Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-20 19:39:08 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:NGINX-Testing
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
..
compare: Telecominfraproject:microk8s-patch-1
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

67 Commits
NGINX-Test ... microk8s-p

Author SHA1 Message Date
Chris Busch
76fca7ef14 New microk8s with metallb deployment file 
Signed-off-by: Chris Busch <cbusch@fb.com>
 2021-01-17 15:08:09 -05:00
Max
e5d5c92f61 decrease cpu requests (#45) 2021-01-14 17:43:39 +01:00
Max
b2d8d7b205 WIFI-990 prefix ap debug ports (#34) 
* WIFI-990: disable hardcoded NodePort for AWS deployments
* add prefix to AP debug ports
* update debug port range in port-forwarding run.sh

Co-authored-by: Eugene Taranov <eugene@opsfleet.com>
 2021-01-11 14:34:20 +01:00
Max
0a1f9abd00 WIFI-1259 disable kube-score validation (#44) 
* disable kube-score validation
 2021-01-11 10:24:20 +01:00
Max
63a175bd29 WIFI-1246 add default CPU/memory limits/requests (#42) 
* add default CPU/memory limits/requests
* set minimum values to 128Mi and 500m
 2021-01-05 18:15:38 +01:00
Max
ee606a6204 remove reference of Toolsmith repo branch (#43) 2021-01-04 18:34:25 +01:00
Max
448ad243a4 add prototype of workflow (#39) 
* add prototype of workflow
* generate Helm values for PR deployment
* add proper test
 2021-01-04 18:14:22 +01:00
Max
174f1a4308 WIFI-1207 add example values for a multi namespace deployment (#41) 
* add example value for a multi namespace deployment
 2021-01-04 12:09:44 +01:00
Max
83c14c6548 WIFI-1238 set all imagePullPolicies to Always (#38) 
* set all imagePullPolicies to Always
* use chart-level and global image pull policy
* make images configurable
 2020-12-23 12:13:09 +01:00
Max
4960fb3654 add default server cert for Ingresses (#36) 2020-12-22 18:34:31 +01:00
Max
2550ed3ec2 replace hardcoded PSQL references (#35) 2020-12-22 17:43:53 +01:00
AkshayJagadish-ne
786fb43652 Merge pull request #37 from Telecominfraproject/zone3-albingress-testing 
Changed mqtt version to 2.0.3 for more logs
 2020-12-22 11:35:30 -05:00
Akshay Jagadish
ea829b67c8 Increase mqtt logging 2020-12-22 11:00:53 -05:00
Akshay Jagadish
63163f7520 Changed version to 2.0.3 for more logs 2020-12-21 19:07:59 -05:00
Max
3c1afd50cb Merge pull request #32 from Telecominfraproject/WIFI-1199-fix-cassandra-headless-hostname 
WIFI-1199 fix cassandra headless hostname
 2020-12-17 16:13:46 +01:00
Max
f46612fa61 Merge pull request #33 from Telecominfraproject/WIFI-1120-remove-hardcoded-kafka-references 
WIFI-1120 remove hardcoded kafka references
 2020-12-17 15:43:18 +01:00
Max Brenner
f10c416e19 add missing env variable for Kafka 2020-12-17 14:52:54 +01:00
Max Brenner
b5a47cc61c use common include for Cassandra headless service 2020-12-15 12:35:27 +01:00
Max Brenner
fac4df0a64 remove hardcoded reference from Cassandra test config 2020-12-15 12:34:32 +01:00
Max Brenner
5b81f38a0c remove hardcoded Kafka headless service references 2020-12-15 11:45:37 +01:00
Max Brenner
13cac13445 remove hardcoded reference in Kafka config 2020-12-14 18:31:58 +01:00
Max Brenner
2174cd4971 preserve newlines in config map 2020-12-14 18:19:58 +01:00
Max Brenner
ab6a4528d8 dynamically adjust references to Cassandra headless service 2020-12-14 17:56:05 +01:00
Dmitry Toptygin
6a846f9358 added scalability section with known tunable parameters into opensync-gw-cloud, wlan-portal-service, wlan-prov-service, wlan-spc-service, wlan-ssc-service. provided an example of overrides for those parameters in tip-wlan/resources/environments/dev-local.yaml 2020-12-09 16:35:51 -05:00
Dmitry Toptygin
8bd62a3dc6 second attempt to use explicit string as the value of environment variable tip_wlan_ovsdb_listener_threadPoolSize 2020-12-09 15:18:44 -05:00
Dmitry Toptygin
4ad3bb3b0c use explicit string as the value of environment variable tip_wlan_ovsdb_listener_threadPoolSize 2020-12-09 15:08:31 -05:00
Dmitry Toptygin
22ab0dbcf0 in opensync-gw-cloud exposed a property tip_wlan_ovsdb_listener_threadPoolSize 2020-12-09 14:00:59 -05:00
eugenetaranov-opsfleet
0c6f53eb9e WIFI-991: alb ingress (#29) 
* rebased

* removed map-hash-bucket-size from nginx config map

* synced requests/limits for cassandra

* enabled alb for graphql and static

* added plain http

* added ingress + alb for tip-wlan-wlan-portal-service

* enabled http->https redirect for ingress/alb services

* enabled nlb for opensync-gw-cloud and mqtt services

* disabled nginx ingress

* refactored service annotations

* sync: works

* disabled nodePort hardcoded value for wlan-portal-service AWS deployment

* synced helm values

* sync

* fix prov service ssl creds

* enabled efs

* sync dev-amazon-tip from master

* disabled nodeport static for opensync-gw-cloud

* wlan-port-forwarding-gateway-service nodeport static

* opensync-mqttt-broker nodeport static

* removed whitespace in tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

* renamed nodePort_static

* renamed alb_https_redirect

* added comment to nodePortStatic

* added a comment to   lb_https_redirect

Co-authored-by: Eugene Taranov <eugene@taranov.me>
 2020-12-03 12:48:52 +03:00
eugenetaranov-opsfleet
b5ff727d92 WIFI-752: healthchecks cloudsdk (#28) 
* opensync-gw-cloud healthchecks

* added sha image ref

* upd depends-on to latest tag
 2020-12-02 09:56:07 +03:00
AkshayJagadish-ne
d6a6caf2b3 Merge pull request #25 from Telecominfraproject/Reversion 
Reverted lb auto-provisioning changes due to issues with qa deployment
 2020-11-20 18:25:27 -05:00
Akshay Jagadish
0a9968fb5b changed testcluster to demo as a part of reversion 2020-11-20 18:18:48 -05:00
Akshay Jagadish
b5e1ae767f resolved conflict 2020-11-20 17:25:27 -05:00
AkshayJagadish-ne
58434b97e3 Merge pull request #24 from Telecominfraproject/NETEXP-485 
added readme
 2020-11-20 14:25:14 -05:00
Akshay Jagadish
c370a7f9de adde readme 2020-11-20 13:28:06 -05:00
AkshayJagadish-ne
c84c9357e7 Merge pull request #23 from Telecominfraproject/NETEXP-485 
NETEXP-485: reorganized fields to support external address and port customization
 2020-11-19 00:18:41 -05:00
Akshay Jagadish
59fbd585a3 reverted fqdn change 2020-11-19 00:15:15 -05:00
Akshay Jagadish
04a3cd4c40 NETEXP-485: reorganized fields to support old netexp-485 merge 2020-11-19 00:12:01 -05:00
AkshayJagadish-ne
9dd7585298 Merge pull request #22 from Telecominfraproject/NETEXP-485 
NETEXP-485
 2020-11-18 18:22:15 -05:00
Akshay Jagadish
052d03c056 Grouped env variables and seperated port/address fields for 
opensync-externalhost
 2020-11-18 13:59:19 -05:00
eugenetaranov-opsfleet
d113550060 WIFI-991: alb ingress (#21) 
* synced requests/limits for cassandra

* enabled alb for graphql and static

* added ingress + alb for tip-wlan-wlan-portal-service

* enabled http->https redirect for ingress/alb services

* enabled nlb for opensync-gw-cloud and mqtt services

* disabled nginx ingress

* refactored service annotations

* disabled nodePort hardcoded value for wlan-portal-service AWS deployment
 2020-11-18 18:36:30 +03:00
Akshay Jagadish
972827d7dc NETEXP-485 
added support for overriding external host ports
 2020-11-16 18:25:31 -05:00
Rahul Sharma
0bf4009350 Merge pull request #20 from Telecominfraproject/RemoveCloudDeploymentFlag 
Remove CloudDeployment flag from Helm charts.
 2020-11-04 19:54:43 -05:00
Rahul Sharma
dfa6bfc728 Remove CloudDeployment flag from Helm charts. 
Not needed if pods(running in local env) can reach Jfrog to retrieve schema.
 2020-11-04 18:54:41 -05:00
eugenetaranov-opsfleet
2adf0ae0ef local development env with minikube (#19) 
* - added dev-local.yaml values file;
- updated README;

* - enabling logs;

* - removed hardcoded credentials;

* cleanup

* upd docs

* removed hardcoded values in kafka/admin-client.properties
 2020-10-28 20:29:19 +03:00
eugenetaranov-opsfleet
a996f58f4d Revert minikube branch (#18) 
* Revert "cloudsdk for minikube local environment (#9)"

This reverts commit 6af16ea911.

