NETEXP-3471 Updated cassandra schema

[TOOLS-146] Del: usage of docker credentials as anonymous pull is allowd

.github/workflows/enforce-jira-issue-key.yml

@@ -0,0 +1,37 @@
+name: Ensure Jira issue is linked
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  check_for_issue_key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log into Jira
+        uses: atlassian/gajira-login@v2.0.0
+        env: 
+          JIRA_BASE_URL: ${{ secrets.TIP_JIRA_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.TIP_JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.TIP_JIRA_API_TOKEN }}
+      - name: Find issue key in PR title
+        id: issue_key_pr_title
+        continue-on-error: true
+        uses: atlassian/gajira-find-issue-key@v2.0.2
+        with:
+          string: ${{ github.event.pull_request.title }}
+          from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
+      - name: Find issue key in branch name
+        continue-on-error: true
+        id: issue_key_branch_name
+        uses: atlassian/gajira-find-issue-key@v2.0.2
+        with:
+          string: ${{ github.event.pull_request.head.ref }}
+          from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
+
+      - name: Check if issue key was found
+        run: |
+          if [[ -z "${{ steps.issue_key_pr_title.outputs.issue }}" && -z "${{ steps.issue_key_branch_name.outputs.issue }}" ]]; then
+             echo "Jira issue key could not be found!"
+             exit 1
+          fi

.github/workflows/helm-build.yml

@@ -3,28 +3,60 @@ name: Helm CI - TIP WLAN Cloud Master
 on: 
   push:
     branches: [ master ]
+    tags: [ "v*" ]
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-        with:
-          ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
-          submodules: true
-      - name: Login to TIP Docker registry 
-        uses: azure/docker-login@v1
-        with:
-          login-server: tip-tip-wlan-cloud-docker-repo.jfrog.io
-          username: build-pipeline
-          password: ${{ secrets.DOCKER_REPO_PASSWORD }}
       - name: Login to TIP Helm chart registry
         run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }}
       - name: Build tip-wlan chart file
-        run: tar -czf tip-wlan.tgz tip-wlan
-      - name: Upload tip-wlan chart to the TIP helm registry
-        run: curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan.tgz"
-      - name: Verify that chart was uploaded successfully
         run: |
-          helm repo update
-          helm search repo tip
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            PACKAGE_OPTS="--version ${GITHUB_REF#refs/tags/v}"
+          else
+            PACKAGE_OPTS=""
+          fi
+          helm package $PACKAGE_OPTS -u tip-wlan
+      - name: Store chart as artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: helm-chart
+          path: tip-wlan-*.tgz
+      - name: Upload tip-wlan chart to the TIP helm registry
+        run: |
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-${GITHUB_REF#refs/tags/v}.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-${GITHUB_REF#refs/tags/v}.tgz"
+          else
+            curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-*.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-master.tgz"
+          fi
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [ build ]
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.8"
+      - name: install keepachangelog
+        run: pip install keepachangelog
+      - name: create release description
+        continue-on-error: true
+        run: python .github/workflows/prepare-release-description.py ${GITHUB_REF#refs/tags/v} > RELEASE.md
+      - name: download Helm chart artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: helm-chart
+      - name: create release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          files: tip-wlan-*.tgz
+          body_path: RELEASE.md
+          prerelease: ${{ contains(github.ref, 'rc') }}

.github/workflows/helm-validation.yml

@@ -45,7 +45,8 @@ jobs:
           helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
 
           echo "Kube-score test"
-          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
+          # will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
+          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score - || true
       - name: Test glusterfs
         working-directory: glusterfs/kube-templates
         run: |
@@ -53,4 +54,5 @@ jobs:
           /tmp/k8s-validators/kubeval *.yaml
 
           echo "Kube-score test"
-          /tmp/k8s-validators/kube-score score *.yaml
+          # will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
+          /tmp/k8s-validators/kube-score score *.yaml || true

.github/workflows/nightly-scenario-test.yml

@@ -0,0 +1,98 @@
+name: Nightly testing of all supported deployment scenarios
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron: '15 0 * * *'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  microk8s:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout PKI scripts repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-pki-cert-scripts
+        repository: Telecominfraproject/wlan-pki-cert-scripts
+
+    - name: Checkout Cloud SDK repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-cloud-helm
+        repository: Telecominfraproject/wlan-cloud-helm
+
+    - name: Generate and copy certs
+      working-directory: wlan-pki-cert-scripts
+      run: |
+        ./generate_all.sh
+        ./copy-certs-to-helm.sh ../wlan-cloud-helm
+
+    - name: Determine public IP address
+      id: ip
+      uses: haythem/public-ip@v1.2
+
+    - uses: balchua/microk8s-actions@v0.2.1
+      with:
+        channel: 'latest/stable'
+        addons: '["dns", "helm3", "storage", "metallb:${{ steps.ip.outputs.ipv4 }}-${{ steps.ip.outputs.ipv4 }}"]'
+
+    - name: Deploy Cloud SDK
+      working-directory: wlan-cloud-helm
+      run: |
+        helm dependency update tip-wlan
+        # Github runners only have 2 CPU cores and 7GB of RAM. Thus we need to disable some of our resource requests
+        helm upgrade --install tip-wlan tip-wlan -f tip-wlan/example-values/microk8s-basic/values.yaml --create-namespace --namespace tip --set cassandra.resources=null --wait --timeout 10m
+
+    - name: Show pod state on deployment failure
+      if: failure()
+      run: |
+        kubectl get pods -n tip
+        kubectl describe pods -n tip
+
+    - name: Set custom DNS entries
+      run: |
+        sudo sh -c "echo -n \"\n${{ steps.ip.outputs.ipv4 }} wlan-ui.wlan.local wlan-ui-graphql.wlan.local\" >> /etc/hosts"
+
+    - name: Test HTTP endpoints
+      run: |
+        # this is needed to make until work
+        set +e
+
+        urls="https://wlan-ui.wlan.local https://wlan-ui-graphql.wlan.local/graphql"
+        for url in $urls; do
+          max_retry=300
+          counter=0
+          until curl --silent --insecure $url > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $url not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached URL $url
+        done
+
+    - name: Test MQTT and OpenSync endpoints
+      working-directory: wlan-cloud-helm/tip-wlan/resources/certs
+      run: |
+        # this is needed to make until work
+        set +e
+
+        endpoints="${{ steps.ip.outputs.ipv4 }}:1883 ${{ steps.ip.outputs.ipv4 }}:6640 ${{ steps.ip.outputs.ipv4 }}:6643"
+        for endpoint in $endpoints; do
+          max_retry=300
+          counter=0
+          until echo Q | openssl s_client -connect $endpoint -CAfile cacert.pem -cert clientcert.pem -key clientkey.pem > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$endpoint not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $endpoint not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached endpoint $endpoint
+        done
+ 

.github/workflows/prepare-release-description.py

@@ -0,0 +1,24 @@
+import sys
+
+import keepachangelog
+
+CATEGORIES = ['added', 'changed', 'deprecated', 'removed', 'fixed', 'security']
+
+version = sys.argv[1]
+
+try:
+    changes = keepachangelog.to_dict("CHANGELOG.md")[version]
+except KeyError:
+    print(f'No changelog entry for version {version}', file=sys.stderr)
+    exit(1)
+
+
+print('## Changelog')
+for category in CATEGORIES:
+    entries = changes.get(category, [])
+
+    if entries:
+        print(f'### {category.capitalize()}') 
+
+    for entry in entries:
+        print(f'- {entry}') 

.github/workflows/testing.yml

@@ -0,0 +1,103 @@
+name: CloudSDK deployment and testing
+
+env:
+  PR_NUMBER: ${{ github.event.number }}
+  HELM_RELEASE_PREFIX: tip-wlan
+  AWS_EKS_NAME: tip-wlan-main
+  AWS_DEFAULT_OUTPUT: json
+  AWS_DEFAULT_REGION: us-east-2
+  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+on:
+  pull_request:
+     branches: [ master ]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout required repos
+      uses: actions/checkout@v2
+      with:
+        path: wlan-pki-cert-scripts
+        repository: Telecominfraproject/wlan-pki-cert-scripts
+    - name: Checkout Cloud SDK repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-cloud-helm
+        repository: Telecominfraproject/wlan-cloud-helm
+    - name: Checkout helm values repo
+      uses: actions/checkout@v2
+      with:
+        path: Toolsmith
+        repository: Telecominfraproject/Toolsmith
+        token: ${{ secrets.PAT_TOKEN }}
+
+    - name: Generate Helm values file
+      run: |
+        ./Toolsmith/helm-values/aws-cicd-testing-pr-deployment.yaml.sh ${{ env.PR_NUMBER }} > pr-deployment.yaml
+
+    - name: Generate certs
+      working-directory: wlan-pki-cert-scripts
+      run: |
+        ./generate_all.sh
+        ./copy-certs-to-helm.sh ../wlan-cloud-helm
+
+    - name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
+      run: |
+        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
+
+    - name: Deploy Cloud SDK
+      run: |
+        helm dependency update wlan-cloud-helm/${{ env.HELM_RELEASE_PREFIX }}
+        # using a timeout of 20 minutes as the EKS nodes may need to be scaled which takes some time
+        helm upgrade --install ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} wlan-cloud-helm/tip-wlan -f pr-deployment.yaml --create-namespace --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait --timeout 20m
+
+  test:
+    runs-on: ubuntu-latest
+    needs: [ deploy ]
+    steps:
+    - name: Execute tests
+      run: |
+        echo Running tests...
+        # this is needed to make until work
+        set +e
+
+        urls="https://wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build/graphql"
+        for url in $urls; do
+          max_retry=300
+          counter=0
+          until curl --silent $url > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $url not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached URL $url
+        done
+
+        echo Tests were successful
+
+  cleanup:
+    runs-on: ubuntu-latest
+    needs: [ deploy, test ]
+    if: ${{ always() }}
+    steps:
+    - name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
+      run: |
+        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
+
+    - name: Delete Cloud SDK Helm release
+      run: |
+        helm delete ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} || true
+
+    - name: Delete namespace
+      run: |
+        kubectl delete namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait=true --ignore-not-found true

.gitignore

@@ -2,4 +2,16 @@
 *.jks
 *.pkcs12
 *.p12
+*.csr
+*.cnf
+*.key
 *.DS_Store
+
+# local development
+*.lock
+*.local_dev
+
+*.zip
+*.tgz
+stern*
+helmfile

CHANGELOG.md

@@ -0,0 +1,63 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased] - YYYY-MM-DD
+
+### Added
+
+- export servo MBeans with JMX Prometheus exporter [#65](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/65)
+- render post-deployment message [#73](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/73)
+
+### Changed
+
+- migrate to networking.k8s.io/v1 API version for Ingress resources [#74](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/74)
+
+## [1.0.1] - 2021-04-12
+
+### Changed
+
+- bump cloud controller version to 1.0.1
+
+### Fixed
+
+- correct SQL and CQL schema URLs
+
+### Changed
+
+- make images for all init containers configurable [#67](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/67)
+
+## [1.0.0] - 2021-04-01
+
+### Added
+
+- replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
+- centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+
+### Changed
+
+- improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
+
+### Removed
+
+- removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- various outdated sections in values.yaml and environment files
+- various secrets in subcharts as they are now part of the parent chart
+- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
+
+### Fixed
+
+- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
+
+## [0.4.0] - 2021-01-28
+
+### Added
+
+- initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
+- [changes since first commit](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4)

README.md

@@ -1,16 +1,68 @@
 # wlan-cloud-helm
 This repository contains helm charts for various deployment types of the tip wlan cloud services.
 
+# IMPORTANT - Cloud Controller Helm charts v0.4 to v1.x migration procedure
+
+We've introduced breaking changes to how Cloud Controller database charts are managed.
+If you want to preserve your data when moving from v0.4 to v1.x of the Cloud Controller Helm charts, follow the steps outlined below.
+If you can re-install your Cloud Controller and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.
+
+## Prerequisites
+
+1. Checkout latest wlan-cloud-helm repository
+2. Have your certificates for existing installation
+3. Helm 3.2+
+
+## Procedure
+
+All of the commands should be run under tip-wlan-helm directory.
+
+1. Delete your current Helm release. The following commands will remove the pods, however, the PVC (your databases data) **won't be deleted**:
+```
+helm list -n default (to look up the name of the release)
+helm uninstall -n default tip-wlan (tip-wlan is usually the name of the release)
+```
+2. Replace `REPLACEME` with your storage class name in the `tip-wlan/resources/environments/migration.yaml` file. You can check the available storageclasses with the `kubectl get storageclass` command.
+3. Update your values file that you used for deploying the original release with the values from `migration.yaml` to preserve existing cassandra\postgres data (or skip that step and use the second upgrade command mentioned in #7)
+4. If you want to preserve the PKI certificates from the original Helm installation, copy them to a new location using the command below (or checkout the latest wlan-pki-cert-script repo and use `copy-certs-to-helm.sh %path_to_new_helm_code%` to generate new self-signed keys):
+```
+find . -regextype posix-extended -regex '.+(jks|pem|key|pkcs12|p12)$' -exec cp "{}" tip-wlan/resources/certs/ \;
+```
+5. Remove the old charts from the helm directory, so that the upgrade command can successfully pull new chart depedencies:
+```
+rm -rf tip-wlan/charts/cassandra tip-wlan/charts/kafka tip-wlan/charts/postgresql
+```
+6. Pull 3rd party subcharts:
+```
+helm dependency update tip-wlan
+```
+7. Perform Helm upgrade:
+```
+helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/your_values_with_fixes.yaml
+```
+
+Alternatively, you can run the upgrade command as follows (the order of the -f arguments is important!):
+
+```
+helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/original_values.yaml -f tip-wlan/resources/environments/migration.yaml
+```
+
+As a precaution you can also run `helm template` with the same arguments as the upgrade command and examine the output before actually installing the chart
+
 # Deploying the wlan-cloud deployment
- - Run the following command under tip-wlan-helm directory:
- 	- helm install <RELEASE_NAME> tip-wlan/ -n default -f tip-wlan/resources/environments/dev.yaml
-	
-	More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
+Run the following command under tip-wlan-helm directory:
+```
+helm dependency update tip-wlan
+helm upgrade --install <RELEASE_NAME> tip-wlan/ --namespace tip  --create-namespace -f tip-wlan/resources/environments/dev.yaml
+```
+
+More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
 
 # Deleting the wlan-cloud deployment:
-- Run the following command:
-	- helm del tip-wlan -n default
-	
+Run the following command:
+```
+helm del tip-wlan -n tip (replace the namespace with your namespace)
+```
 	(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)
 	
 	To get rid of them (PVC/PV/Endpoints), you can use the following script (expects that you are in the `tip` namespace or add `-n tip` to the below set of commands):
@@ -45,3 +97,133 @@ This repository contains helm charts for various deployment types of the tip wla
  - Run the following command under tip-wlan-helm directory _after_ the components are running:
  	- helm test <RELEASE_NAME> -n default
 	(For more details add --debug flag to the above command) 
+
+# Local environment
+
+In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
+
+```
+mqtt-server.cnf:
+
+-commonName_default   = opensync-mqtt-broker.zone1.lab.wlan.tip.build
++commonName_default   = opensync-mqtt-broker.wlan.local
+
+openssl-server.cnf:
+-DNS.1  = opensync-redirector.zone1.lab.wlan.tip.build
+-DNS.2  = opensync-controller.zone1.lab.wlan.tip.build
++DNS.1  = opensync-redirector.wlan.local
++DNS.2  = opensync-controller.wlan.local
+ DNS.3  = tip-wlan-postgresql
+-DNS.4  = ftp.example.com
+```
+
+In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
+
+Optionally, in order to speedup first and subsequent runs, you may cache some images:
+
+```
+minikube cache add zookeeper:3.5.5
+minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
+minikube cache add postgres:latest
+minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
+minikube cache add eclipse-mosquitto:latest
+minikube cache add opsfleet/depends-on
+```
+
+These images may occasionally need to be updated with these commands:
+
+```
+minikube cache reload ## reload images from the upstream
+eval $( minikube docker-env )
+for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
+	minikube cache add $img;
+done
+```
+
+Run minikube:
+
+```
+minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10
+```
+
+Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
+
+Deploy Cloud Controller chart:
+
+```
+helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default
+```
+
+Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
+
+Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
+
+Kubefwd:
+
+kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
+Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
+
+Forward to all interfaces (useful if you need to connect from other devices in your local network):
+
+```
+sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
+```
+
+Kubectl port forwarding (alternative to kubefwd):
+```
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
+```
+
+Add certificate to the trust store.
+
+Firefox:
+
+1. Open settings, `Privacy and security`, `View certificates`.
+
+2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
+Repeat the step for `https://wlan-ui-graphql.wlan.local`
+
+Chrome and other browsers using system certificate store:
+
+1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
+
+```
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
+NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
+TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
+6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
+TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
+9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
+nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
+nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
+ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
+OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
+va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
+1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
+qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
+3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
+VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
+b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
+bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
+KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
+pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
+u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
+Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
+fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
+kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
+yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
+tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
+6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
+xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
+-----END CERTIFICATE-----
+
+```
+
+2. Double click on it, enter the system admin password, if prompted.

glusterfs/README.md

@@ -28,7 +28,6 @@ For other issues faced during deployment, see here:
     - If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources.
     - If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources.
 
-
 - Deletion:
   ./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE>
     - Note: 

glusterfs/gk-deploy

@@ -990,7 +990,6 @@ parameters:
   output ""
 fi
 
-
 if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then
   if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then
     eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs"

tip-wlan/Chart.yaml

@@ -14,11 +14,11 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.0
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.16.0
+appVersion: 1.0.0
 
 home: https://telecominfraproject.com/wifi/
 sources:
@@ -26,54 +26,55 @@ sources:
 icon: 
 
 dependencies:
-  - name: opensync-gw-static
-    version: 0.1.0
-    condition: opensync-gw-static.enabled
-  - name: opensync-gw-cloud
-    version: 0.1.0
-    condition: opensync-gw-cloud.enabled
-  - name: opensync-mqtt-broker
-    version: 0.1.0
-    condition: opensync-mqtt-broker.enabled
-  - name: wlan-cloud-graphql-gw
-    version: 0.1.0
-    condition: wlan-cloud-graphql-gw.enabled
-  - name: wlan-cloud-static-portal
-    version: 0.1.0
-    condition: wlan-cloud-static-portal.enabled
+- name: opensync-gw-static
+  version: 0.1.0
+  condition: opensync-gw-static.enabled
+- name: opensync-gw-cloud
+  version: 0.1.0
+  condition: opensync-gw-cloud.enabled
+- name: opensync-mqtt-broker
+  version: 0.1.0
+  condition: opensync-mqtt-broker.enabled
+- name: wlan-cloud-graphql-gw
+  version: 0.1.0
+  condition: wlan-cloud-graphql-gw.enabled
+- name: wlan-cloud-static-portal
+  version: 0.1.0
+  condition: wlan-cloud-static-portal.enabled
 ## IntegratedCloudComponent should be disabled for distributed deployment
-  - name: wlan-integrated-cloud-component-service
-    version: 0.1.0
-    condition: wlan-integrated-cloud-component-service.enabled
-  - name: wlan-portal-service
-    version: 0.1.0
-    condition: wlan-portal-service.enabled
-  - name: wlan-prov-service
-    version: 0.1.0
-    condition: wlan-prov-service.enabled
-  - name: wlan-ssc-service
-    version: 0.1.0
-    condition: wlan-ssc-service.enabled
-  - name: wlan-spc-service
-    version: 0.1.0
-    condition: wlan-spc-service.enabled
-  - name: wlan-port-forwarding-gateway-service
-    version: 0.1.0
-    condition: wlan-port-forwarding-gateway-service.enabled
-  - name: nginx-ingress-controller
-    version: 0.1.0
-    condition: nginx-ingress-controller.enabled
-  - name: common
-    version: 0.1.0
-  - name: zookeeper
-    version: 0.1.0
-    condition: zookeeper.enabled
-  - name: kafka
-    version: 0.1.0
-    condition: kafka.enabled
-  - name: cassandra
-    version: 0.1.0
-    condition: cassandra.enabled
-  - name: postgresql
-    version: 8.9.6
-    condition: postgresql.enabled
+- name: wlan-integrated-cloud-component-service
+  version: 0.1.0
+  condition: wlan-integrated-cloud-component-service.enabled
+- name: wlan-portal-service
+  version: 0.1.0
+  condition: wlan-portal-service.enabled
+- name: wlan-prov-service
+  version: 0.1.0
+  condition: wlan-prov-service.enabled
+- name: wlan-ssc-service
+  version: 0.1.0
+  condition: wlan-ssc-service.enabled
+- name: wlan-spc-service
+  version: 0.1.0
+  condition: wlan-spc-service.enabled
+- name: wlan-port-forwarding-gateway-service
+  version: 0.1.0
+  condition: wlan-port-forwarding-gateway-service.enabled
+- name: nginx-ingress-controller
+  version: 0.1.0
+  condition: nginx-ingress-controller.enabled
+- name: common
+  version: 0.1.0
+
+- name: kafka
+  version: 12.2.0
+  repository: https://charts.bitnami.com/bitnami
+  condition: kafka.enabled
+- name: postgresql
+  version: 10.1.0
+  repository: https://charts.bitnami.com/bitnami
+  condition: postgresql.enabled
+- name: cassandra
+  version: 7.0.1
+  repository: https://charts.bitnami.com/bitnami
+  condition: cassandra.enabled

tip-wlan/charts/cassandra/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

tip-wlan/charts/cassandra/Chart.yaml

@@ -1,21 +0,0 @@
-name: cassandra
-apiVersion: v2
-version: 5.5.3
-appVersion: 3.11.6
-description: Apache Cassandra is a free and open-source distributed database management system 
-  designed to handle large amounts of data across many commodity servers, providing high 
-  availability with no single point of failure. 
-  Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous
-  masterless replication allowing low latency operations for all clients.
-keywords:
-  - cassandra
-  - database
-  - nosql
-icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png
-sources:
-  - https://github.com/bitnami/bitnami-docker-cassandra
-home: http://cassandra.apache.org
-maintainers:
-  - name: Bitnami
-    email: containers@bitnami.com
-engine: gotpl

tip-wlan/charts/cassandra/resources/config/certs/keystore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/cassandra/resources/config/certs/truststore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/cassandra/resources/config/cqlshrc.tip-wlan

