removing helm temp objects and ignoring them

- Added a new sub-chart which includes a new deployment, service etc

.github/workflows/helm-validation.yml

@@ -15,26 +15,24 @@ jobs:
           ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
           submodules: true
       - name: Validators setup
-        working-directory: /tmp
         env:
           KUBESCORE_VERSON: 1.7.1
         run: |
           mkdir /tmp/k8s-validators
+          cd /tmp/k8s-validators
 
           curl -LO https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
           tar xf kubeval-linux-amd64.tar.gz
-          rm -f kubeval-linux-amd64.tar.gz
+          rm -f kubeval-linux-amd64.tar.gz LICENSE README.md
 
           curl -LO https://github.com/zegl/kube-score/releases/download/v${{ env.KUBESCORE_VERSON }}/kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz
           tar xf kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz
-          rm -f kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz
+          rm -f kube-score_${{ env.KUBESCORE_VERSON }}_linux_amd64.tar.gz LICENSE README.md
 
           curl -LO https://get.helm.sh/helm-v3.2.4-linux-amd64.tar.gz
           tar xf helm-v3.2.4-linux-amd64.tar.gz
           mv linux-amd64/helm .
           rm -fr helm-v3.2.4-linux-amd64.tar.gz linux-amd64
-
-          echo "::add-path::/tmp/k8s-validators/"
       - name: Cache validators
         uses: actions/cache@v1
         with:
@@ -44,15 +42,15 @@ jobs:
         working-directory: tip-wlan
         run: |
           echo "Kubeval test"
-          helm template -f values-test.yaml . | kubeval --ignore-missing-schemas
+          helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
 
           echo "Kube-score test"
-          helm template -f values-test.yaml . | kube-score score -
+          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
       - name: Test glusterfs
         working-directory: glusterfs/kube-templates
         run: |
           echo "Kubeval test"
-          kubeval *.yaml
+          /tmp/k8s-validators/kubeval *.yaml
 
           echo "Kube-score test"
-          kube-score score *.yaml
+          /tmp/k8s-validators/kube-score score *.yaml

.gitignore

@@ -0,0 +1,7 @@
+*.pem
+*.jks
+*.pkcs12
+*.p12
+*.DS_Store
+
+*.tgz

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2020, Telecom Infra Project
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

glusterfs/kube-templates/glusterfs-storage-class.yaml

@@ -4,7 +4,7 @@ metadata:
   name: glusterfs-storage
 provisioner: kubernetes.io/glusterfs
 allowVolumeExpansion: true
-reclaimPolicy: Retain
+reclaimPolicy: Delete
 parameters:
   resturl: "http://192.168.56.101:31080"
   restuser: "admin"

helmfile/common/Chart.yaml

@@ -0,0 +1,6 @@
+# Chart for deploying Common templates that are used by other charts
+
+apiVersion: v1
+description: Common templates for inclusion in other charts
+name: common
+version: 0.1.0

helmfile/common/templates/_env.tpl

@@ -0,0 +1,6 @@
+{{- define "common.env" -}}
+- name: {{ .Values.env.ssc_url }}
+  value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
+- name: {{ .Values.env.prov_url }}
+  value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
+{{- end -}}

helmfile/common/templates/_name.tpl

@@ -0,0 +1,74 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.resource.name" -}}
+{{- printf "tip-%s-common" $.Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "common.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "common.labels" -}}
+helm.sh/chart: {{ include "common.chart" . }}
+{{ include "common.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "common.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "common.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "common.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Expand service name.
+*/}}
+{{- define "common.serviceName" -}}
+{{- default (include "common.name" .) .Values.controller.service.name }}
+{{- end -}}