* Revert "fixed missing values in wlan-prov (#17)"

This reverts commit bd2a939b90.
 2020-10-22 19:13:45 +03:00
eugenetaranov-opsfleet
bd2a939b90 fixed missing values in wlan-prov (#17) 2020-10-22 18:17:38 +03:00
eugenetaranov-opsfleet
6af16ea911 cloudsdk for minikube local environment (#9) 
* minikube local deployment;
minor refactoring of duplicated healthchecks

* fix readinessProbe for mqtt

* reverted tip-wlan/resources/environments/dev-amazon-tip.yaml

* templated cassandra-application.conf

* removed common:

* removed comments

* rolled back DUMMY_PASSWORD

* rollback password

* templated user/passwd for cassandra

Co-authored-by: Eugene Taranov <eugene@taranov.me>
 2020-10-21 22:47:00 +03:00
Rahul Sharma
a5f3594b35 Updated the VisibleHostName property in run.sh in the port-forwarder chart 2020-10-09 13:16:32 -04:00
AkshayJagadish-ne
9259e8c168 Merge pull request #15 from Telecominfraproject/AJ 
Changes to support Port forwarding gateway properties
 2020-10-08 13:23:18 -04:00
Akshay Jagadish
d41af1c6c0 Changes to support Port forwarding gateway properties 2020-10-08 13:22:16 -04:00
AkshayJagadish-ne
af9efe1970 Merge pull request #14 from Telecominfraproject/AJsBranch 
correction in pg_hba.cong: changed ::0 to ::/0
 2020-10-07 22:55:29 -04:00
Akshay Jagadish
a1f14776ef correction in pg_hba.cong: changed ::0 to ::/0 2020-10-07 22:53:48 -04:00
AkshayJagadish-ne
be8419e950 Merge pull request #13 from Telecominfraproject/AJsBranch 
Reverting changes
 2020-10-07 20:07:39 -04:00
Akshay Jagadish
514d6b7085 Reverting changes 2020-10-07 20:05:34 -04:00
AkshayJagadish-ne
554ffeb425 Merge pull request #12 from Telecominfraproject/AJsBranch 
Changes to support Port-forwarding-gateway properties: PF_GATEWAY_EXT_HOST and  PF_GATEWAY_EXT_PORT
 2020-10-07 19:33:21 -04:00
Akshay Jagadish
eab613b458 Created seperate 'externallyVisible' field with host and port values of 
wlan-port-forwarding-gateway-service
 2020-10-07 19:28:52 -04:00
Akshay Jagadish
bed988a49f Changes to support Port forwarding gateway properties 
PF_GATEWAY_EXT_HOST and  PF_GATEWAY_EXT_PORT
 2020-10-07 17:09:55 -04:00
Rahul Sharma
7a12cc59f9 Adding IpV6 support in pg_hba.conf and disabling port-forwarding chart in disable-allcharts.yaml 2020-10-07 14:51:28 -04:00
AkshayJagadish-ne
552cd31453 Merge pull request #11 from Telecominfraproject/AJ 
Aj
 2020-10-02 19:27:47 -04:00
Akshay Jagadish
4e4104c8b6 corrections 2020-10-02 19:15:53 -04:00
Akshay Jagadish
ae2afd1a9e removed timestamp 2020-10-02 18:28:56 -04:00
Akshay Jagadish
ae10d4d024 indentation 2020-10-02 16:45:41 -04:00
Akshay Jagadish
bae4ec6afa indentation 2020-10-02 16:44:14 -04:00
Akshay Jagadish
220407760c WIFI-845: Support Kubernetes Deployment Versioning 2020-10-02 14:39:51 -04:00
Akshay Jagadish
012050b8ce Indentation 2020-09-28 14:42:15 -04:00
Akshay Jagadish
33217abda1 Review changes that would be added to deployment testing 2020-09-28 14:40:06 -04:00
Rahul Sharma
21825ae54d WIFI-689: Adjust K8S deployment to open extra ports needed by the PFG process 2020-09-10 16:09:52 -04:00
95 changed files with 2257 additions and 627 deletions
Expand all files Collapse all files

6
.github/workflows/helm-validation.yml vendored
View File

@@ -45,7 +45,8 @@ jobs:
helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
echo "Kube-score test"
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
# will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score - || true
- name: Test glusterfs
working-directory: glusterfs/kube-templates
run: |
@@ -53,4 +54,5 @@ jobs:
/tmp/k8s-validators/kubeval *.yaml
echo "Kube-score test"
/tmp/k8s-validators/kube-score score *.yaml
# will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
/tmp/k8s-validators/kube-score score *.yaml || true

101
.github/workflows/testing.yml vendored Normal file
View File

@@ -0,0 +1,101 @@
name: CloudSDK deployment and testing
env:
PR_NUMBER: ${{ github.event.number }}
AWS_EKS_NAME: tip-wlan-main
AWS_DEFAULT_OUTPUT: json
AWS_DEFAULT_REGION: us-east-2
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
on:
pull_request:
branches: [ master ]
defaults:
run:
shell: bash
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout required repos
uses: actions/checkout@v2
with:
path: wlan-pki-cert-scripts
repository: Telecominfraproject/wlan-pki-cert-scripts
- name: Checkout Cloud SDK repo
uses: actions/checkout@v2
with:
path: wlan-cloud-helm
repository: Telecominfraproject/wlan-cloud-helm
- name: Checkout helm values repo
uses: actions/checkout@v2
with:
path: Toolsmith
repository: Telecominfraproject/Toolsmith
token: ${{ secrets.PAT_TOKEN }}
- name: Generate Helm values file
run: |
./Toolsmith/helm-values/aws-cicd-pr-deployment.yaml.sh ${{ env.PR_NUMBER }} > pr-deployment.yaml
- name: Generate certs
working-directory: wlan-pki-cert-scripts
run: |
./generate_all.sh
./copy-certs-to-helm.sh ../wlan-cloud-helm
- name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
run: |
aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Deploy Cloud SDK
run: |
# using a timeout of 20 minutes as the EKS nodes may need to be scaled which takes some time
helm upgrade --install tip-wlan-pr-${{ env.PR_NUMBER }} wlan-cloud-helm/tip-wlan -f pr-deployment.yaml --namespace default --wait --timeout 20m
test:
runs-on: ubuntu-latest
needs: [ deploy ]
steps:
- name: Execute tests
run: |
echo Running tests...
# this is needed to make until work
set +e
urls="https://wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build/graphql"
for url in $urls; do
max_retry=300
counter=0
until curl --silent $url > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $url not reachable. trying again..."
((counter++))
done
echo Successfully reached URL $url
done
echo Tests were successful
cleanup:
runs-on: ubuntu-latest
needs: [ deploy, test ]
if: ${{ always() }}
steps:
- name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
run: |
aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Delete Cloud SDK Helm release
run: |
helm delete tip-wlan-pr-${{ env.PR_NUMBER }} --namespace default || true
- name: Delete namespace
run: |
kubectl delete ns tip-pr-${{ env.PR_NUMBER }} --wait=true --ignore-not-found true

129
README.md
View File

@@ -45,3 +45,132 @@ This repository contains helm charts for various deployment types of the tip wla
- Run the following command under tip-wlan-helm directory _after_ the components are running:
- helm test <RELEASE_NAME> -n default
(For more details add --debug flag to the above command)
# Local environment
In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
```
mqtt-server.cnf:
-commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build
+commonName_default = opensync-mqtt-broker.wlan.local
openssl-server.cnf:
-DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build
-DNS.2 = opensync-controller.zone1.lab.wlan.tip.build
+DNS.1 = opensync-redirector.wlan.local
+DNS.2 = opensync-controller.wlan.local
DNS.3 = tip-wlan-postgresql
-DNS.4 = ftp.example.com
```
In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
Optionally, in order to speedup first and subsequent runs, you may cache some images:
```
minikube cache add zookeeper:3.5.5
minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
minikube cache add postgres:latest
minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
minikube cache add eclipse-mosquitto:latest
minikube cache add opsfleet/depends-on
```
These images may occasionally need to be updated with these commands:
```
minikube cache reload ## reload images from the upstream
eval $( minikube docker-env )
for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
minikube cache add $img;
done
```
Run minikube:
```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
Deploy CloudSDK chart:
```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
Kubefwd:
kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
Forward to all interfaces (useful if you need to connect from other devices in your local network):
```
sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
```
Kubectl port forwarding (alternative to kubefwd):
```
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
```
Add certificate to the trust store.
Firefox:
1. Open settings, `Privacy and security`, `View certificates`.
2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
Repeat the step for `https://wlan-ui-graphql.wlan.local`
Chrome and other browsers using system certificate store:
1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
```
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
-----END CERTIFICATE-----
```
2. Double click on it, enter the system admin password, if prompted.

