration

2
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

223
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -19,126 +19,121 @@ spec:
{{- include "common.selectorLabels" . | nindent 8 }} {{- include "common.selectorLabels" . | nindent 8 }}
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key" - name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }} serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.integratedWithPersistence.enabled }} {{- if .Values.integratedWithPersistence.enabled }}
initContainers: initContainers:
- name: wait-for-services - name: {{ include "common.name" . }}-readiness
image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }} image: busybox:1.28
args: imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
- "-service={{ .Release.Name }}-postgresql" command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
- -check_interval=5 - name: {{ include "common.name" . }}-create-db-schema
- name: {{ include "common.name" . }}-create-db-schema env:
env: - name: POSTGRESQL_PORT_NUMBER
- name: POSTGRESQL_PORT_NUMBER value: "5432"
value: "5432" - name: POSTGRES_PASSWORD
- name: POSTGRES_PASSWORD valueFrom:
valueFrom: secretKeyRef:
secretKeyRef: name: {{ include "common.fullname" . }}-creds
name: {{ include "common.fullname" . }}-creds key: postgresql-password
key: postgresql-password - name: SCHEMA_REPO_USER
- name: SCHEMA_REPO_USER valueFrom:
valueFrom: secretKeyRef:
secretKeyRef: name: {{ include "common.fullname" . }}-creds
name: {{ include "common.fullname" . }}-creds key: schema-repo-user
key: schema-repo-user - name: SCHEMA_REPO_PASSWORD
- name: SCHEMA_REPO_PASSWORD valueFrom:
valueFrom: secretKeyRef:
secretKeyRef: name: {{ include "common.fullname" . }}-creds
name: {{ include "common.fullname" . }}-creds key: schema-repo-password
key: schema-repo-password image: postgres:latest
image: {{ .Values.createDbSchemaImage.registry }}/{{ .Values.createDbSchemaImage.repository }}:{{ .Values.createDbSchemaImage.tag }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
args: command:
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} - sh
command: - -c
- sh - |
- -c apt update
- | apt -y install curl
apt update echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
apt -y install curl curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****" echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql" PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****" exit
PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql ports:
exit - containerPort: 5432
resources: name: tcp-postgresql
requests: protocol: TCP
cpu: 50m resources:
memory: 256Mi requests:
terminationMessagePath: /dev/termination-log cpu: 50m
terminationMessagePolicy: File memory: 256Mi
volumeMounts: terminationMessagePath: /dev/termination-log
- mountPath: /dev/shm terminationMessagePolicy: File
name: dshm volumeMounts:
- mountPath: /bitnami/postgresql - mountPath: /dev/shm
name: data name: dshm
- mountPath: /bitnami/postgresql
name: data
{{- end }} {{- end }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:
- name: BACKEND_SERVER - name: BACKEND_SERVER
value: {{ .Release.Name }}-{{ .Chart.Name }} value: {{ .Release.Name }}-{{ .Chart.Name }}
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /ping path: /ping
port: {{ .Values.service.port1 }} port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.livenessProbe.scheme }} scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }} initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }} successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /ping path: /ping
port: {{ .Values.service.port1 }} port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.readinessProbe.scheme }} scheme: {{ .Values.probes.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }} initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe: {{- end }}
httpGet: volumeMounts:
path: /ping - mountPath: /opt/tip-wlan/certs/client_keystore.jks
port: {{ .Values.service.port1 }} name: certificates
scheme: {{ .Values.probes.readinessProbe.scheme }} subPath: client_keystore.jks
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }} - mountPath: /opt/tip-wlan/certs/truststore.jks
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}} name: certificates
{{- end }} subPath: truststore.jks
volumeMounts: - mountPath: /opt/tip-wlan/certs/server.pkcs12
- mountPath: /opt/tip-wlan/certs/client_keystore.jks name: certificates
name: certificates subPath: server.pkcs12
subPath: client_keystore.jks - mountPath: /app/intcloudcomp/logback.xml
- mountPath: /opt/tip-wlan/certs/truststore.jks name: logback-config
name: certificates subPath: logback.xml
subPath: truststore.jks ports:
- mountPath: /opt/tip-wlan/certs/server.pkcs12 - name: {{ .Values.service.name1 }}
name: certificates containerPort: {{ .Values.service.port1 }}
subPath: server.pkcs12 protocol: TCP
- mountPath: /app/intcloudcomp/logback.xml - name: {{ .Values.service.name2 }}
name: logback-config containerPort: {{ .Values.service.port2 }}
subPath: logback.xml protocol: TCP
ports: resources:
- name: {{ .Values.service.name1 }} {{- toYaml .Values.resources | nindent 12 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
@@ -155,7 +150,7 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-postgres-client-certs secretName: {{ include "common.fullname" . }}-certs
- name: logback-config - name: logback-config
configMap: configMap:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config

12
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/secret.yaml
View File

@@ -1,5 +1,4 @@
{{- if .Values.global.integratedDeployment }} {{- if .Values.global.integratedDeployment }}
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@@ -8,8 +7,9 @@ metadata:
type: Opaque type: Opaque
data: data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }} {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
{{- end}}
--- ---
{{- if .Values.global.integratedDeployment }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@@ -22,7 +22,9 @@ metadata:
heritage: {{ .Release.Service | quote }} heritage: {{ .Release.Service | quote }}
type: Opaque type: Opaque
data: data:
postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }} {{- if .Values.creds.enabled }}
schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }} postgresql-password: {{ .Values.creds.postgres.password | b64enc | quote }}
schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }} schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
{{- end }}
{{- end}} {{- end}}