helmfile/common/templates/_ports.tpl

@@ -0,0 +1,24 @@
+{{/*
+    This template will be used to iterate through the debug-ports and generate
+    debug-ports mapping
+  */}}
+
+{{- define "container.dev.debugport" -}}
+  {{- range $index, $portid := .Values.debugPorts }}
+  - name: debugport-{{ $index }}
+    containerPort: {{ $portid }}
+    protocol: TCP
+  {{- end }}
+{{- end -}}
+
+{{- define "service.dev.debugport" -}}
+  {{- range $index, $portid := .Values.debugPorts }}
+  - port: {{ $portid }}
+    targetPort: {{ $portid }}
+    protocol: TCP
+    name: debugport-{{ $index }}
+    {{- if eq $.Values.service.type "NodePort" }}
+    nodePort: {{ $portid }}
+    {{- end }}   
+  {{- end }}
+{{- end -}}

helmfile/common/templates/_svc.tpl

@@ -0,0 +1,83 @@
+{{/*
+    Resolve the Postgres service-name to apply to a chart. 
+*/}}
+{{- define "postgresql.service" -}}
+  {{- printf "postgres-%s-%s" .Release.Namespace .Values.postgresql.url | trunc 63 -}}
+{{- end -}}
+
+{{/*
+Form the Zookeeper Service. If zookeeper is installed as part of this chart, use k8s service discovery,
+else use user-provided URL
+*/}}
+{{- define "zookeeper.service" }}
+{{- if .Values.zookeeper.enabled -}}
+{{- printf "%s" (include "kafka.zookeeper.fullname" .) }}
+{{- else -}}
+{{- $zookeeperService := printf "%s-%s" .Release.Name .Values.zookeeper.url }}
+{{- default $zookeeperService }}
+{{- end -}}
+{{- end -}}  
+
+{{/*
+  Resolve the Kafka service-name to apply to a chart. 
+*/}}
+{{- define "kafka.service" -}}
+{{- printf "kafka-%s-headless" .Release.Namespace | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the Cassandra service-name to apply to a chart. 
+*/}}
+{{- define "cassandra.service" -}}
+{{- printf "cassandra-%s-headless" .Release.Namespace | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the MQTT service-name to apply to a chart. 
+*/}}
+{{- define "mqtt.service" -}}
+{{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the integratedcloudcomponent service-name to apply to a chart. 
+*/}}
+{{- define "integratedcloudcomponent.service" -}}
+  {{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the provisioning service-name to apply to a chart. 
+*/}}
+{{- define "prov.service" -}}
+  {{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the ssc service-name to apply to a chart. 
+*/}}
+{{- define "ssc.service" -}}
+  {{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the Opensync-gw service-name to apply to a chart. 
+*/}}
+{{- define "opensyncgw.service" -}}
+  {{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
+{{- end -}}
+
+
+{{/*
+  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw 
+*/}}
+{{- define "portal.sharedPvc.name" -}}
+{{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
+{{- end -}}
+
+{{/*
+  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw 
+*/}}
+{{- define "filestore.dir.name" -}}
+  {{- printf "%s" .Values.filestore.internal | trunc 63 -}}
+{{- end -}}

helmfile/common/values.yaml

@@ -0,0 +1,4 @@
+#################################################################
+# Global configuration default values that can be inherited by
+# all subcharts.
+#################################################################

helmfile/credentials/Chart.yaml

@@ -0,0 +1,13 @@
+# Chart for deploying Common templates that are used by other charts
+
+apiVersion: v1
+description: creds secrets for reuse in other charts
+name: creds
+type: application
+appVersion: 0.0.1
+version: 0.1.0
+
+dependencies:
+- name: common
+  version: 0.1.0
+  repository: file://../common

helmfile/credentials/requirements.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 0.1.0
+digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
+generated: "2020-10-19T10:42:00.072252Z"