2
tip-wlan/charts/cassandra/resources/config/cqlshrc.tip-wlan → tip-wlan/charts/cassandra/files/cqlshrc.tip-wlan
View File

@@ -72,7 +72,7 @@ color = on
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
hostname = {{ include "cassandra.service" . }}
;; The port to connect to (9042 is the native protocol default)
port = 9042

1
tip-wlan/charts/cassandra/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1 @@
Contains certs needed for this service to start. Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

1
tip-wlan/charts/cassandra/resources/config/certs/keystore_creds
View File

@@ -1 +0,0 @@
mypassword

1
tip-wlan/charts/cassandra/resources/config/certs/truststore_creds
View File

@@ -1 +0,0 @@
mypassword

2
tip-wlan/charts/cassandra/templates/configmap.yaml
View File

@@ -5,3 +5,5 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
cqlshrc.tip-wlan: |
{{ tpl (.Files.Get "files/cqlshrc.tip-wlan") . | nindent 4 }}

2
tip-wlan/charts/cassandra/templates/headless-svc.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
name: {{ include "cassandra.service" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}

7
tip-wlan/charts/cassandra/templates/secret.yaml
View File

@@ -24,9 +24,9 @@ metadata:
type: Opaque
data:
truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
truststore-password: {{ .Files.Get "resources/config/certs/truststore_creds" | b64enc }}
truststore-password: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ .Files.Get "resources/config/certs/keystore_creds" | b64enc }}
keystore-password: {{ .Values.creds.sslKeystorePassword | b64enc }}
---
apiVersion: v1
kind: Secret
@@ -36,4 +36,5 @@ metadata:
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}

1
tip-wlan/charts/cassandra/templates/tests/test-cassandra-record-insert-del.yaml
View File

@@ -12,6 +12,7 @@ spec:
containers:
- name: {{ include "common.name" . }}-test-cassandra-basic
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c

26
tip-wlan/charts/cassandra/values.yaml
View File

@@ -22,7 +22,7 @@ image:
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@@ -134,16 +134,12 @@ persistence:
## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# memory: 4Gi
requests: {}
# cpu: 2
# memory: 4Gi
limits:
cpu: "1"
memory: 8Gi
requests:
cpu: 500m
memory: 3Gi
## Secret with keystore, keystore password, truststore, truststore password
##
@@ -297,7 +293,7 @@ metrics:
enabled: false
image:
registry: docker.io
pullPolicy: IfNotPresent
pullPolicy: Always
repository: bitnami/cassandra-exporter
tag: 2.3.4-debian-10-r119
## Optionally specify an array of imagePullSecrets.
@@ -326,3 +322,9 @@ metrics:
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
creds:
sslKeystorePassword: DUMMY_PASSWORD
sslTruststorePassword: DUMMY_PASSWORD
cassandra:
url: cassandra-headless

43
tip-wlan/charts/common/templates/_ports.tpl Normal file
View File

@@ -0,0 +1,43 @@
{{/*
This template will be used to iterate through the access point debug ports and generate
access point debug ports mapping
*/}}
{{- define "apDebugPortsStart" -}}
{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
{{- printf "%d%d" $portPrefix $start -}}
{{- end -}}
{{- define "apDebugPortsEnd" -}}
{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
{{- printf "%d%d" $portPrefix $end -}}
{{- end -}}
{{- define "container.dev.apDebugPorts" -}}
{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
{{- range $index, $port := $accessPointDebugPorts }}
- name: apdebugport-{{ $index }}
containerPort: {{ $port }}
protocol: TCP
{{- end }}
{{- end -}}
{{- define "service.dev.apDebugPorts" -}}
{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
{{- range $index, $port := $accessPointDebugPorts }}
- port: {{ $port }}
targetPort: {{ $port }}
protocol: TCP
name: apdebugport-{{ $index }}
{{- if eq $.Values.service.type "NodePort" }}
nodePort: {{ $port }}
{{- end }}
{{- end }}
{{- end -}}

11
tip-wlan/charts/kafka/resources/config/admin-client.properties
View File

@@ -1,11 +0,0 @@
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password=mypassword
ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
ssl.keystore.password=mypassword
ssl.keystore.type=PKCS12
ssl.truststore.location=/etc/kafka/secrets/truststore.jks
ssl.truststore.password=mypassword
ssl.truststore.type=JKS
bootstrap.servers=tip-wlan-kafka-headless:9093

1
tip-wlan/charts/kafka/resources/config/certs/key_creds
View File

@@ -1 +0,0 @@
mypassword

1
tip-wlan/charts/kafka/resources/config/certs/keystore_creds
View File

@@ -1 +0,0 @@
mypassword

1
tip-wlan/charts/kafka/resources/config/certs/truststore_creds
View File

@@ -1 +0,0 @@
mypassword

12
tip-wlan/charts/kafka/templates/configmap.yaml
View File

@@ -4,4 +4,14 @@ metadata:
name: {{ include "common.fullname" . }}-clientconfig
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/admin-client.properties").AsConfig . | indent 2 }}
admin-client.properties: |
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
ssl.keystore.type=PKCS12
ssl.truststore.location=/etc/kafka/secrets/truststore.jks
ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
ssl.truststore.type=JKS
bootstrap.servers={{ include "kafka.service" . }}:9093

1
tip-wlan/charts/kafka/templates/job-config.yaml
View File

@@ -23,6 +23,7 @@ spec:
containers:
- name: {{ include "common.fullname" . }}-config
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ .Values.imagePullPolicy | default .Values.global.pullPolicy }}
command: ["/usr/local/script/runtimeConfig.sh"]
volumeMounts:
- name: config-volume

12
tip-wlan/charts/kafka/templates/secret.yaml
View File

@@ -1,8 +1,18 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}

2
tip-wlan/charts/kafka/templates/service-headless.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
name: {{ include "kafka.service" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}

9
tip-wlan/charts/kafka/templates/statefulset.yaml
View File

@@ -1,5 +1,6 @@
{{- $advertisedListenersOverride := first (pluck "advertised.listeners" .Values.configurationOverrides) }}
{{- $zk := include "zookeeper.service" . -}}
{{- $kafka := include "kafka.service" . -}}
{{- $ns := include "common.namespace" . -}}
apiVersion: apps/v1
kind: StatefulSet
@@ -12,7 +13,7 @@ spec:
selector:
matchLabels:
{{- include "kafka.broker.matchLabels" . | nindent 6 }}
serviceName: {{ include "common.fullname" . }}-headless
serviceName: {{ $kafka }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
@@ -119,6 +120,8 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KAFKA_ADVERTISED_LISTENERS
value: "SSL://{{ $kafka }}:9093"
- name: KAFKA_HEAP_OPTS
value: {{ .Values.kafkaHeapOptions }}
- name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
@@ -164,9 +167,9 @@ spec:
export LOAD_BALANCER_IP=$(echo '{{ .Values.external.loadBalancerIP }}' | tr -d '[]' | cut -d ' ' -f "$(($KAFKA_BROKER_ID + 1))") && \
{{- end }}
{{- if eq .Values.external.type "NodePort" }}
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092,SSL://{{ $kafka }}:9093{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
{{- else }}
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092,SSL://{{ $kafka }}:9093{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
{{- end }}
exec /etc/confluent/docker/run
volumeMounts:

1
tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml
View File

@@ -10,6 +10,7 @@ spec:
containers:
- name: {{ include "common.name" . }}-test-consume
image: {{ .Values.image }}:{{ .Values.imageTag }}
imagePullPolicy: {{ .Values.imagePullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c

34
tip-wlan/charts/kafka/values.yaml
View File

@@ -15,17 +15,17 @@ imageTag: "5.0.1" # Confluent image for Kafka 2.0.0
## Specify a imagePullPolicy
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
imagePullPolicy: "IfNotPresent"
imagePullPolicy: "Always"
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# cpu: 200m
# memory: 1536Mi
# requests:
# cpu: 100m
# memory: 1024Mi
resources:
limits:
cpu: 500m
memory: 2Gi
requests:
cpu: 50m
memory: 1Gi
kafkaHeapOptions: "-Xmx1G -Xms1G"
## Optional Container Security context
@@ -188,7 +188,7 @@ configurationOverrides:
# "ssl.key.credentials": "mypassword"
# "ssl.truststore.filename": "kafka_server_keystore.jks"
# "ssl.truststore.credentials": "mypassword"
advertised.listeners: SSL://tip-wlan-kafka-headless:9093
# advertised.listeners: SSL://tip-wlan-kafka-headless:9093
ssl.client.auth: required
ssl.endpoint.identification.algorithm: ""
security.inter.broker.protocol: SSL
@@ -322,7 +322,13 @@ zookeeper:
## Configure Zookeeper resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources: ~
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 700Mi
## Environmental variables to set in Zookeeper
env:
@@ -353,3 +359,11 @@ zookeeper:
# labelSelector:
# matchLabels:
# release: zookeeper
creds:
sslTruststorePassword: DUMMY_PASSWORD
sslKeystorePassword: DUMMY_PASSWORD
sslKeyPassword: DUMMY_PASSWORD
kafka:
url: kafka-headless