@@ -1,238 +0,0 @@
-; Licensed to the Apache Software Foundation (ASF) under one
-; or more contributor license agreements.  See the NOTICE file
-; distributed with this work for additional information
-; regarding copyright ownership.  The ASF licenses this file
-; to you under the Apache License, Version 2.0 (the
-; "License"); you may not use this file except in compliance
-; with the License.  You may obtain a copy of the License at
-;
-;   http://www.apache.org/licenses/LICENSE-2.0
-;
-; Unless required by applicable law or agreed to in writing,
-; software distributed under the License is distributed on an
-; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-; KIND, either express or implied.  See the License for the
-; specific language governing permissions and limitations
-; under the License.
-;
-; Sample ~/.cqlshrc file.
-
-[authentication]
-;; If Cassandra has auth enabled, fill out these options
-username = tip_user
-password = tip_password
-; keyspace = ks1
-
-
-
-[ui]
-;; Whether or not to display query results with colors
-color = on
-
-;; Used for displaying timestamps (and reading them with COPY)
-; datetimeformat = %Y-%m-%d %H:%M:%S%z
-
-;; Display timezone
-;timezone = Etc/UTC
-
-;; The number of digits displayed after the decimal point for single and double precision numbers
-;; (note that increasing this to large numbers can result in unusual values)
-;float_precision = 5
-;double_precision = 12
-
-;; Used for automatic completion and suggestions
-; completekey = tab
-
-;; The encoding used for characters
-; encoding = utf8
-
-; To use another than the system default browser for cqlsh HELP to open
-; the CQL doc HTML, use the 'browser' preference.
-; If the field value is empty or not specified, cqlsh will use the
-; default browser (specifying 'browser = default' does not work).
-;
-; Supported browsers are those supported by the Python webbrowser module.
-; (https://docs.python.org/2/library/webbrowser.html).
-;
-; Hint: to use Google Chome, use
-; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
-; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
-; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
-;
-; This setting can be overridden with the --browser command line option.
-;
-;browser =
-
-[cql]
-;; A version of CQL to use (this should almost never be set)
-; version = 3.2.1
-
-
-
-[connection]
-
-;; The host to connect to
-hostname = tip-wlan-cassandra-headless
-
-;; The port to connect to (9042 is the native protocol default)
-port = 9042
-
-;; Always connect using SSL - false by default
-ssl = true
-
-;; A timeout in seconds for opening new connections
-; timeout = 10
-
-;; A timeout in seconds for executing queries
-; request_timeout = 10
-
-
-
-[csv]
-;; The size limit for parsed fields
-; field_size_limit = 131072
-
-
-
-[tracing]
-;; The max number of seconds to wait for a trace to complete
-; max_trace_wait = 10.0
-
-
-
-[ssl]
-certfile = /opt/tip-wlan/certs/cacert.pem
-
-;; Optional - true by default.
-;validate = true
-
-;; To be provided when require_client_auth=true
-userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
-
-;; To be provided when require_client_auth=true
-usercert = /opt/tip-wlan/certs/cassandraservercert.pem
-
-
-
-;; Optional section, overrides default certfile in [ssl] section, if present
-; [certfiles]
-; 192.168.1.3 = ~/keys/cassandra01.cert
-; 192.168.1.4 = ~/keys/cassandra02.cert
-
-
-
-;; Options that are common to both COPY TO and COPY FROM
-; [copy]
-
-;; The string placeholder for null values
-; nullval = null
-
-;; For COPY TO, controls whether the first line in the CSV output file will
-;; contain the column names.  For COPY FROM, specifies whether the first
-;; line in the CSV file contains column names.
-; header = false
-
-;; The character that is used as the decimal point separator
-; decimalsep = .
-
-;; The character that is used to separate thousands
-;; (defaults to the empty string)
-; thousandssep =
-
-;; The string literal format for boolean values
-; boolstyle = True,False
-
-;; The number of child worker processes to create for
-;; COPY tasks.  Defaults to a max of 4 for COPY FROM and 16
-;; for COPY TO.  However, at most (num_cores - 1) processes
-;; will be created.
-; numprocesses =
-
-;; The maximum number of failed attempts to fetch a range of data (when using
-;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
-; maxattempts = 5
-
-;; How often status updates are refreshed, in seconds
-; reportfrequency = 0.25
-
-;; An optional file to output rate statistics to
-; ratefile =
-
-
-
-;; Options specific to COPY TO
-; [copy-to]
-
-;; The maximum number token ranges to fetch simultaneously
-; maxrequests = 6
-
-;; The number of rows to fetch in a single page
-; pagesize = 1000
-
-;; By default the page timeout is 10 seconds per 1000 entries
-;; in the page size or 10 seconds if pagesize is smaller
-; pagetimeout = 10
-
-;; Token range to export.  Defaults to exporting the full ring.
-; begintoken =
-; endtoken =
-
-; The maximum size of the output file measured in number of lines;
-; beyond this maximum the output file will be split into segments.
-; -1 means unlimited.
-; maxoutputsize = -1
-
-;; The encoding used for characters
-; encoding = utf8
-
-
-
-;; Options specific to COPY FROM
-; [copy-from]
-
-;; The maximum number of rows to process per second
-; ingestrate = 100000
-
-;; The maximum number of rows to import (-1 means unlimited)
-; maxrows = -1
-
-;; A number of initial rows to skip
-; skiprows = 0
-
-;; A comma-separated list of column names to ignore
-; skipcols =
-
-;; The maximum global number of parsing errors to ignore, -1 means unlimited
-; maxparseerrors = -1
-
-;; The maximum global number of insert errors to ignore, -1 means unlimited
-; maxinserterrors = 1000
-
-;; A file to store all rows that could not be imported, by default this is
-;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
-; errfile =
-
-;; The min and max number of rows inserted in a single batch
-; maxbatchsize = 20
-; minbatchsize = 2
-
-;; The number of rows that are passed to child worker processes from
-;; the main process at a time
-; chunksize =  1000
-
-
-
-;; The options for COPY can also be specified per-table.  The following
-;; three sections demonstrate this.
-
-;; Optional table-specific options for COPY
-; [copy:mykeyspace.mytable]
-; chunksize = 1000
-
-;; Optional table-specific options for COPY FROM
-; [copy-from:mykeyspace.mytable]
-; ingestrate = 20000
-
-;; Optional table-specific options for COPY TO
-; [copy-to:mykeyspace.mytable]
-; pagetimeout = 30

tip-wlan/charts/cassandra/templates/NOTES.txt

@@ -1,65 +0,0 @@
-** Please be patient while the chart is being deployed **
-
-Cassandra can be accessed through the following URLs from within the cluster:
-
-  - CQL: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.port }}
-  - Thrift: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.thriftPort }}
-
-To get your password run:
-
-   export CASSANDRA_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} -o jsonpath="{.data.cassandra-password}" | base64 --decode)
-
-Check the cluster status by running:
-
-   kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "common.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status
-
-To connect to your Cassandra cluster using CQL:
-
-1. Run a Cassandra pod that you can use as a client:
-
-   kubectl run --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }}-client --rm --tty -i --restart='Never' \
-   --env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \
-   {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.name" . }}-client=true"{{ end }} \
-   --image {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} -- bash
-
-2. Connect using the cqlsh client:
-
-   cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD {{ template "common.fullname" . }}
-
-{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
-Note: Since NetworkPolicy is enabled, only pods with label
-"{{ template "common.fullname" . }}-client=true"
-will be able to connect to Cassandra.
-{{- else -}}
-
-To connect to your database from outside the cluster execute the following commands:
-
-{{- if contains "NodePort" .Values.service.type }}
-
-   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.fullname" . }})
-
-   cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT
-
-{{- else if contains "LoadBalancer" .Values.service.type }}
-
-   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-         Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.fullname" . }}'
-
-   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-   cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP
-
-{{- else if contains "ClusterIP" .Values.service.type }}
-
-   kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
-   cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.port }}
-
-{{- end }}
-{{- end }}
-
-{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
-
-WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
-+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
-
-{{- end }}

tip-wlan/charts/cassandra/templates/_helpers.tpl

@@ -1,71 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Return the appropriate apiVersion for networkpolicy.
-*/}}
-{{- define "networkPolicy.apiVersion" -}}
-{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
-{{- print "extensions/v1beta1" -}}
-{{- else -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the proper metrics image name
-*/}}
-{{- define "cassandra.metrics.image" -}}
-{{- $registryName := .Values.metrics.image.registry -}}
-{{- $repositoryName := .Values.metrics.image.repository -}}
-{{- $tag := .Values.metrics.image.tag | toString -}}
-{{/*
-Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
-but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
-Also, we can't use a single if because lazy evaluation is not an option
-*/}}
-{{- if .Values.global }}
-    {{- if .Values.global.imageRegistry }}
-        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
-    {{- else -}}
-        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-    {{- end -}}
-{{- else -}}
-    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the proper image name (for the init container volume-permissions image)
-*/}}
-{{- define "cassandra.volumePermissions.image" -}}
-{{- $registryName := .Values.volumePermissions.image.registry -}}
-{{- $repositoryName := .Values.volumePermissions.image.repository -}}
-{{- $tag := .Values.volumePermissions.image.tag | toString -}}
-{{/*
-Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
-but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
-Also, we can't use a single if because lazy evaluation is not an option
-*/}}
-{{- if .Values.global }}
-    {{- if .Values.global.imageRegistry }}
-        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
-    {{- else -}}
-        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-    {{- end -}}
-{{- else -}}
-    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Renders a value that contains template.
-Usage:
-{{ include "cassandra.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
-*/}}
-{{- define "cassandra.tplValue" -}}
-    {{- if typeIs "string" .value }}
-        {{- tpl .value .context }}
-    {{- else }}
-        {{- tpl (.value | toYaml) .context }}
-    {{- end }}
-{{- end -}}

tip-wlan/charts/cassandra/templates/configmap.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cassandra-configurations-override
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

tip-wlan/charts/cassandra/templates/headless-svc.yaml

@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.fullname" . }}-headless
-  namespace: {{ include "common.namespace" . }}
-  labels: {{- include "common.labels" . | nindent 4 }}
-  annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
-spec:
-  clusterIP: None
-  publishNotReadyAddresses: true
-  ports:
-    - name: intra
-      port: 7000
-      targetPort: intra
-    - name: tls
-      port: 7001
-      targetPort: tls
-    - name: jmx
-      port: 7199
-      targetPort: jmx
-    - name: cql
-      port: {{ .Values.service.port }}
-      targetPort: cql
-    {{- if .Values.cluster.enableRPC }}
-    - name: thrift
-      port: {{ .Values.service.thriftPort }}
-      targetPort: thrift
-    {{- end }}
-  selector: {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/cassandra/templates/networkpolicy.yaml

@@ -1,38 +0,0 @@
-{{- if .Values.networkPolicy.enabled }}
-kind: NetworkPolicy
-apiVersion: {{ include "networkPolicy.apiVersion" . }}
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels: {{- include "common.labels" . | nindent 4 }}
-spec:
-  podSelector:
-    matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
-  ingress:
-    # Allow inbound connections
-    # CQL and Thrift ports
-    - ports:
-        - port: {{ .Values.service.port }}
-        - port: {{ .Values.service.thriftPort }}
-      from:
-      {{- if not .Values.networkPolicy.allowExternal }}
-        - podSelector:
-            matchLabels:
-              {{ include "common.fullname" . }}-client: "true"
-      {{- end }}
-        - podSelector:
-            matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
-    # Internal ports
-    - ports:
-        - port: intra
-        - port: tls
-        - port: jmx
-      from:
-        - podSelector:
-            matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
-    {{- if .Values.metrics.enabled }}
-    # Allow prometheus scrapes for metrics
-    - ports:
-        - port: 8080
-    {{- end }}
-{{- end }}

tip-wlan/charts/cassandra/templates/secret.yaml

@@ -1,39 +0,0 @@
-{{- if (not .Values.dbUser.existingSecret) -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels: {{- include "common.labels" . | nindent 4 }}
-type: Opaque
-data:
-  {{- if .Values.dbUser.password }}
-  cassandra-password: {{ .Values.dbUser.password | b64enc | quote }}
-  {{- else if (not .Values.dbUser.forcePassword) }}
-  cassandra-password: {{ randAlphaNum 10 | b64enc | quote }}
-  {{ else }}
-  cassandra-password: {{ required "A Cassandra Password is required!" .Values.dbUser.password }}
-  {{- end }}
-{{- end }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cassandra-ssl-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-  truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
-  truststore-password: {{ .Files.Get "resources/config/certs/truststore_creds" | b64enc }}
-  keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
-  keystore-password: {{ .Files.Get "resources/config/certs/keystore_creds" | b64enc }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-client-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-

tip-wlan/charts/cassandra/templates/service.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels: {{- include "common.labels" . | nindent 4 }}
-  annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-  {{- end }}
-  ports:
-    - name: cql
-      port: {{ .Values.service.port }}
-      targetPort: cql
-      {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }}
-      nodePort: {{ .Values.service.nodePorts.cql }}
-      {{- else if eq .Values.service.type "ClusterIP" }}
-      nodePort: null
-      {{- end }}
-    {{- if .Values.cluster.enableRPC }}
-    - name: thrift
-      port: {{ .Values.service.thriftPort }}
-      targetPort: thrift
-      {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.thrift)) }}
-      nodePort: {{ .Values.service.nodePorts.thrift }}
-      {{- else if eq .Values.service.type "ClusterIP" }}
-      nodePort: null
-      {{- end }}
-    {{- end }}
-  selector: {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/cassandra/templates/statefulset.yaml

@@ -1,306 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels: {{- include "common.labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
-  serviceName: {{ include "common.fullname" . }}-headless
-  replicas: {{ .Values.cluster.replicaCount }}
-  updateStrategy:
-    type: {{ .Values.statefulset.updateStrategy }}
-    {{- if (eq "Recreate" .Values.statefulset.updateStrategy) }}
-    rollingUpdate: null
-    {{- else if .Values.statefulset.rollingUpdatePartition }}
-    rollingUpdate:
-      partition: {{ .Values.statefulset.rollingUpdatePartition }}
-    {{- end }}
-  template:
-    metadata:
-      labels: {{- include "common.labels" . | nindent 8 }}
-      {{- if .Values.podLabels }}
-      {{- toYaml .Values.podLabels | nindent 8 }}
-      {{- end }}
-      {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
-      annotations:
-        {{- if .Values.podAnnotations }}
-        {{- toYaml .Values.podAnnotations | nindent 8 }}
-        {{- end }}
-        {{- if .Values.metrics.podAnnotations }}
-        {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
-        {{- end }}
-      {{- end }}
-    spec:
-      {{- if .Values.affinity }}
-      affinity: {{- include "cassandra.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.nodeSelector }}
-      nodeSelector: {{- include "cassandra.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.tolerations }}
-      tolerations: {{- include "cassandra.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.securityContext.enabled }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-        runAsUser: {{ .Values.securityContext.runAsUser }}
-      {{- end }}
-      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
-      initContainers:
-        - name: volume-permissions
-          image: {{ include "cassandra.volumePermissions.image" . }}
-          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
-          command:
-            - /bin/bash
-            - -ec
-            - |
-              chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami/cassandra
-          securityContext:
-            runAsUser: 0
-          {{- if .Values.volumePermissions.resources }}
-          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: data
-              mountPath: /bitnami/cassandra
-      {{- end }}
-      containers:
-        - name: cassandra
-          command:
-            - bash
-            - -ec
-            # Node 0 is the password seeder
-            - |
-              if [[ $HOSTNAME =~ (.*)-0$ ]]; then
-                echo "Setting node as password seeder"
-                export CASSANDRA_PASSWORD_SEEDER=yes
-              else
-                # Only node 0 will execute the startup initdb scripts
-                export CASSANDRA_IGNORE_INITDB_SCRIPTS=1
-              fi
-              {{ .Values.entrypoint }} {{ .Values.cmd }}
-          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
-          env:
-            - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
-            - name: CASSANDRA_CLUSTER_NAME
-              value: {{ .Values.cluster.name }}
-            - name: CASSANDRA_SEEDS
-              {{- $global := . }}
-              {{- $replicas := .Values.cluster.seedCount | int }}
-              {{- $domain := .Values.cluster.domain }}
-              value: "{{- range $i, $e := until $replicas }}{{ include "common.fullname" $global }}-{{ $i }}.{{ include "common.fullname" $global }}-headless.{{ $global.Values.global.nsPrefix }}.svc.{{ $domain }}{{- if (lt ( add1 $i ) $replicas ) }},{{- end }}{{- end }}"
-            - name: CASSANDRA_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ if .Values.dbUser.existingSecret }}{{ .Values.dbUser.existingSecret }}{{- else }}{{ include "common.fullname" . }}{{- end }}
-                  key: cassandra-password
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: CASSANDRA_USER
-              value: {{ .Values.dbUser.user | quote }}
-            - name: CASSANDRA_NUM_TOKENS
-              value: {{ .Values.cluster.numTokens | quote }}
-            - name: CASSANDRA_DATACENTER
-              value: {{ .Values.cluster.datacenter }}
-            - name: CASSANDRA_ENDPOINT_SNITCH
-              value: {{ .Values.cluster.endpointSnitch }}
-            {{- if   .Values.tlsEncryptionSecretName }}
-            - name: CASSANDRA_INTERNODE_ENCRYPTION
-              value: {{ .Values.cluster.internodeEncryption | quote }}
-            - name: CASSANDRA_CLIENT_ENCRYPTION
-              value: {{ .Values.cluster.clientEncryption | quote }}
-            - name: CASSANDRA_TRUSTSTORE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.tlsEncryptionSecretName }}
-                  key: truststore-password
-            - name: CASSANDRA_KEYSTORE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.tlsEncryptionSecretName }}
-                  key: keystore-password
-            {{- end }}
-            - name: CASSANDRA_RACK
-              value: {{ .Values.cluster.rack }}
-            {{- if .Values.jvm.maxHeapSize }}
-            - name: MAX_HEAP_SIZE
-              value: {{ .Values.jvm.maxHeapSize | quote }}
-            {{- end }}
-            {{- if .Values.jvm.newHeapSize }}
-            - name: HEAP_NEWSIZE
-              value: {{ .Values.jvm.newHeapSize | quote }}
-            {{- end }}
-            {{- if .Values.jvm.extraOpts }}
-            - name: JVM_EXTRA_OPTS
-              value: {{ .Values.jvm.extraOpts | quote }}
-            {{- end }}
-            - name: CASSANDRA_ENABLE_RPC
-              value: {{ .Values.cluster.enableRPC | quote }}
-            {{- if .Values.cluster.enableUDF }}
-            - name: CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS
-              value: {{ .Values.cluster.enableUDF | quote }}
-            {{- end }}
-          {{- if .Values.livenessProbe.enabled }}
-          livenessProbe:
-            exec:
-              command: ["/bin/sh", "-c", "nodetool status"]
-            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- if .Values.readinessProbe.enabled }}
-          readinessProbe:
-            exec:
-              command: ["/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+${POD_IP}\""]
-            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
-          {{- end }}
-          {{- if not .Values.persistence.enabled }}
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - bash
-                  - -ec
-                  - nodetool decommission
-          {{- end }}
-          ports:
-            - name: intra
-              containerPort: 7000
-            - name: tls
-              containerPort: 7001
-            - name: jmx
-              containerPort: 7199
-            - name: cql
-              containerPort: 9042
-            {{- if .Values.cluster.enableRPC }}
-            - name: thrift
-              containerPort: 9160
-            {{- end }}
-          {{- if .Values.resources }}
-          resources: {{ toYaml .Values.resources | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: data
-              mountPath: /bitnami/cassandra
-            {{- if .Values.tlsEncryptionSecretName }}
-            - name: encryption-secrets
-              mountPath: /bitnami/cassandra/secrets
-            {{- end }}
-            {{- if .Values.initDBConfigMap }}
-            - name: init-db-cm
-              mountPath: /docker-entrypoint-initdb.d/configmap
-            {{- end }}
-            {{- if .Values.initDBSecret }}
-            - name: init-db-secret
-              mountPath: /docker-entrypoint-initdb.d/secret
-            {{- end }}
-            {{ if .Values.existingConfiguration }}
-            - name: configurations
-              mountPath: /bitnami/cassandra/conf
-            {{- end }}
-            - mountPath: /opt/tip-wlan/certs/cacert.pem
-              name: cassandra-client-certificates
-              subPath: cacert.pem
-            - mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
-              name: cassandra-client-certificates
-              subPath: cassandraservercert.pem
-            - mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
-              name: cassandra-client-certificates
-              subPath: cassandraserverkey_dec.pem              
-        {{- if .Values.metrics.enabled }}
-        - name: metrics
-          image: {{ include "cassandra.metrics.image" . }}
-          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
-          ports:
-            - name: metrics
-              containerPort: 8080
-              protocol: TCP
-            - name: jmx
-              containerPort: 5555
-          {{- if .Values.metrics.resources }}
-          resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            tcpSocket:
-              port: metrics
-          readinessProbe:
-            httpGet:
-              path: /metrics
-              port: metrics
-            initialDelaySeconds: 20
-            timeoutSeconds: 45
-        {{- end }}
-      {{- if .Values.image.pullSecrets }}
-      imagePullSecrets:
-        - name: {{ .Values.image.pullSecrets }}
-      {{- end }}
-      volumes:
-        - name: cassandra-client-certificates
-          secret:
-            secretName: {{ include "common.fullname" . }}-client-certs
-        {{- if .Values.tlsEncryptionSecretName }}
-        - name: encryption-secrets
-          secret:
-            secretName: {{ .Values.tlsEncryptionSecretName }}
-            items:
-              - key: keystore
-                path: keystore
-              - key: truststore
-                path: truststore
-        {{- end }}
-        {{- if .Values.existingConfiguration }}
-        - name: configurations
-          configMap:
-            name: {{ tpl .Values.existingConfiguration $ }}
-        {{- end }}
-        {{- if .Values.initDBConfigMap }}
-        - name: init-db-cm
-          configMap:
-            name: {{ tpl .Values.initDBConfigMap $ }}
-        {{- end }}
-        {{- if .Values.initDBSecret }}
-        - name: init-db-secret
-          configMap:
-            name: {{ tpl .Values.initDBSecret $ }}
-        {{- end }}
-{{- if not .Values.persistence.enabled }}
-        - name: data
-          emptyDir: {}
-{{- else }}
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-        labels:
-          app: {{ include "common.name" . }}
-          release: {{ .Release.Name }}
-        {{- if .Values.persistence.annotations }}
-        annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
-        {{- end }}
-      spec:
-        accessModes:
-          {{- range .Values.persistence.accessModes }}
-          - {{ . | quote }}
-          {{- end }}
-        resources:
-          requests:
-            storage: {{ .Values.persistence.size | quote }}
-      {{- if .Values.persistence.storageClass }}
-      {{- if (eq "-" .Values.persistence.storageClass) }}
-        storageClassName: ""
-      {{- else }}
-        storageClassName: "{{ .Values.persistence.storageClass }}"
-      {{- end }}
-      {{- end }}
-{{- end }}

