Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-20 21:39:10 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:TOOLS-23-static-analysis
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
...
compare: Telecominfraproject:minikube
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

66 Commits
TOOLS-23-s ... minikube

Author SHA1 Message Date
Eugene Taranov
952d0c39e9 templated user/passwd for cassandra 2020-10-21 22:43:25 +03:00
Eugene Taranov
96195c6a9c rollback password 2020-10-21 21:44:42 +03:00
Eugene Taranov
b03a7c6a5b rolled back DUMMY_PASSWORD 2020-10-21 15:39:50 +03:00
Eugene Taranov
a56eac6fb4 removed comments 2020-10-20 15:37:15 +03:00
Eugene Taranov
077266945d removed common: 2020-10-20 15:36:10 +03:00
Eugene Taranov
1c9d2c1917 templated cassandra-application.conf 2020-10-15 19:09:32 +03:00
Eugene Taranov
bc63d232aa reverted tip-wlan/resources/environments/dev-amazon-tip.yaml 2020-10-15 18:21:46 +03:00
Eugene Taranov
e485c5b18c fix readinessProbe for mqtt 2020-10-15 18:13:05 +03:00
Eugene Taranov
70259dd311 minikube local deployment; 
minor refactoring of duplicated healthchecks
 2020-10-15 18:04:42 +03:00
eugenetaranov-opsfleet
b165c3a006 enabled resource limits for cassandra (#8) 2020-08-25 18:47:10 +03:00
Rahul Sharma
22c5763d2c Merge branch 'master' of github.com:Telecominfraproject/wlan-cloud-helm 2020-08-24 13:05:50 -04:00
Rahul Sharma
50c2593fc9 WIFI-540 Enable remote debugging for Portal, Prov, SSC and SPC services 2020-08-24 13:05:20 -04:00
Rahul Sharma
75f611f901 WIFI-672 Enable remote debugging for Portal, Prov, SSC and SPC services 2020-08-24 12:23:26 -04:00
AkshayJagadish-ne
2d433dfe64 Merge pull request #7 from Telecominfraproject/AJ 
WIFI-659 - Deployment: update reference TIP deployment override file
 2020-08-19 11:30:06 -04:00
Akshay Jagadish
6125949b1c WIFI-659 - Deployment: update reference TIP deployment override file 
based
 2020-08-19 10:46:42 -04:00
AkshayJagadish-ne
2c78e11a3f Merge pull request #6 from Telecominfraproject/AJ 
Removed 'dev-amazon-connectus.yaml' override file
 2020-08-18 17:21:40 -04:00
Akshay Jagadish
074ec7b52d Removed 'dev-amazon-connectus.yaml' override file 2020-08-18 16:47:13 -04:00
Rahul Sharma
72aad7e18f TW-1024: Add the name resolution for tip.jfrog.io in the initcontainer's 
/etc/hosts only when the deployment is running on MAC, since the pods running in
kubernetes cluster on MAC cannot reach the DNS Server for resolving hostnames.
 2020-08-11 12:40:00 -04:00
Rahul Sharma
d21ece966c TW-892: Cassandra Authentication error 
tip_user creation will be re-attempted
 2020-08-07 19:34:50 -04:00
Rahul Sharma
f1db8b9eb2 TW-1001: Update charts to close NGINX TCP ports that were exposed for TCP 
passthrough connections
Also update opensync-gw charts for enabling remote debugging
 2020-08-06 16:44:17 -04:00
Rahul Sharma
673232f42c Updating comments 2020-08-05 21:16:36 -04:00
Rahul Sharma
782f38442a TW-993: Updated Helm charts by introducing an EFS Provisioner. 
EFS Provisioner will be instantiated when it's an AWS deployment.
Please make sure to update the values in the dev-amazon-connectus.yaml override with your
own EFS FileSystem
 2020-08-05 16:21:11 -04:00
Rahul Sharma
d6ca987c5b TW-888: Adding dev-amazon-tip.yaml override file 2020-08-03 21:28:15 -04:00
Rahul Sharma
5cc858baca TW-888: Making the definition of GraphQL URL dynamic in Static-Portal container. 
It can now be specific as an env variable.
 2020-08-03 17:13:14 -04:00
Rahul Sharma
350a05f648 Merge branch 'master' of github.com:Telecominfraproject/wlan-cloud-helm 2020-07-31 18:37:46 -04:00
Rahul Sharma
7fad0ebe1b TW-888: Updated values.yaml to allow provision Postgres as a NodePort service, if needed 2020-07-31 18:35:59 -04:00
AkshayJagadish-ne
2669f03a10 Merge pull request #4 from Telecominfraproject/AJ 
Removed br- in values.yaml for opensync-gw-cloud
 2020-07-31 13:11:54 -04:00
Akshay Jagadish
be78f60b53 Removed br- 2020-07-31 13:06:16 -04:00
Rahul Sharma
769694e39b Update the default values for LAN and WAN: there Types and Names 2020-07-29 18:04:46 -04:00
Rahul Sharma
8dd9de5a94 TW-955: Updating NGINX ConfigMap to increase the Client Max size to 20M 2020-07-28 13:43:55 -04:00
Rahul Sharma
474ab47ac0 TW-947: Update the storage-classs in AWS ConnectUs override file 2020-07-28 10:46:21 -04:00
Rahul Sharma
14115a62e9 TW-947: Update StorageClass in dev-amazon-connectus.yaml override file 2020-07-27 18:33:58 -04:00
Rahul Sharma
2899b39aa1 TW-947: Reverting creating new project for Pre-requisites. 
The same results were obtained after converting Portal into a Statefulset and
using PVC as a VolumeClaimTemplate. Since PVC name is fixed, it becomes easy to
get the PVC name and bind it to the other pod (opensync-gw).
 2020-07-27 18:22:29 -04:00
Rahul Sharma
ab5262b7fa TW-950: Added another project in the Repo called Tip-wlan-prerequisites. 
The purpose of this Repo is to initialize artifacts that would be used by the
tip-wlan release later on.
For now, we are initializing Namespace and PVC (that's to be shared between 2 deployments).
Besides, we are also exposing ports 9096 and 9097 on Opensync-gw-cloud service. These will
then be linked to the ALB for any traffic coming from APs.
 2020-07-27 17:12:42 -04:00
Rahul Sharma
291a47b413 Adding .gitignore 2020-07-23 20:09:01 -04:00
Rahul Sharma
0b1016f2fb Update MQTT external and internal variables in Opensync GW, so GW doesn't 
use external LB to reach an internal Service
 2020-07-21 17:46:35 -04:00
Rahul Sharma
01d0a8575e Updating the override files 2020-07-21 13:38:35 -04:00
Rahul Sharma
5aa1f880af TW-874: Added the cqlsh for default user 2020-07-21 12:50:46 -04:00
Rahul Sharma
9d64228625 TW-874: Deploying latest chart on AWS ConnectUs tenant 2020-07-20 19:11:06 -04:00
Rahul Sharma
3fbf0acbfa TW-858: Update Postgres Helm chart to support SSL 
TW-859: Update Prov Helm chart for secure communication with Postgres

Besides the above, also fixed the Master to Slave replication and made sure it's also encrypted
 2020-07-20 18:27:27 -04:00
Rahul Sharma
d42c8bf243 TW-890: Remove the URLs from the env variables of these charts. They are 
now part of the JVM params in run.sh still controller by Helm charts using
variables SSC_URL and PROV_URL
 2020-07-17 13:33:27 -04:00
Rahul Sharma
94f4bd3d5f TW-890: Updated charts to add new env variables to Portal, Prov, SSC and SPC microservices 2020-07-17 11:34:32 -04:00
Rahul Sharma
f18e8c1e4e TW-882: Updated URLs for SSC and Prov 2020-07-16 19:16:21 -04:00
Rahul Sharma
f467ce34b8 TW-882: Update env variables to Prov instead of SSC for Profiles and clientStatus 2020-07-16 18:26:49 -04:00
Rahul Sharma
8cbbd24cbc TW-874: Update OpensyncGw Helm chart to pass in right values for various 
server variables
 2020-07-16 18:00:17 -04:00
Rahul Sharma
d0395fedc6 TW-874: Updated deployment to distributed one in AWS ConnectUs account 2020-07-16 14:02:06 -04:00
AkshayJagadish-ne
f4d277aa48 Removed Connectus Loggers (#3) 2020-07-09 19:25:57 -04:00
Rahul Sharma
e044cc113b TW-837: Update cassandra-application.conf in Helm, so we can update it dynamically 
based on env settings
 2020-07-09 16:26:48 -04:00
Rahul Sharma
b62524edb0 TW-833: Cassandra Helm Test updated to run using SSL certs 
Also, updated Kafka Helm Test to run using SSL Certs
 2020-07-08 18:37:46 -04:00
Rahul Sharma
e1f528ac46 Merge branch 'master' of github.com:Telecominfraproject/wlan-cloud-helm 2020-07-08 14:27:54 -04:00
Rahul Sharma
44c7772c2d TW-648, TW-650: Updated Cassandra to work in SSL mode 
- Also updated SSC to work with Cassandra in SSL mode.
- Created Schema in Cassandra on SSC startup
 2020-07-08 14:25:02 -04:00
Chris Busch
30440e40e9 Create LICENSE 
Add TIP standard license
 2020-07-06 10:43:55 -04:00
Rahul Sharma
e5af61ddde TW-804: Change the Helm chart to over-write the value of the OVSDB_MANAGER_IP 
to the PodIP
 2020-06-29 18:20:28 -04:00
Rahul Sharma
7e19576be2 TW-776: Copying Logback.xml to Helm repo 
- The change also includes introducing ConfigMaps to use the logback.xml instead of the one
burnt in the docker image.
- Also the datasource.properties was copied to Prov subchart. Please change the dummy TIP username and
password to the actual one in your running Postgres instance.
 2020-06-29 13:32:38 -04:00
Rahul Sharma
3dd02f5f3d TW-772: Add another env variable in opensync-gw helm chart 2020-06-28 17:06:45 -04:00
Rahul Sharma
7ca45f3949 TW-649: Add customer_events to the list of Pre-created topics 2020-06-28 10:09:49 -04:00
Rahul Sharma
ac85856b49 TW-764: Create Helm chart for Stream Processor 
TW-765: Create Liveliness and readiness check
TW-766: Make sure Stream Processor can consume messages from Kafka
 2020-06-26 19:34:06 -04:00
Rahul Sharma
0f8cf7995a TW-785: Adding mosquitto startup dependency on Opensync-gw-cloud 2020-06-26 19:02:55 -04:00
Rahul Sharma
cdf3cec690 TW-772: Convert Mqtt and gw-cloud as NodePorts 
We are not able to generate the mqttData.log if we use IngressController as NodePorts.
Looked at AP, it was generating the metrics but somehow they were not repoted in the mqttData.log file in the GW-sync pod.
Changing the MQTT and GW-SYNC to NodePort service and then changing the LoadBalancers to use TargetGroup relative to these NodePorts
fixed the issue. Still not clear on the reason.
 2020-06-26 15:15:18 -04:00
Rahul Sharma
f4eeb8fa48 TW-775: Update permission of mosquitto folders in mqtt pod 2020-06-26 13:10:53 -04:00
Rahul Sharma
70ba72097f TW-772: Updating Helm charts to support the new Opensync GW and Integrated Cloud Component 
variables.
Also introduced 2 new dev-override files for ConnectUs and Tip env. These contain the right image
name for static-portal and the Portal-Svc API for GrpahQL
 2020-06-25 14:11:02 -04:00
Rahul Sharma
7337d0da5c TW-647: Move Advertised listeners as part of Configuration Override. 
This is needed or else the declared Advertised listeners were not appended
 2020-06-23 19:32:27 -04:00
Rahul Sharma
dd4705f838 Merge branch 'master' of github.com:Telecominfraproject/wlan-cloud-helm 2020-06-23 17:51:04 -04:00
Rahul Sharma
875b448f63 TW-756: Update Kafka and SSC Helm charts to enable secure communication between them 
TW-758
 2020-06-23 17:49:22 -04:00
eugenetaranov-opsfleet
6bd6f1ed4d TOOLS-23: fix validation (#2) 
* TOOLS-23: fix validation

* test

* test

* cleanup
 2020-06-23 14:11:56 -04:00
eugenetaranov-opsfleet
bb97859861 TOOLS-23: k8s manifests validators (#1) 
* TOOLS-23: k8s manifests validators