helmfile/credentials/resources/certs/cassandraservercert.csr

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIID/zCCAucCAQAwgZIxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
+HjAcBgNVBAMMFVRlc3RfU2VydmVyX0Nhc3NhbmRyYTEfMB0GCSqGSIb3DQEJARYQ
+dGVzdEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AL6y03nvC/xCn8i8McxmQw0zL4C0CiF49oDxBCkSr/8qXec4Mz0M5M+8mQ536d58
+sseE0DPh+P4ITg05F4FSPVcpJKXZ++5y4VB5Ydyrt8mGpKtaD+96BGy9DOB5Sv2t
+VKTZFUODe3R8yWpgpVwWi6zgkhdU09fwWVM7LeKn0YwN4qc6f/o8E71dGhOjGyMB
+J8krEDxPE4v18MW6fnI85MFR1KOjXakvbptC2EhafyMZ2l7MY9ddTlHyR8I4ty8v
+yGWc5iMXlV1M8/3h20DMNRNnsdfF9asIGENTPi9LKpIjVbZVkNxtUP7p2Mi7+jp9
+Rl+3cO4aqPO867mK7cpOsd0CAwEAAaCCASUwggEhBgkqhkiG9w0BCQ4xggESMIIB
+DjAdBgNVHQ4EFgQUXfA+Ct7sBUMZPYXQzPsgYPvWTlIwDAYDVR0TAQH/BAIwADAO
+BgNVHQ8BAf8EBAMCA6gwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MG0GA1UdEQRmMGSCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb22CEG1haWwu
+ZXhhbXBsZS5jb22CD2Z0cC5leGFtcGxlLmNvbYIJbG9jYWxob3N0hwR/AAABhxAA
+AAAAAAAAAAAAAAAAAAABMD4GCWCGSAGG+EIBDQQxFi9PcGVuU1NMIEdlbmVyYXRl
+ZCBTZXJ2ZXIgYW5kIENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOC
+AQEAJNgWEgB/Z60deJRjIoNkkCMKfOKrHnw9y6awVo8/+VstE+roCXtdWeEm8u3f
+/vbQ50ichn2lYRE2gTfH2PZLecjDOlpQ5/LRhN87BzzFNkAIzPA6ISv14XGk5fTO
+yVj++a/wnKSpRjFFunY+nsVrKUHmP8DYfoSJuelXfo7nY7diTlj0pdxhQ4l1786g
+iauYtpaLlqLqU4qhZDTSTa03kxPlXU0hMWvoKvV5kn64y1HBcJ1uTscVYjnd2wYj
+5ZM8ODyCbrN/RceUuU3mPVIS7Firj93DHPUX3heoUxDxXQQgVpxn9jRxeOWbBzYi
+VgvEplmzT/Gptyc6vQju+EHuaQ==
+-----END CERTIFICATE REQUEST-----

helmfile/credentials/resources/certs/clientcert.csr

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDaTCCAlECAQAwgYQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
+EDAOBgNVBAMMB09wZW5fQVAxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh1nv/bZEoNN8/z0yb
+Qi3dCCQ0Q0eHCoP05gy5KJMMO84K1HJ65M3Jk5/6WQFDScLdn4O/0xf52rxX1VFR
+GAXDm0+2bqRPt73cLtonufxgf8uA0YVGmorevj2X8cDLuSkyPvZqiHT8w9tSLolT
+y5D4AIIF4594xWCdT0wnt4skfxp4GS5YsImBM/ehbLmhssXXhPM9Q2jfEL/0UtbS
+O6rN3sjZB4ki9li3s5qx6Ki4kmQ/AF3v02lkCReOJB/mCc+Dh+l/+j/o5w+1VdFl
+N6COTZjivJ+0Cz8OCOM+zr8al1vTGDlYKpx+UstIGWJOs3XQPi/9vWPp06rfTQVD
+j3CZAgMBAAGggZ4wgZsGCSqGSIb3DQEJDjGBjTCBijAdBgNVHQ4EFgQU7K15oRUA
+LiNwGeJJaq7WtS4BncQwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwFgYD
+VR0lAQH/BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
+ZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAsqeH
+k9yGncyfdLsRHIGqtgaMssLoHBSNshcEOjDawDEKy94jN6XFicUJUgs7BOQgRZHT
+fx4RHUsKJRvmauu9FEiss712Fw8z1yXqNvj3sk7vxRdm3I78brdqTHHz8fPwpgah
+ony/oMJscjUMRsAXKEN/MV2zQ+uzkiQhiX47yTNprwn0xwlO+8mRD1f71Sz6OPXH
+47Z8Lv3IPcg9m+oY4e+e6JYC3/fQMsuplQhh+eVhfOi6FSg2SoPZP+o9Twx59But
+NkZNsE26+JbfxjChunaEGR1/Khusnc0O9+5niapGOwfp/67xWnymXfta/IWBJFv3
+Q05BhCLqy22kR9fIwg==
+-----END CERTIFICATE REQUEST-----