tip-wlan/charts/cassandra/templates/tests/test-cassandra-record-insert-del.yaml

@@ -1,53 +0,0 @@
-{{- if .Values.testsEnabled -}}
-# NOTE: For the test to work, make sure that the cluster-size remains the same
-# if you are doing helm-del and then helm-install with existing pvc.
-apiVersion: v1
-kind: Pod
-metadata:
-  name: {{ include "common.fullname" . }}-test-insertion-deletion
-  namespace: {{ include "common.namespace" . }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-  - name: {{ include "common.name" . }}-test-cassandra-basic
-    image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
-    command:
-    - sh
-    - -c
-    - |
-      cqlsh --cqlshrc /bitnami/cassandra/conf/cqlshrc.tip-wlan -e \
-      "CREATE KEYSPACE MYDB WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; \
-      use MYDB; \
-      CREATE TABLE BOOKS (id int PRIMARY KEY, title text, year text); \
-      INSERT INTO BOOKS (id, title, year) VALUES (1, 'Power Of Now', '1994'); \
-      SELECT * FROM BOOKS; \
-      DELETE FROM BOOKS WHERE id=1; \
-      SELECT * FROM BOOKS; \
-      DROP TABLE BOOKS; \
-      DROP KEYSPACE MYDB;"
-    volumeMounts:
-      {{ if .Values.existingConfiguration }}
-      - name: configurations
-        mountPath: /bitnami/cassandra/conf
-      {{- end }}
-      - mountPath: /opt/tip-wlan/certs/cacert.pem
-        name: cassandra-client-certificates
-        subPath: cacert.pem
-      - mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
-        name: cassandra-client-certificates
-        subPath: cassandraservercert.pem
-      - mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
-        name: cassandra-client-certificates
-        subPath: cassandraserverkey_dec.pem   
-  restartPolicy: Never
-  volumes:
-  {{- if .Values.existingConfiguration }}
-  - name: configurations
-    configMap:
-      name: {{ tpl .Values.existingConfiguration $ }}
-  {{- end }}
-  - name: cassandra-client-certificates
-    secret:
-      secretName: {{ include "common.fullname" . }}-client-certs
-{{- end }}

tip-wlan/charts/cassandra/values.yaml

@@ -1,328 +0,0 @@
-## Global Docker image parameters
-## Please, note that this will override the image parameters, including dependencies, configured to use the global value
-## Current available global Docker image parameters: imageRegistry and imagePullSecrets
-##
-# global:
-#   imageRegistry: myRegistryName
-#   imagePullSecrets:
-#     - myRegistryKeySecretName
-#   storageClass: myStorageClass
-
-## Bitnami Cassandra image version
-## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
-##
-image:
-  registry: docker.io
-  repository: bitnami/cassandra
-  ## Bitnami Cassandra image tag
-  ## ref: https://github.com/bitnami/bitnami-docker-cassandra#supported-tags-and-respective-dockerfile-links
-  ##
-  tag: 3.11.6-debian-10-r138
-  ## Specify a imagePullPolicy
-  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  ##
-  pullPolicy: IfNotPresent
-  ## Optionally specify an array of imagePullSecrets.
-  ## Secrets must be manually created in the namespace.
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  # pullSecrets:
-  #   - myRegistryKeySecretName
-  ## Set to true if you would like to see extra information on logs
-  ## It turns BASH debugging in minideb-extras-base
-  ##
-  debug: false
-
-## String to partially override cassandra.fullname template (will maintain the release name)
-##
-# nameOverride:
-
-## String to fully override cassandra.fullname template
-##
-# fullnameOverride:
-
-## Init containers parameters:
-## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
-##
-volumePermissions:
-  enabled: true
-  image:
-    registry: docker.io
-    repository: bitnami/minideb
-    tag: buster
-    pullPolicy: Always
-    ## Optionally specify an array of imagePullSecrets.
-    ## Secrets must be manually created in the namespace.
-    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-    ##
-    # pullSecrets:
-    #   - myRegistryKeySecretName
-  ## Init container' resource requests and limits
-  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  ##
-  resources:
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    limits: {}
-    #   cpu: 100m
-    #   memory: 128Mi
-    requests: {}
-    #   cpu: 100m
-    #   memory: 128Mi
-
-## Service parameters
-##
-service:
-  ## Service type
-  ##
-  type: ClusterIP
-  ## CQL port
-  ##
-  port: 9042
-  ## Thrift Client API port
-  ##
-  thriftPort: 9160
-  ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-  ##
-  nodePorts:
-    cql: ""
-    thriftPort: ""
-  ## Set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  # loadBalancerIP:
-  ## Provide any additional annotations which may be required. This can be used to
-  ## set the LoadBalancer service type to internal only.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-  ##
-  annotations: {}
-
-## Enable persistence using Persistent Volume Claims
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-##
-persistence:
-  ## If true, use a Persistent Volume Claim, If false, use emptyDir
-  ##
-  enabled: false
-  ## Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  storageClass: "-"
-  ## Persistent Volume Claim annotations
-  ##
-  annotations:
-  ## Persistent Volume Access Mode
-  ##
-  accessModes:
-    - ReadWriteOnce
-  ## Persistent Volume size
-  ##
-  size: 1Gi
-
-## Cassandra pods' resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-## Minimum memory for development is 4GB and 2 CPU cores
-## Minimum memory for production is 8GB and 4 CPU cores
-## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
-##
-resources:
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  limits: {}
-  #   cpu: 2
-  #   memory: 4Gi
-  requests: {}
-  #   cpu: 2
-  #   memory: 4Gi
-
-## Secret with keystore, keystore password, truststore, truststore password
-##
-tlsEncryptionSecretName: cassandra-ssl-certs
-## ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart
-##
-existingConfiguration: cassandra-configurations-override
-## Cluster parameters
-##
-cluster:
-  name: TipWlanCluster
-  replicaCount: 3
-  seedCount: 2
-  numTokens: 256
-  datacenter: DC1
-  rack: RAC1
-  enableRPC: true
-  endpointSnitch: SimpleSnitch
-  ## Enable the creation of the Pod Disruption Budget
-  ##
-  pdbEnabled: true
-  ## Minimum number of cluster nodes that will be running. Needs pdbEnabled=true
-  ##
-  minAvailable: 1
-  ## Maximum number of cluster nodes that may not be running. Needs pdbEnabled=true.
-  ##
-  # maxUnavailable: 1
-  ## Encryption values. NOTE: They require tlsEncryptionSecretName
-  ##
-  internodeEncryption: all
-  clientEncryption: true
-  domain: cluster.local
-
-## JVM Settings
-##
-jvm:
-  ## Extra JVM options
-  ##
-  extraOpts:
-
-  ## Memory settings: These are calculated automatically
-  ## unless specified otherwise
-  ##
-  # maxHeapSize: 4G
-  # newHeapSize: 800M
-
-## Database credentials
-##
-dbUser:
-  user: cassandra
-  forcePassword: false
-  password: cassandra
-  # existingSecret:
-
-## ConfigMap with cql scripts. Useful for creating a keyspace
-## and pre-populating data
-##
-# initDBConfigMap:
-
-## Secret with cql script (with sensitive data). Useful for creating a keyspace
-## and pre-populating data
-##
-# initDBSecret:
-
-## Cassandra container's liveness and readiness probes
-## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-##
-livenessProbe:
-  enabled: true
-  initialDelaySeconds: 60
-  periodSeconds: 30
-  timeoutSeconds: 5
-  successThreshold: 1
-  failureThreshold: 5
-readinessProbe:
-  enabled: true
-  initialDelaySeconds: 60
-  periodSeconds: 10
-  timeoutSeconds: 5
-  successThreshold: 1
-  failureThreshold: 5
-
-## Additional pod annotations
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-##
-podAnnotations: {}
-
-## Additional pod labels
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-##
-podLabels: {}
-
-## Affinity for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-##
-affinity: {}
-
-## Node labels for pod assignment. Evaluated as a template.
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## Tolerations for pod assignment
-## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-##
-tolerations: []
-
-## StatefulSet settings
-##
-statefulset:
-  updateStrategy: OnDelete
-  # rollingUpdatePartition:
-
-## Pod Security Context
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-##
-securityContext:
-  enabled: true
-  fsGroup: 1001
-  runAsUser: 1001
-
-## Container entrypoint and cmd (useful for using different images)
-##
-entrypoint: "/entrypoint.sh"
-cmd: "/run.sh"
-
-## Network policies
-## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
-##
-networkPolicy:
-  ## Specifies whether a NetworkPolicy should be created
-  ##
-  enabled: false
-
-  ## The Policy model to apply. When set to false, only pods with the correct
-  ## client label will have network access to the port Redis is listening
-  ## on. When true, Redis will accept connections from any source
-  ## (with the correct destination port).
-  ##
-  # allowExternal: true
-
-## Enable/disable the chart's tests.  Useful if using this chart as a dependency of
-## another chart and you don't want these tests running when trying to develop and
-## test your own chart.
-testsEnabled: true
-
-## Cassandra Prometheus exporter configuration
-## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
-##
-metrics:
-  enabled: false
-  image:
-    registry: docker.io
-    pullPolicy: IfNotPresent
-    repository: bitnami/cassandra-exporter
-    tag: 2.3.4-debian-10-r119
-    ## Optionally specify an array of imagePullSecrets.
-    ## Secrets must be manually created in the namespace.
-    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-    ##
-    # pullSecrets:
-    #   - myRegistryKeySecretName
-  ## Cassandra Prometheus exporter resource requests and limits
-  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  ##
-  resources:
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    limits: {}
-    #   cpu: 100m
-    #   memory: 128Mi
-    requests: {}
-    #   cpu: 100m
-    #   memory: 128Mi
-  ## Metrics exporter pod Annotation and Labels
-  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-  ##
-  podAnnotations:
-    prometheus.io/scrape: "true"
-    prometheus.io/port: "8080"

tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     {{- include "common.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.provisioner.replicaCount }}
-  strategy: 
+  strategy:
     type: {{ .Values.provisioner.strategyType }}
   selector:
     matchLabels:

tip-wlan/charts/common/templates/_env.tpl

@@ -1,12 +1,5 @@
-{{/*
-  Resolve the environment variables to apply to a chart. The default namespace suffix
-  is the name of the chart. This can be overridden if necessary (eg. for subcharts)
-  using the following value:
-
-  - .Values.nsPrefix  : override namespace prefix
-*/}}
 {{- define "common.namespace" -}}
-  {{- default .Values.global.nsPrefix -}}
+  {{- .Release.Namespace -}}
 {{- end -}}
 
 {{- define "common.env" -}}

tip-wlan/charts/common/templates/_namespace.tpl

@@ -1,10 +0,0 @@
-{{/*
-  Resolve the namespace to apply to a chart. The default namespace suffix
-  is the name of the chart. This can be overridden if necessary (eg. for subcharts)
-  using the following value:
-
-  - .Values.nsPrefix  : override namespace prefix
-*/}}
-{{- define "common.namespace" -}}
-  {{- default .Values.global.nsPrefix -}}
-{{- end -}}

tip-wlan/charts/common/templates/_ports.tpl

@@ -0,0 +1,41 @@
+{{/*
+    This template will be used to iterate through the access point debug ports and generate
+    access point debug ports mapping
+  */}}
+
+{{- define "apDebugPortsStart" -}}
+{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
+{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
+{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
+{{- printf "%d%d" $portPrefix $start -}}
+{{- end -}}
+
+{{- define "apDebugPortsEnd" -}}
+{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
+{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
+{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
+{{- printf "%d%d" $portPrefix $end -}}
+{{- end -}}
+
+
+{{- define "container.dev.apDebugPorts" -}}
+{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
+  {{- range $index, $port := $accessPointDebugPorts }}
+  - name: apdebugport-{{ $index }}
+    containerPort: {{ $port }}
+    protocol: TCP
+  {{- end }}
+{{- end -}}
+
+{{- define "service.dev.apDebugPorts" -}}
+{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
+  {{- range $index, $port := $accessPointDebugPorts }}
+  - port: {{ $port }}
+    targetPort: {{ $port }}
+    protocol: TCP
+    name: apdebugport-{{ $index }}
+    {{- if eq $.Values.service.type "NodePort" }}
+    nodePort: {{ $port }}
+    {{- end }}
+  {{- end }}
+{{- end -}}

tip-wlan/charts/common/templates/_svc.tpl

@@ -1,5 +1,5 @@
 {{/*
-    Resolve the Postgres service-name to apply to a chart. 
+    Resolve the Postgres service-name to apply to a chart.
 */}}
 {{- define "postgresql.service" -}}
   {{- printf "%s-%s" .Release.Name .Values.postgresql.url | trunc 63 -}}
@@ -16,68 +16,67 @@ else use user-provided URL
 {{- $zookeeperService := printf "%s-%s" .Release.Name .Values.zookeeper.url }}
 {{- default $zookeeperService }}
 {{- end -}}
-{{- end -}}  
+{{- end -}}
 
 {{/*
-  Resolve the Kafka service-name to apply to a chart. 
+  Resolve the Kafka service-name to apply to a chart.
 */}}
 {{- define "kafka.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.kafka.url | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the Cassandra service-name to apply to a chart. 
+  Resolve the Cassandra service-name to apply to a chart.
 */}}
 {{- define "cassandra.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.cassandra.url | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the MQTT service-name to apply to a chart. 
+  Resolve the MQTT service-name to apply to a chart.
 */}}
 {{- define "mqtt.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the integratedcloudcomponent service-name to apply to a chart. 
+  Resolve the integratedcloudcomponent service-name to apply to a chart.
 */}}
 {{- define "integratedcloudcomponent.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the provisioning service-name to apply to a chart. 
+  Resolve the provisioning service-name to apply to a chart.
 */}}
 {{- define "prov.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the ssc service-name to apply to a chart. 
+  Resolve the ssc service-name to apply to a chart.
 */}}
 {{- define "ssc.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the Opensync-gw service-name to apply to a chart. 
+  Resolve the Opensync-gw service-name to apply to a chart.
 */}}
 {{- define "opensyncgw.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
 {{- end -}}
 
-
 {{/*
-  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw 
+  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
 */}}
 {{- define "portal.sharedPvc.name" -}}
 {{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw 
+  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
 */}}
 {{- define "filestore.dir.name" -}}
   {{- printf "%s" .Values.filestore.internal | trunc 63 -}}
-{{- end -}}
+{{- end -}}

tip-wlan/charts/kafka/Chart.yaml

@@ -1,8 +0,0 @@
-apiVersion: v2
-description: Apache Kafka is publish-subscribe messaging
-name: kafka
-version: 0.1.0
-appVersion: 1.0.0
-dependencies:
-  - name: zookeeper
-    version: 0.1.0

tip-wlan/charts/kafka/resources/config/admin-client.properties

@@ -1,11 +0,0 @@
-ssl.endpoint.identification.algorithm=
-security.protocol=SSL
-ssl.key.password=DUMMY_PASSWORD
-ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
-ssl.keystore.password=DUMMY_PASSWORD
-ssl.keystore.type=PKCS12
-ssl.truststore.location=/etc/kafka/secrets/truststore.jks
-ssl.truststore.password=DUMMY_PASSWORD
-ssl.truststore.type=JKS
-bootstrap.servers=tip-wlan-kafka-headless:9093
-

tip-wlan/charts/kafka/resources/config/certs/key_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/resources/config/certs/keystore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/resources/config/certs/truststore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/templates/NOTES.txt

@@ -1,67 +0,0 @@
-### Connecting to Kafka from inside Kubernetes
-
-You can connect to Kafka by running a simple pod in the K8s cluster like this with a configuration like this:
-
-  apiVersion: v1
-  kind: Pod
-  metadata:
-    name: testclient
-    namespace: {{ .Release.Namespace }}
-  spec:
-    containers:
-    - name: kafka
-      image: {{ .Values.image }}:{{ .Values.imageTag }}
-      command:
-        - sh
-        - -c
-        - "exec tail -f /dev/null"
-
-Once you have the testclient pod above running, you can list all kafka
-topics with:
-
-  kubectl -n {{ .Release.Namespace }} exec testclient -- kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --list
-
-To create a new topic:
-
-  kubectl -n {{ .Release.Namespace }} exec testclient -- kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --topic test1 --create --partitions 1 --replication-factor 1
-
-To listen for messages on a topic:
-
-  kubectl -n {{ .Release.Namespace }} exec -ti testclient -- kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}:9092 --topic test1 --from-beginning
-
-To stop the listener session above press: Ctrl+C
-
-To start an interactive message producer session:
-  kubectl -n {{ .Release.Namespace }} exec -ti testclient -- kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9092 --topic test1
-
-To create a message in the above session, simply type the message and press "enter"
-To end the producer session try: Ctrl+C
-
-If you specify "zookeeper.connect" in configurationOverrides, please replace "{{ .Release.Name }}-zookeeper:2181" with the value of "zookeeper.connect", or you will get error.
-
-{{ if .Values.external.enabled }}
-### Connecting to Kafka from outside Kubernetes
-
-You have enabled the external access feature of this chart.
-
-**WARNING:** By default this feature allows Kafka clients outside Kubernetes to
-connect to Kafka via NodePort(s) in `PLAINTEXT`.
-
-Please see this chart's README.md for more details and guidance.
-
-If you wish to connect to Kafka from outside please configure your external Kafka
-clients to point at the following brokers. Please allow a few minutes for all
-associated resources to become healthy.
-  {{  $fullName := include "common.fullname" . }}
-  {{- $replicas := .Values.replicas | int }}
-  {{- $servicePort := .Values.external.servicePort | int}}
-  {{- $root := . }}
-  {{- range $i, $e := until $replicas }}
-    {{- $externalListenerPort := add $root.Values.external.firstListenerPort $i }}
-    {{- if $root.Values.external.distinct }}
-{{ printf "%s-%d.%s:%d" $root.Release.Name $i $root.Values.external.domain $servicePort | indent 2 }}
-    {{- else }}
-{{ printf "%s.%s:%d" $root.Release.Name $root.Values.external.domain $externalListenerPort | indent 2 }}
-    {{- end }}
-  {{- end }}
-{{- end }}

tip-wlan/charts/kafka/templates/_helpers.tpl

@@ -1,89 +0,0 @@
-{{/*
-Form the Zookeeper URL. If zookeeper is installed as part of this chart, use k8s service discovery,
-else use user-provided URL
-*/}}
-{{- define "zookeeper.url" }}
-{{- $port := .Values.zookeeper.port | toString }}
-{{- if .Values.zookeeper.enabled -}}
-{{- printf "%s:%s" (include "kafka.zookeeper.fullname" .) $port }}
-{{- else -}}
-{{- $zookeeperConnect := printf "%s-%s:%s" .Release.Name .Values.zookeeper.url $port }}
-{{- $zookeeperConnectOverride := index .Values "configurationOverrides" "zookeeper.connect" }}
-{{- default $zookeeperConnect $zookeeperConnectOverride }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Derive offsets.topic.replication.factor in following priority order: configurationOverrides, replicas
-*/}}
-{{- define "kafka.replication.factor" }}
-{{- $replicationFactorOverride := index .Values "configurationOverrides" "offsets.topic.replication.factor" }}
-{{- default .Values.replicas $replicationFactorOverride }}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kafka.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create unified labels for kafka components
-*/}}
-
-{{- define "kafka.common.matchLabels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end -}}
-
-{{- define "kafka.common.metaLabels" -}}
-helm.sh/chart: {{ include "kafka.chart" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
-
-{{- define "kafka.broker.matchLabels" -}}
-app.kubernetes.io/component: kafka-broker
-{{ include "kafka.common.matchLabels" . }}
-{{- end -}}
-
-{{- define "kafka.broker.labels" -}}
-{{ include "kafka.common.metaLabels" . }}
-{{ include "kafka.broker.matchLabels" . }}
-{{- end -}}
-
-{{- define "kafka.config.matchLabels" -}}
-app.kubernetes.io/component: kafka-config
-{{ include "kafka.common.matchLabels" . }}
-{{- end -}}
-
-{{- define "kafka.config.labels" -}}
-{{ include "kafka.common.metaLabels" . }}
-{{ include "kafka.config.matchLabels" . }}
-{{- end -}}
-
-{{- define "kafka.monitor.matchLabels" -}}
-app.kubernetes.io/component: kafka-monitor
-{{ include "kafka.common.matchLabels" . }}
-{{- end -}}
-
-{{- define "kafka.monitor.labels" -}}
-{{ include "kafka.common.metaLabels" . }}
-{{ include "kafka.monitor.matchLabels" . }}
-{{- end -}}
-
-{{- define "serviceMonitor.namespace" -}}
-{{- if .Values.prometheus.operator.serviceMonitor.releaseNamespace -}}
-{{ .Release.Namespace }}
-{{- else -}}
-{{ .Values.prometheus.operator.serviceMonitor.namespace }}
-{{- end -}}
-{{- end -}}
-
-{{- define "prometheusRule.namespace" -}}
-{{- if .Values.prometheus.operator.prometheusRule.releaseNamespace -}}
-{{ .Release.Namespace }}
-{{- else -}}
-{{ .Values.prometheus.operator.prometheusRule.namespace }}
-{{- end -}}
-{{- end -}}

tip-wlan/charts/kafka/templates/configmap-config.yaml

@@ -1,59 +0,0 @@
-{{- if .Values.topics -}}
-{{- $zk := include "zookeeper.url" . -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-  {{- include "kafka.config.labels" . | nindent 4 }}
-  name: {{ include "common.fullname" . }}-config
-  namespace: {{ include "common.namespace" . }}
-data:
-  runtimeConfig.sh: |
-    #!/bin/bash
-    set -e
-    cd /usr/bin
-    until kafka-configs --zookeeper {{ $zk }} --entity-type topics --describe || (( count++ >= 6 ))
-    do
-      echo "Waiting for Zookeeper..."
-      sleep 20
-    done
-    until nc -z {{ template "common.fullname" . }} 9092 || (( retries++ >= 6 ))
-    do
-      echo "Waiting for Kafka..."
-      sleep 20
-    done
-    echo "Applying runtime configuration using {{ .Values.image }}:{{ .Values.imageTag }}"
-  {{- range $n, $topic := .Values.topics }}
-    {{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }}
-    cat << EOF > {{ $topic.name }}-increase-replication-factor.json
-      {"version":1, "partitions":[
-        {{- $partitions := (int $topic.partitions) }}
-        {{- $replicas := (int $topic.replicationFactor) }}
-        {{- range $i := until $partitions }}
-          {"topic":"{{ $topic.name }}","partition":{{ $i }},"replicas":[{{- range $j := until $replicas }}{{ $j }}{{- if ne $j (sub $replicas 1) }},{{- end }}{{- end }}]}{{- if ne $i (sub $partitions 1) }},{{- end }}
-        {{- end }}
-      ]}
-    EOF
-    kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --execute
-    kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --verify
-    {{- else if and $topic.partitions $topic.replicationFactor }}
-    kafka-topics --zookeeper {{ $zk }} --create --if-not-exists --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} --replication-factor {{ $topic.replicationFactor }}
-    {{- else if $topic.partitions }}
-    kafka-topics --zookeeper {{ $zk }} --alter --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} || true
-    {{- end }}
-    {{- if $topic.defaultConfig }}
-    kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --delete-config {{ nospace $topic.defaultConfig }} || true
-    {{- end }}
-    {{- if $topic.config }}
-    kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --add-config {{ nospace $topic.config }}
-    {{- end }}
-    kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --describe
-    {{- if $topic.acls }}
-      {{- range $a, $acl := $topic.acls }}
-        {{ if and $acl.user $acl.operations }}
-    kafka-acls --authorizer-properties zookeeper.connect={{ $zk }} --force --add --allow-principal User:{{ $acl.user }}{{- range $operation := $acl.operations }} --operation {{ $operation }} {{- end }} --topic {{ $topic.name }} {{ $topic.extraParams }}
-        {{- end }}
-      {{- end }}
-    {{- end }}
-  {{- end }}
-{{- end -}}