* test

* test

* test glusterfs

* fix

* test

* test

* test tip-wlan

* fix

* disabled PR

* moved validation into separate job

Co-authored-by: Eugene Taranov <eugene@taranov.me>
 2020-06-23 13:08:09 -04:00
119 changed files with 4733 additions and 867 deletions
Expand all files Collapse all files

4
.github/workflows/helm-build.yml vendored
View File

@@ -7,7 +7,6 @@ on:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
@@ -28,5 +27,4 @@ jobs:
- name: Verify that chart was uploaded successfully
run: |
helm repo update
helm search repo tip
helm search repo tip

56
.github/workflows/helm-validation.yml vendored Normal file
View File

@@ -0,0 +1,56 @@
name: Helm validation
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
submodules: true
- name: Validators setup
env:
KUBESCORE_VERSON: 1.7.1
run: |
mkdir /tmp/k8s-validators
cd /tmp/k8s-validators
curl -LO https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
tar xf kubeval-linux-amd64.tar.gz
rm -f kubeval-linux-amd64.tar.gz LICENSE README.md
curl -LO https://github.com/zegl/kube-score/releases/download/v${{ env.KUBESCORE_VERSON }}/kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz
tar xf kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz
rm -f kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz LICENSE README.md
curl -LO https://get.helm.sh/helm-v3.2.4-linux-amd64.tar.gz
tar xf helm-v3.2.4-linux-amd64.tar.gz
mv linux-amd64/helm .
rm -fr helm-v3.2.4-linux-amd64.tar.gz linux-amd64
- name: Cache validators
uses: actions/cache@v1
with:
path: /tmp/k8s-validators
key: ${{ runner.os }}-k8s-validators
- name: Test tip-wlan
working-directory: tip-wlan
run: |
echo "Kubeval test"
helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
echo "Kube-score test"
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
- name: Test glusterfs
working-directory: glusterfs/kube-templates
run: |
echo "Kubeval test"
/tmp/k8s-validators/kubeval *.yaml
echo "Kube-score test"
/tmp/k8s-validators/kube-score score *.yaml

5
.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
*.pem
*.jks
*.pkcs12
*.p12
*.DS_Store

29
LICENSE Normal file
View File

@@ -0,0 +1,29 @@
BSD 3-Clause License
Copyright (c) 2020, Telecom Infra Project
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

126
README.md
View File

@@ -45,3 +45,129 @@ This repository contains helm charts for various deployment types of the tip wla
- Run the following command under tip-wlan-helm directory _after_ the components are running:
- helm test <RELEASE_NAME> -n default
(For more details add --debug flag to the above command)
# Local environment
In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
```
mqtt-server.cnf:
-commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build
+commonName_default = opensync-mqtt-broker.wlan.local
openssl-server.cnf:
-DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build
-DNS.2 = opensync-controller.zone1.lab.wlan.tip.build
+DNS.1 = opensync-redirector.wlan.local
+DNS.2 = opensync-controller.wlan.local
DNS.3 = tip-wlan-postgresql
-DNS.4 = ftp.example.com
```
In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
Optionally, in order to speedup first and subsequent runs, you may cache some images:
```
minikube cache add zookeeper:3.5.5
minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
minikube cache add postgres:latest
minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
minikube cache add eclipse-mosquitto:latest
minikube cache add opsfleet/depends-on
```
These images may occasionally need to be updated with these commands:
```
minikube cache reload ## reload images from the upstream
eval $( minikube docker-env )
for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
minikube cache add $img;
done
```
Run minikube:
```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
Deploy CloudSDK chart:
```helm install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
Services may be exposed to the local machine and local network with ssh, kubectl or kubefwd port forwarding, needs to be repeated for each service, please examples below:
Kubefwd:
Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
Forward to all interfaces:
```
sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
```
Kubectl forwarding:
```
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
```
Add certificate to the trust store.
Firefox:
1. Open settings, `Privacy and security`, `View certificates`.
2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
Repeat the step for `https://wlan-ui-graphql.wlan.local`
Chrome and other browsers using system certificate store:
1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
```
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
-----END CERTIFICATE-----
```
2. Double click on it, enter the system admin password, if prompted.

2
glusterfs/kube-templates/glusterfs-storage-class.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: glusterfs-storage
provisioner: kubernetes.io/glusterfs
allowVolumeExpansion: true
reclaimPolicy: Retain
reclaimPolicy: Delete
parameters:
resturl: "http://192.168.56.101:31080"
restuser: "admin"

3
tip-wlan/Chart.yaml
View File

@@ -54,6 +54,9 @@ dependencies:
- name: wlan-ssc-service
version: 0.1.0
condition: wlan-ssc-service.enabled
- name: wlan-spc-service
version: 0.1.0
condition: wlan-spc-service.enabled
- name: nginx-ingress-controller
version: 0.1.0
condition: nginx-ingress-controller.enabled

21
tip-wlan/charts/cassandra/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

27
tip-wlan/charts/cassandra/Chart.yaml
View File

@@ -1,12 +1,21 @@
apiVersion: v2
name: cassandra
version: 0.1.0
apiVersion: v2
version: 5.5.3
appVersion: 3.11.6
description: Apache Cassandra is a free and open-source distributed database management
system designed to handle large amounts of data across many commodity servers, providing
high availability with no single point of failure.
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png
description: Apache Cassandra is a free and open-source distributed database management system
designed to handle large amounts of data across many commodity servers, providing high
availability with no single point of failure.
Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous
masterless replication allowing low latency operations for all clients.
keywords:
- cassandra
- database
- nosql
- cassandra
- database
- nosql
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png
sources:
- https://github.com/bitnami/bitnami-docker-cassandra
home: http://cassandra.apache.org
maintainers:
- name: Bitnami
email: containers@bitnami.com
engine: gotpl

1
tip-wlan/charts/cassandra/resources/config/certs/keystore_creds Normal file
View File

@@ -0,0 +1 @@
DUMMY_PASSWORD

1
tip-wlan/charts/cassandra/resources/config/certs/truststore_creds Normal file
View File

@@ -0,0 +1 @@
DUMMY_PASSWORD

238
tip-wlan/charts/cassandra/resources/config/cqlshrc.default Normal file
View File

@@ -0,0 +1,238 @@
; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
;
; http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
;
; Sample ~/.cqlshrc file.
[authentication]
;; If Cassandra has auth enabled, fill out these options
username = cassandra
password = cassandra
; keyspace = ks1
[ui]
;; Whether or not to display query results with colors
color = on
;; Used for displaying timestamps (and reading them with COPY)
; datetimeformat = %Y-%m-%d %H:%M:%S%z
;; Display timezone
;timezone = Etc/UTC
;; The number of digits displayed after the decimal point for single and double precision numbers
;; (note that increasing this to large numbers can result in unusual values)
;float_precision = 5
;double_precision = 12
;; Used for automatic completion and suggestions
; completekey = tab
;; The encoding used for characters
; encoding = utf8
; To use another than the system default browser for cqlsh HELP to open
; the CQL doc HTML, use the 'browser' preference.
; If the field value is empty or not specified, cqlsh will use the
; default browser (specifying 'browser = default' does not work).
;
; Supported browsers are those supported by the Python webbrowser module.
; (https://docs.python.org/2/library/webbrowser.html).
;
; Hint: to use Google Chome, use
; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
;
; This setting can be overridden with the --browser command line option.
;
;browser =
[cql]
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
;; The port to connect to (9042 is the native protocol default)
port = 9042
;; Always connect using SSL - false by default
ssl = true
;; A timeout in seconds for opening new connections
; timeout = 10
;; A timeout in seconds for executing queries
; request_timeout = 10
[csv]
;; The size limit for parsed fields
; field_size_limit = 131072
[tracing]
;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0
[ssl]
certfile = /opt/tip-wlan/certs/cacert.pem
;; Optional - true by default.
;validate = true
;; To be provided when require_client_auth=true
userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
;; To be provided when require_client_auth=true
usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM
; [copy]
;; The string placeholder for null values
; nullval = null
;; For COPY TO, controls whether the first line in the CSV output file will
;; contain the column names. For COPY FROM, specifies whether the first
;; line in the CSV file contains column names.
; header = false
;; The character that is used as the decimal point separator
; decimalsep = .
;; The character that is used to separate thousands
;; (defaults to the empty string)
; thousandssep =
;; The string literal format for boolean values
; boolstyle = True,False
;; The number of child worker processes to create for
;; COPY tasks. Defaults to a max of 4 for COPY FROM and 16
;; for COPY TO. However, at most (num_cores - 1) processes
;; will be created.
; numprocesses =
;; The maximum number of failed attempts to fetch a range of data (when using
;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
; maxattempts = 5
;; How often status updates are refreshed, in seconds
; reportfrequency = 0.25
;; An optional file to output rate statistics to
; ratefile =
;; Options specific to COPY TO
; [copy-to]
;; The maximum number token ranges to fetch simultaneously
; maxrequests = 6
;; The number of rows to fetch in a single page
; pagesize = 1000
;; By default the page timeout is 10 seconds per 1000 entries
;; in the page size or 10 seconds if pagesize is smaller
; pagetimeout = 10
;; Token range to export. Defaults to exporting the full ring.
; begintoken =
; endtoken =
; The maximum size of the output file measured in number of lines;
; beyond this maximum the output file will be split into segments.
; -1 means unlimited.
; maxoutputsize = -1
;; The encoding used for characters
; encoding = utf8
;; Options specific to COPY FROM
; [copy-from]
;; The maximum number of rows to process per second
; ingestrate = 100000
;; The maximum number of rows to import (-1 means unlimited)
; maxrows = -1
;; A number of initial rows to skip
; skiprows = 0
;; A comma-separated list of column names to ignore
; skipcols =
;; The maximum global number of parsing errors to ignore, -1 means unlimited
; maxparseerrors = -1
;; The maximum global number of insert errors to ignore, -1 means unlimited
; maxinserterrors = 1000
;; A file to store all rows that could not be imported, by default this is
;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
; errfile =
;; The min and max number of rows inserted in a single batch
; maxbatchsize = 20
; minbatchsize = 2
;; The number of rows that are passed to child worker processes from
;; the main process at a time
; chunksize = 1000
;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this.
;; Optional table-specific options for COPY
; [copy:mykeyspace.mytable]
; chunksize = 1000
;; Optional table-specific options for COPY FROM
; [copy-from:mykeyspace.mytable]
; ingestrate = 20000
;; Optional table-specific options for COPY TO
; [copy-to:mykeyspace.mytable]
; pagetimeout = 30

238
tip-wlan/charts/cassandra/resources/config/cqlshrc.tip-wlan Normal file
View File