2
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

48
tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml
View File

@@ -11,22 +11,7 @@ replicaCount: 1
image: image:
name: wlan-integrated-cloud-component-service name: wlan-integrated-cloud-component-service
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
waitForServicesImage:
registry: tip-docker-cache-repo.jfrog.io
repository: opsfleet/depends-on
tag: v1.0.0
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
createDbSchemaImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/postgres
tag: 13.2-alpine
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -61,9 +46,6 @@ probes:
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
scheme: HTTPS scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {} securityContext: {}
# capabilities: # capabilities:
@@ -76,6 +58,14 @@ securityContext: {}
# Enable/Disable Helm tests # Enable/Disable Helm tests
testsEnabled: false testsEnabled: false
creds:
enabled: true
postgres:
password: DUMMY_POSTGRES_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
service: service:
type: NodePort type: NodePort
port1: 9091 port1: 9091
@@ -96,19 +86,19 @@ ingress:
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
hosts: [] hosts:
# - host: wlan-integrated-cloud-component-service.local - host: example.com
# paths: [ paths: [
# /portal /portal
# ] ]
tls: [] tls:
# - secretName: portal-secret - secretName: portal-secret
# hosts: hosts:
# - wlan-integrated-cloud-component-service.local - example.com
# Transport-Server-passthrough properties # Transport-Server-passthrough properties
tsp: tsp:
host: wlan-portal-service.local host: wlan-portal-service.zone3.lab.connectus.ai
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious

2
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

1
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml
View File

@@ -46,6 +46,7 @@
</triggeringPolicy> </triggeringPolicy>
</appender> </appender>
<!-- <!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration details: http://logback.qos.ch/manual/configuration.html#auto_configuration

3
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml
View File

@@ -4,5 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-config name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

23
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
View File

@@ -22,9 +22,8 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness-opensync-gw - name: {{ include "common.name" . }}-readiness-opensync-gw
image: {{ .Values.opensyncGwReadinessImage.registry }}/{{ .Values.opensyncGwReadinessImage.repository }}:{{ .Values.opensyncGwReadinessImage.tag }} image: alpine
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command: command:
- sh - sh
@@ -54,9 +53,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:
@@ -76,8 +75,6 @@ spec:
value: "{{ include "apDebugPortsStart" . }}" value: "{{ include "apDebugPortsStart" . }}"
- name: EXT_PORT_RANGE_END - name: EXT_PORT_RANGE_END
value: "{{ sub (include "apDebugPortsEnd" . | atoi) 1 }}" value: "{{ sub (include "apDebugPortsEnd" . | atoi) 1 }}"
- name: JVM_MEM_OPTIONS
value: "{{ include "jmxPrometheus.jvmOpts" . }}"
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -99,13 +96,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -120,8 +110,6 @@ spec:
- mountPath: /app/port-forwarding-gateway/logback.xml - mountPath: /app/port-forwarding-gateway/logback.xml
name: configuration name: configuration
subPath: logback.xml subPath: logback.xml
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports: ports:
- name: {{ .Values.service.name1 }} - name: {{ .Values.service.name1 }}
@@ -136,7 +124,6 @@ spec:
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- include "container.dev.apDebugPorts" . | nindent 10 }} {{- include "container.dev.apDebugPorts" . | nindent 10 }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@@ -154,11 +141,9 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-kafka-client-certs secretName: {{ include "common.fullname" . }}-certs
defaultMode: 0400 defaultMode: 0400
- name: configuration - name: configuration
configMap: configMap:
name: {{ include "common.fullname" . }}-config name: {{ include "common.fullname" . }}-config
defaultMode: 0755 defaultMode: 0755
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/pod-monitor.yaml
View File

@@ -1 +0,0 @@
{{ include "jmxPrometheus.podMonitor" . }}

11
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml
View File

@@ -1,5 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata: metadata:
name: {{ include "common.fullname" . }}-creds name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
@@ -10,4 +19,6 @@ metadata:
heritage: {{ .Release.Service | quote }} heritage: {{ .Release.Service | quote }}
type: Opaque type: Opaque
data: data:
{{- if .Values.creds.enabled }}
websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }} websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
{{- end }}

2
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

19
tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml
View File

@@ -11,17 +11,7 @@ replicaCount: 1
image: image:
name: wlan-port-forwarding-gateway-service name: wlan-port-forwarding-gateway-service
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
opensyncGwReadinessImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -60,9 +50,6 @@ probes:
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
scheme: HTTPS scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: securityContext:
privileged: true privileged: true
@@ -109,6 +96,7 @@ accessPointDebugPortRange:
length: 26 length: 26
creds: creds:
enabled: true
websocketSessionTokenEncKey: DUMMY_ENC_KEY websocketSessionTokenEncKey: DUMMY_ENC_KEY
opensyncgw: opensyncgw:
@@ -135,7 +123,7 @@ resources:
cpu: 500m cpu: 500m
memory: 350Mi memory: 350Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 280Mi memory: 280Mi
nodeSelector: {} nodeSelector: {}
@@ -162,3 +150,4 @@ env:
service: wlan-port-forwarding-gateway-service service: wlan-port-forwarding-gateway-service
port: 7070 port: 7070

2
tip-wlan/charts/wlan-portal-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

3
tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
View File

@@ -7,7 +7,7 @@
<!-- For professional support please see --> <!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport --> <!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- --> <!-- -->
<configuration scan="true" scanPeriod="30 seconds"> <configuration>
<conversionRule conversionWord="filteredStack" <conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" /> converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
@@ -46,6 +46,7 @@
</triggeringPolicy> </triggeringPolicy>
</appender> </appender>
<!-- <!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration details: http://logback.qos.ch/manual/configuration.html#auto_configuration

14
tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties
View File

@@ -1,14 +0,0 @@
truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS
sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA

2
tip-wlan/charts/wlan-portal-service/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