helmfile/credentials/resources/certs/kafkaservercert.csr

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIID9TCCAt0CAQAwgYgxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
+FDASBgNVBAMMC1Rlc3RfU2VydmVyMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
+bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0oM77mgApW3
+wdr9i+X24Swf/kYDYkB7wkilW/oi8tQVSLw261fEx/1e0+H34+vBaFtDj/lINTVi
+yQMjztigDIWNHkjU99M+/514RbZTCvlvBJOarD2cfs6vFp7T4tuo21ztEbG15x7D
+YaQKBYF0e6zzjN1bR0uWJz8+9hzrVcwtURY6r7qa+iYm5GvVLFxzVtBQxbaTNUI0
+GrIXOQHOr7omAVFeihAyrUQPK+LTE32uVKRX4agtTAdVHyshiQw/5N3tVGGufzoR
+onlsOjiKAKGfDmk6wCSQG17H0DFkEe8/H2Xr50BI/kjkKWUFiH4a22+4GbMBQP7v
+x4tVlkoEGwIDAQABoIIBJTCCASEGCSqGSIb3DQEJDjGCARIwggEOMB0GA1UdDgQW
+BBQ/nZ9a2IsHW7mOtoW/1Y1G3CCnKDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
+AwIDqDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbQYDVR0RBGYw
+ZIILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYIQbWFpbC5leGFtcGxlLmNv
+bYIPZnRwLmV4YW1wbGUuY29tgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAA
+AAAAAAEwPgYJYIZIAYb4QgENBDEWL09wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBh
+bmQgQ2xpZW50IENlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQCZbMT+zgkm
+mQnPFt2UT9sxvygaUMxmywso5E89BvgwFt7/kkoKR9zo7TnLUGJ7cCWIHXPYokd5
+na1Lomdfe5HTXO7BvNPAkhQAra25iFimAyopQjiLFEm5T79OOVkwWgzHUbhu18/e
+LJWVL2Lu+SIvFSzD0q+2x0+IkbXkAHRCs/f1jlRafQi6AH/gzgJDwpQTZKe3S6PN
+HST3czqbtpg17ZQuZ4XCxVAczDTZdC/eZ8xpglat7EZQs+6gSbX2FIFkju1CP7an
+JvbPItPfwuLSe1EpC2nKFwpd1tcdATHMzQcTdjNN0/tMu5/8M9/4QJdn+ALoWIvn
+if3dRjVJn4yr
+-----END CERTIFICATE REQUEST-----