@@ -0,0 +1,238 @@
; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
;
; http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
;
; Sample ~/.cqlshrc file.
[authentication]
;; If Cassandra has auth enabled, fill out these options
username = tip_user
password = tip_password
; keyspace = ks1
[ui]
;; Whether or not to display query results with colors
color = on
;; Used for displaying timestamps (and reading them with COPY)
; datetimeformat = %Y-%m-%d %H:%M:%S%z
;; Display timezone
;timezone = Etc/UTC
;; The number of digits displayed after the decimal point for single and double precision numbers
;; (note that increasing this to large numbers can result in unusual values)
;float_precision = 5
;double_precision = 12
;; Used for automatic completion and suggestions
; completekey = tab
;; The encoding used for characters
; encoding = utf8
; To use another than the system default browser for cqlsh HELP to open
; the CQL doc HTML, use the 'browser' preference.
; If the field value is empty or not specified, cqlsh will use the
; default browser (specifying 'browser = default' does not work).
;
; Supported browsers are those supported by the Python webbrowser module.
; (https://docs.python.org/2/library/webbrowser.html).
;
; Hint: to use Google Chome, use
; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
;
; This setting can be overridden with the --browser command line option.
;
;browser =
[cql]
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
;; The port to connect to (9042 is the native protocol default)
port = 9042
;; Always connect using SSL - false by default
ssl = true
;; A timeout in seconds for opening new connections
; timeout = 10
;; A timeout in seconds for executing queries
; request_timeout = 10
[csv]
;; The size limit for parsed fields
; field_size_limit = 131072
[tracing]
;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0
[ssl]
certfile = /opt/tip-wlan/certs/cacert.pem
;; Optional - true by default.
;validate = true
;; To be provided when require_client_auth=true
userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
;; To be provided when require_client_auth=true
usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM
; [copy]
;; The string placeholder for null values
; nullval = null
;; For COPY TO, controls whether the first line in the CSV output file will
;; contain the column names. For COPY FROM, specifies whether the first
;; line in the CSV file contains column names.
; header = false
;; The character that is used as the decimal point separator
; decimalsep = .
;; The character that is used to separate thousands
;; (defaults to the empty string)
; thousandssep =
;; The string literal format for boolean values
; boolstyle = True,False
;; The number of child worker processes to create for
;; COPY tasks. Defaults to a max of 4 for COPY FROM and 16
;; for COPY TO. However, at most (num_cores - 1) processes
;; will be created.
; numprocesses =
;; The maximum number of failed attempts to fetch a range of data (when using
;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
; maxattempts = 5
;; How often status updates are refreshed, in seconds
; reportfrequency = 0.25
;; An optional file to output rate statistics to
; ratefile =
;; Options specific to COPY TO
; [copy-to]
;; The maximum number token ranges to fetch simultaneously
; maxrequests = 6
;; The number of rows to fetch in a single page
; pagesize = 1000
;; By default the page timeout is 10 seconds per 1000 entries
;; in the page size or 10 seconds if pagesize is smaller
; pagetimeout = 10
;; Token range to export. Defaults to exporting the full ring.
; begintoken =
; endtoken =
; The maximum size of the output file measured in number of lines;
; beyond this maximum the output file will be split into segments.
; -1 means unlimited.
; maxoutputsize = -1
;; The encoding used for characters
; encoding = utf8
;; Options specific to COPY FROM
; [copy-from]
;; The maximum number of rows to process per second
; ingestrate = 100000
;; The maximum number of rows to import (-1 means unlimited)
; maxrows = -1
;; A number of initial rows to skip
; skiprows = 0
;; A comma-separated list of column names to ignore
; skipcols =
;; The maximum global number of parsing errors to ignore, -1 means unlimited
; maxparseerrors = -1
;; The maximum global number of insert errors to ignore, -1 means unlimited
; maxinserterrors = 1000
;; A file to store all rows that could not be imported, by default this is
;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
; errfile =
;; The min and max number of rows inserted in a single batch
; maxbatchsize = 20
; minbatchsize = 2
;; The number of rows that are passed to child worker processes from
;; the main process at a time
; chunksize = 1000
;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this.
;; Optional table-specific options for COPY
; [copy:mykeyspace.mytable]
; chunksize = 1000
;; Optional table-specific options for COPY FROM
; [copy-from:mykeyspace.mytable]
; ingestrate = 20000
;; Optional table-specific options for COPY TO
; [copy-to:mykeyspace.mytable]
; pagetimeout = 30

80
tip-wlan/charts/cassandra/templates/NOTES.txt
View File

@@ -1,35 +1,65 @@
Cassandra CQL can be accessed via port {{ .Values.config.ports.cql }} on the following DNS name from within your cluster:
Cassandra Thrift can be accessed via port {{ .Values.config.ports.thrift }} on the following DNS name from within your cluster:
** Please be patient while the chart is being deployed **
If you want to connect to the remote instance with your local Cassandra CQL cli. To forward the API port to localhost:9042 run the following:
- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') 9042:{{ .Values.config.ports.cql }}
Cassandra can be accessed through the following URLs from within the cluster:
- CQL: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.port }}
- Thrift: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.thriftPort }}
To get your password run:
export CASSANDRA_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} -o jsonpath="{.data.cassandra-password}" | base64 --decode)
Check the cluster status by running:
kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "common.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status
To connect to your Cassandra cluster using CQL:
1. Run a Cassandra pod that you can use as a client:
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }}-client --rm --tty -i --restart='Never' \
--env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.name" . }}-client=true"{{ end }} \
--image {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} -- bash
2. Connect using the cqlsh client:
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD {{ template "common.fullname" . }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
"{{ template "common.fullname" . }}-client=true"
will be able to connect to Cassandra.
{{- else -}}
To connect to your database from outside the cluster execute the following commands:
If you want to connect to the Cassandra CQL run the following:
{{- if contains "NodePort" .Values.service.type }}
- export CQL_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export CQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- cqlsh $CQL_HOST $CQL_PORT
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.fullname" . }})
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo cqlsh $SERVICE_IP
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP
{{- else if contains "ClusterIP" .Values.service.type }}
- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 9042:{{ .Values.config.ports.cql }}
echo cqlsh 127.0.0.1 9042
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.port }}
{{- end }}
{{- end }}
You can also see the cluster status by run the following:
- kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
To tail the logs for the Cassandra pod run the following:
- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }')
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- if not .Values.persistence.enabled }}
Note that the cluster is running with node-local storage instead of PersistentVolumes. In order to prevent data loss,
pods will be decommissioned upon termination. Decommissioning may take some time, so you might also want to adjust the
pod termination gace period, which is currently set to {{ .Values.podSettings.terminationGracePeriodSeconds }} seconds.
{{- end}}
{{- end }}

70
tip-wlan/charts/cassandra/templates/_helpers.tpl
View File

@@ -1,17 +1,71 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create chart name and version as used by the chart label.
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "cassandra.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
Return the proper metrics image name
*/}}
{{- define "cassandra.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "cassandra.fullname" .) .Values.serviceAccount.name }}
{{- define "cassandra.metrics.image" -}}
{{- $registryName := .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "cassandra.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "cassandra.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "cassandra.tplValue" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

90
tip-wlan/charts/cassandra/templates/backup/cronjob.yaml
View File

@@ -1,90 +0,0 @@
{{- if .Values.backup.enabled }}
{{- $release := .Release }}
{{- $values := .Values }}
{{- $backup := $values.backup }}
{{- range $index, $schedule := $backup.schedule }}
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ include "common.fullname" $ }}-backup-{{ $schedule.keyspace | replace "_" "-" }}
labels:
app: {{ include "common.name" $ }}-cain
chart: {{ template "cassandra.chart" $ }}
release: "{{ $release.Name }}"
heritage: "{{ $release.Service }}"
spec:
schedule: {{ $schedule.cron | quote }}
concurrencyPolicy: Forbid
startingDeadlineSeconds: 120
jobTemplate:
spec:
template:
metadata:
annotations:
{{ toYaml $backup.annotations }}
spec:
restartPolicy: OnFailure
serviceAccountName: {{ template "cassandra.serviceAccountName" $ }}
containers:
- name: cassandra-backup
image: "{{ $backup.image.repository }}:{{ $backup.image.tag }}"
command: ["cain"]
args:
- backup
- --namespace
- {{ $release.Namespace }}
- --selector
- release={{ $release.Name }},app={{ include "common.name" $ }}
- --keyspace
- {{ $schedule.keyspace }}
- --dst
- {{ $backup.destination }}
{{- with $backup.extraArgs }}
{{ toYaml . | indent 12 }}
{{- end }}
env:
{{- if $backup.google.serviceAccountSecret }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/secrets/google/credentials.json"
{{- end }}
{{- with $backup.env }}
{{ toYaml . | indent 12 }}
{{- end }}
{{- with $backup.resources }}
resources:
{{ toYaml . | indent 14 }}
{{- end }}
{{- if $backup.google.serviceAccountSecret }}
volumeMounts:
- name: google-service-account
mountPath: /etc/secrets/google/
{{- end }}
{{- if $backup.google.serviceAccountSecret }}
volumes:
- name: google-service-account
secret:
secretName: {{ $backup.google.serviceAccountSecret | quote }}
{{- end }}
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ include "common.fullname" $ }}
- key: release
operator: In
values:
- {{ $release.Name }}
topologyKey: "kubernetes.io/hostname"
{{- with $values.tolerations }}
tolerations:
{{ toYaml . | indent 12 }}
{{- end }}
{{- end }}
{{- end }}

50
tip-wlan/charts/cassandra/templates/backup/rbac.yaml
View File

@@ -1,50 +0,0 @@
{{- if .Values.backup.enabled }}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "cassandra.serviceAccountName" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
---
{{- end }}
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "common.fullname" . }}-backup
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
rules:
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "common.fullname" . }}-backup
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "common.fullname" . }}-backup
subjects:
- kind: ServiceAccount
name: {{ template "cassandra.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

13
tip-wlan/charts/cassandra/templates/configmap.yaml
View File

@@ -1,14 +1,7 @@
{{- if .Values.configOverrides }}
kind: ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.name" . }}
name: cassandra-configurations-override
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{ toYaml .Values.configOverrides | indent 2 }}
{{- end }}
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

29
tip-wlan/charts/cassandra/templates/headless-svc.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
spec:
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: intra
port: 7000
targetPort: intra
- name: tls
port: 7001
targetPort: tls
- name: jmx
port: 7199
targetPort: jmx
- name: cql
port: {{ .Values.service.port }}
targetPort: cql
{{- if .Values.cluster.enableRPC }}
- name: thrift
port: {{ .Values.service.thriftPort }}
targetPort: thrift
{{- end }}
selector: {{- include "common.selectorLabels" . | nindent 4 }}

38
tip-wlan/charts/cassandra/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "networkPolicy.apiVersion" . }}
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
ingress:
# Allow inbound connections
# CQL and Thrift ports
- ports:
- port: {{ .Values.service.port }}
- port: {{ .Values.service.thriftPort }}
from:
{{- if not .Values.networkPolicy.allowExternal }}
- podSelector:
matchLabels:
{{ include "common.fullname" . }}-client: "true"
{{- end }}
- podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
# Internal ports
- ports:
- port: intra
- port: tls
- port: jmx
from:
- podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 8080
{{- end }}
{{- end }}

39
tip-wlan/charts/cassandra/templates/secret.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if (not .Values.dbUser.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.dbUser.password }}
cassandra-password: {{ .Values.dbUser.password | b64enc | quote }}
{{- else if (not .Values.dbUser.forcePassword) }}
cassandra-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ else }}
cassandra-password: {{ required "A Cassandra Password is required!" .Values.dbUser.password }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: cassandra-ssl-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
truststore-password: {{ .Files.Get "resources/config/certs/truststore_creds" | b64enc }}
keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ .Files.Get "resources/config/certs/keystore_creds" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-client-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

62
tip-wlan/charts/cassandra/templates/service.yaml
View File

@@ -3,44 +3,30 @@ kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
spec:
clusterIP: None
type: {{ .Values.service.type }}
ports:
{{- if .Values.exporter.enabled }}
- name: metrics
port: 5556
targetPort: {{ .Values.exporter.port }}
{{- end }}
- name: intra
port: 7000
targetPort: 7000
- name: tls
port: 7001
targetPort: 7001
- name: jmx
port: 7199
targetPort: 7199
- name: cql
port: {{ default 9042 .Values.config.ports.cql }}
targetPort: {{ default 9042 .Values.config.ports.cql }}
- name: thrift
port: {{ default 9160 .Values.config.ports.thrift }}
targetPort: {{ default 9160 .Values.config.ports.thrift }}
{{- if .Values.config.ports.agent }}
- name: agent
port: {{ .Values.config.ports.agent }}
targetPort: {{ .Values.config.ports.agent }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
ports:
- name: cql
port: {{ .Values.service.port }}
targetPort: cql
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }}
nodePort: {{ .Values.service.nodePorts.cql }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.cluster.enableRPC }}
- name: thrift
port: {{ .Values.service.thriftPort }}
targetPort: thrift
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.thrift)) }}
nodePort: {{ .Values.service.nodePorts.thrift }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- end }}
selector: {{- include "common.selectorLabels" . | nindent 4 }}