16
tip-wlan/charts/nginx-ingress-controller/values.yaml
View File

@@ -40,7 +40,7 @@ controller:
tag: "1.7.0"
## The pull policy for the Ingress controller image.
pullPolicy: IfNotPresent
pullPolicy: Always
config:
## The name of the ConfigMap used by the Ingress controller.
@@ -92,13 +92,13 @@ controller:
terminationGracePeriodSeconds: 30
## The resources of the Ingress controller pods.
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
resources:
limits:
cpu: 500m
memory: 200Mi
requests:
cpu: 50m
memory: 140Mi
## The tolerations of the Ingress controller pods.
tolerations: []

1
tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml
View File

@@ -73,6 +73,7 @@
<root level="WARN">
<appender-ref ref="logfile"/>
<appender-ref ref="stdout"/>
</root>
</configuration>

149
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -4,7 +4,6 @@
{{- $mqtt := include "mqtt.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $file_store_path := include "filestore.dir.name" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -28,93 +27,26 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-mqtt-readiness
image: eclipse-mosquitto:latest
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
counter=0
while [ $counter -lt 10 ] && [ $status -ne 0 ]
do
echo {{ $mqtt }} service isnt ready. Tried $counter times
sleep 2
counter=`expr $counter + 1`
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
done
if [ $status -eq 0 ]
then
echo {{ $mqtt }} service is ready!
else
echo {{ $mqtt }} service failed to respond after 20 secs
exit 1
fi
volumeMounts:
- mountPath: /certs/cacert.pem
name: certificates
subPath: cacert.pem
- mountPath: /certs/clientcert.pem
name: certificates
subPath: clientcert.pem
- mountPath: /certs/clientkey.pem
name: certificates
subPath: clientkey.pem
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-opensync-mqtt-broker"
- "-service={{ .Release.Name }}-wlan-prov-service"
- "-service={{ .Release.Name }}-wlan-ssc-service"
- -check_interval=5
{{- if .Values.global.integratedDeployment }}
- name: {{ include "common.name" . }}-readiness-int-cloud
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $icc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- else }}
- name: {{ include "common.name" . }}-readiness-prov
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $prov }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
@@ -129,49 +61,22 @@ spec:
echo ${url} service failed to respond after 50 secs
exit 1
fi
- name: {{ include "common.name" . }}-readiness-ssc
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $ssc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -188,7 +93,9 @@ spec:
env:
{{- include "common.env" . | nindent 12 }}
- name: OVSDB_MANAGER
value: {{ .Values.externalhostaddress.ovsdb }}
value: {{ .Values.externalhost.address.ovsdb }}
- name: OVSDB_EXTERNAL_PORT
value: "{{ .Values.externalhost.ports.ovsdb }}"
- name: OVSDB_MANAGER_IP
valueFrom:
fieldRef:
@@ -196,7 +103,9 @@ spec:
- name: MQTT_SERVER_INTERNAL
value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
- name: MQTT_SERVER_EXTERNAL
value: {{ .Values.externalhostaddress.mqtt }}
value: {{ .Values.externalhost.address.mqtt }}
- name: MQTT_BROKER_EXTERNAL_PORT
value: "{{ .Values.externalhost.ports.mqtt }}"
{{- if .Values.global.integratedDeployment }}
- name: INTEGRATED_SERVER
value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
@@ -218,6 +127,22 @@ spec:
value: {{ .Values.ethernetType.wanType }}
- name: DEFAULT_WAN_NAME
value: {{ .Values.ethernetType.wanName }}
- name: tip_wlan_ovsdb_listener_threadPoolSize
value: "{{ .Values.scalability.tip_wlan_ovsdb_listener_threadPoolSize }}"
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates

24
tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: {{ include "common.fullname" . }}-depends-on
apiGroup: rbac.authorization.k8s.io

14
tip-wlan/charts/opensync-gw-cloud/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -12,28 +16,38 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
- port: {{ .Values.service.port4 }}
targetPort: {{ .Values.service.port4 }}
protocol: TCP
name: {{ .Values.service.name4 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port5 }}
targetPort: {{ .Values.service.port5 }}
protocol: TCP
name: {{ .Values.service.name5 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
{{- end }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

64
tip-wlan/charts/opensync-gw-cloud/values.yaml
View File

@@ -57,7 +57,7 @@ probes:
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -77,6 +77,8 @@ service:
port5: 5005
name5: debug
nodePort5: 26
annotations: {}
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
persistence:
enabled: false
@@ -85,9 +87,9 @@ persistence:
# the filestore internal: location of the folder where UI files will be stored
# on the PV
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# can download the files from. Override this value (url) to the configured
# HTTP server in your system
# HTTP server in your system
filestore:
internal: "/tmp/filestore"
url: DUMMY_FILESTORE_HTTPS_URL
@@ -113,13 +115,21 @@ portal:
name: file-store-data
ordinal: 0
# These are list of external HostAddresses for ovsdb, mqtt.
# This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override
# them in dev override file for your respective environments.
externalhostaddress:
ovsdb: opensync-gw-cloud
mqtt: opensync-mqtt-broker
# These are the address and ports for the externalhost
# This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override
# them in dev override file for your respective environments.
# the default values below would be used if not overriden
externalhost:
address:
ovsdb: opensync-gw-cloud
mqtt: opensync-mqtt-broker
ports:
ovsdb: 6640
mqtt: 1883
ethernetType:
lanName: "lan"
@@ -127,6 +137,22 @@ ethernetType:
wanType: "bridge"
wanName: "wan"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
ingress:
enabled: false
annotations: {}
@@ -140,17 +166,13 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 750Mi
requests:
cpu: 50m
memory: 500Mi
nodeSelector: {}

2
tip-wlan/charts/opensync-gw-static/resources/config/logback.xml
View File

@@ -68,7 +68,7 @@
-->
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>

6
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -24,8 +24,12 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:

11
tip-wlan/charts/opensync-mqtt-broker/resources/config/mosquitto.conf
View File

@@ -7,6 +7,17 @@ allow_anonymous false
allow_duplicate_messages true
autosave_interval 900
log_dest file /mosquitto/log/mosquitto.log
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S
log_type error
log_type warning
log_type notice
log_type information
# log_type debug
# log_type websockets
# log_type subscribe
# log_type all
connection_messages true
max_queued_bytes 0
max_queued_messages 0
message_size_limit 0

8
tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -12,11 +16,15 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

5
tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
View File

@@ -45,7 +45,8 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-init-dir-ownership-change
image: alpine:3.6
image: {{ .Values.alpine.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
# Change ownership to `mosquitto` user for a mounted volume
command:
- sh
@@ -63,7 +64,7 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:

25
tip-wlan/charts/opensync-mqtt-broker/values.yaml
View File

@@ -6,7 +6,10 @@ replicaCount: 1
image:
name: eclipse-mosquitto
tag: latest
tag: 2.0.3
alpine:
image: alpine:3.6
nameOverride: ""
fullnameOverride: ""
@@ -61,6 +64,8 @@ service:
port2: 9001
name2: debug
nodePort2: 32
annotations: {}
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
ingress:
enabled: false
@@ -75,17 +80,13 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 50m
memory: 128Mi
priorityClassName: ""

1
tip-wlan/charts/postgresql/files/pg_hba.conf
View File

@@ -1,3 +1,4 @@
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=1
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1

1
tip-wlan/charts/postgresql/templates/tests/test-postgres-record-insert-del.yaml
View File

@@ -12,6 +12,7 @@ spec:
containers:
- name: {{ include "common.name" . }}-test-postgres-basic
image: {{ template "postgresql.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | default .Values.global.pullPolicy }}
env:
- name: POSTGRES_USER
value: {{ include "postgresql.username" . | quote }}

9
tip-wlan/charts/postgresql/values.yaml
View File

@@ -22,7 +22,7 @@ image:
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@@ -437,9 +437,12 @@ slave:
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
limits:
memory: 500Mi
cpu: 50m
requests:
memory: 256Mi
cpu: 250m
memory: 128Mi
cpu: 50m
## Add annotations to all the deployed resources
##

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml
View File

@@ -24,7 +24,11 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: API

8
tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml
View File

@@ -24,7 +24,9 @@ spec:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
@@ -32,6 +34,12 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if $.Values.ingress.lb_https_redirect }}
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
{{- end }}
{{- range .paths }}
- path: {{ . }}
backend:

2
tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml
View File

@@ -12,6 +12,8 @@ spec:
targetPort: {{ .Values.service.port }}
protocol: TCP
name: {{ .Values.service.name }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

20
tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml
View File

@@ -51,9 +51,11 @@ service:
port: 4000
name: graphui
nodePort: 23
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
ingress:
enabled: true
lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
@@ -67,17 +69,13 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 50m
memory: 128Mi
nodeSelector: {}

6
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -24,8 +24,12 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
- name: API
value: {{ .Values.env.graphql }}

8
tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml
View File

@@ -24,7 +24,9 @@ spec:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
@@ -32,6 +34,12 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if $.Values.ingress.lb_https_redirect }}
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
{{- end }}
{{- range .paths }}
- path: {{ . }}
backend:

4
tip-wlan/charts/wlan-cloud-static-portal/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

19
tip-wlan/charts/wlan-cloud-static-portal/values.yaml
View File

@@ -50,6 +50,7 @@ service:
ingress:
enabled: true
lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
@@ -63,17 +64,13 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 50m
memory: 128Mi
nodeSelector: {}

2
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml
View File

@@ -68,7 +68,7 @@
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>

24
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -1,7 +1,6 @@
{{- if .Values.global.integratedDeployment }}
{{- $pg := include "postgresql.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -28,7 +27,7 @@ spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
- name: {{ include "common.name" . }}-create-db-schema
env:
@@ -50,26 +49,17 @@ spec:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: postgres:latest
imagePullPolicy: IfNotPresent
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
echo "151.101.128.204 security.debian.org" >> /etc/hosts
echo "151.101.126.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
exit
ports:
- containerPort: 5432
@@ -77,7 +67,7 @@ spec:
protocol: TCP
resources:
requests:
cpu: 250m
cpu: 50m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
@@ -91,8 +81,12 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
- name: BACKEND_SERVER
value: {{ .Release.Name }}-{{ .Chart.Name }}

56
tip-wlan/charts/wlan-port-forwarding-gateway-service/files/run.sh Executable file
View File

@@ -0,0 +1,56 @@
#!/bin/bash
# local_port_range that Java process can use
# These are then assigned to the container ports (in the deployment.yaml) which can either:
# later be opened by the port-forwarding-gateway service as NodePorts (preferred)
# or use kubectl port-forwarding to forward the container ports. Example:
# kubectl port-forward pods/<port-forwarding-gw-pod> <local-machine-port>:<debugPort on the Pod>
sysctl -w net.ipv4.ip_local_port_range="{{ include "apDebugPortsStart" . }} {{ sub (include "apDebugPortsEnd" . | atoi) 1 }}"
PROFILES=" -Dspring.profiles.include=use_ssl_with_client_cert_and_digest_auth,client_certificate_and_digest_auth,RestTemplateConfiguration_X509_client_cert_auth"
LOGGING_PROPS=" -Dlogging.config=file:/app/port-forwarding-gateway/logback.xml"
# SSC_URL: something like https://${SSC_SERVER_HOST}:9031
SSC_URL=${SSC_RELEASE_URL}
# PROV_URL: something like https://${PROV_SERVER_HOST}:9091
PROV_URL=${PROV_RELEASE_URL}
# PF_GATEWAY_URL: something like https://${PF_GATEWAY_SERVER_HOST}:7070
PF_GATEWAY_URL=${PF_GATEWAY_RELEASE_URL}
PF_GATEWAY_ENCRYPTION_KEY=${PF_GATEWAY_RELEASE_ENCRYPTION_KEY:='MyToKeN0MyToKeN1'}
PF_GATEWAY_EXT_HOST=${PF_GATEWAY_RELEASE_EXT_HOST:=''}
PF_GATEWAY_EXT_PORT=${PF_GATEWAY_RELEASE_EXT_PORT:='0'}
# SSC URLs
HOST_PROPS=" "
HOST_PROPS+=" -Dtip.wlan.cloudEventDispatcherBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.statusServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.routingServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.alarmServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.systemEventServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.clientServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.serviceMetricServiceBaseUrl=$SSC_URL"
# PROV URLs
HOST_PROPS+=" -Dtip.wlan.customerServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.portalUserServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.firmwareServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.locationServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.manufacturerServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.equipmentServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.profileServiceBaseUrl=$PROV_URL"
# Port-Forwarder Gateway Specific
HOST_PROPS+=" -Dtip.wlan.portForwarderGatewayBaseUrl=$PF_GATEWAY_URL"
HOST_PROPS+=" -Dtip.wlan.websocketSessionTokenEncryptionKey=$PF_GATEWAY_ENCRYPTION_KEY"
HOST_PROPS+=" -Dtip.wlan.externallyVisibleHostName=$PF_GATEWAY_EXT_HOST"
HOST_PROPS+=" -Dtip.wlan.externallyVisiblePort=$PF_GATEWAY_EXT_PORT"
REMOTE_DEBUG_PORT=5010
REMOTE_DEBUG=" -agentlib:jdwp=transport=dt_socket,server=y,address=*:$REMOTE_DEBUG_PORT,suspend=n"
export ALL_PROPS="$PROFILES $LOGGING_PROPS $HOST_PROPS $REMOTE_DEBUG"
java $ALL_PROPS -jar app.jar

2
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml
View File

@@ -68,7 +68,7 @@
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>

3
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml
View File

@@ -1,7 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "files/*").AsConfig . | nindent 2 }}

36
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
View File

@@ -1,4 +1,3 @@
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
{{- $opensyncgw := include "opensyncgw.service" . -}}
apiVersion: apps/v1
kind: Deployment
@@ -25,16 +24,11 @@ spec:
initContainers:
- name: {{ include "common.name" . }}-readiness-opensync-gw
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $opensyncgw }}/ping
counter=0
@@ -58,8 +52,12 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: PF_GATEWAY_RELEASE_URL
@@ -69,6 +67,10 @@ spec:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: websocketSessionTokenEncKey
- name: PF_GATEWAY_RELEASE_EXT_HOST
value: {{ .Values.externallyVisible.host }}
- name: PF_GATEWAY_RELEASE_EXT_PORT
value: "{{ .Values.externallyVisible.port }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
@@ -102,15 +104,24 @@ spec:
name: certificates
subPath: server.pkcs12
- mountPath: /app/port-forwarding-gateway/logback.xml
name: logback-config
name: configuration
subPath: logback.xml
- mountPath: /app/run.sh
name: configuration
subPath: run.sh
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- include "container.dev.apDebugPorts" . | nindent 10 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -130,6 +141,7 @@ spec:
secret:
secretName: {{ include "common.fullname" . }}-certs
defaultMode: 0400
- name: logback-config
- name: configuration
configMap:
name: {{ include "common.fullname" . }}-log-config
name: {{ include "common.fullname" . }}-config
defaultMode: 0755

16
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml
View File

@@ -12,15 +12,25 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
{{- include "service.dev.apDebugPorts" . | nindent 2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

46
tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml
View File

@@ -51,7 +51,8 @@ probes:
failureThreshold: 3
scheme: HTTPS
securityContext: {}
securityContext:
privileged: true
# capabilities:
# drop:
# - ALL
@@ -74,6 +75,25 @@ service:
port2: 7072
name2: secondary-port
nodePort2: '02'
port3: 5010
name3: debug-appl
nodePort3: '03'
nodePortStatic: true ## if true, nodePort ports are calculated by Helm based on the given start index and length; if false, nodePort ports are chosen dynamically by k8s
# The below range will be combined with the nodePortPrefixExt to create a list of ports.
# e.g. nodePortPrefixExt = 304, accessPointDebugPortRange.start = 10, accessPointDebugPortRange.length = 2, resulting ports = 30410, 30411
# These ports are the ports that Java would choose as Local ports whenever it opens up
# a developer session for debug.
# These ports are therefore assigned as container ports (in the deployment.yaml), so we
# can reach them from inside the cluster.
# Also, we open equivalent NodePorts on the Kubernetes cluster (see service.yaml), so a developer
# can connect to it to debug an AP.
# NOTE: Another way to reach these container ports without opening NodePorts was to use
# kubectl port forwarding. However, we dont want the developer to install kubectl.
accessPointDebugPortRange:
start: 10
length: 26
creds:
enabled: true
@@ -98,17 +118,13 @@ ingress:
hosts:
- example.com
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 350Mi
requests:
cpu: 50m
memory: 280Mi
nodeSelector: {}
@@ -116,6 +132,10 @@ tolerations: []
affinity: {}
externallyVisible:
host: pfg.example.org
port: 7070
env:
protocol: https
ssc_url: SSC_RELEASE_URL
@@ -129,3 +149,5 @@ env:
pfGateway:
service: wlan-port-forwarding-gateway-service
port: 7070

2
tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
View File

@@ -68,7 +68,7 @@
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>

6
tip-wlan/charts/wlan-portal-service/templates/ingress.yaml
View File

@@ -32,6 +32,12 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if $.Values.ingress.lb_https_redirect }}
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
{{- end }}
{{- range .paths }}
- path: {{ . }}
backend:

10
tip-wlan/charts/wlan-portal-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -12,14 +16,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,7 +31,7 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}

30
tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -13,7 +13,7 @@ spec:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
{{ toYaml .Values.updateStrategy | indent 4 }}
template:
metadata:
labels:
@@ -30,7 +30,7 @@ spec:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.schedulerName }}
@@ -38,7 +38,7 @@ spec:
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
@@ -48,19 +48,37 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: FILE_STORE_DIRECTORY_INTERNAL
value: {{ $file_store_path }}
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -146,4 +164,4 @@ spec:
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