24
tip-wlan/charts/wlan-portal-service/templates/ingress.yaml
View File

@@ -1,9 +1,7 @@
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}} {{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port1 -}} {{- $svcPort := .Values.service.port1 -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
{{- else -}} {{- else -}}
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
@@ -36,35 +34,15 @@ spec:
paths: paths:
{{- if $.Values.ingress.lb_https_redirect }} {{- if $.Values.ingress.lb_https_redirect }}
- path: /* - path: /*
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: ImplementationSpecific
{{- end }}
backend: backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: ssl-redirect
port:
name: use-annotation
{{- else -}}
serviceName: ssl-redirect serviceName: ssl-redirect
servicePort: use-annotation servicePort: use-annotation
{{- end }}
{{- end }} {{- end }}
{{- range .paths }} {{- range .paths }}
- path: {{ . }} - path: {{ . }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: ImplementationSpecific
{{- end }}
backend: backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else -}}
serviceName: {{ $fullName }} serviceName: {{ $fullName }}
servicePort: {{ $svcPort }} servicePort: {{ $svcPort }}
{{- end -}}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

1
tip-wlan/charts/wlan-portal-service/templates/pod-monitor.yaml
View File

@@ -1 +0,0 @@
{{ include "jmxPrometheus.podMonitor" . }}

6
tip-wlan/charts/wlan-portal-service/templates/secret.yaml
View File

@@ -1,10 +1,8 @@
{{- if not .Values.tlsv13.enabled }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ include "common.fullname" . }}-ssl-config name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
type: Opaque type: Opaque
data: data:
ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }} {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
{{- end }}

35
tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -7,7 +7,6 @@ metadata:
labels: labels:
{{- include "common.labels" . | nindent 4 }} {{- include "common.labels" . | nindent 4 }}
spec: spec:
podManagementPolicy: Parallel
serviceName: {{ include "common.fullname" . }} serviceName: {{ include "common.fullname" . }}
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
selector: selector:
@@ -45,16 +44,14 @@ spec:
serviceAccountName: {{ include "common.serviceAccountName" . }} serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 6 }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:
@@ -74,7 +71,7 @@ spec:
- name: tip_wlan_maxHttpThreads - name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}" value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS - name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}" value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -96,13 +93,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -114,16 +104,11 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12 - mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates name: certificates
subPath: server.pkcs12 subPath: server.pkcs12
- mountPath: /app/portal/log - mountPath: /app/portal/logback.xml
name: logback-config name: logback-config
{{- if not .Values.tlsv13.enabled }} subPath: logback.xml
- mountPath: /app/portal/certs
name: ssl-config
{{- end }}
- mountPath: {{ $file_store_path }} - mountPath: {{ $file_store_path }}
name: file-store-data name: file-store-data
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports: ports:
- name: {{ .Values.service.name1 }} - name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }} containerPort: {{ .Values.service.port1 }}
@@ -136,7 +121,6 @@ spec:
containerPort: {{ .Values.service.port3 }} containerPort: {{ .Values.service.port3 }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@@ -155,21 +139,14 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-postgres-client-certs secretName: {{ include "common.fullname" . }}-certs
- name: logback-config - name: logback-config
configMap: configMap:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
{{- if not .Values.tlsv13.enabled }}
- name: ssl-config
secret:
secretName: {{ include "common.fullname" . }}-ssl-config
{{- end }}
{{- if not .Values.persistence.enabled }} {{- if not .Values.persistence.enabled }}
- name: file-store-data - name: file-store-data
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.enabled }}
volumeClaimTemplates: volumeClaimTemplates:
- metadata: - metadata:

3
tip-wlan/charts/wlan-portal-service/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,8 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never
{{- end }} {{- end }}

35
tip-wlan/charts/wlan-portal-service/values.yaml
View File

@@ -9,14 +9,11 @@
replicaCount: 1 replicaCount: 1
image: image:
name: wlan-portal-service name: wlan-portal-service
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -51,9 +48,6 @@ probes:
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
scheme: HTTPS scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {} securityContext: {}
# capabilities: # capabilities:
@@ -103,15 +97,15 @@ ingress:
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
hosts: [] hosts:
# - host: wlan-portal-service.local - host: wlan-portal-service.zone3.lab.connectus.ai
# paths: [ paths: [
# /portal /portal
# ] ]
tls: [] tls:
# - secretName: portal-secret - secretName: portal-secret
# hosts: hosts:
# - wlan-portal-service.local - wlan-portal-service.zone3.lab.connectus.ai
resources: resources:
limits: limits:
@@ -141,7 +135,7 @@ affinity: {}
# Transport-Server-passthrough properties # Transport-Server-passthrough properties
tsp: tsp:
host: wlan-portal-service.local host: wlan-portal-service.zone3.lab.connectus.ai
env: env:
protocol: https protocol: https
@@ -158,6 +152,3 @@ env:
# on the PV # on the PV
filestore: filestore:
internal: "/tmp/filestore" internal: "/tmp/filestore"
tlsv13:
enabled: true

2
tip-wlan/charts/wlan-prov-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

1
tip-wlan/charts/wlan-prov-service/resources/config/logback.xml
View File

@@ -46,6 +46,7 @@
</triggeringPolicy> </triggeringPolicy>
</appender> </appender>
<!-- <!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration details: http://logback.qos.ch/manual/configuration.html#auto_configuration

8
tip-wlan/charts/wlan-prov-service/templates/configmap.yaml
View File

@@ -4,11 +4,11 @@ metadata:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
datasource.properties: |- datasource.properties: |-
singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db
singleDataSource.username={{ .Values.global.postgres.singleDataSource.username }} singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
singleDataSource.password={{ .Values.global.postgres.singleDataSource.password }} singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
singleDataSource.driverClass=org.postgresql.Driver singleDataSource.driverClass=org.postgresql.Driver
singleDataSource.ssl=true singleDataSource.ssl=true
singleDataSource.sslmode=verify-ca singleDataSource.sslmode=verify-ca
@@ -16,4 +16,4 @@ data:
singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12 singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
singleDataSource.sslkeypassword={{ .Values.global.certificatePasswords.sslKey }} singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}