469
tip-wlan/charts/cassandra/templates/statefulset.yaml
View File

@@ -3,219 +3,304 @@ kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
serviceName: {{ include "common.fullname" . }}
replicas: {{ .Values.config.cluster_size }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
serviceName: {{ include "common.fullname" . }}-headless
replicas: {{ .Values.cluster.replicaCount }}
updateStrategy:
type: {{ .Values.updateStrategy.type }}
type: {{ .Values.statefulset.updateStrategy }}
{{- if (eq "Recreate" .Values.statefulset.updateStrategy) }}
rollingUpdate: null
{{- else if .Values.statefulset.rollingUpdatePartition }}
rollingUpdate:
partition: {{ .Values.statefulset.rollingUpdatePartition }}
{{- end }}
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
labels: {{- include "common.labels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
annotations:
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- if .Values.affinity }}
affinity: {{- include "cassandra.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "cassandra.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "cassandra.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
hostNetwork: {{ .Values.hostNetwork }}
{{- if .Values.selector }}
{{ toYaml .Values.selector | indent 6 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.configOverrides }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
initContainers:
- name: config-copier
image: busybox
command: [ 'sh', '-c', 'cp /configmap-files/* /cassandra-configs/ && chown 999:999 /cassandra-configs/*']
volumeMounts:
{{- range $key, $value := .Values.configOverrides }}
- name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }}
mountPath: /configmap-files/{{ $key }}
subPath: {{ $key }}
{{- end }}
- name: cassandra-configs
mountPath: /cassandra-configs/
{{- end }}
containers:
{{- if .Values.exporter.enabled }}
- name: cassandra-exporter
image: "{{ .Values.exporter.image.repo }}:{{ .Values.exporter.image.tag }}"
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
env:
- name: CASSANDRA_EXPORTER_CONFIG_listenPort
value: {{ .Values.exporter.port | quote }}
- name: JVM_OPTS
value: {{ .Values.exporter.jvmOpts | quote }}
ports:
- name: metrics
containerPort: {{ .Values.exporter.port }}
protocol: TCP
- name: jmx
containerPort: 5555
livenessProbe:
tcpSocket:
port: {{ .Values.exporter.port }}
readinessProbe:
httpGet:
path: /metrics
port: {{ .Values.exporter.port }}
initialDelaySeconds: 20
timeoutSeconds: 45
{{- end }}
- name: {{ include "common.fullname" . }}
image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.commandOverrides }}
command: {{ .Values.commandOverrides }}
{{- end }}
{{- if .Values.argsOverrides }}
args: {{ .Values.argsOverrides }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
env:
{{- $seed_size := default 1 .Values.config.seed_size | int -}}
{{- $global := . }}
- name: CASSANDRA_SEEDS
{{- if .Values.hostNetwork }}
value: {{ required "You must fill \".Values.config.seeds\" with list of Cassandra seeds when hostNetwork is set to true" .Values.config.seeds | quote }}
{{- else }}
value: "{{- range $i, $e := until $seed_size }}{{ include "common.fullname" $global }}-{{ $i }}.{{ include "common.fullname" $global }}.{{ $global.Values.global.nsPrefix }}.svc.{{ $global.Values.config.cluster_domain }}{{- if (lt ( add1 $i ) $seed_size ) }},{{- end }}{{- end }}"
- name: volume-permissions
image: {{ include "cassandra.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami/cassandra
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
- name: MAX_HEAP_SIZE
value: {{ default "8192M" .Values.config.max_heap_size | quote }}
- name: HEAP_NEWSIZE
value: {{ default "200M" .Values.config.heap_new_size | quote }}
- name: CASSANDRA_ENDPOINT_SNITCH
value: {{ default "SimpleSnitch" .Values.config.endpoint_snitch | quote }}
- name: CASSANDRA_CLUSTER_NAME
value: {{ default "Cassandra" .Values.config.cluster_name | quote }}
- name: CASSANDRA_DC
value: {{ default "DC1" .Values.config.dc_name | quote }}
- name: CASSANDRA_RACK
value: {{ default "RAC1" .Values.config.rack_name | quote }}
- name: CASSANDRA_START_RPC
value: {{ default "false" .Values.config.start_rpc | quote }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- range $key, $value := .Values.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
{{- end }}
livenessProbe:
exec:
command: [ "/bin/sh", "-c", "nodetool status" ]
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
readinessProbe:
exec:
command: [ "/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+{{ .Values.readinessProbe.address }}\"" ]
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
ports:
- name: intra
containerPort: 7000
- name: tls
containerPort: 7001
- name: jmx
containerPort: 7199
- name: cql
containerPort: {{ default 9042 .Values.config.ports.cql }}
- name: thrift
containerPort: {{ default 9160 .Values.config.ports.thrift }}
{{- if .Values.config.ports.agent }}
- name: agent
containerPort: {{ .Values.config.ports.agent }}
{{- end }}
volumeMounts:
- name: data
mountPath: /var/lib/cassandra
{{- if .Values.configOverrides }}
- name: cassandra-configs
mountPath: /etc/cassandra
{{- end }}
{{- if not .Values.persistence.enabled }}
lifecycle:
preStop:
volumeMounts:
- name: data
mountPath: /bitnami/cassandra
{{- end }}
containers:
- name: cassandra
command:
- bash
- -ec
# Node 0 is the password seeder
- |
if [[ $HOSTNAME =~ (.*)-0$ ]]; then
echo "Setting node as password seeder"
export CASSANDRA_PASSWORD_SEEDER=yes
else
# Only node 0 will execute the startup initdb scripts
export CASSANDRA_IGNORE_INITDB_SCRIPTS=1
fi
{{ .Values.entrypoint }} {{ .Values.cmd }}
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: CASSANDRA_CLUSTER_NAME
value: {{ .Values.cluster.name }}
- name: CASSANDRA_SEEDS
{{- $global := . }}
{{- $replicas := .Values.cluster.seedCount | int }}
{{- $domain := .Values.cluster.domain }}
value: "{{- range $i, $e := until $replicas }}{{ include "common.fullname" $global }}-{{ $i }}.{{ include "common.fullname" $global }}-headless.{{ $global.Values.global.nsPrefix }}.svc.{{ $domain }}{{- if (lt ( add1 $i ) $replicas ) }},{{- end }}{{- end }}"
- name: CASSANDRA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.dbUser.existingSecret }}{{ .Values.dbUser.existingSecret }}{{- else }}{{ include "common.fullname" . }}{{- end }}
key: cassandra-password
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CASSANDRA_USER
value: {{ .Values.dbUser.user | quote }}
- name: CASSANDRA_NUM_TOKENS
value: {{ .Values.cluster.numTokens | quote }}
- name: CASSANDRA_DATACENTER
value: {{ .Values.cluster.datacenter }}
- name: CASSANDRA_ENDPOINT_SNITCH
value: {{ .Values.cluster.endpointSnitch }}
{{- if .Values.tlsEncryptionSecretName }}
- name: CASSANDRA_INTERNODE_ENCRYPTION
value: {{ .Values.cluster.internodeEncryption | quote }}
- name: CASSANDRA_CLIENT_ENCRYPTION
value: {{ .Values.cluster.clientEncryption | quote }}
- name: CASSANDRA_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.tlsEncryptionSecretName }}
key: truststore-password
- name: CASSANDRA_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.tlsEncryptionSecretName }}
key: keystore-password
{{- end }}
- name: CASSANDRA_RACK
value: {{ .Values.cluster.rack }}
{{- if .Values.jvm.maxHeapSize }}
- name: MAX_HEAP_SIZE
value: {{ .Values.jvm.maxHeapSize | quote }}
{{- end }}
{{- if .Values.jvm.newHeapSize }}
- name: HEAP_NEWSIZE
value: {{ .Values.jvm.newHeapSize | quote }}
{{- end }}
{{- if .Values.jvm.extraOpts }}
- name: JVM_EXTRA_OPTS
value: {{ .Values.jvm.extraOpts | quote }}
{{- end }}
- name: CASSANDRA_ENABLE_RPC
value: {{ .Values.cluster.enableRPC | quote }}
{{- if .Values.cluster.enableUDF }}
- name: CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS
value: {{ .Values.cluster.enableUDF | quote }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command: ["/bin/sh", "-c", "exec nodetool decommission"]
command: ["/bin/sh", "-c", "nodetool status"]
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command: ["/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+${POD_IP}\""]
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- if not .Values.persistence.enabled }}
lifecycle:
preStop:
exec:
command:
- bash
- -ec
- nodetool decommission
{{- end }}
ports:
- name: intra
containerPort: 7000
- name: tls
containerPort: 7001
- name: jmx
containerPort: 7199
- name: cql
containerPort: 9042
{{- if .Values.cluster.enableRPC }}
- name: thrift
containerPort: 9160
{{- end }}
{{- if .Values.resources }}
resources: {{ toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/cassandra
{{- if .Values.tlsEncryptionSecretName }}
- name: encryption-secrets
mountPath: /bitnami/cassandra/secrets
{{- end }}
{{- if .Values.initDBConfigMap }}
- name: init-db-cm
mountPath: /docker-entrypoint-initdb.d/configmap
{{- end }}
{{- if .Values.initDBSecret }}
- name: init-db-secret
mountPath: /docker-entrypoint-initdb.d/secret
{{- end }}
{{ if .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/cassandra/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: cassandra-client-certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
name: cassandra-client-certificates
subPath: cassandraservercert.pem
- mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
name: cassandra-client-certificates
subPath: cassandraserverkey_dec.pem
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "cassandra.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
ports:
- name: metrics
containerPort: 8080
protocol: TCP
- name: jmx
containerPort: 5555
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
livenessProbe:
tcpSocket:
port: metrics
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 20
timeoutSeconds: 45
{{- end }}
terminationGracePeriodSeconds: {{ default 30 .Values.podSettings.terminationGracePeriodSeconds }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
- name: {{ .Values.image.pullSecrets }}
{{- end }}
{{- if or .Values.configOverrides (not .Values.persistence.enabled) }}
volumes:
{{- end }}
{{- range $key, $value := .Values.configOverrides }}
- configMap:
name: cassandra
name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }}
{{- end }}
{{- if .Values.configOverrides }}
- name: cassandra-configs
emptyDir: {}
{{- end }}
- name: cassandra-client-certificates
secret:
secretName: {{ include "common.fullname" . }}-client-certs
{{- if .Values.tlsEncryptionSecretName }}
- name: encryption-secrets
secret:
secretName: {{ .Values.tlsEncryptionSecretName }}
items:
- key: keystore
path: keystore
- key: truststore
path: truststore
{{- end }}
{{- if .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ tpl .Values.existingConfiguration $ }}
{{- end }}
{{- if .Values.initDBConfigMap }}
- name: init-db-cm
configMap:
name: {{ tpl .Values.initDBConfigMap $ }}
{{- end }}
{{- if .Values.initDBSecret }}
- name: init-db-secret
configMap:
name: {{ tpl .Values.initDBSecret $ }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
- metadata:
name: data
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
{{- if .Values.persistence.annotations }}
annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

27
tip-wlan/charts/cassandra/templates/tests/test-cassandra-record-insert-del.yaml
View File

@@ -11,12 +11,12 @@ metadata:
spec:
containers:
- name: {{ include "common.name" . }}-test-cassandra-basic
image: {{ .Values.image.repo }}:{{ .Values.image.tag }}
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
command:
- sh
- -c
- |
cqlsh {{ include "common.fullname" . }}.{{ include "common.namespace" . }}.svc.{{ .Values.config.cluster_domain }} -e \
cqlsh --cqlshrc /bitnami/cassandra/conf/cqlshrc.tip-wlan -e \
"CREATE KEYSPACE MYDB WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; \
use MYDB; \
CREATE TABLE BOOKS (id int PRIMARY KEY, title text, year text); \
@@ -26,5 +26,28 @@ spec:
SELECT * FROM BOOKS; \
DROP TABLE BOOKS; \
DROP KEYSPACE MYDB;"
volumeMounts:
{{ if .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/cassandra/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: cassandra-client-certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
name: cassandra-client-certificates
subPath: cassandraservercert.pem
- mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
name: cassandra-client-certificates
subPath: cassandraserverkey_dec.pem
restartPolicy: Never
volumes:
{{- if .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ tpl .Values.existingConfiguration $ }}
{{- end }}
- name: cassandra-client-certificates
secret:
secretName: {{ include "common.fullname" . }}-client-certs
{{- end }}