tip-wlan/charts/kafka/templates/configmap.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-clientconfig
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/admin-client.properties").AsConfig . | indent 2 }}

tip-wlan/charts/kafka/templates/job-config.yaml

@@ -1,30 +0,0 @@
-{{- if .Values.topics -}}
-{{- $scriptHash := include (print $.Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 8 -}}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "{{ include "common.fullname" . }}-config-{{ $scriptHash }}"
-  namespace: {{ include "common.namespace" . }}
-  labels:
-  {{- include "kafka.config.labels" . | nindent 4 }}
-spec:
-  backoffLimit: {{ .Values.configJob.backoffLimit }}
-  template:
-    metadata:
-      labels:
-      {{- include "kafka.config.matchLabels" . | nindent 8 }}
-    spec:
-      restartPolicy: OnFailure
-      volumes:
-        - name: config-volume
-          configMap:
-            name: {{ include "common.fullname" . }}-config
-            defaultMode: 0744
-      containers:
-        - name: {{ include "common.fullname" . }}-config
-          image: "{{ .Values.image }}:{{ .Values.imageTag }}"
-          command: ["/usr/local/script/runtimeConfig.sh"]
-          volumeMounts:
-            - name: config-volume
-              mountPath: "/usr/local/script"
-{{- end -}}

tip-wlan/charts/kafka/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/kafka/templates/service-brokers.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-  {{- include "kafka.broker.labels" . | nindent 4 }}
-spec:
-  ports:
-  - name: broker
-    port: {{ .Values.headless.sslPort }}
-    targetPort: kafka
-  selector:
-  {{- include "kafka.broker.matchLabels" . | nindent 4 }}

tip-wlan/charts/kafka/templates/service-headless.yaml

@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.fullname" . }}-headless
-  namespace: {{ include "common.namespace" . }}
-  labels:
-  {{- include "kafka.broker.labels" . | nindent 4 }}
-  annotations:
-    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-{{- if .Values.headless.annotations }}
-{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }}
-{{- end }}
-spec:
-  ports:
-#   - name: broker
-#     port: {{ .Values.headless.port }}
-# {{- if .Values.headless.targetPort }}
-#     targetPort: {{ .Values.headless.targetPort }}
-# {{- end }}
-  - name: broker
-    port: {{ .Values.headless.sslPort }}
-{{- if .Values.headless.targetSslPort }}
-    targetPort: {{ .Values.headless.targetSslPort }}
-{{- end }}
-  clusterIP: None
-  selector:
-  {{- include "kafka.broker.matchLabels" . | nindent 4 }}

tip-wlan/charts/kafka/templates/statefulset.yaml

@@ -1,249 +0,0 @@
-{{- $advertisedListenersOverride := first (pluck "advertised.listeners" .Values.configurationOverrides) }}
-{{- $zk := include "zookeeper.service" . -}}
-{{- $ns := include "common.namespace" . -}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ $ns }}
-  labels:
-  {{- include "kafka.broker.labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-    {{- include "kafka.broker.matchLabels" . | nindent 6 }}
-  serviceName: {{ include "common.fullname" . }}-headless
-  podManagementPolicy: {{ .Values.podManagementPolicy }}
-  updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
-  replicas: {{ default 3 .Values.replicas }}
-  template:
-    metadata:
-      annotations:
-{{- if .Values.podAnnotations }}
-{{ toYaml .Values.podAnnotations | indent 8 }}
-{{- end }}
-      labels:
-      {{- include "kafka.broker.labels" . | nindent 8 }}
-        {{- if .Values.podLabels }}
-        ## Custom pod labels
-{{ toYaml .Values.podLabels | indent 8 }}
-        {{- end }}
-    spec:
-{{- if .Values.schedulerName }}
-      schedulerName: "{{ .Values.schedulerName }}"
-{{- end }}
-{{- if .Values.serviceAccountName }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-{{- end }}
-{{- if .Values.priorityClassName }}
-      priorityClassName: "{{ .Values.priorityClassName }}"
-{{- end }}
-{{- if .Values.tolerations }}
-      tolerations:
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-{{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
-{{- end }}
-{{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        image: busybox:1.28
-        imagePullPolicy: "{{ .Values.imagePullPolicy }}"
-        command: ['sh', '-c', "until nslookup {{ $zk }}.{{ $ns }}.svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
-      containers:
-      - name: {{ include "common.name" . }}-broker
-        image: "{{ .Values.image }}:{{ .Values.imageTag }}"
-        imagePullPolicy: "{{ .Values.imagePullPolicy }}"
-        livenessProbe:
-          exec:
-            command:
-              - sh
-              - -ec
-              - /usr/bin/jps | /bin/grep -q SupportedKafka
-          {{- if not .Values.livenessProbe }}
-          initialDelaySeconds: 30
-          timeoutSeconds: 5
-          {{- else }}
-          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30}}
-          {{- if .Values.livenessProbe.periodSeconds }}
-          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
-          {{- end }}
-          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5}}
-          {{- if .Values.livenessProbe.successThreshold }}
-          successThreshold: {{ .Values.livenessProbe.successThreshold }}
-          {{- end }}
-          {{- if .Values.livenessProbe.failureThreshold }}
-          failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- end }}
-        readinessProbe:
-          tcpSocket:
-            port: kafka
-          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.readinessProbe.successThreshold }}
-          failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
-        ports:
-        - containerPort: {{ .Values.headless.sslPort }}
-          name: kafka
-        {{- if .Values.external.enabled }}
-          {{- $replicas := .Values.replicas | int }}
-          {{- $root := . }}
-          {{- range $i, $e := until $replicas }}
-        - containerPort: {{ add $root.Values.external.firstListenerPort $i }}
-          name: external-{{ $i }}
-          {{- end }}
-        {{- end }}
-        {{- if .Values.additionalPorts }}
-{{ toYaml .Values.additionalPorts | indent 8 }}
-        {{- end }}
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
-        env:
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: KAFKA_HEAP_OPTS
-          value: {{ .Values.kafkaHeapOptions }}
-        - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
-          value: {{ include "kafka.replication.factor" . | quote }}
-        {{- if not (hasKey .Values.configurationOverrides "zookeeper.connect") }}
-        - name: KAFKA_ZOOKEEPER_CONNECT
-          value: {{ include "zookeeper.url" . | quote }}
-        {{- end }}
-        {{- if not (hasKey .Values.configurationOverrides "log.dirs") }}
-        - name: KAFKA_LOG_DIRS
-          value: {{ printf "%s/%s" .Values.persistence.mountPath .Values.logSubPath | quote }}
-        {{- end }}
-        {{- range $key, $value := .Values.configurationOverrides }}
-        - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
-          value: {{ $value | quote }}
-        {{- end }}
-        {{- range $secret := .Values.secrets }}
-          {{- if not $secret.mountPath }}
-            {{- range $key := $secret.keys }}
-        - name: {{ (print ($secret.name | replace "-" "_") "_" $key) | upper }}
-          valueFrom:
-            secretKeyRef:
-              name: {{ $secret.name }}
-              key: {{ $key }}
-            {{- end }}
-          {{- end }}
-        {{- end }}
-        {{- range $key, $value := .Values.envOverrides }}
-        - name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
-          value: {{ $value | quote }}
-        {{- end }}
-        # This is required because the Downward API does not yet support identification of
-        # pod numbering in statefulsets. Thus, we are required to specify a command which
-        # allows us to extract the pod ID for usage as the Kafka Broker ID.
-        # See: https://github.com/kubernetes/kubernetes/issues/31218
-        command:
-        - sh
-        - -exc
-        - |
-          unset KAFKA_PORT && \
-          export KAFKA_BROKER_ID=${POD_NAME##*-} && \
-          {{- if eq .Values.external.type "LoadBalancer" }}
-          export LOAD_BALANCER_IP=$(echo '{{ .Values.external.loadBalancerIP }}' | tr -d '[]' | cut -d ' ' -f "$(($KAFKA_BROKER_ID + 1))") && \
-          {{- end }}
-          {{- if eq .Values.external.type "NodePort" }}
-          export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
-          {{- else }}
-          export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
-          {{- end }}
-          exec /etc/confluent/docker/run
-        volumeMounts:
-        - mountPath: /etc/kafka/secrets/truststore.jks
-          name: kafka-certificates
-          subPath: truststore.jks
-        - mountPath: /etc/kafka/secrets/kafka-server.pkcs12
-          name: kafka-certificates
-          subPath: kafka-server.pkcs12
-        - mountPath: /etc/kafka/secrets/key_creds
-          name: kafka-certificates
-          subPath: key_creds
-        - mountPath: /etc/kafka/secrets/keystore_creds
-          name: kafka-certificates
-          subPath: keystore_creds
-        - mountPath: /etc/kafka/secrets/truststore_creds
-          name: kafka-certificates
-          subPath: truststore_creds
-        - mountPath: /etc/kafka/admin-client.properties
-          name: kafka-client-config
-          subPath: admin-client.properties
-        - name: datadir
-          mountPath: {{ .Values.persistence.mountPath | quote }}
-        {{- range $secret := .Values.secrets }}
-          {{- if $secret.mountPath }}
-            {{- if $secret.keys }}
-              {{- range $key := $secret.keys }}
-        - name: {{ include "common.fullname" $ }}-{{ $secret.name }}
-          mountPath: {{ $secret.mountPath }}/{{ $key }}
-          subPath: {{ $key }}
-          readOnly: true
-              {{- end }}
-            {{- else }}
-        - name: {{ include "common.fullname" $ }}-{{ $secret.name }}
-          mountPath: {{ $secret.mountPath }}
-          readOnly: true
-            {{- end }}
-          {{- end }}
-        {{- end }}
-      volumes:
-      - name: kafka-certificates
-        secret:
-          secretName: {{ include "common.fullname" . }}-certs
-      - name: kafka-client-config
-        configMap:
-            name: {{ include "common.fullname" . }}-clientconfig
-      {{- if not .Values.persistence.enabled }}
-      - name: datadir
-        emptyDir: {}
-      {{- end }}
-      {{- if .Values.securityContext }}
-      securityContext:
-{{ toYaml .Values.securityContext | indent 8 }}
-      {{- end }}
-      {{- range .Values.secrets }}
-      {{- if .mountPath }}
-      - name: {{ include "common.fullname" $ }}-{{ .name }}
-        secret:
-          secretName: {{ .name }}
-      {{- end }}
-      {{- end }}
-      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
-  {{- if .Values.persistence.enabled }}
-  volumeClaimTemplates:
-  - metadata:
-      name: datadir
-    spec:
-      accessModes: 
-        - {{ .Values.persistence.accessMode | quote }}
-      resources:
-        requests:
-          storage: {{ .Values.persistence.size }}
-      {{- if .Values.persistence.storageClass }}
-      {{- if (eq "-" .Values.persistence.storageClass) }}
-      storageClassName: ""
-      {{- else }}
-      storageClassName: "{{ .Values.persistence.storageClass }}"
-      {{- end }}
-      {{- end }}
-  {{- end }}

tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml

@@ -1,60 +0,0 @@
-{{- if .Values.testsEnabled -}}
-apiVersion: v1
-kind: Pod
-metadata:
-  name: {{ include "common.fullname" . }}-test-topic-create-produce-consume
-  namespace: {{ include "common.namespace" . }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-  - name: {{ include "common.name" . }}-test-consume
-    image: {{ .Values.image }}:{{ .Values.imageTag }}
-    command:
-    - sh
-    - -c
-    - |
-      # List topics:
-      echo "##### Listing existing topics #####"
-      kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
-      # Create the topic
-      echo "##### Create topic helm-test-topic-create-consume-produce #####"
-      kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists
-      echo "##### Produce the test message #####"
-      # Create a message
-      MESSAGE="`date -u`"
-      # Produce a test message to the topic
-      echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9093 --producer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce
-      echo "##### Consume the test message from the topic #####"
-      # Consume a test message from the topic
-      kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9093 --consumer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
-      echo "##### Listing current topics including our new topic #####"
-      kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
-      # Delete the messages from topic
-      echo "##### Delete messages from our topic #####"
-      kafka-configs --zookeeper {{ include "zookeeper.url" . }} --alter --entity-type topics --entity-name helm-test-topic-create-consume-produce --add-config retention.ms=1000
-      # Mark topic for deletion
-      echo "##### Mark our topic for Deletion #####"
-      kafka-topics --zookeeper {{ include "zookeeper.url" . }} --delete --topic helm-test-topic-create-consume-produce
-      # List topics:
-      echo "##### Listing topics after deleting our newly created topic #####"
-      kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
-    volumeMounts:
-    - mountPath: /etc/kafka/admin-client.properties
-      name: kafka-client-config
-      subPath: admin-client.properties
-    - mountPath: /etc/kafka/secrets/truststore.jks
-      name: kafka-certificates
-      subPath: truststore.jks
-    - mountPath: /etc/kafka/secrets/kafka-server.pkcs12
-      name: kafka-certificates
-      subPath: kafka-server.pkcs12
-  restartPolicy: Never
-  volumes:
-  - name: kafka-client-config
-    configMap:
-      name: {{ include "common.fullname" . }}-clientconfig
-  - name: kafka-certificates
-    secret:
-      secretName: {{ include "common.fullname" . }}-certs
-{{- end }}

tip-wlan/charts/kafka/values.yaml

@@ -1,355 +0,0 @@
-# ------------------------------------------------------------------------------
-# Kafka:
-# ------------------------------------------------------------------------------
-
-## The StatefulSet installs 1 pod by default
-replicas: 1
-
-## The kafka image repository
-image: "confluentinc/cp-kafka"
-# image: "wurstmeister/kafka"
-
-## The kafka image tag
-imageTag: "5.0.1"  # Confluent image for Kafka 2.0.0
-# imageTag: "latest"
-
-## Specify a imagePullPolicy
-## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-imagePullPolicy: "IfNotPresent"
-
-## Configure resource requests and limits
-## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources: {}
-  # limits:
-  #   cpu: 200m
-  #   memory: 1536Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 1024Mi
-kafkaHeapOptions: "-Xmx1G -Xms1G"
-
-## Optional Container Security context
-securityContext: {}
-
-## The StatefulSet Update Strategy which Kafka will use when changes are applied.
-## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
-updateStrategy:
-  type: "OnDelete"
-
-## Start and stop pods in Parallel or OrderedReady (one-by-one.)  Note - Can not change after first release.
-## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
-podManagementPolicy: OrderedReady
-
-## Useful if using any custom authorizer
-## Pass in some secrets to use (if required)
-# secrets:
-# - name: myKafkaSecret
-#   keys:
-#     - username
-#     - password
-#   # mountPath: /opt/kafka/secret
-# - name: myZkSecret
-#   keys:
-#     - user
-#     - pass
-#   mountPath: /opt/zookeeper/secret
-
-
-## The subpath within the Kafka container's PV where logs will be stored.
-## This is combined with `persistence.mountPath`, to create, by default: /opt/kafka/data/logs
-logSubPath: "logs"
-
-## Use an alternate scheduler, e.g. "stork".
-## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
-##
-# schedulerName:
-
-## Use an alternate serviceAccount
-## Useful when using images in custom repositories
-# serviceAccountName:
-
-## Set a pod priorityClassName
-# priorityClassName: high-priority
-
-## Pod scheduling preferences (by default keep pods within a release on separate nodes).
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-## By default we don't set affinity
-affinity: {}
-## Alternatively, this typical example defines:
-## antiAffinity (to keep Kafka pods on separate pods)
-## and affinity (to encourage Kafka pods to be collocated with Zookeeper pods)
-# affinity:
-#   podAntiAffinity:
-#     requiredDuringSchedulingIgnoredDuringExecution:
-#     - labelSelector:
-#         matchExpressions:
-#         - key: app
-#           operator: In
-#           values:
-#           - kafka
-#       topologyKey: "kubernetes.io/hostname"
-#   podAffinity:
-#     preferredDuringSchedulingIgnoredDuringExecution:
-#      - weight: 50
-#        podAffinityTerm:
-#          labelSelector:
-#            matchExpressions:
-#            - key: app
-#              operator: In
-#              values:
-#                - zookeeper
-#          topologyKey: "kubernetes.io/hostname"
-
-## Node labels for pod assignment
-## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
-nodeSelector: {}
-
-## Readiness probe config.
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
-##
-readinessProbe:
-  initialDelaySeconds: 30
-  periodSeconds: 10
-  timeoutSeconds: 5
-  successThreshold: 1
-  failureThreshold: 3
-
-## Period to wait for broker graceful shutdown (sigterm) before pod is killed (sigkill)
-## ref: https://kubernetes-v1-4.github.io/docs/user-guide/production-pods/#lifecycle-hooks-and-termination-notice
-## ref: https://kafka.apache.org/10/documentation.html#brokerconfigs controlled.shutdown.*
-terminationGracePeriodSeconds: 60
-
-# Tolerations for nodes that have taints on them.
-# Useful if you want to dedicate nodes to just run kafka
-# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-tolerations: []
-# tolerations:
-# - key: "key"
-#   operator: "Equal"
-#   value: "value"
-#   effect: "NoSchedule"
-
-## Headless service.
-##
-headless:
-  # annotations:
-  # targetPort:
-  port: 9092
-  sslPort: 9093
-
-## External access.
-##
-external:
-  enabled: false
-  # type can be either NodePort or LoadBalancer
-  type: NodePort
-  # annotations:
-  #  service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
-  dns:
-    useInternal: false
-    useExternal: true
-  # If using external service type LoadBalancer and external dns, set distinct to true below.
-  # This creates an A record for each statefulset pod/broker. You should then map the
-  # A record of the broker to the EXTERNAL IP given by the LoadBalancer in your DNS server.
-  distinct: false
-  servicePort: 19092
-  firstListenerPort: 31090
-  domain: cluster.local
-  loadBalancerIP: []
-  loadBalancerSourceRanges: []
-  init:
-    image: "lwolf/kubectl_deployer"
-    imageTag: "0.4"
-    imagePullPolicy: "IfNotPresent"
-
-# Annotation to be added to Kafka pods
-podAnnotations: {}
-
-# Labels to be added to Kafka pods
-podLabels: {}
-  # service: broker
-  # team: developers
-
-podDisruptionBudget: {}
-  # maxUnavailable: 1  # Limits how many Kafka pods may be unavailable due to voluntary disruptions.
-
-## Configuration Overrides. Specify any Kafka settings you would like set on the StatefulSet
-## here in map format, as defined in the official docs.
-## ref: https://kafka.apache.org/documentation/#brokerconfigs
-##
-configurationOverrides:
-  "confluent.support.metrics.enable": false  # Disables confluent metric submission
-  # "auto.leader.rebalance.enable": true
-  # "auto.create.topics.enable": true
-  # "controlled.shutdown.enable": true
-  # "controlled.shutdown.max.retries": 100
-  # "ssl.secret.dir": "/opt/tip-wlan/certs"
-  # "ssl.keystore.filename": "kafka-server.pkcs12"
-  # "ssl.key.credentials": "mypassword"
-  # "ssl.truststore.filename": "kafka_server_keystore.jks"
-  # "ssl.truststore.credentials": "mypassword"
-  advertised.listeners: SSL://tip-wlan-kafka-headless:9093
-  ssl.client.auth: required
-  ssl.endpoint.identification.algorithm: ""
-  security.inter.broker.protocol: SSL
-  ssl.key.credentials: "key_creds"
-  ssl.keystore.filename: "kafka-server.pkcs12"
-  ssl.keystore.credentials: "keystore_creds"
-  ssl.keystore.type: "PKCS12"
-  ssl.truststore.filename: "truststore.jks"
-  ssl.truststore.credentials: "truststore_creds"
-  ssl.truststore.type: "JKS"
-
-  ## Options required for external access via NodePort
-  ## ref:
-  ## - http://kafka.apache.org/documentation/#security_configbroker
-  ## - https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic
-  ##
-  ## Setting "advertised.listeners" here appends to "PLAINTEXT://${POD_IP}:9092,", ensure you update the domain
-  ## If external service type is Nodeport:
-  # "advertised.listeners": |-
-  #   EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID}))
-  ## If external service type is LoadBalancer and distinct is true:
-  # "advertised.listeners": |-
-  #   EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092
-  ## If external service type is LoadBalancer and distinct is false:
-  # "advertised.listeners": |-
-  #   EXTERNAL://${LOAD_BALANCER_IP}:31090
-  ## Uncomment to define the EXTERNAL Listener protocol
-  # "listener.security.protocol.map": |-
-  #   PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT
-
-## set extra ENVs
-#   key: "value"
-envOverrides: {}
-
-
-## A collection of additional ports to expose on brokers (formatted as normal containerPort yaml)
-# Useful when the image exposes metrics (like prometheus, etc.) through a javaagent instead of a sidecar
-additionalPorts: {}
-
-## Persistence configuration. Specify if and how to persist data to a persistent volume.
-##
-persistence:
-  enabled: false
-
-  ## The size of the PersistentVolume to allocate to each Kafka Pod in the StatefulSet. For
-  ## production servers this number should likely be much larger.
-  ##
-  size: 1Gi
-  accessMode: ReadWriteOnce
-  ## The location within the Kafka container where the PV will mount its storage and Kafka will
-  ## store its logs.
-  ##
-  mountPath: "/opt/kafka/data"
-
-  ## Kafka data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  storageClass: "-"
-
-## Kafka Config job configuration
-##
-configJob:
-  ## Specify the number of retries before considering kafka-config job as failed.
-  ## https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#pod-backoff-failure-policy
-  backoffLimit: 6
-
-## Topic creation and configuration.
-## The job will be run on a deployment only when the config has been changed.
-## - If 'partitions' and 'replicationFactor' are specified we create the topic (with --if-not-exists.)
-## - If 'partitions', 'replicationFactor' and 'reassignPartitions' are specified we reassign the partitions to
-## increase the replication factor of an existing topic.
-## - If 'partitions' is specified we 'alter' the number of partitions. This will
-## silently and safely fail if the new setting isn’t strictly larger than the old (i.e. a NOOP.) Do be aware of the
-## implications for keyed topics (ref: https://docs.confluent.io/current/kafka/post-deployment.html#admin-operations)
-## - If 'defaultConfig' is specified it's deleted from the topic configuration. If it isn't present,
-## it will silently and safely fail.
-## - If 'config' is specified it's added to the topic configuration.
-##
-## Note: To increase the 'replicationFactor' of a topic, 'reassignPartitions' must be set to true (see above).
-##
-topics:
-  # - name: myExistingTopicConfig
-  #   config: "cleanup.policy=compact,delete.retention.ms=604800000"
-  # - name: myExistingTopicReassignPartitions
-  #   partitions: 8
-  #   replicationFactor: 5
-  #   reassignPartitions: true
-  - name: wlan_service_metrics
-    partitions: 1
-    replicationFactor: 1
-  - name: system_events
-    partitions: 1
-    replicationFactor: 1
-  - name: customer_events
-    partitions: 1
-    replicationFactor: 1
-  # - name: myNewTopicWithConfig
-  #   partitions: 8
-  #   replicationFactor: 3
-  #   defaultConfig: "segment.bytes,segment.ms"
-  #   config: "cleanup.policy=compact,delete.retention.ms=604800000"
-  # - name: myAclTopicPartitions
-  #   partitions: 8
-  #   acls:
-  #     - user: read
-  #       operations: [ Read ]
-  #     - user: read_and_write
-  #       operations:
-  #         - Read
-  #         - Write
-  #     - user: all
-  #       operations: [ All ]
-
-  ## Enable/disable the chart's tests.  Useful if using this chart as a dependency of
-  ## another chart and you don't want these tests running when trying to develop and
-  ## test your own chart.
-testsEnabled: true
-
-# ------------------------------------------------------------------------------
-# Zookeeper:
-# ------------------------------------------------------------------------------
-
-zookeeper:
-  ## If true, install the Zookeeper chart alongside Kafka
-  ## ref: https://github.com/kubernetes/charts/tree/master/incubator/zookeeper
-  enabled: false
-
-  ## Configure Zookeeper resource requests and limits
-  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  resources: ~
-
-  ## Environmental variables to set in Zookeeper
-  env:
-    ## The JVM heap size to allocate to Zookeeper
-    ZK_HEAP_SIZE: "1G"
-
-  persistence:
-    enabled: false
-    ## The amount of PV storage allocated to each Zookeeper pod in the statefulset
-    # size: "2Gi"
-
-  ## Specify a Zookeeper imagePullPolicy
-  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-  image:
-    PullPolicy: "IfNotPresent"
-
-  ## If the Zookeeper Chart is disabled a URL and port are required to connect
-  url: "zookeeper-headless"
-  port: 2181
-
-  ## Pod scheduling preferences (by default keep pods within a release on separate nodes).
-  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-  ## By default we don't set affinity:
-  affinity: {}  # Criteria by which pod label-values influence scheduling for zookeeper pods.
-  # podAntiAffinity:
-  #   requiredDuringSchedulingIgnoredDuringExecution:
-  #     - topologyKey: "kubernetes.io/hostname"
-  #       labelSelector:
-  #         matchLabels:
-  #           release: zookeeper

tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

@@ -4,7 +4,8 @@ metadata:
   name: {{ include "nginx-ingress.configName" . }}
   namespace: {{ include "common.namespace" . }}
   labels:
-    {{- include "common.labels" . | nindent 4 }}  
+    {{- include "common.labels" . | nindent 4 }}
 data:
     external-status-address: {{ .Values.controller.config.externalStatusAddress }}
-    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    error-log-level: {{ .Values.controller.config.errorLogLevel }}

tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml

@@ -1,6 +1,6 @@
 {{- if not .Values.byPassNginxForTcpConnections.enabled -}}
 apiVersion: k8s.nginx.org/v1alpha1
-kind: GlobalConfiguration 
+kind: GlobalConfiguration
 metadata:
   name: {{ include "common.name" . }}-global-configuration
   namespace: {{ include "common.namespace" . }}

tip-wlan/charts/nginx-ingress-controller/values.yaml

@@ -40,7 +40,7 @@ controller:
     tag: "1.7.0"
 