29
tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
View File

@@ -23,9 +23,8 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: wait-for-services - name: wait-for-services
image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }} image: opsfleet/depends-on:latest
args: args:
- "-service={{ .Release.Name }}-postgresql" - "-service={{ .Release.Name }}-postgresql"
- -check_interval=5 - -check_interval=5
@@ -53,7 +52,7 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ include "common.fullname" . }}-creds name: {{ include "common.fullname" . }}-creds
key: schema-repo-password key: schema-repo-password
image: {{ .Values.postgresql.registry }}/{{ .Values.postgresql.repository }}:{{ .Values.postgresql.tag }} image: {{ .Values.postgresql.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command: command:
- sh - sh
@@ -62,8 +61,8 @@ spec:
apt update apt update
apt -y install curl apt -y install curl
echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****" echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.3.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql" curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.3.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql" curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****" echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
### really ready when running Postgres in Master-Slave config... hence the below retry-logic ### really ready when running Postgres in Master-Slave config... hence the below retry-logic
@@ -120,9 +119,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:
@@ -140,7 +139,7 @@ spec:
- name: tip_wlan_maxHttpThreads - name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}" value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS - name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}" value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
- name: singleDataSource_maxTotalConnections - name: singleDataSource_maxTotalConnections
value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}" value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}"
- name: singleDataSource_maxIdleConnections - name: singleDataSource_maxIdleConnections
@@ -170,13 +169,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -203,8 +195,6 @@ spec:
- mountPath: /app/prov/datasource.properties - mountPath: /app/prov/datasource.properties
name: logback-config name: logback-config
subPath: datasource.properties subPath: datasource.properties
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports: ports:
- name: {{ .Values.service.name1 }} - name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }} containerPort: {{ .Values.service.port1 }}
@@ -217,7 +207,6 @@ spec:
containerPort: {{ .Values.service.port3 }} containerPort: {{ .Values.service.port3 }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@@ -235,7 +224,7 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-postgres-client-certs secretName: {{ include "common.fullname" . }}-certs
defaultMode: 0400 defaultMode: 0400
- name: logback-config - name: logback-config
configMap: configMap:
@@ -244,5 +233,3 @@ spec:
emptyDir: {} emptyDir: {}
- name: dshm - name: dshm
emptyDir: {} emptyDir: {}
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/wlan-prov-service/templates/pod-monitor.yaml
View File

@@ -1 +0,0 @@
{{ include "jmxPrometheus.podMonitor" . }}

19
tip-wlan/charts/wlan-prov-service/templates/secret.yaml
View File

@@ -1,5 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata: metadata:
name: {{ include "common.fullname" . }}-creds name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
@@ -10,7 +19,9 @@ metadata:
heritage: {{ .Release.Service | quote }} heritage: {{ .Release.Service | quote }}
type: Opaque type: Opaque
data: data:
postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }} {{- if .Values.creds.enabled }}
tipuser-password: {{ .Values.global.tip.password | b64enc | quote }} postgresql-password: {{ .Values.creds.db.postgresUser.password | b64enc | quote }}
schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }} tipuser-password: {{ .Values.creds.db.tipUser.password | b64enc | quote }}
schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }} schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
{{- end }}

2
tip-wlan/charts/wlan-prov-service/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

41
tip-wlan/charts/wlan-prov-service/values.yaml
View File

@@ -11,17 +11,7 @@ replicaCount: 1
image: image:
name: wlan-prov-service name: wlan-prov-service
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
waitForServicesImage:
registry: tip-docker-cache-repo.jfrog.io
repository: opsfleet/depends-on
tag: v1.0.0
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -56,9 +46,6 @@ probes:
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
scheme: HTTPS scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {} securityContext: {}
# capabilities: # capabilities:
@@ -71,6 +58,22 @@ securityContext: {}
# Enable/Disable Helm tests # Enable/Disable Helm tests
testsEnabled: false testsEnabled: false
creds:
enabled: true
db:
postgresUser:
password: DUMMY_POSTGRES_PASSWORD
tipUser:
password: DUMMY_TIPUSER_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
postgres:
singleDataSourceUsername: DUMMY_POSTGRES_USER
singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
# Enable/Disable Remote debugging # Enable/Disable Remote debugging
debug: debug:
enabled: false enabled: false
@@ -125,10 +128,10 @@ ingress:
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 600Mi memory: 320Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 600Mi memory: 300Mi
nodeSelector: {} nodeSelector: {}
@@ -138,9 +141,7 @@ affinity: {}
postgresql: postgresql:
url: postgresql url: postgresql
registry: tip-docker-cache-repo.jfrog.io image: postgres:latest
repository: library/postgres
tag: 11
env: env:
protocol: https protocol: https

2
tip-wlan/charts/wlan-spc-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

2
tip-wlan/charts/wlan-spc-service/resources/config/logback.xml
View File

@@ -46,6 +46,7 @@
</triggeringPolicy> </triggeringPolicy>
</appender> </appender>
<!-- <!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration details: http://logback.qos.ch/manual/configuration.html#auto_configuration
@@ -66,6 +67,7 @@
<logger name="com.telecominfraproject.wlan" level="DEBUG"/> <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/> <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<logger name="com.telecominfraproject.wlan.streams.provisioning.EquipmentConfigPushTrigger" level="TRACE"/> <logger name="com.telecominfraproject.wlan.streams.provisioning.EquipmentConfigPushTrigger" level="TRACE"/>
<logger name="com.telecominfraproject.wlan.streams.kafka.KafkaStreamsConfig" level="TRACE"/> <logger name="com.telecominfraproject.wlan.streams.kafka.KafkaStreamsConfig" level="TRACE"/>
<logger name="com.telecominfraproject.wlan.stream.StreamMessageDispatcher" level="TRACE"/> <logger name="com.telecominfraproject.wlan.stream.StreamMessageDispatcher" level="TRACE"/>

2
tip-wlan/charts/wlan-spc-service/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