450
tip-wlan/charts/cassandra/values.yaml
View File

@@ -1,28 +1,114 @@
## Cassandra image version
## ref: https://hub.docker.com/r/library/cassandra/
image:
repo: cassandra
tag: 3.11.6
pullPolicy: IfNotPresent
## Specify ImagePullSecrets for Pods
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
# pullSecrets: myregistrykey
## Specify a service type
## ref: http://kubernetes.io/docs/user-guide/services/
service:
type: ClusterIP
annotations: ""
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# schedulerName:
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Persist data to a persistent volume
## Bitnami Cassandra image version
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
##
image:
registry: docker.io
repository: bitnami/cassandra
## Bitnami Cassandra image tag
## ref: https://github.com/bitnami/bitnami-docker-cassandra#supported-tags-and-respective-dockerfile-links
##
tag: 3.11.6-debian-10-r138
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH debugging in minideb-extras-base
##
debug: false
## String to partially override cassandra.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override cassandra.fullname template
##
# fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
enabled: true
image:
registry: docker.io
repository: bitnami/minideb
tag: buster
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Service parameters
##
service:
## Service type
##
type: ClusterIP
## CQL port
##
port: 9042
## Thrift Client API port
##
thriftPort: 9160
## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
cql: ""
thriftPort: ""
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: false
## cassandra data Persistent Volume Storage Class
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
@@ -30,207 +116,213 @@ persistence:
## GKE, AWS & OpenStack)
##
storageClass: "-"
accessMode: ReadWriteOnce
## Persistent Volume Claim annotations
##
annotations:
## Persistent Volume Access Mode
##
accessModes:
- ReadWriteOnce
## Persistent Volume size
##
size: 1Gi
## Configure resource requests and limits
## Cassandra pods' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## Minimum memory for development is 4GB and 2 CPU cores
## Minimum memory for production is 8GB and 4 CPU cores
## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
resources: {}
# requests:
# memory: 4Gi
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
# limits:
# memory: 4Gi
requests: {}
# cpu: 2
# memory: 4Gi
## Change cassandra configuration parameters below:
## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configCassandra_yaml.html
## Recommended max heap size is 1/2 of system memory
## Recommended heap new size is 1/4 of max heap size
## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsTuneJVM.html
config:
cluster_domain: cluster.local
cluster_name: cassandra
cluster_size: 3
seed_size: 2
num_tokens: 256
# If you want Cassandra to use this datacenter and rack name,
# you need to set endpoint_snitch to GossipingPropertyFileSnitch.
# Otherwise, these values are ignored and datacenter1 and rack1
# are used.
dc_name: DC1
rack_name: RAC1
endpoint_snitch: SimpleSnitch
max_heap_size: 2048M
heap_new_size: 512M
start_rpc: false
ports:
cql: 9042
thrift: 9160
# If a JVM Agent is in place
# agent: 61621
## Secret with keystore, keystore password, truststore, truststore password
##
tlsEncryptionSecretName: cassandra-ssl-certs
## ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart
##
existingConfiguration: cassandra-configurations-override
## Cluster parameters
##
cluster:
name: TipWlanCluster
replicaCount: 3
seedCount: 2
numTokens: 256
datacenter: DC1
rack: RAC1
enableRPC: true
endpointSnitch: SimpleSnitch
## Enable the creation of the Pod Disruption Budget
##
pdbEnabled: true
## Minimum number of cluster nodes that will be running. Needs pdbEnabled=true
##
minAvailable: 1
## Maximum number of cluster nodes that may not be running. Needs pdbEnabled=true.
##
# maxUnavailable: 1
## Encryption values. NOTE: They require tlsEncryptionSecretName
##
internodeEncryption: all
clientEncryption: true
domain: cluster.local
## Cassandra config files overrides
configOverrides: {}
## JVM Settings
##
jvm:
## Extra JVM options
##
extraOpts:
## Cassandra docker command overrides
commandOverrides: []
## Memory settings: These are calculated automatically
## unless specified otherwise
##
# maxHeapSize: 4G
# newHeapSize: 800M
## Cassandra docker args overrides
argsOverrides: []
## Database credentials
##
dbUser:
user: cassandra
forcePassword: false
password: cassandra
# existingSecret:
## Custom env variables.
## ref: https://hub.docker.com/_/cassandra/
env: {}
## ConfigMap with cql scripts. Useful for creating a keyspace
## and pre-populating data
##
# initDBConfigMap:
## Liveness and Readiness probe values.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
## Secret with cql script (with sensitive data). Useful for creating a keyspace
## and pre-populating data
##
# initDBSecret:
## Cassandra container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
initialDelaySeconds: 90
enabled: true
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
failureThreshold: 5
readinessProbe:
initialDelaySeconds: 90
periodSeconds: 30
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
address: "${POD_IP}"
## Configure node selector. Edit code below for adding selector to pods
## ref: https://kubernetes.io/docs/user-guide/node-selection/
# selector:
# nodeSelector:
# cloud.google.com/gke-nodepool: pool-db
failureThreshold: 5
## Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Additional pod-level settings
podSettings:
# Change this to give pods more time to properly leave the cluster when not using persistent storage.
terminationGracePeriodSeconds: 30
## Pod distruption budget
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 2
podManagementPolicy: OrderedReady
updateStrategy:
type: OnDelete
## Pod Security Context
securityContext:
enabled: false
fsGroup: 999
runAsUser: 999
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node tolerations for pod assignment
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
rbac:
# Specifies whether RBAC resources should be created
create: true
## StatefulSet settings
##
statefulset:
updateStrategy: OnDelete
# rollingUpdatePartition:
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
# name:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
# Use host network for Cassandra pods
# You must pass seed list into config.seeds property if set to true
hostNetwork: false
## Container entrypoint and cmd (useful for using different images)
##
entrypoint: "/entrypoint.sh"
cmd: "/run.sh"
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
## Network policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## Specifies whether a NetworkPolicy should be created
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port Redis is listening
## on. When true, Redis will accept connections from any source
## (with the correct destination port).
##
# allowExternal: true
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
testsEnabled: true
## Backup cronjob configuration
## Ref: https://github.com/maorfr/cain
backup:
## Cassandra Prometheus exporter configuration
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
##
metrics:
enabled: false
# Schedule to run jobs. Must be in cron time format
# Ref: https://crontab.guru/
schedule:
- keyspace: keyspace1
cron: "0 7 * * *"
- keyspace: keyspace2
cron: "30 7 * * *"
annotations:
# Example for authorization to AWS S3 using kube2iam
# Can also be done using environment variables
iam.amazonaws.com/role: cain
image:
repository: maorfr/cain
tag: 0.6.0
# Additional arguments for cain
# Ref: https://github.com/maorfr/cain#usage
extraArgs: []
# Add additional environment variables
env:
# Example environment variable required for AWS credentials chain
- name: AWS_REGION
value: us-east-1
registry: docker.io
pullPolicy: IfNotPresent
repository: bitnami/cassandra-exporter
tag: 2.3.4-debian-10-r119
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Cassandra Prometheus exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 1Gi
cpu: 1
limits:
memory: 1Gi
cpu: 1
# Name of the secret containing the credentials of the service account used by GOOGLE_APPLICATION_CREDENTIALS, as a credentials.json file
# google:
# serviceAccountSecret:
# Destination to store the backup artifacts
# Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage
# Additional support can added. Visit this repository for details
# Ref: https://github.com/maorfr/skbn
destination: s3://bucket/cassandra
## Cassandra exported configuration
## ref: https://github.com/criteo/cassandra_exporter
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels: {}
# prometheus: default
image:
repo: criteord/cassandra_exporter
tag: 2.0.2
port: 5556
jvmOpts: ""
resources: {}
# limits:
# cpu: 1
# memory: 1Gi
# requests:
# cpu: 1
# memory: 1Gi
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Metrics exporter pod Annotation and Labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"

19
tip-wlan/charts/common/Chart.yaml
View File

@@ -1,18 +1,11 @@
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Chart for deploying Common templates that are used by other charts
apiVersion: v1
description: Common templates for inclusion in other charts
name: common
version: 0.1.0
dependencies:
- name: efs-provisioner
version: 1.0.0
condition: efs-provisioner.enabled

7
tip-wlan/charts/common/charts/efs-provisioner/Chart.yaml Normal file
View File

@@ -0,0 +1,7 @@
# Chart for deploying EFS Provisioner including it's storage class
#
apiVersion: v1
description: EFS-Provisioner Chart to be used by other charts for file storage
name: efs-provisioner
version: 1.0.0

41
tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.provisioner.replicaCount }}
strategy:
type: {{ .Values.provisioner.strategyType }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "common.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.provisioner.image.name }}:{{ .Values.provisioner.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: FILE_SYSTEM_ID
value: {{ .Values.provisioner.efsFileSystemId }}
- name: AWS_REGION
value: {{ .Values.provisioner.awsRegion }}
- name: DNS_NAME
value: {{ .Values.provisioner.dnsName }}
- name: PROVISIONER_NAME
value: {{ .Values.provisioner.provisionerName }}
volumeMounts:
- name: pv-volume
mountPath: /persistentvolumes
volumes:
- name: pv-volume
nfs:
server: {{ .Values.provisioner.efsDnsName }}
path: /

103
tip-wlan/charts/common/charts/efs-provisioner/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,103 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- create
- update
- patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}-{{ .Values.provisioner.nameExtension}}
namespace: {{ include "common.namespace" . }}
roleRef:
kind: Role
name: {{ include "common.name" . }}
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- "storage.k8s.io"
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- create
- update
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
namespace: {{ include "common.namespace" . }}
roleRef:
kind: ClusterRole
name: {{ include "common.name" . }}
apiGroup: rbac.authorization.k8s.io

11
tip-wlan/charts/common/charts/efs-provisioner/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}

6
tip-wlan/charts/common/charts/efs-provisioner/templates/storage-class.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.provisioner.storageClass }}
provisioner: {{ .Values.provisioner.provisionerName }}
allowVolumeExpansion: true

28
tip-wlan/charts/common/charts/efs-provisioner/values.yaml Normal file
View File

@@ -0,0 +1,28 @@
#################################################################
# Global configuration default values that can be inherited by
# all subcharts.
#################################################################
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: efs-provisioner
## EFS Provisioner related properties
provisioner:
nameExtension: efs-provisioner
replicaCount: 1
strategyType: Recreate
image:
name: quay.io/external_storage/efs-provisioner
tag: latest
efsFileSystemId: fs-8a3fa867
awsRegion: ca-central-1
dnsName: ""
provisionerName: shared-provisioner
efsDnsName: fs-8a3fa867.efs.ca-central-1.amazonaws.com
storageClass: aws-efs

28
tip-wlan/charts/common/templates/_env.tpl
View File

@@ -10,32 +10,8 @@
{{- end -}}
{{- define "common.env" -}}
- name: {{ .Values.env.url.alarm }}
- name: {{ .Values.env.ssc_url }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.client }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.cloudEventDispatcher }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.customer }}
- name: {{ .Values.env.prov_url }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.firmware }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.location }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.profile }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.serviceMetrics }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.equipment }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.manufacturer }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.portalUser }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.routing }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.status }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.systemEvent }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
{{- end -}}

35
tip-wlan/charts/common/templates/_svc.tpl
View File

@@ -18,6 +18,27 @@ else use user-provided URL
{{- end -}}
{{- end -}}
{{/*
Resolve the Kafka service-name to apply to a chart.
*/}}
{{- define "kafka.service" -}}
{{- printf "%s-%s" .Release.Name .Values.kafka.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Cassandra service-name to apply to a chart.
*/}}
{{- define "cassandra.service" -}}
{{- printf "%s-%s" .Release.Name .Values.cassandra.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the MQTT service-name to apply to a chart.
*/}}
{{- define "mqtt.service" -}}
{{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the integratedcloudcomponent service-name to apply to a chart.
*/}}
@@ -37,4 +58,18 @@ else use user-provided URL
*/}}
{{- define "ssc.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "portal.sharedPvc.name" -}}
{{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
{{- end -}}
{{/*
Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "filestore.dir.name" -}}
{{- printf "%s" .Values.filestore.internal | trunc 63 -}}
{{- end -}}

6
tip-wlan/charts/common/values.yaml
View File

@@ -1,4 +1,8 @@
#################################################################
# Global configuration default values that can be inherited by
# all subcharts.
#################################################################
#################################################################
# Enabling common components
efs-provisioner:
enabled: false

11
tip-wlan/charts/kafka/resources/config/admin-client.properties Normal file
View File

@@ -0,0 +1,11 @@
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password=DUMMY_PASSWORD
ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
ssl.keystore.password=DUMMY_PASSWORD
ssl.keystore.type=PKCS12
ssl.truststore.location=/etc/kafka/secrets/truststore.jks
ssl.truststore.password=DUMMY_PASSWORD
ssl.truststore.type=JKS
bootstrap.servers=tip-wlan-kafka-headless:9093

2
tip-wlan/charts/kafka/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

1
tip-wlan/charts/kafka/resources/config/certs/key_creds Normal file
View File

@@ -0,0 +1 @@
DUMMY_PASSWORD

1
tip-wlan/charts/kafka/resources/config/certs/keystore_creds Normal file
View File

@@ -0,0 +1 @@
DUMMY_PASSWORD

1
tip-wlan/charts/kafka/resources/config/certs/truststore_creds Normal file
View File

@@ -0,0 +1 @@
DUMMY_PASSWORD

7
tip-wlan/charts/kafka/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-clientconfig
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/admin-client.properties").AsConfig . | indent 2 }}