54
tip-wlan/charts/wlan-portal-service/values.yaml
View File

@@ -9,6 +9,8 @@
replicaCount: 1
image:
name: wlan-portal-service
tag: 0.0.1-SNAPSHOT
@@ -59,7 +61,7 @@ securityContext: {}
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -72,34 +74,46 @@ service:
nodePort2: 52
port3: 5006
name3: debug
nodePort3: 15
nodePort3: 15
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
ingress:
enabled: true
enabled: false
lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: wlan-portal-svc-nginx.zone3.lab.connectus.ai
- host: wlan-portal-service.zone3.lab.connectus.ai
paths: [
/
/portal
]
tls: []
# - secretName: portal-secret
# hosts:
# - wlan-portal-service.zone3.lab.connectus.ai
tls:
- secretName: portal-secret
hosts:
- wlan-portal-service.zone3.lab.connectus.ai
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 450Mi
requests:
cpu: 50m
memory: 420Mi
persistence:
enabled: false

11
tip-wlan/charts/wlan-prov-service/resources/config/datasource.properties
View File

@@ -1,11 +0,0 @@
singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
singleDataSource.username=tip_user
singleDataSource.password=tip_password
singleDataSource.driverClass=org.postgresql.Driver
singleDataSource.ssl=true
singleDataSource.sslmode=verify-ca
singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
singleDataSource.sslkeypassword=mypassword

2
tip-wlan/charts/wlan-prov-service/resources/config/logback.xml
View File

@@ -68,7 +68,7 @@
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>

12
tip-wlan/charts/wlan-prov-service/templates/configmap.yaml
View File

@@ -5,3 +5,15 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
datasource.properties: |-
singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db
singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
singleDataSource.driverClass=org.postgresql.Driver
singleDataSource.ssl=true
singleDataSource.sslmode=verify-ca
singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}

61
tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
View File

@@ -1,6 +1,5 @@
{{- $pg := include "postgresql.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -24,10 +23,11 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-postgresql"
- -check_interval=5
- name: {{ include "common.name" . }}-create-db-schema
env:
- name: POSTGRESQL_PORT_NUMBER
@@ -52,28 +52,19 @@ spec:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: postgres:latest
imagePullPolicy: IfNotPresent
image: {{ .Values.postgresql.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.2.133 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "52.35.62.28 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
echo "151.101.192.204 security.debian.org" >> /etc/hosts
echo "199.232.38.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apt update
apt -y install curl
echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
### really ready when running Postgres in Master-Slave config... hence the below retry-logic
psql 'host={{ $pg }} port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-db-user.sql
status=$(echo $?)
@@ -105,7 +96,7 @@ spec:
protocol: TCP
resources:
requests:
cpu: 250m
cpu: 50m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
@@ -127,17 +118,43 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
- name: singleDataSource_maxTotalConnections
value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}"
- name: singleDataSource_maxIdleConnections
value: "{{ .Values.scalability.singleDataSource_maxIdleConnections }}"
- name: singleDataSource_maxPreparedStatements
value: "{{ .Values.scalability.singleDataSource_maxPreparedStatements }}"
- name: singleDataSource_maxIdlePreparedStatements
value: "{{ .Values.scalability.singleDataSource_maxIdlePreparedStatements }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -189,7 +206,7 @@ spec:
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -215,4 +232,4 @@ spec:
- name: data
emptyDir: {}
- name: dshm
emptyDir: {}
emptyDir: {}

24
tip-wlan/charts/wlan-prov-service/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: {{ include "common.fullname" . }}-depends-on
apiGroup: rbac.authorization.k8s.io

6
tip-wlan/charts/wlan-prov-service/templates/service.yaml
View File

@@ -12,14 +12,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}

56
tip-wlan/charts/wlan-prov-service/values.yaml
View File

@@ -65,13 +65,17 @@ creds:
password: DUMMY_POSTGRES_PASSWORD
tipUser:
password: DUMMY_TIPUSER_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
postgres:
singleDataSourceUsername: DUMMY_POSTGRES_USER
singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -82,6 +86,29 @@ service:
name2: secondary-port
port3: 5007
name3: debug
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
ingress:
enabled: false
@@ -91,24 +118,20 @@ ingress:
hosts:
- host: example.com
paths: [
/portal
/portal
]
tls:
tls:
- secretName: portal-secret
hosts:
- example.com
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 320Mi
requests:
cpu: 50m
memory: 300Mi
nodeSelector: {}
@@ -116,8 +139,9 @@ tolerations: []
affinity: {}
postgresql:
postgresql:
url: postgresql
image: postgres:latest
env:
protocol: https

1
tip-wlan/charts/wlan-spc-service/resources/config/logback.xml
View File

@@ -74,6 +74,7 @@
<root level="WARN">
<appender-ref ref="logfile"/>
<appender-ref ref="stdout"/>
</root>
</configuration>

32
tip-wlan/charts/wlan-spc-service/templates/deployment.yaml
View File

@@ -23,16 +23,21 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-kafka-headless"
- -check_interval=5
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: tip.wlan.kafka.bootstrapServers
@@ -64,13 +69,28 @@ spec:
value: SSL
- name: tip.wlan.kafka.sslEndpointIdentificationAlgorithm
value: ''
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}

24
tip-wlan/charts/wlan-spc-service/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: {{ include "common.fullname" . }}-depends-on
apiGroup: rbac.authorization.k8s.io

6
tip-wlan/charts/wlan-spc-service/templates/service.yaml
View File

@@ -12,14 +12,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}

41
tip-wlan/charts/wlan-spc-service/values.yaml
View File

@@ -59,7 +59,7 @@ securityContext: {}
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -70,6 +70,21 @@ service:
name2: secondary-port
port3: 5009
name3: debug
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
ingress:
enabled: false
@@ -79,24 +94,20 @@ ingress:
hosts:
- host: example.com
paths: [
/portal
/portal
]
tls:
tls:
- secretName: portal-secret
hosts:
- example.com
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 370Mi
requests:
cpu: 50m
memory: 350Mi
nodeSelector: {}
@@ -110,7 +121,7 @@ creds:
sslKeystorePassword: DUMMY_PASSWORD
sslTruststorePassword: DUMMY_PASSWORD
kafka:
kafka:
url: kafka-headless
env:

4
tip-wlan/charts/wlan-ssc-service/resources/config/cqlshrc.tip-wlan → tip-wlan/charts/wlan-ssc-service/files/cqlshrc.tip-wlan
View File

@@ -67,12 +67,10 @@ color = on
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
hostname = {{ include "cassandra.service" . }}
;; The port to connect to (9042 is the native protocol default)
port = 9042

27
tip-wlan/charts/wlan-ssc-service/resources/config/cassandra-application.conf
View File

@@ -1,27 +0,0 @@
# The options in this file are overrides for the default configuration.
# They can also be overridden by the java system properties using -Dproperty=value
#
# For more details see https://docs.datastax.com/en/developer/java-driver/4.7/manual/core/configuration/reference/
#
datastax-java-driver {
basic {
contact-points = [ "tip-wlan-cassandra-headless:9042" ]
load-balancing-policy.local-datacenter = datacenter1
session-keyspace = tip_wlan_keyspace
}
advanced.ssl-engine-factory {
class = DefaultSslEngineFactory
hostname-validation = false
truststore-path = /opt/tip-wlan/certs/truststore.jks
truststore-password = mypassword
keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
keystore-password = mypassword
}
advanced.auth-provider {
class = PlainTextAuthProvider
username = tip_user
password = tip_password
}
}

2
tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml
View File

@@ -68,7 +68,7 @@
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>

26
tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml
View File

@@ -5,3 +5,29 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
cassandra-application.conf: >-
datastax-java-driver {
basic {
contact-points = [ "{{ include "cassandra.service" . }}:9042" ]
load-balancing-policy.local-datacenter = datacenter1
session-keyspace = tip_wlan_keyspace
}
advanced.ssl-engine-factory {
class = DefaultSslEngineFactory
hostname-validation = false
truststore-path = /opt/tip-wlan/certs/truststore.jks
truststore-password = {{ .Values.creds.sslTruststorePassword }}
keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
keystore-password = {{ .Values.creds.sslKeystorePassword }}
}
advanced.auth-provider {
class = PlainTextAuthProvider
username = {{ .Values.creds.cassandra.tip_user }}
password = {{ .Values.creds.cassandra.tip_password }}
}
}
cqlshrc.tip-wlan: |
{{ tpl (.Files.Get "files/cqlshrc.tip-wlan") . | nindent 4 }}