helmfile/credentials/resources/certs/keystore_creds

@@ -0,0 +1 @@
+mypassword

helmfile/credentials/resources/certs/mqttservercert.csr

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDjzCCAncCAQAwgaoxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
+NjA0BgNVBAMMLW9wZW5zeW5jLW1xdHQtYnJva2VyLnpvbmUxLmxhYi53bGFuLnRp
+cC5idWlsZDEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALAIR+8VJAnyD/gnuCDrXcapc7peDBI0
+Tzp2dhU0X6THN3r3+TSruQGQKupbgxoF7STMXVMf1R94XWJR5J78tBvr+yI5c7P/
+iXKA3OyUh4rb3+S14fn9tEO9IXaPcdKuwhoTtVE2aTl9360B7KLpFCJTY3LP+IDn
+fOfcvnmOgE2xXz/8fRRld2BPHN2JHwAtI2lSlY1wOwjW/2AiRV/lXiHg0miXiHFd
+qKbMKinEfXWUjQlHUM5G75HQZUsBPD6PP/iEXlzt3yprlDQ0uw4x6qKpHLODBuPI
+n+emzPh8ZWJPWAZpm6y+Tk4P3rfTQ0GU8stJgajry/+JSo6movSTb30CAwEAAaCB
+njCBmwYJKoZIhvcNAQkOMYGNMIGKMB0GA1UdDgQWBBQPnNwcKpj6cfFpRCzezdaj
+e79PIzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDAWBgNVHSUBAf8EDDAK
+BggrBgEFBQcDATAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2Vy
+dmVyIENlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQAjVorFs2MvFXVzSL8x
+TNVQD0OtD5neHGLnTCktKqXh6DD4mUGWm33a2Ql7BjnwteERqz7Khu9EQEA9dj3n
+3du4xXOZk6oquxFqfNgKHXa9MRT1jto6oKQ9RFspMDfQSiUGZUW3mMF3FkHH0l67
+aGjLasbenOJwIl67gMGW/c/cHJRrI1v4fKp0TU+pgjMWzp6KUP8us+QkybodoEK5
+6e7FsEQE0HPojbOR8QcQvnwz1YWt0AZuK+DpQou8DyCzJR0x9IBDd2EpF/N4G70q
+wIFTBMRBTUQJxj1JJ0aS/lFVvvKcJU3P1dyFLRxmWT7wFQSaha6/d7tIbEEAtFn6
+esX3
+-----END CERTIFICATE REQUEST-----

helmfile/credentials/resources/certs/servercert.csr

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEGTCCAwECAQAwgYgxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
+FDASBgNVBAMMC1Rlc3RfU2VydmVyMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
+bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcpUeC79hZlV
+lEDaKFr5WqyJ29MY1aAidv0jHQMc4oqvIBjV/77qA0c5IzANHtmjQDF/hC2zIFdo
+cQwlNZKNfK8ak4/ixVoYdvr8VUENOz0M8AzpJjJkMYXPmHQapysUsXRptZXi1tyI
+KiPsPwxrd25irUm7cghios3VQLTqt0IeKa24Zm/7xL0KIeZfWc0bc51hJw2RE2TR
+7diAGVyqZYi5QqEc8Ju94jB2YWJE2Khy/6uX13ZhxDwvY9f2nMFcYicQELC1ZHNm
+dWyuTu7wGnpjsdqriLMEDnP6Ne/WUr4ISQrfn4UCwHkLCNxsrRKig5COJt7HHzNr
+ObEZkPdb6QIDAQABoIIBSTCCAUUGCSqGSIb3DQEJDjGCATYwggEyMB0GA1UdDgQW
+BBRrmzSs74NDLOHB4kOj4XWDXDLZkDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
+AwIDqDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATCBpQYDVR0RBIGdMIGagixvcGVu
+c3luYy1yZWRpcmVjdG9yLnpvbmUxLmxhYi53bGFuLnRpcC5idWlsZIIsb3BlbnN5
+bmMtY29udHJvbGxlci56b25lMS5sYWIud2xhbi50aXAuYnVpbGSCE3RpcC13bGFu
+LXBvc3RncmVzcWyCD2Z0cC5leGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
+AAAAATAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENl
+cnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQBSzzzuMSFZurx9RJnf9kesKTEY
+LtRWwxY7Zs0D4PvTpOgJMR48D5R69N1nY2miMyH8SAFLhRTik0fOC5hoNkojITDk
+XIRSqeA1+GxGfh+4sJRXfRZkdyWVYwaHexS8wBN6rVhAEnJb/FOmmh2p+wn8SRxp
+lDzb5Hyr5bi8LoIMe7nSTs3ihpWhNz8W/v/fFsUBgnokRHF2Yy1mQoSvz2p8iDeS
+lr+55h2ANdIAgtbjXB6eVa8UY4Uhh2YxkzazJyjnMI8EBtyc3KQCJGI8oO8jIGvY
+rFfq5gBiBOSBzQ3yHzHtPB4iyzILpBOwzzn4O7rsQJdYw/15MdxfvxF0kIbS
+-----END CERTIFICATE REQUEST-----