8
tip-wlan/charts/kafka/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

2
tip-wlan/charts/kafka/templates/service-brokers.yaml
View File

@@ -8,7 +8,7 @@ metadata:
spec:
ports:
- name: broker
port: 9092
port: {{ .Values.headless.sslPort }}
targetPort: kafka
selector:
{{- include "kafka.broker.matchLabels" . | nindent 4 }}

11
tip-wlan/charts/kafka/templates/service-headless.yaml
View File

@@ -12,10 +12,15 @@ metadata:
{{- end }}
spec:
ports:
# - name: broker
# port: {{ .Values.headless.port }}
# {{- if .Values.headless.targetPort }}
# targetPort: {{ .Values.headless.targetPort }}
# {{- end }}
- name: broker
port: {{ .Values.headless.port }}
{{- if .Values.headless.targetPort }}
targetPort: {{ .Values.headless.targetPort }}
port: {{ .Values.headless.sslPort }}
{{- if .Values.headless.targetSslPort }}
targetPort: {{ .Values.headless.targetSslPort }}
{{- end }}
clusterIP: None
selector:

26
tip-wlan/charts/kafka/templates/statefulset.yaml
View File

@@ -91,7 +91,7 @@ spec:
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
ports:
- containerPort: 9092
- containerPort: {{ .Values.headless.sslPort }}
name: kafka
{{- if .Values.external.enabled }}
{{- $replicas := .Values.replicas | int }}
@@ -170,6 +170,24 @@ spec:
{{- end }}
exec /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
- mountPath: /etc/kafka/secrets/key_creds
name: kafka-certificates
subPath: key_creds
- mountPath: /etc/kafka/secrets/keystore_creds
name: kafka-certificates
subPath: keystore_creds
- mountPath: /etc/kafka/secrets/truststore_creds
name: kafka-certificates
subPath: truststore_creds
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- name: datadir
mountPath: {{ .Values.persistence.mountPath | quote }}
{{- range $secret := .Values.secrets }}
@@ -189,6 +207,12 @@ spec:
{{- end }}
{{- end }}
volumes:
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
{{- if not .Values.persistence.enabled }}
- name: datadir
emptyDir: {}

38
tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml
View File

@@ -14,17 +14,47 @@ spec:
- sh
- -c
- |
# List topics:
echo "##### Listing existing topics #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Create the topic
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists && \
echo "##### Create topic helm-test-topic-create-consume-produce #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists
echo "##### Produce the test message #####"
# Create a message
MESSAGE="`date -u`" && \
MESSAGE="`date -u`"
# Produce a test message to the topic
echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}:9092 --topic helm-test-topic-create-consume-produce && \
echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9093 --producer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce
echo "##### Consume the test message from the topic #####"
# Consume a test message from the topic
kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9092 --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9093 --consumer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
echo "##### Listing current topics including our new topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Delete the messages from topic
echo "##### Delete messages from our topic #####"
kafka-configs --zookeeper {{ include "zookeeper.url" . }} --alter --entity-type topics --entity-name helm-test-topic-create-consume-produce --add-config retention.ms=1000
# Mark topic for deletion
echo "##### Mark our topic for Deletion #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --delete --topic helm-test-topic-create-consume-produce
# List topics:
echo "##### Listing topics after deleting our newly created topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
volumeMounts:
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
restartPolicy: Never
volumes:
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
{{- end }}

20
tip-wlan/charts/kafka/values.yaml
View File

@@ -135,6 +135,7 @@ headless:
# annotations:
# targetPort:
port: 9092
sslPort: 9093
## External access.
##
@@ -182,6 +183,22 @@ configurationOverrides:
# "auto.create.topics.enable": true
# "controlled.shutdown.enable": true
# "controlled.shutdown.max.retries": 100
# "ssl.secret.dir": "/opt/tip-wlan/certs"
# "ssl.keystore.filename": "kafka-server.pkcs12"
# "ssl.key.credentials": "mypassword"
# "ssl.truststore.filename": "kafka_server_keystore.jks"
# "ssl.truststore.credentials": "mypassword"
advertised.listeners: SSL://tip-wlan-kafka-headless:9093
ssl.client.auth: required
ssl.endpoint.identification.algorithm: ""
security.inter.broker.protocol: SSL
ssl.key.credentials: "key_creds"
ssl.keystore.filename: "kafka-server.pkcs12"
ssl.keystore.credentials: "keystore_creds"
ssl.keystore.type: "PKCS12"
ssl.truststore.filename: "truststore.jks"
ssl.truststore.credentials: "truststore_creds"
ssl.truststore.type: "JKS"
## Options required for external access via NodePort
## ref:
@@ -269,6 +286,9 @@ topics:
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
# - name: myNewTopicWithConfig
# partitions: 8
# replicationFactor: 3

3
tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
View File

@@ -6,4 +6,5 @@ metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
data:
external-status-address: {{ .Values.controller.config.externalStatusAddress }}
external-status-address: {{ .Values.controller.config.externalStatusAddress }}
client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}

4
tip-wlan/charts/nginx-ingress-controller/templates/controller-deployment.yaml
View File

@@ -56,7 +56,7 @@ spec:
containerPort: 80
- name: https
containerPort: 443
{{ if .Values.controller.customPorts }}
{{ if and (.Values.controller.customPorts) (not .Values.byPassNginxForTcpConnections.enabled )}}
{{ toYaml .Values.controller.customPorts | indent 8 }}
{{ end }}
{{- if .Values.prometheus.create }}
@@ -127,5 +127,7 @@ spec:
- -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
- -enable-custom-resources={{ .Values.controller.enableCustomResources }}
- -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
{{- if not .Values.byPassNginxForTcpConnections.enabled }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "common.name" . }}-global-configuration
{{- end}}
{{- end }}

4
tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml
View File

@@ -1,3 +1,4 @@
{{- if not .Values.byPassNginxForTcpConnections.enabled -}}
apiVersion: k8s.nginx.org/v1alpha1
kind: GlobalConfiguration
metadata:
@@ -13,4 +14,5 @@ spec:
protocol: TCP
- name: opensync-mqtt-port-listener
port: 1883
protocol: TCP
protocol: TCP
{{- end -}}

2
tip-wlan/charts/nginx-ingress-controller/templates/controller-service.yaml
View File

@@ -27,7 +27,7 @@ spec:
{{- end }}
type: {{ .Values.controller.service.type }}
ports:
{{- if .Values.controller.service.customPorts }}
{{- if and (.Values.controller.service.customPorts) (not .Values.byPassNginxForTcpConnections.enabled )}}
{{ toYaml .Values.controller.service.customPorts | indent 2 }}
{{ end }}
{{- if .Values.controller.service.httpPort.enable }}

10
tip-wlan/charts/nginx-ingress-controller/values.yaml
View File

@@ -53,6 +53,9 @@ controller:
## External IP Address
externalStatusAddress: "192.168.56.101"
## Max message size coming from the Client
clientMaxBodySize: "20m"
## It is recommended to use your own TLS certificates and keys
defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
@@ -269,6 +272,13 @@ rbac:
## Configures RBAC.
create: true
## This property will prevent exposing TCP ports for passthrough connections
## Instead we are opening up these services as NodePorts
## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
## as passthrough for TCP Connections
byPassNginxForTcpConnections:
enabled: true
prometheus:
## Expose NGINX or NGINX Plus metrics in the Prometheus format.
create: false

78
tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<appender name="mqttDataFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/mqttData.log</file>
<append>true</append>
<encoder>
<pattern>%date %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/mqttData.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG" additivity="false">
<appender-ref ref="mqttDataFile"/>
</logger>
<root level="WARN">
<appender-ref ref="logfile"/>
</root>
</configuration>

7
tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

180
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -1,7 +1,10 @@
{{- $icc := include "integratedcloudcomponent.service" . -}}
{{- $prov := include "prov.service" . -}}
{{- $ssc := include "ssc.service" . -}}
{{- $mqtt := include "mqtt.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $file_store_path := include "filestore.dir.name" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -25,89 +28,45 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: wait-for-services
image: opsfleet/depends-on
args:
- "-service={{ .Release.Name }}-opensync-mqtt-broker"
- "-service={{ .Release.Name }}-wlan-prov-service"
- "-service={{ .Release.Name }}-wlan-ssc-service"
- -check_interval=5
{{- if .Values.global.integratedDeployment }}
- name: {{ include "common.name" . }}-readiness-int-cloud
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
- name: {{ include "common.name" . }}-readiness-int-cloud
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
apk add curl
url=https://{{ $icc }}/ping
counter=0
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $icc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- else }}
- name: {{ include "common.name" . }}-readiness-prov
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
apk add curl
url=https://{{ $prov }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
- name: {{ include "common.name" . }}-readiness-ssc
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
apk add curl
url=https://{{ $ssc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- end }}
containers:
- name: {{ .Chart.Name }}
@@ -132,7 +91,40 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
env:
{{- include "common.env" . | nindent 12 }}
- name: OVSDB_MANAGER
value: {{ .Values.externalhostaddress.ovsdb }}
- name: OVSDB_MANAGER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MQTT_SERVER_INTERNAL
value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
- name: MQTT_SERVER_EXTERNAL
value: {{ .Values.externalhostaddress.mqtt }}
{{- if .Values.global.integratedDeployment }}
- name: INTEGRATED_SERVER
value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
{{- else }}
- name: PROV_SERVER
value: {{ .Release.Name }}-{{ .Values.prov.url }}
- name: SSC_SERVER
value: {{ .Release.Name }}-{{ .Values.ssc.url }}
{{- end }}
- name: FILE_STORE_DIRECTORY_INTERNAL
value: {{ $file_store_path }}
- name: FILE_STORE_URL
value: {{ .Values.filestore.url }}
- name: DEFAULT_LAN_NAME
value: {{ .Values.ethernetType.lanName }}
- name: DEFAULT_LAN_TYPE
value: {{ .Values.ethernetType.lanType }}
- name: DEFAULT_WAN_TYPE
value: {{ .Values.ethernetType.wanType }}
- name: DEFAULT_WAN_NAME
value: {{ .Values.ethernetType.wanName }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
@@ -149,6 +141,11 @@ spec:
- mountPath: /opt/tip-wlan/certs/ssl.properties
name: certificates
subPath: ssl.properties
- mountPath: /app/opensync/logback.xml
name: logback-config
subPath: logback.xml
- mountPath: {{ $file_store_path }}
name: file-store-data
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -156,6 +153,17 @@ spec:
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
- name: {{ .Values.service.name4 }}
containerPort: {{ .Values.service.port4 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name5 }}
containerPort: {{ .Values.service.port5 }}
protocol: TCP
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -175,3 +183,13 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
- name: file-store-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "portal.sharedPvc.name" . }}
{{- else }}
emptyDir: {}
{{- end }}

24
tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: opensync-gw-cloud-depends-on-role
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: opensync-gw-cloud-depends-on-role-binding
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: opensync-gw-cloud-depends-on-role
apiGroup: rbac.authorization.k8s.io

19
tip-wlan/charts/opensync-gw-cloud/templates/service.yaml
View File

@@ -12,9 +12,28 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- port: {{ .Values.service.port4 }}
targetPort: {{ .Values.service.port4 }}
protocol: TCP
name: {{ .Values.service.name4 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port5 }}
targetPort: {{ .Values.service.port5 }}
protocol: TCP
name: {{ .Values.service.name5 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

65
tip-wlan/charts/opensync-gw-cloud/values.yaml
View File

@@ -56,12 +56,41 @@ probes:
# Enable/Disable Helm tests
testsEnabled: false
# Enable/Disable Remote debugging
debug:
enabled: false
service:
type: ClusterIP
type: NodePort
port1: 6640
nodePort1: 29
name1: controller
port2: 6643
name2: redirector
nodePort2: 30
port3: 9096
name3: server
nodePort3: 27
port4: 9097
name4: internal
nodePort4: 28
port5: 5005
name5: debug
nodePort5: 26
persistence:
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
# the filestore internal: location of the folder where UI files will be stored
# on the PV
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# can download the files from. Override this value (url) to the configured
# HTTP server in your system
filestore:
internal: "/tmp/filestore"
url: DUMMY_FILESTORE_HTTPS_URL
integratedcloudcomponent:
url: wlan-integrated-cloud-component-service
@@ -75,6 +104,29 @@ ssc:
url: wlan-ssc-service
port: 9032
mqtt:
url: opensync-mqtt-broker
portal:
url: wlan-portal-service
sharedPvc:
name: file-store-data
ordinal: 0
# These are list of external HostAddresses for ovsdb, mqtt.
# This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override
# them in dev override file for your respective environments.
externalhostaddress:
ovsdb: opensync-gw-cloud
mqtt: opensync-mqtt-broker
ethernetType:
lanName: "lan"
lanType: "bridge"
wanType: "bridge"
wanName: "wan"
ingress:
enabled: false
annotations: {}
@@ -105,3 +157,14 @@ nodeSelector: {}
tolerations: []
affinity: {}
env:
protocol: https
ssc_url: SSC_RELEASE_URL
prov_url: PROV_RELEASE_URL
ssc:
service: wlan-ssc-service
port: 9031
prov:
service: wlan-prov-service
port: 9091