23
tip-wlan/charts/wlan-spc-service/templates/deployment.yaml
View File

@@ -23,9 +23,8 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: wait-for-services - name: wait-for-services
image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }} image: opsfleet/depends-on:latest
args: args:
- "-service={{ .Release.Name }}-kafka-headless" - "-service={{ .Release.Name }}-kafka-headless"
- -check_interval=5 - -check_interval=5
@@ -34,9 +33,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:
@@ -83,7 +82,7 @@ spec:
- name: tip_wlan_maxHttpThreads - name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}" value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS - name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}" value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
livenessProbe: livenessProbe:
@@ -106,13 +105,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -130,8 +122,6 @@ spec:
- mountPath: /app/spc/logback.xml - mountPath: /app/spc/logback.xml
name: logback-config name: logback-config
subPath: logback.xml subPath: logback.xml
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports: ports:
- name: {{ .Values.service.name1 }} - name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }} containerPort: {{ .Values.service.port1 }}
@@ -144,7 +134,6 @@ spec:
containerPort: {{ .Values.service.port3 }} containerPort: {{ .Values.service.port3 }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@@ -163,9 +152,7 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-kafka-client-certs secretName: {{ include "common.fullname" . }}-certs
- name: logback-config - name: logback-config
configMap: configMap:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/wlan-spc-service/templates/pod-monitor.yaml
View File

@@ -1 +0,0 @@
{{ include "jmxPrometheus.podMonitor" . }}

17
tip-wlan/charts/wlan-spc-service/templates/secret.yaml
View File

@@ -1,5 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata: metadata:
name: {{ include "common.fullname" . }}-creds name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
@@ -10,6 +19,8 @@ metadata:
heritage: {{ .Release.Service | quote }} heritage: {{ .Release.Service | quote }}
type: Opaque type: Opaque
data: data:
sslKeyPassword: {{ .Values.global.certificatePasswords.sslKey | b64enc | quote }} {{- if .Values.creds.enabled }}
sslKeystorePassword: {{ .Values.global.certificatePasswords.sslKeystore | b64enc | quote }} sslKeyPassword: {{ .Values.creds.sslKeyPassword | b64enc | quote }}
sslTruststorePassword: {{ .Values.global.certificatePasswords.sslTruststore | b64enc | quote }} sslKeystorePassword: {{ .Values.creds.sslKeystorePassword | b64enc | quote }}
sslTruststorePassword: {{ .Values.creds.sslTruststorePassword | b64enc | quote }}
{{- end }}

2
tip-wlan/charts/wlan-spc-service/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

27
tip-wlan/charts/wlan-spc-service/values.yaml
View File

@@ -11,17 +11,7 @@ replicaCount: 1
image: image:
name: wlan-spc-service name: wlan-spc-service
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
waitForServicesImage:
registry: tip-docker-cache-repo.jfrog.io
repository: opsfleet/depends-on
tag: v1.0.0
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -56,9 +46,6 @@ probes:
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
scheme: HTTPS scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {} securityContext: {}
# capabilities: # capabilities:
@@ -117,10 +104,10 @@ ingress:
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 400Mi memory: 370Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 400Mi memory: 350Mi
nodeSelector: {} nodeSelector: {}
@@ -128,6 +115,12 @@ tolerations: []
affinity: {} affinity: {}
creds:
enabled: true
sslKeyPassword: DUMMY_PASSWORD
sslKeystorePassword: DUMMY_PASSWORD
sslTruststorePassword: DUMMY_PASSWORD
kafka: kafka:
url: kafka-headless url: kafka-headless

9
tip-wlan/charts/wlan-ssc-service/files/cqlshrc.tip-wlan
View File

@@ -24,6 +24,7 @@ password = cassandra
; keyspace = ks1 ; keyspace = ks1
[ui] [ui]
;; Whether or not to display query results with colors ;; Whether or not to display query results with colors
color = on color = on
@@ -84,16 +85,19 @@ ssl = true
; request_timeout = 10 ; request_timeout = 10
[csv] [csv]
;; The size limit for parsed fields ;; The size limit for parsed fields
; field_size_limit = 131072 ; field_size_limit = 131072
[tracing] [tracing]
;; The max number of seconds to wait for a trace to complete ;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0 ; max_trace_wait = 10.0
[ssl] [ssl]
certfile = /opt/tip-wlan/certs/cacert.pem certfile = /opt/tip-wlan/certs/cacert.pem
@@ -107,12 +111,14 @@ userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
usercert = /opt/tip-wlan/certs/cassandraservercert.pem usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present ;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles] ; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert ; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert ; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM ;; Options that are common to both COPY TO and COPY FROM
; [copy] ; [copy]
@@ -151,6 +157,7 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
; ratefile = ; ratefile =
;; Options specific to COPY TO ;; Options specific to COPY TO
; [copy-to] ; [copy-to]
@@ -177,6 +184,7 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
; encoding = utf8 ; encoding = utf8
;; Options specific to COPY FROM ;; Options specific to COPY FROM
; [copy-from] ; [copy-from]
@@ -211,6 +219,7 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
; chunksize = 1000 ; chunksize = 1000
;; The options for COPY can also be specified per-table. The following ;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this. ;; three sections demonstrate this.