     ## The pull policy for the Ingress controller image.
-    pullPolicy: IfNotPresent
+    pullPolicy: Always
 
   config:
     ## The name of the ConfigMap used by the Ingress controller.
@@ -56,6 +56,8 @@ controller:
     ## Max message size coming from the Client
     clientMaxBodySize: "20m"
 
+    ## Error 
+    errorLogLevel: "error"
   ## It is recommended to use your own TLS certificates and keys
   defaultTLS:
     ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
@@ -92,13 +94,13 @@ controller:
   terminationGracePeriodSeconds: 30
 
   ## The resources of the Ingress controller pods.
-  resources: {}
-    # limits:
-    #   cpu: 100m
-    #   memory: 64Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 64Mi
+  resources:
+    limits:
+      cpu: 500m
+      memory: 200Mi
+    requests:
+      cpu: 50m
+      memory: 140Mi
 
   ## The tolerations of the Ingress controller pods.
   tolerations: []
@@ -137,7 +139,7 @@ controller:
 
   ## Enable the custom resources.
   enableTLSPassthrough: true
-  
+
   ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
   ## Useful for external health-checking of the Ingress controller.
   healthStatus: false
@@ -274,7 +276,7 @@ rbac:
 
   ## This property will prevent exposing TCP ports for passthrough connections
   ## Instead we are opening up these services as NodePorts
-  ## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX 
+  ## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
   ## as passthrough for TCP Connections
 byPassNginxForTcpConnections:
   enabled: true

tip-wlan/charts/opensync-gw-cloud/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/opensync-gw-cloud/resources/config/certs/httpClientConfig.json

@@ -1,18 +0,0 @@
-{
-"maxConnectionsTotal":100,
-"maxConnectionsPerRoute":10,
-"truststoreType":"JKS",
-"truststoreProvider":"SUN",
-"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
-"truststorePass":"mypassword",
-"keystoreType":"JKS",
-"keystoreProvider":"SUN",
-"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
-"keystorePass":"mypassword",
-"keyAlias":"clientkeyalias",
-"credentialsList":[
-    {"host":"localhost","port":-1,"user":"user","password":"password"}
-    ]
-
-}
-

tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml

@@ -29,7 +29,7 @@
       <maxFileSize>20MB</maxFileSize>
     </triggeringPolicy>
   </appender>
-  
+
   <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>/app/logs/opensyncgw.log</file>
     <append>true</append>
@@ -45,23 +45,23 @@
       <maxFileSize>20MB</maxFileSize>
     </triggeringPolicy>
   </appender>
-      
+
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
-   
-  runtime configuration, if need to override the defaults: 
+
+  runtime configuration, if need to override the defaults:
   	-Dlogback.configurationFile=/path/to/logback.xml
-  
-  for log configuration debugging - use 
+
+  for log configuration debugging - use
   	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
-  
+
   log levels:
-	OFF ERROR WARN INFO DEBUG TRACE  
+	OFF ERROR WARN INFO DEBUG TRACE
    -->
   <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
   <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
   <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
-  
+
   <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
   <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
   <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
@@ -73,6 +73,7 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
+    <appender-ref ref="stdout"/>
   </root>
 
 </configuration>

tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml

@@ -4,7 +4,6 @@
 {{- $mqtt := include "mqtt.service" . -}}
 {{- $ns := include "common.namespace" . -}}
 {{- $file_store_path := include "filestore.dir.name" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -28,93 +27,27 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-mqtt-readiness
-          image: eclipse-mosquitto:latest
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
-            status=$(echo $?)
-            echo mosquitto_pub response of the request = $status
-            counter=0
-            while [ $counter -lt 10 ] && [ $status -ne 0 ]
-            do
-              echo {{ $mqtt }} service isnt ready. Tried $counter times
-              sleep 2
-              counter=`expr $counter + 1`
-              mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
-              status=$(echo $?)
-              echo mosquitto_pub response of the request = $status
-            done
-            if [ $status -eq 0 ]
-            then
-              echo {{ $mqtt }} service is ready!
-            else
-              echo {{ $mqtt }} service failed to respond after 20 secs
-              exit 1
-            fi
-          volumeMounts:
-          - mountPath: /certs/cacert.pem
-            name: certificates
-            subPath: cacert.pem
-          - mountPath: /certs/clientcert.pem
-            name: certificates
-            subPath: clientcert.pem
-          - mountPath: /certs/clientkey.pem
-            name: certificates
-            subPath: clientkey.pem
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
+        - name: wait-for-services
+          image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }}
+          args:
+          - "-service={{ .Release.Name }}-opensync-mqtt-broker"
+          - "-service={{ .Release.Name }}-wlan-prov-service"
+          - "-service={{ .Release.Name }}-wlan-ssc-service"
+          - -check_interval=5
       {{- if .Values.global.integratedDeployment }}
         - name: {{ include "common.name" . }}-readiness-int-cloud
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          image: {{ .Values.intCloudReadiness.registry }}/{{ .Values.intCloudReadiness.repository }}:{{ .Values.intCloudReadiness.tag }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then            
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apk add curl
             url=https://{{ $icc }}/ping
             counter=0
             status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-            do
-              echo ${url} service isnt ready. Tried $counter times
-              sleep 5
-              counter=`expr $counter + 1`
-              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-              echo Http Response code of ping request = $status
-            done
-            if [ $status -eq 200 ]
-            then
-              echo ${url} service is ready!
-            else
-              echo ${url} service failed to respond after 50 secs
-              exit 1
-            fi 
-      {{- else }}
-        - name: {{ include "common.name" . }}-readiness-prov
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
-            apk add curl
-            url=https://{{ $prov }}/ping
-            counter=0
-            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            while [ $counter -lt 10 ] && [ $status -ne 200 ]
             do
               echo ${url} service isnt ready. Tried $counter times
               sleep 5
@@ -129,49 +62,22 @@ spec:
               echo ${url} service failed to respond after 50 secs
               exit 1
             fi
-        - name: {{ include "common.name" . }}-readiness-ssc
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
-            apk add curl
-            url=https://{{ $ssc }}/ping
-            counter=0
-            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-            do
-              echo ${url} service isnt ready. Tried $counter times
-              sleep 5
-              counter=`expr $counter + 1`
-              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-              echo Http Response code of ping request = $status
-            done
-            if [ $status -eq 200 ]
-            then
-              echo ${url} service is ready!
-            else
-              echo ${url} service failed to respond after 50 secs
-              exit 1
-            fi        
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port2 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -184,11 +90,18 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: OVSDB_MANAGER
-              value: {{ .Values.externalhostaddress.ovsdb }}
+              value: {{ .Values.externalhost.address.ovsdb }}
+            - name: OVSDB_EXTERNAL_PORT
+              value: "{{ .Values.externalhost.ports.ovsdb }}"
             - name: OVSDB_MANAGER_IP
               valueFrom:
                 fieldRef:
@@ -196,7 +109,9 @@ spec:
             - name: MQTT_SERVER_INTERNAL
               value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
             - name: MQTT_SERVER_EXTERNAL
-              value: {{ .Values.externalhostaddress.mqtt }}
+              value: {{ .Values.externalhost.address.mqtt }}
+            - name: MQTT_BROKER_EXTERNAL_PORT
+              value: "{{ .Values.externalhost.ports.mqtt }}"
             {{- if .Values.global.integratedDeployment }}
             - name: INTEGRATED_SERVER
               value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
@@ -218,6 +133,22 @@ spec:
               value: {{ .Values.ethernetType.wanType }}
             - name: DEFAULT_WAN_NAME
               value: {{ .Values.ethernetType.wanName }}
+            - name: tip_wlan_ovsdb_listener_threadPoolSize
+              value: "{{ .Values.scalability.tip_wlan_ovsdb_listener_threadPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_CorePoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
+            - name: tip_wlan_AsyncExecutor_MaxPoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_QueueCapacity
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
+            - name: tip_wlan_maxHttpThreads
+              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
             name: certificates
@@ -239,6 +170,8 @@ spec:
             subPath: logback.xml
           - mountPath: {{ $file_store_path }}
             name: file-store-data
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -257,6 +190,7 @@ spec:
               containerPort: {{ .Values.service.port5 }}
               protocol: TCP
             {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -275,7 +209,7 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-opensync-gw-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config
@@ -286,3 +220,5 @@ spec:
       {{- else }}
         emptyDir: {}
       {{- end }}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

tip-wlan/charts/opensync-gw-cloud/templates/pod-monitor.yaml

@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}

tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/opensync-gw-cloud/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/opensync-gw-cloud/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,28 +16,38 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
     - port: {{ .Values.service.port3 }}
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+      {{- end }}
     - port: {{ .Values.service.port4 }}
       targetPort: {{ .Values.service.port4 }}
       protocol: TCP
       name: {{ .Values.service.name4 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+      {{- end }}
     {{- if .Values.debug.enabled }}
     - port: {{ .Values.service.port5 }}
       targetPort: {{ .Values.service.port5 }}
       protocol: TCP
       name: {{ .Values.service.name5 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
+      {{- end }}
     {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-gw-cloud/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -11,7 +11,22 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-cloud
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.3.0-SNAPSHOT
+
+waitForServicesImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: opsfleet/depends-on
+  tag: v1.0.0
+
+intCloudReadinessImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""
@@ -52,12 +67,15 @@ probes:
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 # Enable/Disable Helm tests
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug: 
+debug:
   enabled: false
 
 service:
@@ -77,6 +95,8 @@ service:
   port5: 5005
   name5: debug
   nodePort5: 26
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 persistence:
   enabled: false
@@ -85,9 +105,9 @@ persistence:
 
 # the filestore internal: location of the folder where UI files will be stored
 # on the PV
-# the filestore url: externally reachable URL i.e.; reachable from AP, where it 
+# the filestore url: externally reachable URL i.e.; reachable from AP, where it
 # can download the files from. Override this value (url) to the configured
-# HTTP server in your system 
+# HTTP server in your system
 filestore:
   internal: "/tmp/filestore"
   url: DUMMY_FILESTORE_HTTPS_URL
@@ -113,13 +133,18 @@ portal:
       name: file-store-data
       ordinal: 0
 
- # These are list of external HostAddresses for ovsdb, mqtt. 
- # This is important for ovsdb and mqtt since 
- # that's what AP sees. Please make sure to override
- # them in dev override file for your respective environments.
-externalhostaddress:
-  ovsdb: opensync-gw-cloud
-  mqtt: opensync-mqtt-broker
+# These are the address and ports for the externalhost
+# This is important for ovsdb and mqtt since
+# that's what AP sees. Please make sure to override
+# them in dev override file for your respective environments.
+# the default values below would be used if not overriden
+externalhost:
+  address:
+    ovsdb: opensync-gw-cloud
+    mqtt: opensync-mqtt-broker
+  ports:
+    ovsdb: 6640
+    mqtt: 1883
 
 ethernetType:
   lanName: "lan"
@@ -127,6 +152,22 @@ ethernetType:
   wanType: "bridge"
   wanName: "wan"
 
+scalability:
+  #how many concurrent connections single instance of OpenSyncGateway can accept
+  tip_wlan_ovsdb_listener_threadPoolSize: 50
+  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
+  tip_wlan_AsyncExecutor_CorePoolSize: 10
+  tip_wlan_AsyncExecutor_MaxPoolSize: 50
+  tip_wlan_AsyncExecutor_QueueCapacity: 50
+  #max total number of persistent connections in the http client pool
+  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
+  #max number of persistent connections in the http client pool per destination
+  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
+  #max number of concurrent REST API calls a single instance of this service can process
+  tip_wlan_maxHttpThreads:  100
+  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
+  JVM_MEM_OPTIONS: " "
+
 ingress:
   enabled: false
   annotations: {}
@@ -140,17 +181,13 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 750Mi
+  requests:
+    cpu: 10m
+    memory: 500Mi
 
 nodeSelector: {}
 

tip-wlan/charts/opensync-gw-static/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/opensync-gw-static/resources/config/certs/httpClientConfig.json

@@ -1,18 +0,0 @@
-{
-"maxConnectionsTotal":100,
-"maxConnectionsPerRoute":10,
-"truststoreType":"JKS",
-"truststoreProvider":"SUN",
-"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
-"truststorePass":"mypassword",
-"keystoreType":"JKS",
-"keystoreProvider":"SUN",
-"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
-"keystorePass":"mypassword",
-"keyAlias":"clientkeyalias",
-"credentialsList":[
-    {"host":"localhost","port":-1,"user":"user","password":"password"}
-    ]
-
-}
-

tip-wlan/charts/opensync-gw-static/resources/config/certs/ssl.properties

@@ -1,13 +0,0 @@
-truststorePass=mypassword
-truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
-truststoreType=JKS
-truststoreProvider=SUN
-
-keyAlias=1
-keystorePass=mypassword
-keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
-keystoreType=pkcs12
-keystoreProvider=SunJSSE
-
-sslProtocol=TLS
-

tip-wlan/charts/opensync-gw-static/resources/config/logback.xml

@@ -13,8 +13,8 @@
       <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
     </encoder>
   </appender>
-  
-  <!-- 
+
+  <!--
   <appender name="FILE" class="ch.qos.logback.core.FileAppender">
     <file>myApp.log</file>
 
@@ -23,7 +23,7 @@
     </encoder>
   </appender>
   -->
-  
+
   <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>/app/logs/opensyncgw.log</file>
     <append>true</append>
@@ -39,37 +39,37 @@
       <maxFileSize>20MB</maxFileSize>
     </triggeringPolicy>
   </appender>
-      
+
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
-   
-  runtime configuration, if need to override the defaults: 
+
+  runtime configuration, if need to override the defaults:
   	-Dlogback.configurationFile=/path/to/logback.xml
-  
-  for log configuration debugging - use 
+
+  for log configuration debugging - use
   	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
-  
+
   log levels:
-	OFF ERROR WARN INFO DEBUG TRACE  
+	OFF ERROR WARN INFO DEBUG TRACE
    -->
   <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
   <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
   <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
-  
+
   <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
   <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
   <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
   <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
-  
+
   <logger name="MQTT_DATA" level="DEBUG"/>
 
-  <!--   
+  <!--
   <logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
    -->
-   
+
   <root level="WARN">
-<!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/opensync-gw-static/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/opensync-gw-static/templates/deployment.yaml

@@ -24,13 +24,17 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port2 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -43,7 +47,12 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          {{- end }}       
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
+          {{- end }}
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
             name: certificates
@@ -88,7 +97,7 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-opensync-gw-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config

tip-wlan/charts/opensync-gw-static/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/opensync-gw-static/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/opensync-gw-static/values.yaml

@@ -11,7 +11,12 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-static
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.3.0-SNAPSHOT
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""
@@ -52,6 +57,9 @@ probes:
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 # Enable/Disable Helm tests
 testsEnabled: false

tip-wlan/charts/opensync-mqtt-broker/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/opensync-mqtt-broker/resources/config/mosquitto.conf

@@ -7,6 +7,17 @@ allow_anonymous false
 allow_duplicate_messages true
 autosave_interval 900
 log_dest file /mosquitto/log/mosquitto.log
+log_timestamp true
+log_timestamp_format %Y-%m-%dT%H:%M:%S
+log_type error
+log_type warning
+log_type notice
+log_type information
+# log_type debug
+# log_type websockets
+# log_type subscribe
+# log_type all
+connection_messages true
 max_queued_bytes 0
 max_queued_messages 0
 message_size_limit 0

tip-wlan/charts/opensync-mqtt-broker/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: mosquitto-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/mosquitto.conf").AsConfig | indent 2 }}

tip-wlan/charts/opensync-mqtt-broker/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: opensync-mqtt-broker-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,11 +16,15 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml

@@ -45,7 +45,8 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: {{ include "common.name" . }}-init-dir-ownership-change
-          image: alpine:3.6
+          image: {{ .Values.alpine.registry }}/{{ .Values.alpine.repository }}:{{ .Values.alpine.tag }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           # Change ownership to `mosquitto` user for a mounted volume
           command:
           - sh
@@ -62,13 +63,13 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.image.name }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port1 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -81,6 +82,11 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           volumeMounts:
           - mountPath: /certs/cacert.pem
@@ -123,7 +129,7 @@ spec:
       volumes:
       - name: opensync-mqtt-broker-truststore
         secret:
-          secretName: opensync-mqtt-broker-certs
+          secretName: tip-common-opensync-mqtt-broker-certs
       - name: opensync-mqtt-broker-conf
         configMap:
             name: mosquitto-config

tip-wlan/charts/opensync-mqtt-broker/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/opensync-mqtt-broker/values.yaml

@@ -5,8 +5,19 @@
 replicaCount: 1
 
 image:
-  name: eclipse-mosquitto
-  tag: latest
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/eclipse-mosquitto
+  tag: 2.0.3
+
+alpine:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.6
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""
@@ -49,6 +60,9 @@ probes:
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 # Enable/Disable Helm tests
 testsEnabled: false
@@ -61,6 +75,8 @@ service:
   port2: 9001
   name2: debug
   nodePort2: 32
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false
@@ -75,17 +91,13 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 128Mi
+  requests:
+    cpu: 10m
+    memory: 5Mi
 
 priorityClassName: ""
 