helmfile/credentials/resources/certs/truststore_creds

@@ -0,0 +1 @@
+mypassword

helmfile/credentials/resources/config/server.properties

@@ -0,0 +1,11 @@
+ssl.endpoint.identification.algorithm=
+security.protocol=SSL
+ssl.key.password=mypassword
+ssl.keystore.location=/bitnami/kafka/kafka-server.pkcs12
+ssl.keystore.password=mypassword
+ssl.keystore.type=PKCS12
+ssl.truststore.location=/bitnami/kafka/truststore.jks
+ssl.truststore.password=mypassword
+ssl.truststore.type=JKS
+bootstrap.servers=tip-wlan-kafka-headless:9093
+

helmfile/credentials/resources/scripts/creation-replication-user-role.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Creates user repl_user using ssl certs
+if [[ $POSTGRES_REPLICATION_MODE == "master" ]]
+then
+    psql 'host=localhost port=5432 user=postgres sslmode=verify-ca sslcert=/opt/bitnami/postgresql/certs/postgresclientcert.pem sslkey=/opt/bitnami/postgresql/certs/postgresclientkey_dec.pem sslrootcert=/opt/bitnami/postgresql/certs/cacert.pem' -tc \
+    "SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_REPLICATION_USER'" | grep -q 1 \
+    || psql 'host=localhost port=5432 user=postgres sslmode=verify-ca sslcert=/opt/bitnami/postgresql/certs/postgresclientcert.pem sslkey=/opt/bitnami/postgresql/certs/postgresclientkey_dec.pem sslrootcert=/opt/bitnami/postgresql/certs/cacert.pem' -c \
+    "CREATE ROLE $POSTGRES_REPLICATION_USER WITH REPLICATION LOGIN ENCRYPTED PASSWORD '$POSTGRES_REPLICATION_PASSWORD';"
+fi

helmfile/credentials/templates/configs.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-kafka-config
+  namespace: {{ .Release.Namespace }}
+data:
+{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-postgres-scripts
+  namespace: {{ .Release.Namespace }}
+data:
+{{ tpl (.Files.Glob "resources/scripts/creation-replication-user-role.sh").AsConfig . | indent 2 }}

helmfile/credentials/templates/docker-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Namespace }}-docker-registry-key
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  .dockerconfigjson: {{ .Values.dockerRegistrySecret }}
+type: kubernetes.io/dockerconfigjson