2
tip-wlan/charts/wlan-ssc-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

1
tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml
View File

@@ -46,6 +46,7 @@
</triggeringPolicy> </triggeringPolicy>
</appender> </appender>
<!-- <!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration details: http://logback.qos.ch/manual/configuration.html#auto_configuration

12
tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml
View File

@@ -4,30 +4,28 @@ metadata:
name: {{ include "common.fullname" . }}-ssc-config name: {{ include "common.fullname" . }}-ssc-config
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
data: data:
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }} {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
cassandra-application.conf: >- cassandra-application.conf: >-
datastax-java-driver { datastax-java-driver {
basic { basic {
contact-points = [ "{{ include "cassandra.service" . }}:9042" ] contact-points = [ "{{ include "cassandra.service" . }}:9042" ]
load-balancing-policy.local-datacenter = datacenter1 load-balancing-policy.local-datacenter = datacenter1
session-keyspace = tip_wlan_keyspace session-keyspace = tip_wlan_keyspace
request.consistency = LOCAL_QUORUM
} }
advanced.resolve-contact-points = false
advanced.ssl-engine-factory { advanced.ssl-engine-factory {
class = DefaultSslEngineFactory class = DefaultSslEngineFactory
hostname-validation = false hostname-validation = false
truststore-path = /opt/tip-wlan/certs/truststore.jks truststore-path = /opt/tip-wlan/certs/truststore.jks
truststore-password = {{ .Values.global.certificatePasswords.sslTruststore }} truststore-password = {{ .Values.creds.sslTruststorePassword }}
keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
keystore-password = {{ .Values.global.certificatePasswords.sslKeystore }} keystore-password = {{ .Values.creds.sslKeystorePassword }}
} }
advanced.auth-provider { advanced.auth-provider {
class = PlainTextAuthProvider class = PlainTextAuthProvider
username = {{ .Values.global.cassandra.username }} username = {{ .Values.creds.cassandra.tip_user }}
password = {{ .Values.global.cassandra.password }} password = {{ .Values.creds.cassandra.tip_password }}
} }
} }

27
tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml
View File

@@ -24,9 +24,8 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: wait-for-services - name: wait-for-services
image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }} image: opsfleet/depends-on:latest
args: args:
- "-service={{ .Release.Name }}-kafka-headless" - "-service={{ .Release.Name }}-kafka-headless"
- "-service={{ .Release.Name }}-cassandra" - "-service={{ .Release.Name }}-cassandra"
@@ -45,7 +44,7 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ include "common.fullname" . }}-creds name: {{ include "common.fullname" . }}-creds
key: schema-repo-password key: schema-repo-password
image: {{ .Values.cassandra.registry }}/{{ .Values.cassandra.repository }}:{{ .Values.cassandra.tag }} image: {{ .Values.cassandra.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command: command:
- sh - sh
@@ -54,7 +53,7 @@ spec:
apt update apt update
apt -y install curl apt -y install curl
echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****" echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.3.0-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql" curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
echo "***** Now executing cloud-sdk-schema-cassandra.cql and creating/updating schema on Cassandra instance *****" echo "***** Now executing cloud-sdk-schema-cassandra.cql and creating/updating schema on Cassandra instance *****"
counter=0 counter=0
status=1 status=1
@@ -114,9 +113,9 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }} {{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }} {{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env: env:
@@ -175,7 +174,7 @@ spec:
- name: tip_wlan_maxHttpThreads - name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}" value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS - name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}" value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
{{- if .Values.probes.enabled }} {{- if .Values.probes.enabled }}
livenessProbe: livenessProbe:
@@ -198,13 +197,6 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }} failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }} successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -228,8 +220,6 @@ spec:
- mountPath: /app/ssc/cassandra-application.conf - mountPath: /app/ssc/cassandra-application.conf
name: ssc-configurations name: ssc-configurations
subPath: cassandra-application.conf subPath: cassandra-application.conf
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports: ports:
- name: {{ .Values.service.name1 }} - name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }} containerPort: {{ .Values.service.port1 }}
@@ -242,7 +232,6 @@ spec:
containerPort: {{ .Values.service.port3 }} containerPort: {{ .Values.service.port3 }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
@@ -261,9 +250,7 @@ spec:
volumes: volumes:
- name: certificates - name: certificates
secret: secret:
secretName: tip-common-cassandra-client-certs secretName: {{ include "common.fullname" . }}-certs
- name: ssc-configurations - name: ssc-configurations
configMap: configMap:
name: {{ include "common.fullname" . }}-ssc-config name: {{ include "common.fullname" . }}-ssc-config
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/wlan-ssc-service/templates/pod-monitor.yaml
View File

@@ -1 +0,0 @@
{{ include "jmxPrometheus.podMonitor" . }}

25
tip-wlan/charts/wlan-ssc-service/templates/secret.yaml
View File

@@ -1,5 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata: metadata:
name: {{ include "common.fullname" . }}-creds name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }} namespace: {{ include "common.namespace" . }}
@@ -10,10 +19,12 @@ metadata:
heritage: {{ .Release.Service | quote }} heritage: {{ .Release.Service | quote }}
type: Opaque type: Opaque
data: data:
sslKeyPassword: {{ .Values.global.certificatePasswords.sslKey | b64enc | quote }} {{- if .Values.creds.enabled }}
sslKeystorePassword: {{ .Values.global.certificatePasswords.sslKeystore | b64enc | quote }} sslKeyPassword: {{ .Values.creds.sslKeyPassword | b64enc | quote }}
sslTruststorePassword: {{ .Values.global.certificatePasswords.sslTruststore | b64enc | quote }} sslKeystorePassword: {{ .Values.creds.sslKeystorePassword | b64enc | quote }}
cassandra_tip_user: {{ .Values.global.cassandra.username | b64enc | quote }} sslTruststorePassword: {{ .Values.creds.sslTruststorePassword | b64enc | quote }}
cassandra_tip_password: {{ .Values.global.cassandra.password | b64enc | quote }} cassandra_tip_password: {{ .Values.creds.cassandra.tip_password | b64enc | quote }}
schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }} cassandra_tip_user: {{ .Values.creds.cassandra.tip_user | b64enc | quote }}
schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }} schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
{{- end }}

2
tip-wlan/charts/wlan-ssc-service/templates/tests/test-connection.yaml
View File

@@ -11,7 +11,7 @@ metadata:
spec: spec:
containers: containers:
- name: wget - name: wget
image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }} image: busybox
command: ['wget'] command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}'] args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never restartPolicy: Never