75
tip-wlan/charts/opensync-gw-static/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG"/>
<!--
<logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
-->
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="logfile"/>
</root>
</configuration>

7
tip-wlan/charts/opensync-gw-static/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

6
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -60,6 +60,9 @@ spec:
- mountPath: /opt/tip-wlan/certs/ssl.properties
name: certificates
subPath: ssl.properties
- mountPath: /app/opensync/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -86,3 +89,6 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config

2
tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml
View File

@@ -12,9 +12,11 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

42
tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
View File

@@ -43,6 +43,21 @@ spec:
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-init-dir-ownership-change
image: alpine:3.6
# Change ownership to `mosquitto` user for a mounted volume
command:
- sh
- -c
- |
chown -R 1883:1883 /mosquitto/data
chown -R 1883:1883 /mosquitto/db
volumeMounts:
- name: data
mountPath: /mosquitto/data
- name: db
mountPath: /mosquitto/db
containers:
- name: {{ .Chart.Name }}
securityContext:
@@ -61,13 +76,35 @@ spec:
readinessProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
exec:
command:
- ash
- -c
- >
mosquitto_pub -h 127.0.0.1 -p {{ .Values.service.port1 }}
--cafile /certs/cacert.pem
--cert /certs/clientcert.pem
--key /certs/clientkey.pem
--insecure
-t "/ap/test"
-q 0
-m "CheckingMQTTAliveness"
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
{{- end }}
volumeMounts:
- mountPath: /certs/clientcert.pem
name: certificates
subPath: clientcert.pem
- mountPath: /certs/clientkey.pem
name: certificates
subPath: clientkey.pem
- mountPath: /certs/cacert.pem
name: opensync-mqtt-broker-truststore
subPath: cacert.pem
@@ -112,6 +149,9 @@ spec:
- name: opensync-mqtt-broker-conf
configMap:
name: mosquitto-config
- name: certificates
secret:
secretName: {{ .Release.Name }}-opensync-gw-cloud-certs
{{- if not .Values.persistence.enabled }}
- name: db
emptyDir: {}

4
tip-wlan/charts/opensync-mqtt-broker/values.yaml
View File

@@ -54,11 +54,13 @@ probes:
testsEnabled: false
service:
type: ClusterIP
type: NodePort
port1: 1883
name1: listener
nodePort1: 31
port2: 9001
name2: debug
nodePort2: 32
ingress:
enabled: false

10
tip-wlan/charts/postgresql/files/docker-entrypoint-initdb.d/creation-replication-user-role.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
# Creates user repl_user using ssl certs
if [[ $POSTGRES_REPLICATION_MODE == "master" ]]
then
psql 'host=localhost port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -tc \
"SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_REPLICATION_USER'" | grep -q 1 \
|| psql 'host=localhost port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -c \
"CREATE ROLE $POSTGRES_REPLICATION_USER WITH REPLICATION LOGIN ENCRYPTED PASSWORD '$POSTGRES_REPLICATION_PASSWORD';"
fi

3
tip-wlan/charts/postgresql/files/pg_hba.conf Normal file
View File

@@ -0,0 +1,3 @@
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=1
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1

2
tip-wlan/charts/postgresql/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

9
tip-wlan/charts/postgresql/templates/secret-certs.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

42
tip-wlan/charts/postgresql/templates/statefulset-slaves.yaml
View File

@@ -75,6 +75,25 @@ spec:
{{- end }}
{{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
initContainers:
- image: busybox:latest
imagePullPolicy: Always
name: setup-configs
command:
- sh
- -c
- |
echo "Setting Config Maps"
cd /tmp/certs
cp * /opt/tip-wlan/certs/
chmod 0600 /opt/tip-wlan/certs/postgresclientkey_dec.pem /opt/tip-wlan/certs/serverkey_dec.pem
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/tip-wlan/certs/*.*
echo "copied all the certs, updated the permissions and ownership. here are the contents of /opt/tip-wlan/certs folder"
ls -lrt /opt/tip-wlan/certs/
volumeMounts:
- mountPath: /tmp/certs/
name: postgresql-certs
- mountPath: /opt/tip-wlan/certs
name: postgresql-certs-transfer
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
@@ -187,6 +206,22 @@ spec:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
- name: PGSSLMODE
value: "verify-ca"
- name: PGSSLCERT
value: "/opt/tip-wlan/certs/postgresclientcert.pem"
- name: PGSSLKEY
value: "/opt/tip-wlan/certs/postgresclientkey_dec.pem"
- name: PGSSLROOTCERT
value: "/opt/tip-wlan/certs/cacert.pem"
- name: POSTGRESQL_ENABLE_TLS
value: "yes"
- name: POSTGRESQL_TLS_CERT_FILE
value: "/opt/tip-wlan/certs/servercert.pem"
- name: POSTGRESQL_TLS_KEY_FILE
value: "/opt/tip-wlan/certs/serverkey_dec.pem"
- name: POSTGRESQL_TLS_CA_FILE
value: "/opt/tip-wlan/certs/cacert.pem"
ports:
- name: tcp-postgresql
containerPort: {{ template "postgresql.port" . }}
@@ -243,6 +278,8 @@ spec:
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs
name: postgresql-certs-transfer
{{- if .Values.slave.extraVolumeMounts }}
{{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }}
{{- end }}
@@ -260,6 +297,11 @@ spec:
configMap:
name: {{ template "postgresql.configurationCM" . }}
{{- end }}
- name: postgresql-certs
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: postgresql-certs-transfer
emptyDir: {}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
configMap:

44
tip-wlan/charts/postgresql/templates/statefulset.yaml
View File

@@ -75,6 +75,25 @@ spec:
{{- end }}
{{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
initContainers:
- image: busybox:latest
imagePullPolicy: Always
name: setup-configs
command:
- sh
- -c
- |
echo "Setting Config Maps"
cd /tmp/certs
cp * /opt/tip-wlan/certs/
chmod 0600 /opt/tip-wlan/certs/postgresclientkey_dec.pem /opt/tip-wlan/certs/serverkey_dec.pem
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/tip-wlan/certs/*.*
echo "copied all the certs, updated the permissions and ownership. here are the contents of /opt/tip-wlan/certs folder"
ls -lrt /opt/tip-wlan/certs/
volumeMounts:
- mountPath: /tmp/certs/
name: postgresql-certs
- mountPath: /opt/tip-wlan/certs
name: postgresql-certs-transfer
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
@@ -209,7 +228,23 @@ spec:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
{{- if (include "postgresql.database" .) }}
- name: PGSSLMODE
value: "verify-ca"
- name: PGSSLCERT
value: "/opt/tip-wlan/certs/postgresclientcert.pem"
- name: PGSSLKEY
value: "/opt/tip-wlan/certs/postgresclientkey_dec.pem"
- name: PGSSLROOTCERT
value: "/opt/tip-wlan/certs/cacert.pem"
- name: POSTGRESQL_ENABLE_TLS
value: "yes"
- name: POSTGRESQL_TLS_CERT_FILE
value: "/opt/tip-wlan/certs/servercert.pem"
- name: POSTGRESQL_TLS_KEY_FILE
value: "/opt/tip-wlan/certs/serverkey_dec.pem"
- name: POSTGRESQL_TLS_CA_FILE
value: "/opt/tip-wlan/certs/cacert.pem"
{{- if (include "postgresql.database" .) }}
- name: POSTGRES_DB
value: {{ (include "postgresql.database" .) | quote }}
{{- end }}
@@ -320,6 +355,8 @@ spec:
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs
name: postgresql-certs-transfer
{{- if .Values.master.extraVolumeMounts }}
{{- toYaml .Values.master.extraVolumeMounts | nindent 12 }}
{{- end }}
@@ -396,6 +433,11 @@ spec:
configMap:
name: {{ template "postgresql.configurationCM" . }}
{{- end }}
- name: postgresql-certs
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: postgresql-certs-transfer
emptyDir: {}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
configMap:

10
tip-wlan/charts/postgresql/values.yaml
View File

@@ -15,7 +15,7 @@ global:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.7.0-debian-10-r99
tag: 11.8.0-debian-10-r58
# repository: postgres
# tag: 10.6
## Specify a imagePullPolicy
@@ -48,7 +48,7 @@ image:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
enabled: false
enabled: true
image:
registry: docker.io
repository: bitnami/minideb
@@ -258,13 +258,14 @@ ldap:
service:
## PosgresSQL service type
type: ClusterIP
# type: NodePort
# clusterIP: None
port: 5432
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## nodePort: 30010
## Provide any additional annotations which may be required. Evaluated as a template.
##
@@ -427,8 +428,9 @@ slave:
## Override the service configuration for slave
##
service: {}
# service:
# type:
# nodePort:
# nodePort: 30011
# clusterIP:
## Configure resource requests and limits

4
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -27,8 +27,8 @@ spec:
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: GRAPHQL_URL
value: {{ .Release.Name }}-{{ .Values.env.graphql }}
- name: API
value: {{ .Values.env.graphql }}
ports:
- name: {{ .Values.service.name }}
containerPort: {{ .Values.service.port }}

2
tip-wlan/charts/wlan-cloud-static-portal/values.yaml
View File

@@ -33,7 +33,7 @@ podSecurityContext: {}
testsEnabled: false
env:
graphql: wlan-cloud-graphql-gw:4000
graphql: tip-wlan-wlan-cloud-graphql-gw:4000
securityContext: {}
# capabilities:

75
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-DD HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
<!-- See http://logback.qos.ch/manual/layouts.html for details -->
<!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
<!-- %nopex - add at the end to not display any of the exception stack traces -->
<!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
</encoder>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/intcloudcompservice.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/intcloudcompservice.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogging.config=file:///home/ec2-user/opensync/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="logfile"/>
</root>
</configuration>

7
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

28
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -1,6 +1,7 @@
{{- if .Values.global.integratedDeployment }}
{{- $pg := include "postgresql.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -23,6 +24,7 @@ spec:
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.integratedWithPersistence.enabled }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
@@ -53,15 +55,19 @@ spec:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "34.214.79.168 tip.jfrog.io" >> /etc/hosts
echo "151.101.128.204 security.debian.org" >> /etc/hosts
echo "151.101.126.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
echo "151.101.128.204 security.debian.org" >> /etc/hosts
echo "151.101.126.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
exit
@@ -80,12 +86,16 @@ spec:
name: dshm
- mountPath: /bitnami/postgresql
name: data
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: BACKEND_SERVER
value: {{ .Release.Name }}-{{ .Chart.Name }}
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
@@ -118,6 +128,9 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/intcloudcomp/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -144,6 +157,9 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
- name: data
emptyDir: {}
- name: dshm

3
tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml
View File

@@ -78,6 +78,9 @@ service:
postgresql:
url: postgresql-headless
integratedWithPersistence:
enabled: false
ingress:
enabled: false
annotations: {}

75
tip-wlan/charts/wlan-portal-service/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
<!-- See http://logback.qos.ch/manual/layouts.html for details -->
<!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
<!-- %nopex - add at the end to not display any of the exception stack traces -->
<!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
</encoder>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/portalservice.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/portalservice.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogging.config=file:///home/ec2-user/opensync/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="logfile"/>
</root>
</configuration>

7
tip-wlan/charts/wlan-portal-service/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