@@ -104,7 +116,7 @@ persistence:
   ## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
   ## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
   ## volumeReclaimPolicy: Retain
-  ## If you want to bind to an existing PV, uncomment below with the pv name 
+  ## If you want to bind to an existing PV, uncomment below with the pv name
   ## and comment storageClass and belowannotation
   ## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
   ## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e

tip-wlan/charts/postgresql/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

tip-wlan/charts/postgresql/Chart.yaml

@@ -1,20 +0,0 @@
-apiVersion: v2
-name: postgresql
-version: 8.9.6
-appVersion: 11.7.0
-description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
-keywords:
-  - postgresql
-  - postgres
-  - database
-  - sql
-  - replication
-  - cluster
-home: https://www.postgresql.org/
-icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png
-sources:
-  - https://github.com/bitnami/bitnami-docker-postgresql
-maintainers:
-  - name: Bitnami
-    email: containers@bitnami.com
-engine: gotpl

tip-wlan/charts/postgresql/README.md

@@ -1,580 +0,0 @@
-# PostgreSQL
-
-[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
-
-For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha)
-
-## TL;DR;
-
-```console
-$ helm repo add bitnami https://charts.bitnami.com/bitnami
-$ helm install my-release bitnami/postgresql
-```
-
-## Introduction
-
-This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
-
-## Prerequisites
-
-- Kubernetes 1.12+
-- Helm 2.11+ or Helm 3.0-beta3+
-- PV provisioner support in the underlying infrastructure
-
-## Installing the Chart
-To install the chart with the release name `my-release`:
-
-```console
-$ helm install my-release bitnami/postgresql
-```
-
-The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
-
-> **Tip**: List all releases using `helm list`
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm delete my-release
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Parameters
-
-The following tables lists the configurable parameters of the PostgreSQL chart and their default values.
-
-|                   Parameter                   |                                                                                Description                                                                                |                            Default                            |
-|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|
-| `global.imageRegistry`                        | Global Docker Image registry                                                                                                                                              | `nil`                                                         |
-| `global.postgresql.postgresqlDatabase`        | PostgreSQL database (overrides `postgresqlDatabase`)                                                                                                                      | `nil`                                                         |
-| `global.postgresql.postgresqlUsername`        | PostgreSQL username (overrides `postgresqlUsername`)                                                                                                                      | `nil`                                                         |
-| `global.postgresql.existingSecret`            | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`)                                                                                      | `nil`                                                         |
-| `global.postgresql.postgresqlPassword`        | PostgreSQL admin password (overrides `postgresqlPassword`)                                                                                                                | `nil`                                                         |
-| `global.postgresql.servicePort`               | PostgreSQL port (overrides `service.port`)                                                                                                                                | `nil`                                                         |
-| `global.postgresql.replicationPassword`       | Replication user password (overrides `replication.password`)                                                                                                              | `nil`                                                         |
-| `global.imagePullSecrets`                     | Global Docker registry secret names as an array                                                                                                                           | `[]` (does not add image pull secrets to deployed pods)       |
-| `global.storageClass`                         | Global storage class for dynamic provisioning                                                                                                                             | `nil`                                                         |
-| `image.registry`                              | PostgreSQL Image registry                                                                                                                                                 | `docker.io`                                                   |
-| `image.repository`                            | PostgreSQL Image name                                                                                                                                                     | `bitnami/postgresql`                                          |
-| `image.tag`                                   | PostgreSQL Image tag                                                                                                                                                      | `{TAG_NAME}`                                                  |
-| `image.pullPolicy`                            | PostgreSQL Image pull policy                                                                                                                                              | `IfNotPresent`                                                |
-| `image.pullSecrets`                           | Specify Image pull secrets                                                                                                                                                | `nil` (does not add image pull secrets to deployed pods)      |
-| `image.debug`                                 | Specify if debug values should be set                                                                                                                                     | `false`                                                       |
-| `nameOverride`                                | String to partially override common.fullname template with a string (will prepend the release name)                                                                   | `nil`                                                         |
-| `fullnameOverride`                            | String to fully override common.fullname template with a string                                                                                                       | `nil`                                                         |
-| `volumePermissions.enabled`                   | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)                 | `false`                                                       |
-| `volumePermissions.image.registry`            | Init container volume-permissions image registry                                                                                                                          | `docker.io`                                                   |
-| `volumePermissions.image.repository`          | Init container volume-permissions image name                                                                                                                              | `bitnami/minideb`                                             |
-| `volumePermissions.image.tag`                 | Init container volume-permissions image tag                                                                                                                               | `buster`                                                      |
-| `volumePermissions.image.pullPolicy`          | Init container volume-permissions image pull policy                                                                                                                       | `Always`                                                      |
-| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto")                                                                         | `0`                                                           |
-| `usePasswordFile`                             | Have the secrets mounted as a file instead of env vars                                                                                                                    | `false`                                                       |
-| `ldap.enabled`                                | Enable LDAP support                                                                                                                                                       | `false`                                                       |
-| `ldap.existingSecret`                         | Name of existing secret to use for LDAP passwords                                                                                                                         | `nil`                                                         |
-| `ldap.url`                                    | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]`                                                                          | `nil`                                                         |
-| `ldap.server`                                 | IP address or name of the LDAP server.                                                                                                                                    | `nil`                                                         |
-| `ldap.port`                                   | Port number on the LDAP server to connect to                                                                                                                              | `nil`                                                         |
-| `ldap.scheme`                                 | Set to `ldaps` to use LDAPS.                                                                                                                                              | `nil`                                                         |
-| `ldap.tls`                                    | Set to `1` to use TLS encryption                                                                                                                                          | `nil`                                                         |
-| `ldap.prefix`                                 | String to prepend to the user name when forming the DN to bind                                                                                                            | `nil`                                                         |
-| `ldap.suffix`                                 | String to append to the user name when forming the DN to bind                                                                                                             | `nil`                                                         |
-| `ldap.search_attr`                            | Attribute to match agains the user name in the search                                                                                                                     | `nil`                                                         |
-| `ldap.search_filter`                          | The search filter to use when doing search+bind authentication                                                                                                            | `nil`                                                         |
-| `ldap.baseDN`                                 | Root DN to begin the search for the user in                                                                                                                               | `nil`                                                         |
-| `ldap.bindDN`                                 | DN of user to bind to LDAP                                                                                                                                                | `nil`                                                         |
-| `ldap.bind_password`                          | Password for the user to bind to LDAP                                                                                                                                     | `nil`                                                         |
-| `replication.enabled`                         | Enable replication                                                                                                                                                        | `false`                                                       |
-| `replication.user`                            | Replication user                                                                                                                                                          | `repl_user`                                                   |
-| `replication.password`                        | Replication user password                                                                                                                                                 | `repl_password`                                               |
-| `replication.slaveReplicas`                   | Number of slaves replicas                                                                                                                                                 | `1`                                                           |
-| `replication.synchronousCommit`               | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off`                                                                      | `off`                                                         |
-| `replication.numSynchronousReplicas`          | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`.                                                      | `0`                                                           |
-| `replication.applicationName`                 | Cluster application name. Useful for advanced replication settings                                                                                                        | `my_application`                                              |
-| `existingSecret`                              | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template.                                                                                                                  | `nil`                                                         |
-| `postgresqlPostgresPassword`                  | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`)                                                                                              | _random 10 character alphanumeric string_                     |
-| `postgresqlUsername`                          | PostgreSQL admin user                                                                                                                                                     | `postgres`                                                    |
-| `postgresqlPassword`                          | PostgreSQL admin password                                                                                                                                                 | _random 10 character alphanumeric string_                     |
-| `postgresqlDatabase`                          | PostgreSQL database                                                                                                                                                       | `nil`                                                         |
-| `postgresqlDataDir`                           | PostgreSQL data dir folder                                                                                                                                                | `/bitnami/postgresql` (same value as persistence.mountPath)   |
-| `extraEnv`                                    | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template.                                                               | `[]`                                                          |
-| `extraEnvVarsCM`                              | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template.                                   | `nil`                                                         |
-| `postgresqlInitdbArgs`                        | PostgreSQL initdb extra arguments                                                                                                                                         | `nil`                                                         |
-| `postgresqlInitdbWalDir`                      | PostgreSQL location for transaction log                                                                                                                                   | `nil`                                                         |
-| `postgresqlConfiguration`                     | Runtime Config Parameters                                                                                                                                                 | `nil`                                                         |
-| `postgresqlExtendedConf`                      | Extended Runtime Config Parameters (appended to main or default configuration)                                                                                            | `nil`                                                         |
-| `pgHbaConfiguration`                          | Content of pg_hba.conf                                                                                                                                                    | `nil (do not create pg_hba.conf)`                             |
-| `configurationConfigMap`                      | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template.             | `nil`                                                         |
-| `extendedConfConfigMap`                       | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template.                                                                         | `nil`                                                         |
-| `initdbScripts`                               | Dictionary of initdb scripts                                                                                                                                              | `nil`                                                         |
-| `initdbUser`                                  | PostgreSQL user to execute the .sql and sql.gz scripts                                                                                                                    | `nil`                                                         |
-| `initdbPassword`                              | Password for the user specified in `initdbUser`                                                                                                                       | `nil`                                                         |
-| `initdbScriptsConfigMap`                      | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template.                                                                | `nil`                                                         |
-| `initdbScriptsSecret`                         | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil`                                                         |
-| `service.type`                                | Kubernetes Service type                                                                                                                                                   | `ClusterIP`                                                   |
-| `service.port`                                | PostgreSQL port                                                                                                                                                           | `5432`                                                        |
-| `service.nodePort`                            | Kubernetes Service nodePort                                                                                                                                               | `nil`                                                         |
-| `service.annotations`                         | Annotations for PostgreSQL service                                                                                                                                        | `{}` (evaluated as a template)                                |
-| `service.loadBalancerIP`                      | loadBalancerIP if service type is `LoadBalancer`                                                                                                                          | `nil`                                                         |
-| `service.loadBalancerSourceRanges`            | Address that are allowed when svc is LoadBalancer                                                                                                                         | `[]` (evaluated as a template)                                |
-| `schedulerName`                               | Name of the k8s scheduler (other than default)                                                                                                                            | `nil`                                                         |
-| `shmVolume.enabled`                           | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s)                                                                                                        | `true`                                                        |
-| `shmVolume.chmod.enabled`                     | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`)                                                                                 | `true`                                                        |
-| `persistence.enabled`                         | Enable persistence using PVC                                                                                                                                              | `true`                                                        |
-| `persistence.existingClaim`                   | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template.                                                                                        | `nil`                                                         |
-| `persistence.mountPath`                       | Path to mount the volume at                                                                                                                                               | `/bitnami/postgresql`                                         |
-| `persistence.subPath`                         | Subdirectory of the volume to mount at                                                                                                                                    | `""`                                                          |
-| `persistence.storageClass`                    | PVC Storage Class for PostgreSQL volume                                                                                                                                   | `nil`                                                         |
-| `persistence.accessModes`                     | PVC Access Mode for PostgreSQL volume                                                                                                                                     | `[ReadWriteOnce]`                                             |
-| `persistence.size`                            | PVC Storage Request for PostgreSQL volume                                                                                                                                 | `8Gi`                                                         |
-| `persistence.annotations`                     | Annotations for the PVC                                                                                                                                                   | `{}`                                                          |
-| `commonAnnotations`                         | Annotations to be added to all deployed resources (rendered as a template)                                                                                                                      | `{}`                                                          |
-| `master.nodeSelector`                         | Node labels for pod assignment (postgresql master)                                                                                                                        | `{}`                                                          |
-| `master.affinity`                             | Affinity labels for pod assignment (postgresql master)                                                                                                                    | `{}`                                                          |
-| `master.tolerations`                          | Toleration labels for pod assignment (postgresql master)                                                                                                                  | `[]`                                                          |
-| `master.anotations`                           | Map of annotations to add to the statefulset (postgresql master)                                                                                                          | `{}`                                                          |
-| `master.labels`                               | Map of labels to add to the statefulset (postgresql master)                                                                                                               | `{}`                                                          |
-| `master.podAnnotations`                       | Map of annotations to add to the pods (postgresql master)                                                                                                                 | `{}`                                                          |
-| `master.podLabels`                            | Map of labels to add to the pods (postgresql master)                                                                                                                      | `{}`                                                          |
-| `master.priorityClassName`                    | Priority Class to use for each pod (postgresql master)                                                                                                                    | `nil`                                                          |
-| `master.extraInitContainers`                  | Additional init containers to add to the pods (postgresql master)                                                                                                         | `[]`                                                          |
-| `master.extraVolumeMounts`                    | Additional volume mounts to add to the pods (postgresql master)                                                                                                           | `[]`                                                          |
-| `master.extraVolumes`                         | Additional volumes to add to the pods (postgresql master)                                                                                                                 | `[]`                                                          |
-| `master.sidecars`                             | Add additional containers to the pod                                                                                                                                      | `[]`                                                          |
-| `master.service.type`                         | Allows using a different service type for Master                                                                                                                          | `nil`                                                         |
-| `master.service.nodePort`                     | Allows using a different nodePort for Master                                                                                                                              | `nil`                                                         |
-| `master.service.clusterIP`                    | Allows using a different clusterIP for Master                                                                                                                             | `nil`                                                         |
-| `slave.nodeSelector`                          | Node labels for pod assignment (postgresql slave)                                                                                                                         | `{}`                                                          |
-| `slave.affinity`                              | Affinity labels for pod assignment (postgresql slave)                                                                                                                     | `{}`                                                          |
-| `slave.tolerations`                           | Toleration labels for pod assignment (postgresql slave)                                                                                                                   | `[]`                                                          |
-| `slave.anotations`                            | Map of annotations to add to the statefulsets (postgresql slave)                                                                                                          | `{}`                                                          |
-| `slave.labels`                                | Map of labels to add to the statefulsets (postgresql slave)                                                                                                               | `{}`                                                          |
-| `slave.podAnnotations`                        | Map of annotations to add to the pods (postgresql slave)                                                                                                                  | `{}`                                                          |
-| `slave.podLabels`                             | Map of labels to add to the pods (postgresql slave)                                                                                                                       | `{}`                                                          |
-| `slave.priorityClassName`                     | Priority Class to use for each pod (postgresql slave)                                                                                                                     | `nil`                                                          |
-| `slave.extraInitContainers`                   | Additional init containers to add to the pods (postgresql slave)                                                                                                          | `[]`                                                          |
-| `slave.extraVolumeMounts`                     | Additional volume mounts to add to the pods (postgresql slave)                                                                                                            | `[]`                                                          |
-| `slave.extraVolumes`                          | Additional volumes to add to the pods (postgresql slave)                                                                                                                  | `[]`                                                          |
-| `slave.sidecars`                              | Add additional containers to the pod                                                                                                                                      | `[]`                                                          |
-| `slave.service.type`                          | Allows using a different service type for Slave                                                                                                                           | `nil`                                                         |
-| `slave.service.nodePort`                      | Allows using a different nodePort for Slave                                                                                                                               | `nil`                                                         |
-| `slave.service.clusterIP`                     | Allows using a different clusterIP for Slave                                                                                                                              | `nil`                                                         |
-| `terminationGracePeriodSeconds`               | Seconds the pod needs to terminate gracefully                                                                                                                             | `nil`                                                         |
-| `resources`                                   | CPU/Memory resource requests/limits                                                                                                                                       | Memory: `256Mi`, CPU: `250m`                                  |
-| `securityContext.enabled`                     | Enable security context                                                                                                                                                   | `true`                                                        |
-| `securityContext.fsGroup`                     | Group ID for the container                                                                                                                                                | `1001`                                                        |
-| `securityContext.runAsUser`                   | User ID for the container                                                                                                                                                 | `1001`                                                        |
-| `serviceAccount.enabled`                      | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set)                                                     | `false`                                                       |
-| `serviceAcccount.name`                        | Name of existing service account                                                                                                                                          | `nil`                                                         |
-| `livenessProbe.enabled`                       | Would you like a livenessProbe to be enabled                                                                                                                              | `true`                                                        |
-| `networkPolicy.enabled`                       | Enable NetworkPolicy                                                                                                                                                      | `false`                                                       |
-| `networkPolicy.allowExternal`                 | Don't require client label for connections                                                                                                                                | `true`                                                        |
-| `networkPolicy.explicitNamespacesSelector`    | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed                                                                    | `{}`                                                          |
-| `livenessProbe.initialDelaySeconds`           | Delay before liveness probe is initiated                                                                                                                                  | 30                                                            |
-| `livenessProbe.periodSeconds`                 | How often to perform the probe                                                                                                                                            | 10                                                            |
-| `livenessProbe.timeoutSeconds`                | When the probe times out                                                                                                                                                  | 5                                                             |
-| `livenessProbe.failureThreshold`              | Minimum consecutive failures for the probe to be considered failed after having succeeded.                                                                                | 6                                                             |
-| `livenessProbe.successThreshold`              | Minimum consecutive successes for the probe to be considered successful after having failed                                                                               | 1                                                             |
-| `readinessProbe.enabled`                      | would you like a readinessProbe to be enabled                                                                                                                             | `true`                                                        |
-| `readinessProbe.initialDelaySeconds`          | Delay before readiness probe is initiated                                                                                                                                 | 5                                                             |
-| `readinessProbe.periodSeconds`                | How often to perform the probe                                                                                                                                            | 10                                                            |
-| `readinessProbe.timeoutSeconds`               | When the probe times out                                                                                                                                                  | 5                                                             |
-| `readinessProbe.failureThreshold`             | Minimum consecutive failures for the probe to be considered failed after having succeeded.                                                                                | 6                                                             |
-| `readinessProbe.successThreshold`             | Minimum consecutive successes for the probe to be considered successful after having failed                                                                               | 1                                                             |
-| `metrics.enabled`                             | Start a prometheus exporter                                                                                                                                               | `false`                                                       |
-| `metrics.service.type`                        | Kubernetes Service type                                                                                                                                                   | `ClusterIP`                                                   |
-| `service.clusterIP`                           | Static clusterIP or None for headless services                                                                                                                            | `nil`                                                         |
-| `metrics.service.annotations`                 | Additional annotations for metrics exporter pod                                                                                                                           | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` |
-| `metrics.service.loadBalancerIP`              | loadBalancerIP if redis metrics service type is `LoadBalancer`                                                                                                            | `nil`                                                         |
-| `metrics.serviceMonitor.enabled`              | Set this to `true` to create ServiceMonitor for Prometheus operator                                                                                                       | `false`                                                       |
-| `metrics.serviceMonitor.additionalLabels`     | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus                                                                                     | `{}`                                                          |
-| `metrics.serviceMonitor.namespace`            | Optional namespace in which to create ServiceMonitor                                                                                                                      | `nil`                                                         |
-| `metrics.serviceMonitor.interval`             | Scrape interval. If not set, the Prometheus default scrape interval is used                                                                                               | `nil`                                                         |
-| `metrics.serviceMonitor.scrapeTimeout`        | Scrape timeout. If not set, the Prometheus default scrape timeout is used                                                                                                 | `nil`                                                         |
-| `metrics.prometheusRule.enabled`              | Set this to true to create prometheusRules for Prometheus operator                                                                                                        | `false`                                                       |
-| `metrics.prometheusRule.additionalLabels`     | Additional labels that can be used so prometheusRules will be discovered by Prometheus                                                                                    | `{}`                                                          |
-| `metrics.prometheusRule.namespace`            | namespace where prometheusRules resource should be created                                                                                                                | the same namespace as postgresql                              |
-| `metrics.prometheusRule.rules`                | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example.                                            | `[]`                                                          |
-| `metrics.image.registry`                      | PostgreSQL Exporter Image registry                                                                                                                                        | `docker.io`                                                   |
-| `metrics.image.repository`                    | PostgreSQL Exporter Image name                                                                                                                                            | `bitnami/postgres-exporter`                                   |
-| `metrics.image.tag`                           | PostgreSQL Exporter Image tag                                                                                                                                            | `{TAG_NAME}`                                                  |
-| `metrics.image.pullPolicy`                    | PostgreSQL Exporter Image pull policy                                                                                                                                    | `IfNotPresent`                                                |
-| `metrics.image.pullSecrets`                   | Specify Image pull secrets                                                                                                                                                | `nil` (does not add image pull secrets to deployed pods)      |
-| `metrics.customMetrics`                       | Additional custom metrics                                                                                                                                                 | `nil`                                                         |
-| `metrics.securityContext.enabled`             | Enable security context for metrics                                                                                                                                       | `false`                                                       |
-| `metrics.securityContext.runAsUser`           | User ID for the container for metrics                                                                                                                                     | `1001`                                                        |
-| `metrics.livenessProbe.initialDelaySeconds`   | Delay before liveness probe is initiated                                                                                                                                  | 30                                                            |
-| `metrics.livenessProbe.periodSeconds`         | How often to perform the probe                                                                                                                                            | 10                                                            |
-| `metrics.livenessProbe.timeoutSeconds`        | When the probe times out                                                                                                                                                  | 5                                                             |
-| `metrics.livenessProbe.failureThreshold`      | Minimum consecutive failures for the probe to be considered failed after having succeeded.                                                                                | 6                                                             |
-| `metrics.livenessProbe.successThreshold`      | Minimum consecutive successes for the probe to be considered successful after having failed                                                                               | 1                                                             |
-| `metrics.readinessProbe.enabled`              | would you like a readinessProbe to be enabled                                                                                                                             | `true`                                                        |
-| `metrics.readinessProbe.initialDelaySeconds`  | Delay before liveness probe is initiated                                                                                                                                  | 5                                                             |
-| `metrics.readinessProbe.periodSeconds`        | How often to perform the probe                                                                                                                                            | 10                                                            |
-| `metrics.readinessProbe.timeoutSeconds`       | When the probe times out                                                                                                                                                  | 5                                                             |
-| `metrics.readinessProbe.failureThreshold`     | Minimum consecutive failures for the probe to be considered failed after having succeeded.                                                                                | 6                                                             |
-| `metrics.readinessProbe.successThreshold`     | Minimum consecutive successes for the probe to be considered successful after having failed                                                                               | 1                                                             |
-| `updateStrategy`                              | Update strategy policy                                                                                                                                                    | `{type: "RollingUpdate"}`                                     |
-| `psp.create`                                  | Create Pod Security Policy                                                                                                                                                | `false`                                                       |
-| `rbac.create`                                 | Create Role and RoleBinding (required for PSP to work)                                                                                                                    | `false`                                                       |
-
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```console
-$ helm install my-release \
-  --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \
-    bitnami/postgresql
-```
-
-The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`.
-
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install my-release -f values.yaml bitnami/postgresql
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-
-## Configuration and installation details
-
-### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
-
-It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
-
-Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
-
-### Production configuration and horizontal scaling
-
-This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one.
-
-- Enable replication:
-```diff
-- replication.enabled: false
-+ replication.enabled: true
-```
-
-- Number of slaves replicas:
-```diff
-- replication.slaveReplicas: 1
-+ replication.slaveReplicas: 2
-```
-
-- Set synchronous commit mode:
-```diff
-- replication.synchronousCommit: "off"
-+ replication.synchronousCommit: "on"
-```
-
-- Number of replicas that will have synchronous replication:
-```diff
-- replication.numSynchronousReplicas: 0
-+ replication.numSynchronousReplicas: 1
-```
-
-- Start a prometheus exporter:
-```diff
-- metrics.enabled: false
-+ metrics.enabled: true
-```
-
-To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above.
-
-### Customizing Master and Slave services in a replicated configuration
-
-At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object.
-
-### Change PostgreSQL version
-
-To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0`
-
-### postgresql.conf / pg_hba.conf files as configMap
-
-This helm chart also supports to customize the whole configuration file.
-
-Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server.
-
-Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}.
-
-In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options.
-
-### Allow settings to be loaded from files other than the default `postgresql.conf`
-
-If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory.
-Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`.
-
-Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option.
-
-### Initialize a fresh instance
-
-The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap.
-
-Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict.
-
-In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter.
-
-The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
-
-### Sidecars
-
-If you need  additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
-
-```yaml
-# For the PostgreSQL master
-master:
-  sidecars:
-  - name: your-image-name
-    image: your-image
-    imagePullPolicy: Always
-    ports:
-    - name: portname
-     containerPort: 1234
-# For the PostgreSQL replicas
-slave:
-  sidecars:
-  - name: your-image-name
-    image: your-image
-    imagePullPolicy: Always
-    ports:
-    - name: portname
-     containerPort: 1234
-```
-
-### Metrics
-
-The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml).
-
-The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details.
-
-### Use of global variables
-
-In more complex scenarios, we may have the following tree of dependencies
-
-```
-                     +--------------+
-                     |              |
-        +------------+   Chart 1    +-----------+
-        |            |              |           |
-        |            --------+------+           |
-        |                    |                  |
-        |                    |                  |
-        |                    |                  |
-        |                    |                  |
-        v                    v                  v
-+-------+------+    +--------+------+  +--------+------+
-|              |    |               |  |               |
-|  PostgreSQL  |    |  Sub-chart 1  |  |  Sub-chart 2  |
-|              |    |               |  |               |
-+--------------+    +---------------+  +---------------+
-```
-
-The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters:
-
-```
-postgresql.postgresqlPassword=testtest
-subchart1.postgresql.postgresqlPassword=testtest
-subchart2.postgresql.postgresqlPassword=testtest
-postgresql.postgresqlDatabase=db1
-subchart1.postgresql.postgresqlDatabase=db1
-subchart2.postgresql.postgresqlDatabase=db1
-```
-
-If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows:
-
-```
-global.postgresql.postgresqlPassword=testtest
-global.postgresql.postgresqlDatabase=db1
-```
-
-This way, the credentials will be available in all of the subcharts.
-
-## Persistence
-
-The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container.
-
-Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
-See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
-
-If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished.
-
-## NetworkPolicy
-
-To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
-
-For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
-
-```console
-$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
-```
-
-With NetworkPolicy enabled, traffic will be limited to just port 5432.
-
-For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL.
-This label will be displayed in the output of a successful install.
-
-## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image
-
-- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image.
-- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift.
-- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false
-
-### Deploy chart using Docker Official PostgreSQL Image
-
-From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image.
-Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory.
-
-```
-image.repository=postgres
-image.tag=10.6
-postgresqlDataDir=/data/pgdata
-persistence.mountPath=/data/
-```
-
-## Upgrade
-
-It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart:
-
-```bash
-$ helm upgrade my-release stable/postgresql \
-    --set postgresqlPassword=[POSTGRESQL_PASSWORD] \
-    --set replication.password=[REPLICATION_PASSWORD]
-```
-
-> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes.
-
-## 8.0.0
-
-Prefixes the port names with their protocols to comply with Istio conventions.
-
-If you depend on the port names in your setup, make sure to update them to reflect this change.
-
-## 7.1.0
-
-Adds support for LDAP configuration.
-
-## 7.0.0
-
-Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
-
-In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
-
-This major version bump signifies this change.
-
-## 6.5.7
-
-In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies:
-
-- protobuf
-- protobuf-c
-- json-c
-- geos
-- proj
-
-## 5.0.0
-
-In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/).
-
-For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs:
-
-```console
-Welcome to the Bitnami postgresql container
-Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
-Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
-Send us your feedback at containers@bitnami.com
-
-INFO  ==> ** Starting PostgreSQL setup **
-NFO  ==> Validating settings in POSTGRESQL_* env vars..
-INFO  ==> Initializing PostgreSQL database...
-INFO  ==> postgresql.conf file not detected. Generating it...
-INFO  ==> pg_hba.conf file not detected. Generating it...
-INFO  ==> Deploying PostgreSQL with persisted data...
-INFO  ==> Configuring replication parameters
-INFO  ==> Loading custom scripts...
-INFO  ==> Enabling remote connections
-INFO  ==> Stopping PostgreSQL...
-INFO  ==> ** PostgreSQL setup finished! **
-
-INFO  ==> ** Starting PostgreSQL **
-  [1] FATAL:  database files are incompatible with server
-  [1] DETAIL:  The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3.
-```
-
-In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one.
-
-### 4.0.0
-
-This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately.
-
-IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error
-
-```
-The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development
-```
-
-### 3.0.0
-
-This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods.
-It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride.
-
-#### Breaking changes
-
-- `affinty` has been renamed to `master.affinity` and `slave.affinity`.
-- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`.
-- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`.
-
-### 2.0.0
-
-In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps:
-
- - Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running
-
-```console
-$ kubectl get svc
-```
-
-- Install (not upgrade) the new version
-
-```console
-$ helm repo update
-$ helm install my-release bitnami/postgresql
-```
-
-- Connect to the new pod (you can obtain the name by running `kubectl get pods`):
-
-```console
-$ kubectl exec -it NAME bash
-```
-
-- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart:
-
-```console
-$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql
-```
-
-After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`).
-This operation could take some time depending on the database size.
-
-- Once you have the backup file, you can restore it with a command like the one below:
-
-```console
-$ psql -U postgres DATABASE_NAME < /tmp/backup.sql
-```
-
-In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt).
-
-If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below.
-
-```console
-$ psql -U postgres
-postgres=# drop database DATABASE_NAME;
-postgres=# create database DATABASE_NAME;
-postgres=# create user USER_NAME;
-postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD';
-postgres=# grant all privileges on database DATABASE_NAME to USER_NAME;
-postgres=# alter database DATABASE_NAME owner to USER_NAME;
-```