37
tip-wlan/charts/wlan-ssc-service/values.yaml
View File

@@ -11,17 +11,7 @@ replicaCount: 1
image: image:
name: wlan-ssc-service name: wlan-ssc-service
tag: 1.3.0-SNAPSHOT tag: 0.0.1-SNAPSHOT
waitForServicesImage:
registry: tip-docker-cache-repo.jfrog.io
repository: opsfleet/depends-on
tag: v1.0.0
testConnectionImage:
registry: tip-docker-cache-repo.jfrog.io
repository: library/alpine
tag: 3.13
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -56,9 +46,6 @@ probes:
successThreshold: 1 successThreshold: 1
failureThreshold: 3 failureThreshold: 3
scheme: HTTPS scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {} securityContext: {}
# capabilities: # capabilities:
@@ -117,10 +104,10 @@ ingress:
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 450Mi memory: 420Mi
requests: requests:
cpu: 10m cpu: 50m
memory: 450Mi memory: 400Mi
nodeSelector: {} nodeSelector: {}
@@ -128,15 +115,25 @@ tolerations: []
affinity: {} affinity: {}
creds:
enabled: true
sslKeyPassword: DUMMY_PASSWORD
sslKeystorePassword: DUMMY_PASSWORD
sslTruststorePassword: DUMMY_PASSWORD
cassandra:
tip_user: DUMMY_TIP_USERNAME
tip_password: DUMMY_TIP_USERS_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
kafka: kafka:
url: kafka-headless url: kafka-headless
cassandra: cassandra:
url: cassandra-headless url: cassandra-headless
port: 9042 port: 9042
registry: tip-docker-cache-repo.jfrog.io image: cassandra:3.11.6
repository: library/cassandra
tag: 3.11.6
env: env:
protocol: https protocol: https

5
tip-wlan/example-values/aws-basic/README.md
View File

@@ -1,5 +0,0 @@
# Helm values for deploying a cloud controller onto an AWS EKS cluster
[Detailed instructions](https://openwifi.tip.build/getting-started/controller-installation/aws-install)
[This Terraform module](https://github.com/Telecominfraproject/wlan-cloud-terraform/tree/master/aws-cloudsdk) can be used to set up the required EKS cluster including all necessary addons.

128
tip-wlan/example-values/aws-basic/values.yml
View File

@@ -1,128 +0,0 @@
shared:
service:
srv-https-annotations: &srv-https-annotations
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cloudsdk
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:0123456789:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
opensync-gw-static:
enabled: false
opensync-gw-cloud:
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: opensync-controller.cloudsdk.lab.wlan.tip.build,opensync-redirector.cloudsdk.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
enabled: true
externalhost:
address:
ovsdb: opensync-controller.cloudsdk.lab.wlan.tip.build
mqtt: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
persistence:
enabled: false
image:
name: opensync-gateway-cloud
opensync-mqtt-broker:
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
enabled: true
persistence:
enabled: true
storageClass: "gp2"
wlan-cloud-graphql-gw:
enabled: true
ingress:
annotations:
<<: *srv-https-annotations
enabled: true
alb_https_redirect: true
hosts:
- host: wlan-graphql.cloudsdk.lab.wlan.tip.build
paths: [
/*
]
env:
portalsvc: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-graphql.cloudsdk.lab.wlan.tip.build
service:
type: NodePort
ingress:
annotations:
<<: *srv-https-annotations
alb_https_redirect: true
hosts:
- host: wlan-ui.cloudsdk.lab.wlan.tip.build
paths: [
/*
]
wlan-portal-service:
service:
type: NodePort
nodePortStatic: false
enabled: true
persistence:
enabled: true
storageClass: gp2
tsp:
host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
ingress:
enabled: true
alb_https_redirect: true
tls: []
annotations:
<<: *srv-https-annotations
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-path: /ping
hosts:
- host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
paths: [
/*
]
wlan-prov-service:
enabled: true
wlan-ssc-service:
enabled: true
wlan-spc-service:
enabled: true
wlan-port-forwarding-gateway-service:
enabled: true
kafka:
enabled: true
persistence:
cassandra:
enabled: true
persistence:
enabled: true
storageClass: gp2
postgresql:
enabled: true
persistence:
enabled: true
storageClass: gp2

8
tip-wlan/example-values/aws-internal/README.md
View File

@@ -1,8 +0,0 @@
# Helm values for deploying a cloud controller onto an AWS EKS cluster with internal accessibility
These values are almost the same as you can find in [aws-basic](../aws-basic) example values, but this case adds required annotations to make your installaion work in private mode without any endpoints exposed to the Internet.
[Detailed instructions](https://openwifi.tip.build/getting-started/controller-installation/aws-install)
[This Terraform module](https://github.com/Telecominfraproject/wlan-cloud-terraform/tree/master/aws-cloudsdk) can be used to set up the required EKS cluster including all necessary addons.

130
tip-wlan/example-values/aws-internal/values.yml
View File

@@ -1,130 +0,0 @@
shared:
service:
srv-https-annotations: &srv-https-annotations
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/group.name: wlan-cloudsdk
alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:0123456789:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
opensync-gw-static:
enabled: false
opensync-gw-cloud:
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: opensync-controller.cloudsdk.lab.wlan.tip.build,opensync-redirector.cloudsdk.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
enabled: true
externalhost:
address:
ovsdb: opensync-controller.cloudsdk.lab.wlan.tip.build
mqtt: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
persistence:
enabled: false
image:
name: opensync-gateway-cloud
opensync-mqtt-broker:
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
enabled: true
persistence:
enabled: true
storageClass: "gp2"
wlan-cloud-graphql-gw:
enabled: true
ingress:
annotations:
<<: *srv-https-annotations
enabled: true
alb_https_redirect: true
hosts:
- host: wlan-graphql.cloudsdk.lab.wlan.tip.build
paths: [
/*
]
env:
portalsvc: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-graphql.cloudsdk.lab.wlan.tip.build
service:
type: NodePort
ingress:
annotations:
<<: *srv-https-annotations
alb_https_redirect: true
hosts:
- host: wlan-ui.cloudsdk.lab.wlan.tip.build
paths: [
/*
]
wlan-portal-service:
service:
type: NodePort
nodePortStatic: false
enabled: true
persistence:
enabled: true
storageClass: gp2
tsp:
host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
ingress:
enabled: true
alb_https_redirect: true
tls: []
annotations:
<<: *srv-https-annotations
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-path: /ping
hosts:
- host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
paths: [
/*
]
wlan-prov-service:
enabled: true
wlan-ssc-service:
enabled: true
wlan-spc-service:
enabled: true
wlan-port-forwarding-gateway-service:
enabled: true
kafka:
enabled: true
persistence:
cassandra:
enabled: true
persistence:
enabled: true
storageClass: gp2
postgresql:
enabled: true
persistence:
enabled: true
storageClass: gp2