9
tip-wlan/charts/wlan-portal-service/templates/service.yaml
View File

@@ -22,5 +22,14 @@ spec:
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

65
tip-wlan/charts/wlan-portal-service/templates/deployment.yaml → tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -1,20 +1,44 @@
{{- $file_store_path := include "filestore.dir.name" . -}}
apiVersion: apps/v1
kind: Deployment
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
serviceName: {{ include "common.fullname" . }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
## Custom pod labels
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
## Custom pod annotations
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
@@ -27,7 +51,9 @@ spec:
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
{{- include "common.env" . | nindent 12 }}
- name: FILE_STORE_DIRECTORY_INTERNAL
value: {{ $file_store_path }}
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
@@ -60,6 +86,11 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/portal/logback.xml
name: logback-config
subPath: logback.xml
- mountPath: {{ $file_store_path }}
name: file-store-data
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -67,6 +98,11 @@ spec:
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -86,3 +122,28 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
{{- if not .Values.persistence.enabled }}
- name: file-store-data
emptyDir: {}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: {{ .Values.persistence.sharedPvc.name }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.filestoreSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

41
tip-wlan/charts/wlan-portal-service/values.yaml
View File

@@ -58,6 +58,10 @@ securityContext: {}
# Enable/Disable Helm tests
testsEnabled: false
# Enable/Disable Remote debugging
debug:
enabled: false
service:
type: NodePort
port1: 9051
@@ -66,6 +70,9 @@ service:
port2: 9052
name2: secondary-port
nodePort2: 52
port3: 5006
name3: debug
nodePort3: 15
ingress:
enabled: false
@@ -94,6 +101,18 @@ resources: {}
# cpu: 100m
# memory: 128Mi
persistence:
enabled: false
# Storage class should be aws-efs if efs is used (see name of common/charts/efs-provisioner/templates/storage-class.yaml)
storageClass: "-"
accessMode: ReadWriteMany
annotations: {}
## Size of Filestore PVC
filestoreSize: 1Gi
sharedPvc:
name: file-store-data
nodeSelector: {}
tolerations: []
@@ -106,24 +125,16 @@ tsp:
env:
protocol: https
ssc_url: SSC_RELEASE_URL
prov_url: PROV_RELEASE_URL
ssc:
service: wlan-ssc-service
port: 9031
prov:
service: wlan-prov-service
port: 9091
url:
alarm: tip.wlan.alarmServiceBaseUrl
client: tip.wlan.clientServiceBaseUrl
cloudEventDispatcher: tip.wlan.cloudEventDispatcherBaseUrl
customer: tip.wlan.customerServiceBaseUrl
firmware: tip.wlan.firmwareServiceBaseUrl
location: tip.wlan.locationServiceBaseUrl
profile: tip.wlan.profileServiceBaseUrl
serviceMetrics: tip.wlan.serviceMetricServiceBaseUrl
equipment: tip.wlan.equipmentServiceBaseUrl
manufacturer: tip.wlan.manufacturerServiceBaseUrl
portalUser: tip.wlan.portalUserServiceBaseUrl
routing: tip.wlan.routingServiceBaseUrl
status: tip.wlan.statusServiceBaseUrl
systemEvent: tip.wlan.systemEventServiceBaseUrl
# the filestore internal: location of the folder where UI files will be stored
# on the PV
filestore:
internal: "/tmp/filestore"

75
tip-wlan/charts/wlan-prov-service/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
<!-- See http://logback.qos.ch/manual/layouts.html for details -->
<!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
<!-- %nopex - add at the end to not display any of the exception stack traces -->
<!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
</encoder>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/provservice.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/provservice.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogging.config=file:///home/ec2-user/opensync/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="logfile"/>
</root>
</configuration>

19
tip-wlan/charts/wlan-prov-service/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
datasource.properties: |-
singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
singleDataSource.driverClass=org.postgresql.Driver
singleDataSource.ssl=true
singleDataSource.sslmode=verify-ca
singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
singleDataSource.sslkeypassword=DUMMY_PASSWORD
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

97
tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
View File

@@ -1,5 +1,6 @@
{{- $pg := include "postgresql.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -23,10 +24,11 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
- name: wait-for-services
image: opsfleet/depends-on
args:
- "-service={{ $pg }}"
- -check_interval=5
- name: {{ include "common.name" . }}-create-db-schema
env:
- name: POSTGRESQL_PORT_NUMBER
@@ -36,6 +38,11 @@ spec:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: postgresql-password
- name: TIPUSER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: tipuser-password
- name: SCHEMA_REPO_USER
valueFrom:
secretKeyRef:
@@ -52,17 +59,46 @@ spec:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "34.214.79.168 tip.jfrog.io" >> /etc/hosts
echo "151.101.128.204 security.debian.org" >> /etc/hosts
echo "151.101.126.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
echo "151.101.128.204 security.debian.org" >> /etc/hosts
echo "151.101.126.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
### really ready when running Postgres in Master-Slave config... hence the below retry-logic
psql 'host={{ $pg }} port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-db-user.sql
status=$(echo $?)
echo psql response of the request = $status
counter=0
while [ $counter -lt 3 ] && [ $status -ne 0 ]
do
echo {{ $pg }} service isnt ready. Tried $counter times
sleep 2
counter=`expr $counter + 1`
psql 'host={{ $pg }} port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-db-user.sql
status=$(echo $?)
echo psql response of the request = $status
done
if [ $status -eq 0 ]
then
echo "Prov_db, role created, continuing with other schema"
else
echo {{ $pg }} service failed to respond after 3 retries
exit 1
fi
echo "***** Now executing cloud-sdk-schema-postgresql-tables.sql and creating/updating tables inside prov_db using user tip_user. This user would use md5 authentication with client certs *****"
PGPASSWORD=$TIPUSER_PASSWORD psql 'host={{ $pg }} port=5432 dbname=prov_db user=tip_user sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-tables.sql
echo "***** SCHEMA Created/Updated in Postgres *****"
exit
ports:
- containerPort: 5432
@@ -79,6 +115,15 @@ spec:
name: dshm
- mountPath: /bitnami/postgresql
name: data
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/postgresclientcert.pem
name: certificates
subPath: postgresclientcert.pem
- mountPath: /opt/tip-wlan/certs/postgresclientkey_dec.pem
name: certificates
subPath: postgresclientkey_dec.pem
containers:
- name: {{ .Chart.Name }}
securityContext:
@@ -86,7 +131,7 @@ spec:
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
{{- include "common.env" . | nindent 12 }}
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
@@ -119,6 +164,21 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/postgresclientcert.pem
name: certificates
subPath: postgresclientcert.pem
- mountPath: /opt/tip-wlan/certs/postgresclient.p12
name: certificates
subPath: postgresclient.p12
- mountPath: /app/prov/logback.xml
name: logback-config
subPath: logback.xml
- mountPath: /app/prov/datasource.properties
name: logback-config
subPath: datasource.properties
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -126,6 +186,11 @@ spec:
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -144,6 +209,10 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
defaultMode: 0400
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
- name: data
emptyDir: {}
- name: dshm

24
tip-wlan/charts/wlan-prov-service/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: wlan-prov-service-depends-on-role
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: wlan-prov-service-depends-on-role-binding
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: wlan-prov-service-depends-on-role
apiGroup: rbac.authorization.k8s.io

3
tip-wlan/charts/wlan-prov-service/templates/secret.yaml
View File

@@ -20,7 +20,8 @@ metadata:
type: Opaque
data:
{{- if .Values.creds.enabled }}
postgresql-password: {{ .Values.creds.postgres.password | b64enc | quote }}
postgresql-password: {{ .Values.creds.db.postgresUser.password | b64enc | quote }}
tipuser-password: {{ .Values.creds.db.tipUser.password | b64enc | quote }}
schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
{{- end }}

9
tip-wlan/charts/wlan-prov-service/templates/service.yaml
View File

@@ -22,5 +22,14 @@ spec:
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

33
tip-wlan/charts/wlan-prov-service/values.yaml
View File

@@ -60,18 +60,28 @@ testsEnabled: false
creds:
enabled: true
postgres:
password: DUMMY_POSTGRES_PASSWORD
db:
postgresUser:
password: DUMMY_POSTGRES_PASSWORD
tipUser:
password: DUMMY_TIPUSER_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
# Enable/Disable Remote debugging
debug:
enabled: false
service:
type: ClusterIP
port1: 9091
name1: portal
port2: 9092
name2: secondary-port
port3: 5007
name3: debug
ingress:
enabled: false
@@ -107,28 +117,15 @@ tolerations: []
affinity: {}
postgresql:
url: postgresql-headless
url: postgresql
env:
protocol: https
ssc_url: SSC_RELEASE_URL
prov_url: PROV_RELEASE_URL
ssc:
service: wlan-ssc-service
port: 9031
prov:
service: wlan-prov-service
port: 9091
url:
alarm: tip.wlan.alarmServiceBaseUrl
client: tip.wlan.clientServiceBaseUrl
cloudEventDispatcher: tip.wlan.cloudEventDispatcherBaseUrl
customer: tip.wlan.customerServiceBaseUrl
firmware: tip.wlan.firmwareServiceBaseUrl
location: tip.wlan.locationServiceBaseUrl
profile: tip.wlan.profileServiceBaseUrl
serviceMetrics: tip.wlan.serviceMetricServiceBaseUrl
equipment: tip.wlan.equipmentServiceBaseUrl
manufacturer: tip.wlan.manufacturerServiceBaseUrl
portalUser: tip.wlan.portalUserServiceBaseUrl
routing: tip.wlan.routingServiceBaseUrl
status: tip.wlan.statusServiceBaseUrl
systemEvent: tip.wlan.systemEventServiceBaseUrl

23
tip-wlan/charts/wlan-spc-service/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

21
tip-wlan/charts/wlan-spc-service/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: wlan-spc-service
description: WLAN Stream Processor Service Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 0.0.1

2
tip-wlan/charts/wlan-spc-service/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

79
tip-wlan/charts/wlan-spc-service/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
<!-- See http://logback.qos.ch/manual/layouts.html for details -->
<!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
<!-- %nopex - add at the end to not display any of the exception stack traces -->
<!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
</encoder>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/spcservice.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/spcservice.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogging.config=file:///home/ec2-user/opensync/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<logger name="com.telecominfraproject.wlan.streams.provisioning.EquipmentConfigPushTrigger" level="TRACE"/>
<logger name="com.telecominfraproject.wlan.streams.kafka.KafkaStreamsConfig" level="TRACE"/>
<logger name="com.telecominfraproject.wlan.stream.StreamMessageDispatcher" level="TRACE"/>
<root level="WARN">
<appender-ref ref="logfile"/>
</root>
</configuration>

21
tip-wlan/charts/wlan-spc-service/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

7
tip-wlan/charts/wlan-spc-service/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

138
tip-wlan/charts/wlan-spc-service/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,138 @@
{{- $kafka := include "kafka.service" . -}}
{{- $ns := include "common.namespace" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: tip.wlan.kafka.bootstrapServers
value: {{ .Release.Name }}-kafka-headless:9093
- name: tip.wlan.kafka.sslKeyPassword
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: sslKeyPassword
- name: tip.wlan.kafka.sslKeystoreLocation
value: /opt/tip-wlan/certs/kafka-server.pkcs12
- name: tip.wlan.kafka.sslKeystorePassword
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: sslKeystorePassword
- name: tip.wlan.kafka.sslKeystoreType
value: PKCS12
- name: tip.wlan.kafka.sslTruststoreLocation
value: /opt/tip-wlan/certs/truststore.jks
- name: tip.wlan.kafka.sslTruststorePassword
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: sslTruststorePassword
- name: tip.wlan.kafka.sslTruststoreType
value: JKS
- name: tip.wlan.kafka.securityProtocol
value: SSL
- name: tip.wlan.kafka.sslEndpointIdentificationAlgorithm
value: ''
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
subPath: client_keystore.jks
- mountPath: /opt/tip-wlan/certs/truststore.jks
name: certificates
subPath: truststore.jks
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /opt/tip-wlan/certs/kafka-server.pkcs12
name: certificates
subPath: kafka-server.pkcs12
- mountPath: /app/spc/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config

42
tip-wlan/charts/wlan-spc-service/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port1 -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

26
tip-wlan/charts/wlan-spc-service/templates/secret.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- if .Values.creds.enabled }}
sslKeyPassword: {{ .Values.creds.sslKeyPassword | b64enc | quote }}
sslKeystorePassword: {{ .Values.creds.sslKeystorePassword | b64enc | quote }}
sslTruststorePassword: {{ .Values.creds.sslTruststorePassword | b64enc | quote }}
{{- end }}

35
tip-wlan/charts/wlan-spc-service/templates/service.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port1 }}
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

13
tip-wlan/charts/wlan-spc-service/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More