tip-wlan/charts/postgresql/ci/commonAnnotations.yaml

@@ -1,4 +0,0 @@
-commonAnnotations:
-  helm.sh/hook: "pre-install, pre-upgrade"
-  helm.sh/hook-weight: "-1"
-

tip-wlan/charts/postgresql/ci/shmvolume-disabled-values.yaml

@@ -1,2 +0,0 @@
-shmVolume:
-  enabled: false

tip-wlan/charts/postgresql/files/README.md

@@ -1 +0,0 @@
-Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map.

tip-wlan/charts/postgresql/files/conf.d/README.md

@@ -1,4 +0,0 @@
-If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files.
-These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`.
-
-More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file).

tip-wlan/charts/postgresql/files/docker-entrypoint-initdb.d/README.md

@@ -1,3 +0,0 @@
-You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image.
-
-More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository.

tip-wlan/charts/postgresql/files/pg_hba.conf

@@ -1,3 +0,0 @@
-hostssl replication repl_user 0.0.0.0/0 md5 clientcert=1
-hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
-hostssl all all 0.0.0.0/0 md5 clientcert=1

tip-wlan/charts/postgresql/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/postgresql/templates/NOTES.txt

@@ -1,60 +0,0 @@
-** Please be patient while the chart is being deployed **
-
-PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster:
-
-    {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection
-{{- if .Values.replication.enabled }}
-    {{ template "common.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection
-{{- end }}
-
-{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
-
-To get the password for "postgres" run:
-
-    export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode)
-{{- end }}
-
-To get the password for "{{ template "postgresql.username" . }}" run:
-
-    export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode)
-
-To connect to your database run the following command:
-
-    kubectl run {{ template "common.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
-   --labels="{{ template "common.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "common.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }}
-
-{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
-Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster.
-{{- end }}
-
-To connect to your database from outside the cluster execute the following commands:
-
-{{- if contains "NodePort" .Values.service.type }}
-
-    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.fullname" . }})
-    {{ if (include "postgresql.password" . )  }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }}
-
-{{- else if contains "LoadBalancer" .Values.service.type }}
-
-  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.fullname" . }}'
-
-    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-    {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }}
-
-{{- else if contains "ClusterIP" .Values.service.type }}
-
-    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} &
-    {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }}
-
-{{- end }}
-
-{{- include "postgresql.validateValues" . -}}
-
-{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
-
-WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
-+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
-
-{{- end }}

tip-wlan/charts/postgresql/templates/_helpers.tpl

@@ -1,370 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{- define "postgresql.master.fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}}
-{{- if .Values.replication.enabled -}}
-{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the proper PostgreSQL image name
-*/}}
-{{- define "postgresql.image" -}}
-{{- $registryName := .Values.image.registry -}}
-{{- $repositoryName := .Values.image.repository -}}
-{{- $tag := .Values.image.tag | toString -}}
-{{/*
-Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
-but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
-Also, we can't use a single if because lazy evaluation is not an option
-*/}}
-{{- if .Values.global }}
-    {{- if .Values.global.imageRegistry }}
-        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
-    {{- else -}}
-        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-    {{- end -}}
-{{- else -}}
-    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return PostgreSQL postgres user password
-*/}}
-{{- define "postgresql.postgres.password" -}}
-{{- if .Values.global.postgresql.postgresqlPostgresPassword }}
-    {{- .Values.global.postgresql.postgresqlPostgresPassword -}}
-{{- else if .Values.postgresqlPostgresPassword -}}
-    {{- .Values.postgresqlPostgresPassword -}}
-{{- else -}}
-    {{- randAlphaNum 10 -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return PostgreSQL password
-*/}}
-{{- define "postgresql.password" -}}
-{{- if .Values.global.postgresql.postgresqlPassword }}
-    {{- .Values.global.postgresql.postgresqlPassword -}}
-{{- else if .Values.postgresqlPassword -}}
-    {{- .Values.postgresqlPassword -}}
-{{- else -}}
-    {{- randAlphaNum 10 -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return PostgreSQL replication password
-*/}}
-{{- define "postgresql.replication.password" -}}
-{{- if .Values.global.postgresql.replicationPassword }}
-    {{- .Values.global.postgresql.replicationPassword -}}
-{{- else if .Values.replication.password -}}
-    {{- .Values.replication.password -}}
-{{- else -}}
-    {{- randAlphaNum 10 -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return PostgreSQL username
-*/}}
-{{- define "postgresql.username" -}}
-{{- if .Values.global.postgresql.postgresqlUsername }}
-    {{- .Values.global.postgresql.postgresqlUsername -}}
-{{- else -}}
-    {{- .Values.postgresqlUsername -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Return PostgreSQL replication username
-*/}}
-{{- define "postgresql.replication.username" -}}
-{{- if .Values.global.postgresql.replicationUser }}
-    {{- .Values.global.postgresql.replicationUser -}}
-{{- else -}}
-    {{- .Values.replication.user -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return PostgreSQL port
-*/}}
-{{- define "postgresql.port" -}}
-{{- if .Values.global.postgresql.servicePort }}
-    {{- .Values.global.postgresql.servicePort -}}
-{{- else -}}
-    {{- .Values.service.port -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return PostgreSQL created database
-*/}}
-{{- define "postgresql.database" -}}
-{{- if .Values.global.postgresql.postgresqlDatabase }}
-    {{- .Values.global.postgresql.postgresqlDatabase -}}
-{{- else if .Values.postgresqlDatabase -}}
-    {{- .Values.postgresqlDatabase -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the proper image name to change the volume permissions
-*/}}
-{{- define "postgresql.volumePermissions.image" -}}
-{{- $registryName := .Values.volumePermissions.image.registry -}}
-{{- $repositoryName := .Values.volumePermissions.image.repository -}}
-{{- $tag := .Values.volumePermissions.image.tag | toString -}}
-{{/*
-Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
-but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
-Also, we can't use a single if because lazy evaluation is not an option
-*/}}
-{{- if .Values.global }}
-    {{- if .Values.global.imageRegistry }}
-        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
-    {{- else -}}
-        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-    {{- end -}}
-{{- else -}}
-    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the proper PostgreSQL metrics image name
-*/}}
-{{- define "postgresql.metrics.image" -}}
-{{- $registryName :=  default "docker.io" .Values.metrics.image.registry -}}
-{{- $repositoryName := .Values.metrics.image.repository -}}
-{{- $tag := default "latest" .Values.metrics.image.tag | toString -}}
-{{/*
-Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
-but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
-Also, we can't use a single if because lazy evaluation is not an option
-*/}}
-{{- if .Values.global }}
-    {{- if .Values.global.imageRegistry }}
-        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
-    {{- else -}}
-        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-    {{- end -}}
-{{- else -}}
-    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Get the password secret.
-*/}}
-{{- define "postgresql.secretName" -}}
-{{- if .Values.global.postgresql.existingSecret }}
-    {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}}
-{{- else if .Values.existingSecret -}}
-    {{- printf "%s" (tpl .Values.existingSecret $) -}}
-{{- else -}}
-    {{- printf "%s" (include "common.fullname" .) -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return true if a secret object should be created
-*/}}
-{{- define "postgresql.createSecret" -}}
-{{- if .Values.global.postgresql.existingSecret }}
-{{- else if .Values.existingSecret -}}
-{{- else -}}
-    {{- true -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Get the configuration ConfigMap name.
-*/}}
-{{- define "postgresql.configurationCM" -}}
-{{- if .Values.configurationConfigMap -}}
-{{- printf "%s" (tpl .Values.configurationConfigMap $) -}}
-{{- else -}}
-{{- printf "%s-configuration" (include "common.fullname" .) -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Get the extended configuration ConfigMap name.
-*/}}
-{{- define "postgresql.extendedConfigurationCM" -}}
-{{- if .Values.extendedConfConfigMap -}}
-{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}}
-{{- else -}}
-{{- printf "%s-extended-configuration" (include "common.fullname" .) -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return true if a configmap should be mounted with PostgreSQL configuration
-*/}}
-{{- define "postgresql.mountConfigurationCM" -}}
-{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
-    {{- true -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Get the initialization scripts ConfigMap name.
-*/}}
-{{- define "postgresql.initdbScriptsCM" -}}
-{{- if .Values.initdbScriptsConfigMap -}}
-{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}}
-{{- else -}}
-{{- printf "%s-init-scripts" (include "common.fullname" .) -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Get the initialization scripts Secret name.
-*/}}
-{{- define "postgresql.initdbScriptsSecret" -}}
-{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}}
-{{- end -}}
-
-{{/*
-Get the metrics ConfigMap name.
-*/}}
-{{- define "postgresql.metricsCM" -}}
-{{- printf "%s-metrics" (include "common.fullname" .) -}}
-{{- end -}}
-
-{{/*
-Get the readiness probe command
-*/}}
-{{- define "postgresql.readinessProbeCommand" -}}
-- |
-{{- if (include "postgresql.database" .) }}
-  exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
-{{- else }}
-  exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
-{{- end }}
-{{- if contains "bitnami/" .Values.image.repository }}
-  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return  the proper Storage Class
-*/}}
-{{- define "postgresql.storageClass" -}}
-{{/*
-Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
-but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
-*/}}
-{{- if .Values.global -}}
-    {{- if .Values.global.storageClass -}}
-        {{- if (eq "-" .Values.global.storageClass) -}}
-            {{- printf "storageClassName: \"\"" -}}
-        {{- else }}
-            {{- printf "storageClassName: %s" .Values.global.storageClass -}}
-        {{- end -}}
-    {{- else -}}
-        {{- if .Values.persistence.storageClass -}}
-              {{- if (eq "-" .Values.persistence.storageClass) -}}
-                  {{- printf "storageClassName: \"\"" -}}
-              {{- else }}
-                  {{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
-              {{- end -}}
-        {{- end -}}
-    {{- end -}}
-{{- else -}}
-    {{- if .Values.persistence.storageClass -}}
-        {{- if (eq "-" .Values.persistence.storageClass) -}}
-            {{- printf "storageClassName: \"\"" -}}
-        {{- else }}
-            {{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
-        {{- end -}}
-    {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Renders a value that contains template.
-Usage:
-{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
-*/}}
-{{- define "postgresql.tplValue" -}}
-    {{- if typeIs "string" .value }}
-        {{- tpl .value .context }}
-    {{- else }}
-        {{- tpl (.value | toYaml) .context }}
-    {{- end }}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for statefulset.
-*/}}
-{{- define "postgresql.statefulset.apiVersion" -}}
-{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-{{- print "apps/v1beta2" -}}
-{{- else -}}
-{{- print "apps/v1" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Compile all warnings into a single message, and call fail.
-*/}}
-{{- define "postgresql.validateValues" -}}
-{{- $messages := list -}}
-{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
-{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
-{{- $messages := without $messages "" -}}
-{{- $message := join "\n" $messages -}}
-
-{{- if $message -}}
-{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
-*/}}
-{{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
-{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
-postgresql: ldap.url, ldap.server
-    You cannot set both `ldap.url` and `ldap.server` at the same time.
-    Please provide a unique way to configure LDAP.
-    More info at https://www.postgresql.org/docs/current/auth-ldap.html
-{{- end -}}
-{{- end -}}
-
-{{/*
-Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
-*/}}
-{{- define "postgresql.validateValues.psp" -}}
-{{- if and .Values.psp.create (not .Values.rbac.create) }}
-postgresql: psp.create, rbac.create
-    RBAC should be enabled if PSP is enabled in order for PSP to work.
-    More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for podsecuritypolicy.
-*/}}
-{{- define "podsecuritypolicy.apiVersion" -}}
-{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
-{{- print "extensions/v1beta1" -}}
-{{- else -}}
-{{- print "policy/v1beta1" -}}
-{{- end -}}
-{{- end -}}

tip-wlan/charts/postgresql/templates/configmap.yaml

@@ -1,30 +0,0 @@
-{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "common.fullname" . }}-configuration
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-data:
-{{- if (.Files.Glob "files/postgresql.conf") }}
-{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }}
-{{- else if .Values.postgresqlConfiguration }}
-  postgresql.conf: |
-{{- range $key, $value := default dict .Values.postgresqlConfiguration }}
-    {{ $key | snakecase }}={{ $value }}
-{{- end }}
-{{- end }}
-{{- if (.Files.Glob "files/pg_hba.conf") }}
-{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }}
-{{- else if .Values.pgHbaConfiguration }}
-  pg_hba.conf: |
-{{ .Values.pgHbaConfiguration | indent 4 }}
-{{- end }}
-{{ end }}

tip-wlan/charts/postgresql/templates/extended-config-configmap.yaml

@@ -1,25 +0,0 @@
-{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "common.fullname" . }}-extended-configuration
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-data:
-{{- with .Files.Glob "files/conf.d/*.conf" }}
-{{ .AsConfig | indent 2 }}
-{{- end }}
-{{ with .Values.postgresqlExtendedConf }}
-  override.conf: |
-{{- range $key, $value := . }}
-    {{ $key | snakecase }}={{ $value }}
-{{- end }}
-{{- end }}
-{{- end }}

tip-wlan/charts/postgresql/templates/initialization-configmap.yaml

@@ -1,28 +0,0 @@
-{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "common.fullname" . }}-init-scripts
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }}
-binaryData:
-{{- range $path, $bytes := . }}
-  {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }}
-{{ .AsConfig | indent 2 }}
-{{- end }}
-{{- with .Values.initdbScripts }}
-{{ toYaml . | indent 2 }}
-{{- end }}
-{{- end }}

tip-wlan/charts/postgresql/templates/secret-certs.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-

tip-wlan/charts/postgresql/templates/secrets.yaml

@@ -1,27 +0,0 @@
-{{- if (include "postgresql.createSecret" .) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-type: Opaque
-data:
-  {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
-  postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }}
-  {{- end }}
-  postgresql-password: {{ include "postgresql.password" . | b64enc | quote }}
-  {{- if .Values.replication.enabled }}
-  postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }}
-  {{- end }}
-  {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}}
-  postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }}
-  {{- end }}
-{{- end -}}

tip-wlan/charts/postgresql/templates/statefulset-slaves.yaml

@@ -1,348 +0,0 @@
-{{- if .Values.replication.enabled }}
-apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
-kind: StatefulSet
-metadata:
-  name: "{{ template "common.fullname" . }}-slave"
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-{{- with .Values.slave.labels }}
-{{ toYaml . | indent 4 }}
-{{- end }}
-  annotations:
-  {{- if .Values.commonAnnotations }}
-  {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-  {{- with .Values.slave.annotations }}
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  serviceName: {{ template "common.fullname" . }}-headless
-  replicas: {{ .Values.replication.slaveReplicas }}
-  selector:
-    matchLabels:
-      app: {{ template "common.name" . }}
-      release: {{ .Release.Name | quote }}
-      role: slave
-  template:
-    metadata:
-      name: {{ template "common.fullname" . }}
-      labels:
-        app: {{ template "common.name" . }}
-        chart: {{ template "common.chart" . }}
-        release: {{ .Release.Name | quote }}
-        heritage: {{ .Release.Service | quote }}
-        role: slave
-{{- with .Values.slave.podLabels }}
-{{ toYaml . | indent 8 }}
-{{- end }}
-{{- with .Values.slave.podAnnotations }}
-      annotations:
-{{ toYaml . | indent 8 }}
-{{- end }}
-    spec:
-      {{- if .Values.schedulerName }}
-      schedulerName: "{{ .Values.schedulerName }}"
-      {{- end }}
-      {{- if .Values.image.pullSecrets }}
-      imagePullSecrets:
-        - name: {{ .Values.image.pullSecrets }}
-      {{- end }}        
-      {{- if .Values.slave.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.slave.nodeSelector | indent 8 }}
-      {{- end }}
-      {{- if .Values.slave.affinity }}
-      affinity:
-{{ toYaml .Values.slave.affinity | indent 8 }}
-      {{- end }}
-      {{- if .Values.slave.tolerations }}
-      tolerations:
-{{ toYaml .Values.slave.tolerations | indent 8 }}
-      {{- end }}
-      {{- if .Values.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
-      {{- end }}
-      {{- if .Values.securityContext.enabled }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-      {{- end }}
-      {{- if .Values.serviceAccount.enabled }}
-      serviceAccountName: {{ default (include "common.fullname" . ) .Values.serviceAccount.name}}
-      {{- end }}
-      {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
-      initContainers:
-        - image: busybox:latest
-          imagePullPolicy: Always
-          name: setup-configs
-          command:
-          - sh
-          - -c
-          - |
-            echo "Setting Config Maps"
-            cd /tmp/certs
-            cp * /opt/tip-wlan/certs/
-            chmod 0600 /opt/tip-wlan/certs/postgresclientkey_dec.pem /opt/tip-wlan/certs/serverkey_dec.pem
-            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/tip-wlan/certs/*.*
-            echo "copied all the certs, updated the permissions and ownership. here are the contents of /opt/tip-wlan/certs folder"
-            ls -lrt /opt/tip-wlan/certs/
-          volumeMounts:
-          - mountPath: /tmp/certs/
-            name: postgresql-certs
-          - mountPath: /opt/tip-wlan/certs
-            name: postgresql-certs-transfer
-      {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
-        - name: init-chmod-data
-          image: {{ template "postgresql.volumePermissions.image" . }}
-          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
-          {{- if .Values.resources }}
-          resources: {{- toYaml .Values.resources | nindent 12 }}
-          {{- end }}
-          command:
-            - /bin/sh
-            - -cx
-            - |
-              {{- if .Values.persistence.enabled }}
-              mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
-              chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
-              find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
-              {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
-                xargs chown -R `id -u`:`id -G | cut -d " " -f2`
-              {{- else }}
-                xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
-              {{- end }}
-              {{- end }}
-              {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
-              chmod -R 777 /dev/shm
-              {{- end }}
-          {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
-          securityContext:
-          {{- else }}
-          securityContext:
-            runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
-          {{- end }}
-          volumeMounts:
-            {{ if .Values.persistence.enabled }}
-            - name: data
-              mountPath: {{ .Values.persistence.mountPath }}
-              subPath: {{ .Values.persistence.subPath }}
-            {{- end }}
-            {{- if .Values.shmVolume.enabled }}
-            - name: dshm
-              mountPath: /dev/shm
-            {{- end }}
-      {{- end }}
-      {{- if .Values.slave.extraInitContainers }}
-{{ tpl .Values.slave.extraInitContainers . | indent 8 }}
-      {{- end }}
-      {{- end }}
-      {{- if .Values.slave.priorityClassName }}
-      priorityClassName: {{ .Values.slave.priorityClassName }}
-      {{- end }}
-      containers:
-        - name: {{ template "common.fullname" . }}
-          image: {{ template "postgresql.image" . }}
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          {{- if .Values.resources }}
-          resources: {{- toYaml .Values.resources | nindent 12 }}
-          {{- end }}
-          {{- if .Values.securityContext.enabled }}
-          securityContext:
-            runAsUser: {{ .Values.securityContext.runAsUser }}
-          {{- end }}
-          env:
-            - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
-            - name: POSTGRESQL_VOLUME_DIR
-              value: "{{ .Values.persistence.mountPath }}"
-            - name: POSTGRESQL_PORT_NUMBER
-              value: "{{ template "postgresql.port" . }}"
-            {{- if .Values.persistence.mountPath }}
-            - name: PGDATA
-              value: {{ .Values.postgresqlDataDir | quote }}
-            {{- end }}
-            - name: POSTGRES_REPLICATION_MODE
-              value: "slave"
-            - name: POSTGRES_REPLICATION_USER
-              value: {{ include "postgresql.replication.username" . | quote }}
-            {{- if .Values.usePasswordFile }}
-            - name: POSTGRES_REPLICATION_PASSWORD_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
-            {{- else }}
-            - name: POSTGRES_REPLICATION_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-replication-password
-            {{- end }}
-            - name: POSTGRES_CLUSTER_APP_NAME
-              value: {{ .Values.replication.applicationName }}
-            - name: POSTGRES_MASTER_HOST
-              value: {{ template "common.fullname" . }}
-            - name: POSTGRES_MASTER_PORT_NUMBER
-              value: {{ include "postgresql.port" . | quote }}
-            {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
-            {{- if .Values.usePasswordFile }}
-            - name: POSTGRES_POSTGRES_PASSWORD_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
-            {{- else }}
-            - name: POSTGRES_POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-postgres-password
-            {{- end }}
-            {{- end }}
-            {{- if .Values.usePasswordFile }}
-            - name: POSTGRES_PASSWORD_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-password"
-            {{- else }}
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-password
-            {{- end }}
-            - name: PGSSLMODE
-              value: "verify-ca"
-            - name: PGSSLCERT
-              value: "/opt/tip-wlan/certs/postgresclientcert.pem"
-            - name: PGSSLKEY
-              value: "/opt/tip-wlan/certs/postgresclientkey_dec.pem"
-            - name: PGSSLROOTCERT
-              value: "/opt/tip-wlan/certs/cacert.pem"
-            - name: POSTGRESQL_ENABLE_TLS
-              value: "yes"              
-            - name: POSTGRESQL_TLS_CERT_FILE
-              value: "/opt/tip-wlan/certs/servercert.pem"
-            - name: POSTGRESQL_TLS_KEY_FILE
-              value: "/opt/tip-wlan/certs/serverkey_dec.pem"
-            - name: POSTGRESQL_TLS_CA_FILE
-              value: "/opt/tip-wlan/certs/cacert.pem"           
-          ports:
-            - name: tcp-postgresql
-              containerPort: {{ template "postgresql.port" . }}
-          {{- if .Values.livenessProbe.enabled }}
-          livenessProbe:
-            exec:
-              command:
-                - /bin/sh
-                - -c
-                {{- if (include "postgresql.database" .) }}
-                - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
-                {{- else }}
-                - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
-                {{- end }}
-            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- if .Values.readinessProbe.enabled }}
-          readinessProbe:
-            exec:
-              command:
-                - /bin/sh
-                - -c
-                - -e
-                {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
-            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
-          {{- end }}
-          volumeMounts:
-            {{- if .Values.usePasswordFile }}
-            - name: postgresql-password
-              mountPath: /opt/bitnami/postgresql/secrets/
-            {{- end }}
-            {{- if .Values.shmVolume.enabled }}
-            - name: dshm
-              mountPath: /dev/shm
-            {{- end }}
-            {{- if .Values.persistence.enabled }}
-            - name: data
-              mountPath: {{ .Values.persistence.mountPath }}
-              subPath: {{ .Values.persistence.subPath }}
-            {{ end }}
-            {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
-            - name: postgresql-extended-config
-              mountPath: /bitnami/postgresql/conf/conf.d/
-            {{- end }}
-            {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
-            - name: postgresql-config
-              mountPath: /bitnami/postgresql/conf
-            {{- end }}
-            - mountPath: /opt/tip-wlan/certs
-              name: postgresql-certs-transfer            
-            {{- if .Values.slave.extraVolumeMounts }}
-            {{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }}
-            {{- end }}
-{{- if .Values.slave.sidecars }}
-{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }}
-{{- end }}
-      volumes:
-        {{- if .Values.usePasswordFile }}
-        - name: postgresql-password
-          secret:
-            secretName: {{ template "postgresql.secretName" . }}
-        {{- end }}
-        {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
-        - name: postgresql-config
-          configMap:
-            name: {{ template "postgresql.configurationCM" . }}
-        {{- end }}
-        - name: postgresql-certs
-          secret:
-            secretName: {{ include "common.fullname" . }}-certs
-        - name: postgresql-certs-transfer
-          emptyDir: {}        
-        {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
-        - name: postgresql-extended-config
-          configMap:
-            name: {{ template "postgresql.extendedConfigurationCM" . }}
-        {{- end }}
-        {{- if .Values.shmVolume.enabled }}
-        - name: dshm
-          emptyDir:
-            medium: Memory
-            sizeLimit: 1Gi
-        {{- end }}
-        {{- if not .Values.persistence.enabled }}
-        - name: data
-          emptyDir: {}
-        {{- end }}
-        {{- if .Values.slave.extraVolumes }}
-        {{- toYaml .Values.slave.extraVolumes | nindent 8 }}
-        {{- end }}
-  updateStrategy:
-    type: {{ .Values.updateStrategy.type }}
-    {{- if (eq "Recreate" .Values.updateStrategy.type) }}
-    rollingUpdate: null
-    {{- end }}
-{{- if .Values.persistence.enabled }}
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-      {{- with .Values.persistence.annotations }}
-        annotations:
-        {{- range $key, $value := . }}
-          {{ $key }}: {{ $value }}
-        {{- end }}
-      {{- end }}
-      spec:
-        accessModes:
-        {{- range .Values.persistence.accessModes }}
-          - {{ . | quote }}
-        {{- end }}
-        resources:
-          requests:
-            storage: {{ .Values.persistence.size | quote }}
-        {{ include "postgresql.storageClass" . }}
-{{- end }}
-{{- end }}