6
tip-wlan/example-values/local-multi-namespace/README.md
View File

@@ -3,8 +3,8 @@
## Usage ## Usage
```bash ```bash
helm upgrade --install tip-wlan-1 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml --namespace tip-wlan-1 --create-namespace helm install tip-wlan-1 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
helm upgrade --install tip-wlan-2 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml --namespace tip-wlan-2 --create-namespace helm install tip-wlan-2 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
``` ```
This will create a Cloud SDK instance in each of the namespaces tip-wlan-1 and tip-wlan-2 This will create a Cloud SDK instance in each of the namespaces _tip-1_ and _tip-2_.

182
tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
View File

@@ -1,9 +1,47 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global: global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 302 nodePortPrefix: 302
nsPrefix: tip-1
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
# createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static: opensync-gw-static:
enabled: false enabled: false
opensync-gw-cloud: opensync-gw-cloud:
enabled: true enabled: true
externalhost: externalhost:
@@ -13,7 +51,22 @@ opensync-gw-cloud:
persistence: persistence:
enabled: true enabled: true
filestore: filestore:
url: https://wlan-filestore.wlan.local url: "https://wlan-filestore.wlan.local"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
opensync-mqtt-broker: opensync-mqtt-broker:
enabled: true enabled: true
@@ -21,7 +74,6 @@ opensync-mqtt-broker:
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
wlan-cloud-graphql-gw: wlan-cloud-graphql-gw:
enabled: true enabled: true
env: env:
@@ -35,7 +87,6 @@ wlan-cloud-graphql-gw:
tls: tls:
- hosts: - hosts:
- wlan-ui-graphql-1.wlan.local - wlan-ui-graphql-1.wlan.local
wlan-cloud-static-portal: wlan-cloud-static-portal:
enabled: true enabled: true
env: env:
@@ -51,22 +102,109 @@ wlan-cloud-static-portal:
tls: tls:
- hosts: - hosts:
- wlan-ui-1.wlan.local - wlan-ui-1.wlan.local
wlan-portal-service: wlan-portal-service:
enabled: true enabled: true
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
filestoreSize: 1Gi filestoreSize: 1Gi
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-prov-service: wlan-prov-service:
enabled: true enabled: true
creds:
enabled: true
db:
postgresUser:
password: postgres
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
wlan-ssc-service: wlan-ssc-service:
enabled: true enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
cassandra:
tip_user: tip_user
tip_password: tip_password
schema_repo:
username: tip-read
password: tip-read
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-spc-service: wlan-spc-service:
enabled: true enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
nginx-ingress-controller: nginx-ingress-controller:
enabled: true enabled: true
@@ -83,20 +221,50 @@ nginx-ingress-controller:
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
kafka: kafka:
enabled: true enabled: true
replicaCount: 1
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra: cassandra:
enabled: true enabled: true
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql: postgresql:
enabled: true enabled: true
postgresqlPassword: postgres
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

182
tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
View File

@@ -1,9 +1,47 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global: global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 304 nodePortPrefix: 304
nsPrefix: tip-2
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
# createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static: opensync-gw-static:
enabled: false enabled: false
opensync-gw-cloud: opensync-gw-cloud:
enabled: true enabled: true
externalhost: externalhost:
@@ -13,7 +51,22 @@ opensync-gw-cloud:
persistence: persistence:
enabled: true enabled: true
filestore: filestore:
url: https://wlan-filestore.wlan.local url: "https://wlan-filestore.wlan.local"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
opensync-mqtt-broker: opensync-mqtt-broker:
enabled: true enabled: true
@@ -21,7 +74,6 @@ opensync-mqtt-broker:
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
wlan-cloud-graphql-gw: wlan-cloud-graphql-gw:
enabled: true enabled: true
env: env:
@@ -35,7 +87,6 @@ wlan-cloud-graphql-gw:
tls: tls:
- hosts: - hosts:
- wlan-ui-graphql-2.wlan.local - wlan-ui-graphql-2.wlan.local
wlan-cloud-static-portal: wlan-cloud-static-portal:
enabled: true enabled: true
env: env:
@@ -51,40 +102,157 @@ wlan-cloud-static-portal:
tls: tls:
- hosts: - hosts:
- wlan-ui-2.wlan.local - wlan-ui-2.wlan.local
wlan-portal-service: wlan-portal-service:
enabled: true enabled: true
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
filestoreSize: 1Gi filestoreSize: 1Gi
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-prov-service: wlan-prov-service:
enabled: true enabled: true
creds:
enabled: true
db:
postgresUser:
password: postgres
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
wlan-ssc-service: wlan-ssc-service:
enabled: true enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
cassandra:
tip_user: tip_user
tip_password: tip_password
schema_repo:
username: tip-read
password: tip-read
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-spc-service: wlan-spc-service:
enabled: true enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
nginx-ingress-controller: nginx-ingress-controller:
enabled: false enabled: false
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
kafka: kafka:
enabled: true enabled: true
replicaCount: 1
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra: cassandra:
enabled: true enabled: true
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql: postgresql:
enabled: true enabled: true
postgresqlPassword: postgres
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence: persistence:
enabled: true enabled: true
storageClass: standard storageClass: standard
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

Some files were not shown because too many files have changed in this diff Show More