55
tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml
View File

@@ -1,7 +1,6 @@
{{- $kafka := include "kafka.service" . -}}
{{- $cassandra := include "cassandra.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -25,14 +24,12 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-kafka-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
- name: {{ include "common.name" . }}-cassandra-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $cassandra }}.{{ $ns }}.svc.cluster.local; do echo waiting for Cassandra; sleep 2; done"]
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-kafka-headless"
- "-service={{ .Release.Name }}-cassandra"
- -check_interval=5
- name: {{ include "common.name" . }}-create-db-schema-cassandra
env:
- name: CASSANDRA_PORT_NUMBER
@@ -47,19 +44,12 @@ spec:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: cassandra:3.11.6
imagePullPolicy: IfNotPresent
image: {{ .Values.cassandra.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "52.35.62.28 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
echo "91.189.88.152 security.ubuntu.com" >> /etc/hosts
echo "91.189.88.142 archive.ubuntu.com" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
@@ -101,7 +91,7 @@ spec:
protocol: TCP
resources:
requests:
cpu: 250m
cpu: 50m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
@@ -117,13 +107,17 @@ spec:
subPath: cassandraserverkey_dec.pem
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: certificates
subPath: cacert.pem
subPath: cacert.pem
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: tip.wlan.kafka.bootstrapServers
@@ -167,13 +161,28 @@ spec:
key: cassandra_tip_user
- name: CASSANDRA_HOST
value: {{ $cassandra }}:{{ .Values.cassandra.port }}
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -222,7 +231,7 @@ spec:
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}

24
tip-wlan/charts/wlan-ssc-service/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: {{ include "common.fullname" . }}-depends-on
apiGroup: rbac.authorization.k8s.io

6
tip-wlan/charts/wlan-ssc-service/templates/service.yaml
View File

@@ -12,14 +12,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}

42
tip-wlan/charts/wlan-ssc-service/values.yaml
View File

@@ -59,7 +59,7 @@ securityContext: {}
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -70,6 +70,21 @@ service:
name2: secondary-port
port3: 5008
name3: debug
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
ingress:
enabled: false
@@ -79,24 +94,20 @@ ingress:
hosts:
- host: example.com
paths: [
/portal
/portal
]
tls:
tls:
- secretName: portal-secret
hosts:
- example.com
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 420Mi
requests:
cpu: 50m
memory: 400Mi
nodeSelector: {}
@@ -116,12 +127,13 @@ creds:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
kafka:
kafka:
url: kafka-headless
cassandra:
url: cassandra-headless
port: 9042
image: cassandra:3.11.6
env:
protocol: https

2
tip-wlan/charts/zookeeper/templates/statefulset.yaml
View File

@@ -50,7 +50,7 @@ spec:
containers:
- name: zookeeper
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
imagePullPolicy: {{ .Values.image.pullPolicy | default .Values.global.pullPolicy }}
{{- with .Values.command }}
command: {{ range . }}
- {{ . | quote }}

20
tip-wlan/charts/zookeeper/values.yaml
View File

@@ -18,7 +18,7 @@ updateStrategy:
image:
repository: zookeeper # Container image repository for zookeeper container.
tag: 3.5.5 # Container image tag for zookeeper container.
pullPolicy: IfNotPresent # Image pull criteria for zookeeper container.
pullPolicy: Always # Image pull criteria for zookeeper container.
service:
type: ClusterIP # Exposes zookeeper on a cluster-internal IP.
@@ -49,17 +49,13 @@ ports:
containerPort: 2888 # Port number for zookeeper container server port.
protocol: TCP # Protocol for zookeeper container server port.
resources: {} # Optionally specify how much CPU and memory (RAM) each zookeeper container needs.
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 700Mi
priorityClassName: ""

10
tip-wlan/example-values/local-multi-namespace/README.md Normal file
View File

@@ -0,0 +1,10 @@
# Helm values for deploying two Cloud SDK instances into separate namespaces
## Usage
```bash
helm install tip-wlan-1 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
helm install tip-wlan-2 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
```
This will create a Cloud SDK instance in each of the namespaces _tip-1_ and _tip-2_.

270
tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml Normal file
View File

@@ -0,0 +1,270 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 302
nsPrefix: tip-1
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
# createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhost:
address:
ovsdb: opensync-controller.wlan.local
mqtt: opensync-mqtt-broker.wlan.local
persistence:
enabled: true
filestore:
url: "https://wlan-filestore.wlan.local"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
opensync-mqtt-broker:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
wlan-cloud-graphql-gw:
enabled: true
env:
portalsvc: tip-wlan-1-wlan-portal-service:9051
ingress:
hosts:
- host: wlan-ui-graphql-1.wlan.local
paths: [
/
]
tls:
- hosts:
- wlan-ui-graphql-1.wlan.local
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-ui-graphql-1.wlan.local
service:
type: NodePort
ingress:
hosts:
- host: wlan-ui-1.wlan.local
paths: [
/
]
tls:
- hosts:
- wlan-ui-1.wlan.local
wlan-portal-service:
enabled: true
persistence:
enabled: true
storageClass: standard
filestoreSize: 1Gi
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-prov-service:
enabled: true
creds:
enabled: true
db:
postgresUser:
password: postgres
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
wlan-ssc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
cassandra:
tip_user: tip_user
tip_password: tip_password
schema_repo:
username: tip-read
password: tip-read
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-spc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
nginx-ingress-controller:
enabled: true
controller:
service:
type: LoadBalancer
config:
externalStatusAddress: "api.wlan.local"
defaultTLS:
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
wildcardTLS:
# self signed wildcard cert for *.wlan.local
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
kafka:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra:
enabled: true
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql:
enabled: true
postgresqlPassword: postgres
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence:
enabled: true
storageClass: standard
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

258
tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml Normal file
View File

@@ -0,0 +1,258 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 304
nsPrefix: tip-2
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
# createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhost:
address:
ovsdb: opensync-controller.wlan.local
mqtt: opensync-mqtt-broker.wlan.local
persistence:
enabled: true
filestore:
url: "https://wlan-filestore.wlan.local"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
opensync-mqtt-broker:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
wlan-cloud-graphql-gw:
enabled: true
env:
portalsvc: tip-wlan-2-wlan-portal-service:9051
ingress:
hosts:
- host: wlan-ui-graphql-2.wlan.local
paths: [
/
]
tls:
- hosts:
- wlan-ui-graphql-2.wlan.local
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-ui-graphql-2.wlan.local
service:
type: NodePort
ingress:
hosts:
- host: wlan-ui-2.wlan.local
paths: [
/
]
tls:
- hosts:
- wlan-ui-2.wlan.local
wlan-portal-service:
enabled: true
persistence:
enabled: true
storageClass: standard
filestoreSize: 1Gi
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-prov-service:
enabled: true
creds:
enabled: true
db:
postgresUser:
password: postgres
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
wlan-ssc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
cassandra:
tip_user: tip_user
tip_password: tip_password
schema_repo:
username: tip-read
password: tip-read
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-spc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
nginx-ingress-controller:
enabled: false
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
kafka:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra:
enabled: true
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql:
enabled: true
postgresqlPassword: postgres
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence:
enabled: true
storageClass: standard
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

10
tip-wlan/resources/environments/dev-amazon-tip.yaml
View File

@@ -53,9 +53,10 @@ common:
storageClass: aws-efs
opensync-gw-cloud:
enabled: true
externalhostaddress:
ovsdb: opensync-controller.demo.lab.wlan.tip.build
mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
externalhost:
address:
ovsdb: opensync-controller.demo.lab.wlan.tip.build
mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
persistence:
enabled: false
filestore:
@@ -120,6 +121,9 @@ wlan-port-forwarding-gateway-service:
enabled: true
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
externallyVisible:
host: api.wlan.demo.lab.wlan.tip.build
port: 30401
nginx-ingress-controller:
enabled: true
controller:

126
tip-wlan/resources/environments/dev-integrated-aws-connectus.yaml
View File

@@ -1,126 +0,0 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 302
nsPrefix: tip
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Integrated Deployment which deploys Prov Service, Portal Service and
# SSC Service in a single docker image
integratedDeployment: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhostaddress:
ovsdb: "15.222.171.117"
mqtt: "3.96.17.34"
env:
protocol: https
ssc:
service: wlan-integrated-cloud-component-service
port: 9092
prov:
service: wlan-integrated-cloud-component-service
port: 9092
opensync-mqtt-broker:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: "gp2"
wlan-cloud-graphql-gw:
enabled: true
env:
portalsvc: wlan-portal-svc.zone3.lab.connectus.ai
wlan-cloud-static-portal:
enabled: true
wlan-integrated-cloud-component-service:
enabled: true
image:
name: wlan-integrated-cloud-component-service-persistence
tag: 0.0.1-SNAPSHOT
creds:
enabled: true
postgres:
password: cG9zdGdyZXMxMjM=
schema_repo:
username: tip-read
password: tip-read
integratedWithPersistence:
enabled: true
nginx-ingress-controller:
enabled: true
controller:
config:
externalStatusAddress: "api.wlan.zone3.lab.connectus.ai"
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: "gp2"
kafka:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: "gp2"
cassandra:
enabled: true
config:
cluster_size: 3
seed_size: 2
persistence:
enabled: true
storageClass: "glusterfs-storage"
postgresql:
enabled: true
postgresqlPassword: cG9zdGdyZXMxMjM=
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence:
enabled: true
storageClass: "glusterfs-storage"