tip-wlan/charts/postgresql/templates/statefulset.yaml

@@ -1,503 +0,0 @@
-apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
-kind: StatefulSet
-metadata:
-  name: {{ template "postgresql.master.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  {{- with .Values.master.labels }}
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-  annotations:
-  {{- if .Values.commonAnnotations }}
-  {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-  {{- with .Values.slave.annotations }}
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  serviceName: {{ template "common.fullname" . }}-headless
-  replicas: 1
-  updateStrategy:
-    type: {{ .Values.updateStrategy.type }}
-    {{- if (eq "Recreate" .Values.updateStrategy.type) }}
-    rollingUpdate: null
-    {{- end }}
-  selector:
-    matchLabels:
-      app: {{ template "common.name" . }}
-      release: {{ .Release.Name | quote }}
-      role: master
-  template:
-    metadata:
-      name: {{ template "common.fullname" . }}
-      labels:
-        app: {{ template "common.name" . }}
-        chart: {{ template "common.chart" . }}
-        release: {{ .Release.Name | quote }}
-        heritage: {{ .Release.Service | quote }}
-        role: master
-      {{- with .Values.master.podLabels }}
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.master.podAnnotations }}
-      annotations: {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      {{- if .Values.schedulerName }}
-      schedulerName: "{{ .Values.schedulerName }}"
-      {{- end }}
-      {{- if .Values.image.pullSecrets }}
-      imagePullSecrets:
-        - name: {{ .Values.image.pullSecrets }}
-      {{- end }}
-      {{- if .Values.master.nodeSelector }}
-      nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }}
-      {{- end }}
-      {{- if .Values.master.affinity }}
-      affinity: {{- toYaml .Values.master.affinity | nindent 8 }}
-      {{- end }}
-      {{- if .Values.master.tolerations }}
-      tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
-      {{- end }}
-      {{- if .Values.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
-      {{- end }}
-      {{- if .Values.securityContext.enabled }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-      {{- end }}
-      {{- if .Values.serviceAccount.enabled }}
-      serviceAccountName: {{ default (include "common.fullname" . ) .Values.serviceAccount.name }}
-      {{- end }}
-      {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
-      initContainers:
-        - image: busybox:latest
-          imagePullPolicy: Always
-          name: setup-configs
-          command:
-          - sh
-          - -c
-          - |
-            echo "Setting Config Maps"
-            cd /tmp/certs
-            cp * /opt/tip-wlan/certs/
-            chmod 0600 /opt/tip-wlan/certs/postgresclientkey_dec.pem /opt/tip-wlan/certs/serverkey_dec.pem
-            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/tip-wlan/certs/*.*
-            echo "copied all the certs, updated the permissions and ownership. here are the contents of /opt/tip-wlan/certs folder"
-            ls -lrt /opt/tip-wlan/certs/
-          volumeMounts:
-          - mountPath: /tmp/certs/
-            name: postgresql-certs
-          - mountPath: /opt/tip-wlan/certs
-            name: postgresql-certs-transfer
-      {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
-        - name: init-chmod-data
-          image: {{ template "postgresql.volumePermissions.image" . }}
-          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
-          {{- if .Values.resources }}
-          resources: {{- toYaml .Values.resources | nindent 12 }}
-          {{- end }}
-          command:
-            - /bin/sh
-            - -cx
-            - |
-              {{- if .Values.persistence.enabled }}
-              mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
-              chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
-              find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
-              {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
-                xargs chown -R `id -u`:`id -G | cut -d " " -f2`
-              {{- else }}
-                xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
-              {{- end }}
-              {{- end }}
-              {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
-              chmod -R 777 /dev/shm
-              {{- end }}
-          {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
-          securityContext:
-          {{- else }}
-          securityContext:
-            runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
-          {{- end }}
-          volumeMounts:
-            {{- if .Values.persistence.enabled }}
-            - name: data
-              mountPath: {{ .Values.persistence.mountPath }}
-              subPath: {{ .Values.persistence.subPath }}
-            {{- end }}
-            {{- if .Values.shmVolume.enabled }}
-            - name: dshm
-              mountPath: /dev/shm
-            {{- end }}
-      {{- end }}
-      {{- if .Values.master.extraInitContainers }}
-      {{- tpl .Values.master.extraInitContainers . | nindent 8 }}
-      {{- end }}
-      {{- end }}
-      {{- if .Values.master.priorityClassName }}
-      priorityClassName: {{ .Values.master.priorityClassName }}
-      {{- end }}
-      containers:
-        - name: {{ template "common.fullname" . }}
-          image: {{ template "postgresql.image" . }}
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          {{- if .Values.resources }}
-          resources: {{- toYaml .Values.resources | nindent 12 }}
-          {{- end }}
-          {{- if .Values.securityContext.enabled }}
-          securityContext:
-            runAsUser: {{ .Values.securityContext.runAsUser }}
-          {{- end }}
-          env:
-            - name: BITNAMI_DEBUG
-              value: {{ ternary "true" "false" .Values.image.debug | quote }}
-            - name: POSTGRESQL_PORT_NUMBER
-              value: "{{ template "postgresql.port" . }}"
-            - name: POSTGRESQL_VOLUME_DIR
-              value: "{{ .Values.persistence.mountPath }}"
-            {{- if .Values.postgresqlInitdbArgs }}
-            - name: POSTGRES_INITDB_ARGS
-              value: {{ .Values.postgresqlInitdbArgs | quote }}
-            {{- end }}
-            {{- if .Values.postgresqlInitdbWalDir }}
-            - name: POSTGRES_INITDB_WALDIR
-              value: {{ .Values.postgresqlInitdbWalDir | quote }}
-            {{- end }}
-            {{- if .Values.initdbUser }}
-            - name: POSTGRESQL_INITSCRIPTS_USERNAME
-              value: {{ .Values.initdbUser }}
-            {{- end }}
-            {{- if .Values.initdbPassword }}
-            - name: POSTGRESQL_INITSCRIPTS_PASSWORD
-              value: {{ .Values.initdbPassword }}
-            {{- end }}
-            {{- if .Values.persistence.mountPath }}
-            - name: PGDATA
-              value: {{ .Values.postgresqlDataDir | quote }}
-            {{- end }}
-            {{- if .Values.replication.enabled }}
-            - name: POSTGRES_REPLICATION_MODE
-              value: "master"
-            - name: POSTGRES_REPLICATION_USER
-              value: {{ include "postgresql.replication.username" . | quote }}
-            {{- if .Values.usePasswordFile }}
-            - name: POSTGRES_REPLICATION_PASSWORD_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
-            {{- else }}
-            - name: POSTGRES_REPLICATION_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-replication-password
-            {{- end }}
-            {{- if not (eq .Values.replication.synchronousCommit "off")}}
-            - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
-              value: {{ .Values.replication.synchronousCommit | quote }}
-            - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
-              value: {{ .Values.replication.numSynchronousReplicas | quote }}
-            {{- end }}
-            - name: POSTGRES_CLUSTER_APP_NAME
-              value: {{ .Values.replication.applicationName }}
-            {{- end }}
-            {{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
-            {{- if .Values.usePasswordFile }}
-            - name: POSTGRES_POSTGRES_PASSWORD_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
-            {{- else }}
-            - name: POSTGRES_POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-postgres-password
-            {{- end }}
-            {{- end }}
-            - name: POSTGRES_USER
-              value: {{ include "postgresql.username" . | quote }}
-            {{- if .Values.usePasswordFile }}
-            - name: POSTGRES_PASSWORD_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-password"
-            {{- else }}
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-password
-            {{- end }}
-            - name: PGSSLMODE
-              value: "verify-ca"
-            - name: PGSSLCERT
-              value: "/opt/tip-wlan/certs/postgresclientcert.pem"
-            - name: PGSSLKEY
-              value: "/opt/tip-wlan/certs/postgresclientkey_dec.pem"
-            - name: PGSSLROOTCERT
-              value: "/opt/tip-wlan/certs/cacert.pem"
-            - name: POSTGRESQL_ENABLE_TLS
-              value: "yes"              
-            - name: POSTGRESQL_TLS_CERT_FILE
-              value: "/opt/tip-wlan/certs/servercert.pem"
-            - name: POSTGRESQL_TLS_KEY_FILE
-              value: "/opt/tip-wlan/certs/serverkey_dec.pem"
-            - name: POSTGRESQL_TLS_CA_FILE
-              value: "/opt/tip-wlan/certs/cacert.pem"
-              {{- if (include "postgresql.database" .) }}
-            - name: POSTGRES_DB
-              value: {{ (include "postgresql.database" .) | quote }}
-            {{- end }}
-            {{- if .Values.extraEnv }}
-            {{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
-            {{- end }}
-            - name: POSTGRESQL_ENABLE_LDAP
-              value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }}
-            {{- if .Values.ldap.enabled }}
-            - name: POSTGRESQL_LDAP_SERVER
-              value: {{ .Values.ldap.server }}
-            - name: POSTGRESQL_LDAP_PORT
-              value: {{ .Values.ldap.port | quote }}
-            - name: POSTGRESQL_LDAP_SCHEME
-              value: {{ .Values.ldap.scheme }}
-            {{- if .Values.ldap.tls }}
-            - name: POSTGRESQL_LDAP_TLS
-              value: "1"
-            {{- end}}
-            - name: POSTGRESQL_LDAP_PREFIX
-              value: {{ .Values.ldap.prefix | quote }}
-            - name: POSTGRESQL_LDAP_SUFFIX
-              value: {{ .Values.ldap.suffix | quote}}
-            - name: POSTGRESQL_LDAP_BASE_DN
-              value: {{ .Values.ldap.baseDN }}
-            - name: POSTGRESQL_LDAP_BIND_DN
-              value: {{ .Values.ldap.bindDN }}
-            {{- if (not (empty .Values.ldap.bind_password)) }}
-            - name: POSTGRESQL_LDAP_BIND_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-ldap-password
-            {{- end}}
-            - name: POSTGRESQL_LDAP_SEARCH_ATTR
-              value: {{ .Values.ldap.search_attr }}
-            - name: POSTGRESQL_LDAP_SEARCH_FILTER
-              value: {{ .Values.ldap.search_filter }}
-            - name: POSTGRESQL_LDAP_URL
-              value: {{ .Values.ldap.url }}
-            {{- end}}
-          {{- if .Values.extraEnvVarsCM }}
-          envFrom:
-            - configMapRef:
-                name: {{ tpl .Values.extraEnvVarsCM . }}
-          {{- end }}
-          ports:
-            - name: tcp-postgresql
-              containerPort: {{ template "postgresql.port" . }}
-          {{- if .Values.livenessProbe.enabled }}
-          livenessProbe:
-            exec:
-              command:
-                - /bin/sh
-                - -c
-                {{- if (include "postgresql.database" .) }}
-                - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
-                {{- else }}
-                - exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
-                {{- end }}
-            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- if .Values.readinessProbe.enabled }}
-          readinessProbe:
-            exec:
-              command:
-                - /bin/sh
-                - -c
-                - -e
-                {{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
-            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
-          {{- end }}
-          volumeMounts:
-            {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
-            - name: custom-init-scripts
-              mountPath: /docker-entrypoint-initdb.d/
-            {{- end }}
-            {{- if .Values.initdbScriptsSecret }}
-            - name: custom-init-scripts-secret
-              mountPath: /docker-entrypoint-initdb.d/secret
-            {{- end }}
-            {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
-            - name: postgresql-extended-config
-              mountPath: /bitnami/postgresql/conf/conf.d/
-            {{- end }}
-            {{- if .Values.usePasswordFile }}
-            - name: postgresql-password
-              mountPath: /opt/bitnami/postgresql/secrets/
-            {{- end }}
-            {{- if .Values.shmVolume.enabled }}
-            - name: dshm
-              mountPath: /dev/shm
-            {{- end }}
-            {{- if .Values.persistence.enabled }}
-            - name: data
-              mountPath: {{ .Values.persistence.mountPath }}
-              subPath: {{ .Values.persistence.subPath }}
-            {{- end }}
-            {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
-            - name: postgresql-config
-              mountPath: /bitnami/postgresql/conf
-            {{- end }}
-            - mountPath: /opt/tip-wlan/certs
-              name: postgresql-certs-transfer
-            {{- if .Values.master.extraVolumeMounts }}
-            {{- toYaml .Values.master.extraVolumeMounts | nindent 12 }}
-            {{- end }}
-{{- if .Values.master.sidecars }}
-{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }}
-{{- end }}
-{{- if .Values.metrics.enabled }}
-        - name: metrics
-          image: {{ template "postgresql.metrics.image" . }}
-          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
-         {{- if .Values.metrics.securityContext.enabled }}
-          securityContext:
-            runAsUser: {{ .Values.metrics.securityContext.runAsUser }}
-        {{- end }}
-          env:
-            {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }}
-            - name: DATA_SOURCE_URI
-              value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }}
-            {{- if .Values.usePasswordFile }}
-            - name: DATA_SOURCE_PASS_FILE
-              value: "/opt/bitnami/postgresql/secrets/postgresql-password"
-            {{- else }}
-            - name: DATA_SOURCE_PASS
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "postgresql.secretName" . }}
-                  key: postgresql-password
-            {{- end }}
-            - name: DATA_SOURCE_USER
-              value: {{ template "postgresql.username" . }}
-          {{- if .Values.livenessProbe.enabled }}
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http-metrics
-            initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- if .Values.readinessProbe.enabled }}
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http-metrics
-            initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
-          {{- end }}
-          volumeMounts:
-            {{- if .Values.usePasswordFile }}
-            - name: postgresql-password
-              mountPath: /opt/bitnami/postgresql/secrets/
-            {{- end }}
-            {{- if .Values.metrics.customMetrics }}
-            - name: custom-metrics
-              mountPath: /conf
-              readOnly: true
-          args: ["--extend.query-path", "/conf/custom-metrics.yaml"]
-            {{- end }}
-          ports:
-            - name: http-metrics
-              containerPort: 9187
-          {{- if .Values.metrics.resources }}
-          resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
-          {{- end }}
-{{- end }}
-      volumes:
-        {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
-        - name: postgresql-config
-          configMap:
-            name: {{ template "postgresql.configurationCM" . }}
-        {{- end }}
-        - name: postgresql-certs
-          secret:
-            secretName: {{ include "common.fullname" . }}-certs
-        - name: postgresql-certs-transfer
-          emptyDir: {}
-        {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
-        - name: postgresql-extended-config
-          configMap:
-            name: {{ template "postgresql.extendedConfigurationCM" . }}
-        {{- end }}
-        {{- if .Values.usePasswordFile }}
-        - name: postgresql-password
-          secret:
-            secretName: {{ template "postgresql.secretName" . }}
-        {{- end }}
-        {{- if  or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
-        - name: custom-init-scripts
-          configMap:
-            name: {{ template "postgresql.initdbScriptsCM" . }}
-        {{- end }}
-        {{- if .Values.initdbScriptsSecret }}
-        - name: custom-init-scripts-secret
-          secret:
-            secretName: {{ template "postgresql.initdbScriptsSecret" . }}
-        {{- end }}
-        {{- if .Values.master.extraVolumes }}
-        {{- toYaml .Values.master.extraVolumes | nindent 8 }}
-        {{- end }}
-        {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
-        - name: custom-metrics
-          configMap:
-            name: {{ template "postgresql.metricsCM" . }}
-        {{- end }}
-        {{- if .Values.shmVolume.enabled }}
-        - name: dshm
-          emptyDir:
-            medium: Memory
-            sizeLimit: 1Gi
-        {{- end }}
-{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
-        - name: data
-          persistentVolumeClaim:
-{{- with .Values.persistence.existingClaim }}
-            claimName: {{ tpl . $ }}
-{{- end }}
-{{- else if not .Values.persistence.enabled }}
-        - name: data
-          emptyDir: {}
-{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-  volumeClaimTemplates:
-    - metadata:
-        name: data
-      {{- with .Values.persistence.annotations }}
-        annotations:
-        {{- range $key, $value := . }}
-          {{ $key }}: {{ $value }}
-        {{- end }}
-      {{- end }}
-      spec:
-        accessModes:
-        {{- range .Values.persistence.accessModes }}
-          - {{ . | quote }}
-        {{- end }}
-        resources:
-          requests:
-            storage: {{ .Values.persistence.size | quote }}
-        {{ include "postgresql.storageClass" . }}
-{{- end }}

tip-wlan/charts/postgresql/templates/svc-headless.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "common.fullname" . }}-headless
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-    - name: tcp-postgresql
-      port: {{ template "postgresql.port" . }}
-      targetPort: tcp-postgresql
-  selector:
-    app: {{ template "common.name" . }}
-    release: {{ .Release.Name | quote }}

tip-wlan/charts/postgresql/templates/svc-read.yaml

@@ -1,47 +0,0 @@
-{{- if .Values.replication.enabled }}
-{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}}
-{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}}
-{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}}
-{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}}
-{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}}
-{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "common.fullname" . }}-read
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
-    heritage: {{ .Release.Service | quote }}
-  annotations:
-  {{- if .Values.commonAnnotations }}
-  {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-  {{- if $serviceAnnotations }}
-  {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ $serviceType }}
-  {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }}
-  loadBalancerIP: {{ $serviceLoadBalancerIP }}
-  {{- end }}
-  {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }}
-  loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }}
-  {{- end }}
-  {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }}
-  clusterIP: {{ $serviceClusterIP }}
-  {{- end }}
-  ports:
-    - name: tcp-postgresql
-      port:  {{ template "postgresql.port" . }}
-      targetPort: tcp-postgresql
-      {{- if $serviceNodePort }}
-      nodePort: {{ $serviceNodePort }}
-      {{- end }}
-  selector:
-    app: {{ template "common.name" . }}
-    release: {{ .Release.Name | quote }}
-    role: slave
-{{- end }}