7
tip-wlan/resources/environments/dev-integrated-aws-tip.yaml
View File

@@ -48,9 +48,10 @@ opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhostaddress:
ovsdb: opensync-controller.tip.lab.connectus.ai
mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
externalhost:
address:
ovsdb: opensync-controller.tip.lab.connectus.ai
mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
env:
protocol: https
ssc:

2
tip-wlan/resources/environments/dev-integrated.yaml
View File

@@ -30,8 +30,6 @@ global:
# Integrated Deployment which deploys Prov Service, Portal Service and
# SSC Service in a single docker image
integratedDeployment: true
# Is the Cluster deployed in Cloud
isCloudDeployment: false
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep

270
tip-wlan/resources/environments/dev-local.yaml Normal file
View File

@@ -0,0 +1,270 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 302
nsPrefix: tip
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
# createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhost:
address:
ovsdb: opensync-controller.wlan.local
mqtt: opensync-mqtt-broker.wlan.local
persistence:
enabled: true
filestore:
url: "https://wlan-filestore.wlan.local"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
opensync-mqtt-broker:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
wlan-cloud-graphql-gw:
enabled: true
env:
portalsvc: tip-wlan-wlan-portal-service:9051
ingress:
hosts:
- host: wlan-ui-graphql.wlan.local
paths: [
/
]
tls:
- hosts:
- wlan-ui-graphql.wlan.local
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-ui-graphql.wlan.local
service:
type: NodePort
ingress:
hosts:
- host: wlan-ui.wlan.local
paths: [
/
]
tls:
- hosts:
- wlan-ui.wlan.local
wlan-portal-service:
enabled: true
persistence:
enabled: true
storageClass: standard
filestoreSize: 1Gi
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-prov-service:
enabled: true
creds:
enabled: true
db:
postgresUser:
password: postgres
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
wlan-ssc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
cassandra:
tip_user: tip_user
tip_password: tip_password
schema_repo:
username: tip-read
password: tip-read
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-spc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
nginx-ingress-controller:
enabled: true
controller:
service:
type: LoadBalancer
config:
externalStatusAddress: "api.wlan.local"
defaultTLS:
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
wildcardTLS:
# self signed wildcard cert for *.wlan.local
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
kafka:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra:
enabled: true
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence:
enabled: true
storageClass: standard
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql:
enabled: true
postgresqlPassword: postgres
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence:
enabled: true
storageClass: standard
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

285
tip-wlan/resources/environments/dev-microk8s.yaml Normal file
View File

@@ -0,0 +1,285 @@
# This is a development override file.
# It overrides the default Tip-Wlan parent chart behaviour
#
# It can be tweaked, based on the need to support different
# dev environments.
# This file expects to have a GlusterFS storage solution running
# before "helm install" is performed.
#################################################################
# Global configuration overrides.
#
# These overrides will affect all helm charts (ie. applications)
# that are listed below and are 'enabled'.
#################################################################
global:
# Change to an unused port prefix range to prevent port conflicts
# with other instances running within the same k8s cluster
nodePortPrefix: 302
nsPrefix: tip
# image pull policy
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# flag to enable debugging - application support required
debugEnabled: true
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
}
# createReleaseNamespace: false
# Docker registry secret
dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the TIP-WLAN deployment.
#################################################################
opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhost:
address:
ovsdb: opensync-controller.wlan.local
mqtt: opensync-mqtt-broker.wlan.local
persistence:
enabled: true
filestore:
url: "https://wlan-filestore.wlan.local"
service:
type: LoadBalancer
annotations:
metallb.universe.tf/allow-shared-ip: default
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
opensync-mqtt-broker:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
service:
type: LoadBalancer
annotations:
metallb.universe.tf/allow-shared-ip: default
wlan-cloud-graphql-gw:
enabled: true
env:
portalsvc: tip-wlan-wlan-portal-service:9051
ingress:
hosts:
- host: wlan-ui-graphql.home.lan
paths: [
/
]
tls:
- hosts:
- wlan-ui-graphql.wlan.local
# secretName: nginx-ingress-controller-default-server-secret
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-ui-graphql.wlan.local
service:
type: NodePort
ingress:
hosts:
- host: wlan-ui.home.lan
paths: [
/
]
tls:
- hosts:
- wlan-ui.wlan.local
wlan-portal-service:
enabled: true
persistence:
enabled: true
storageClass: microk8s-hostpath
filestoreSize: 1Gi
service:
type: LoadBalancer
annotations:
metallb.universe.tf/allow-shared-ip: default
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 20
tip_wlan_AsyncExecutor_MaxPoolSize: 150
tip_wlan_AsyncExecutor_QueueCapacity: 150
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 150
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 50
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 250
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-prov-service:
enabled: true
creds:
enabled: true
db:
postgresUser:
password: postgres
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 75
tip_wlan_AsyncExecutor_QueueCapacity: 75
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 20
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 250
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
wlan-ssc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
cassandra:
tip_user: tip_user
tip_password: tip_password
schema_repo:
username: tip-read
password: tip-read
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 250
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
wlan-spc-service:
enabled: true
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 250
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 250
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
nginx-ingress-controller:
enabled: true
controller:
service:
type: LoadBalancer
annotations:
metallb.universe.tf/allow-shared-ip: default
config:
externalStatusAddress: "api.wlan.local"
defaultTLS:
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
wildcardTLS:
# self signed wildcard cert for *.wlan.local
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
zookeeper:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
kafka:
enabled: true
replicaCount: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra:
enabled: true
image:
debug: true
cluster:
replicaCount: 1
seedCount: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql:
enabled: true
postgresqlPassword: postgres
## NOTE: If we are using glusterfs as Storage class, we don't really need
## replication turned on, since the data is anyway replicated on glusterfs nodes
## Replication is useful:
## a. When we use HostPath as storage mechanism
## b. If master goes down and one of the slave is promoted as master
replication:
enabled: true
slaveReplicas: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

13
tip-wlan/resources/environments/dev-no-gluster.yaml
View File

@@ -26,9 +26,6 @@ global:
# flag to enable debugging - application support required
debugEnabled: true
# Is the Cluster deployed in Cloud
isCloudDeployment: false
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
@@ -46,9 +43,10 @@ opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhostaddress:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
externalhost:
address:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
persistence:
enabled: true
filestore:
@@ -100,6 +98,9 @@ wlan-port-forwarding-gateway-service:
enabled: true
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
externallyVisible:
host: api.wlan.demo.lab.wlan.tip.build
port: 30401
nginx-ingress-controller:
enabled: true
controller:

30
tip-wlan/resources/environments/dev.yaml
View File

@@ -28,9 +28,6 @@ global:
# flag to enable debugging - application support required
debugEnabled: true
# Is the Cluster deployed in Cloud
isCloudDeployment: false
# Annotations for namespace
annotations: {
"helm.sh/resource-policy": keep
@@ -48,9 +45,10 @@ opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: true
externalhostaddress:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
externalhost:
address:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
persistence:
enabled: true
filestore:
@@ -82,6 +80,10 @@ wlan-prov-service:
schema_repo:
username: tip-read
password: tip-read
postgres:
singleDataSourceUsername: tip_user
singleDataSourcePassword: tip_password
singleDataSourceSslKeyPassword: mypassword
wlan-ssc-service:
enabled: true
creds:
@@ -104,6 +106,9 @@ wlan-port-forwarding-gateway-service:
enabled: true
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
externallyVisible:
host: api.wlan.demo.lab.wlan.tip.build
port: 30401
nginx-ingress-controller:
enabled: true
controller:
@@ -124,6 +129,10 @@ kafka:
persistence:
enabled: true
storageClass: "glusterfs-storage"
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
sslKeyPassword: mypassword
cassandra:
enabled: true
cluster:
@@ -136,6 +145,9 @@ cassandra:
persistence:
enabled: true
storageClass: "glusterfs-storage"
creds:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
postgresql:
enabled: true
postgresqlPassword: postgres
@@ -149,4 +161,8 @@ postgresql:
slaveReplicas: 1
persistence:
enabled: true
storageClass: "glusterfs-storage"
storageClass: "glusterfs-storage"
readinessProbe:
initialDelaySeconds: 30
livenessProbe:
initialDelaySeconds: 30

12
tip-wlan/resources/environments/disable-allcharts.yaml
View File

@@ -30,9 +30,6 @@ global:
# flag to enable debugging - application support required
debugEnabled: true
# Is the Cluster deployed in Cloud
isCloudDeployment: false
createReleaseNamespace: false
createDockerRegistrySecret: false
@@ -44,9 +41,10 @@ opensync-gw-static:
enabled: false
opensync-gw-cloud:
enabled: false
externalhostaddress:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
externalhost:
address:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
persistence:
enabled: true
filestore:
@@ -97,7 +95,7 @@ wlan-spc-service:
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
wlan-port-forwarding-gateway-service:
enabled: true
enabled: false
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
nginx-ingress-controller:

6
tip-wlan/values.yaml
View File

@@ -34,8 +34,10 @@ global:
# SSC Service in a single docker image
integratedDeployment: false
# Is the Cluster deployed in Cloud
isCloudDeployment: true
testingEnabled: false
testingTimestamp:
# Namespace related
createReleaseNamespace: true