helmfile/credentials/templates/secrets.yaml

@@ -0,0 +1,109 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-cassandra-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
+  truststore-password: {{ .Files.Get "resources/certs/truststore_creds" | b64enc }}
+  keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
+  keystore-password: {{ .Files.Get "resources/certs/keystore_creds" | b64enc }}
+  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
+  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-cassandra-client-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
+  cassandra_server_keystore.jks: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
+  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
+  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
+  kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
+  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
+  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-kafka-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
+  truststore-password: {{ .Files.Get "resources/certs/truststore_creds" | b64enc }}
+  keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
+  keystore-password: {{ .Files.Get "resources/certs/keystore_creds" | b64enc }}
+  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
+  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
+  kafka-0.keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
+  kafka.truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-kafka-client-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
+  kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
+  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
+  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-postgres-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
+  cert.crt: {{ .Files.Get "resources/certs/servercert.pem" | b64enc }}
+  cert.key: {{ .Files.Get "resources/certs/serverkey_dec.pem" | b64enc }}
+  postgresclientcert.pem: {{ .Files.Get "resources/certs/postgresclientcert.pem" | b64enc }}
+  postgresclientkey_dec.pem: {{ .Files.Get "resources/certs/postgresclientkey_dec.pem" | b64enc }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-postgres-client-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
+  client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }} 
+  postgresclient.p12:  {{ .Files.Get "resources/certs/postgresclient.p12" | b64enc }}
+  postgresclientcert.pem: {{ .Files.Get "resources/certs/postgresclientcert.pem" | b64enc }}
+  postgresclientkey_dec.pem: {{ .Files.Get "resources/certs/postgresclientkey_dec.pem" | b64enc }}
+  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
+  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tip-{{ .Release.Namespace }}-common-credentials
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  cassandra_tip_user: {{ .Values.cassandra.tip_user | b64enc }}
+  cassandra_tip_password: {{ .Values.cassandra.tip_password | b64enc }}
+  postgresql-password: {{ .Values.db.postgresUser.password | b64enc }}
+  tipuser-password: {{ .Values.db.tipUser.password | b64enc }}
+  schema-repo-user: {{ .Values.schema_repo.username | b64enc }}
+  schema-repo-password: {{ .Values.schema_repo.password | b64enc }}
+  sslKeyPassword: {{ .Values.ssl.keyPassword | b64enc }}
+  sslKeystorePassword: {{ .Values.ssl.keystorePassword | b64enc }}
+  sslTruststorePassword: {{ .Values.ssl.truststorePassword | b64enc }}
+  websocketSessionTokenEncKey: {{ .Values.websocketSessionTokenEncKey | b64enc }}

helmfile/credentials/values.yaml

@@ -0,0 +1,20 @@
+#################################################################
+# Credentials and secrets for reuse in other charts
+#################################################################
+
+creds:
+  ssl:
+    keyPassword: mypassword
+    keystorePassword: mypassword
+    truststorePassword: mypassword
+  db:
+    postgresUser:
+      password: DUMMY_POSTGRES_PASSWORD
+    tipUser:
+      password: tip_password
+  schema_repo:
+    username: tip-read
+    password: tip-read
+  cassandra:
+    tip_user: tip_user
+    tip_password: tip_password

helmfile/helmfile-01-namespace.yaml

@@ -0,0 +1,18 @@
+bases:
+- helmfile-environment.yaml
+- helmfile-defaults.yaml
+---
+bases:
+- helmfile-repositories.yaml.gotmpl
+---
+
+releases:
+- name: namespace-{{ .Environment.Values.global.namespace }}
+  chart: incubator/raw
+  namespace: default
+  values:
+  - resources:
+    - apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: {{ .Environment.Values.global.namespace }}

helmfile/helmfile-02-stateful.yaml

@@ -0,0 +1,226 @@
+bases:
+- helmfile-environment.yaml
+- helmfile-defaults.yaml
+---
+
+releases:
+- name: postgres-{{ .Environment.Values.global.namespace }}
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: bitnami/postgresql
+  version: 9.8.4
+  condition: postgres.enabled
+  labels:
+    role: prerequisites
+    app: postgres
+  values:
+  - postgresqlDatabase: tip
+    image:
+      tag: 11.8.0-debian-10-r58
+      debug: true
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+        namespace: {{ .Environment.Values.global.monitoring.namespace }}
+        additionalLabels:
+          release: prometheus-operator
+    postgresqlUsername: {{ .Environment.Values.postgres.user }}
+    postgresqlPassword: {{ .Environment.Values.postgres.password }}
+    pgHbaConfiguration: |
+      hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
+      hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
+      hostssl postgres postgres ::/0 cert clientcert=1
+      hostssl all all 0.0.0.0/0 md5 clientcert=1
+    replication:
+      enabled: true
+      user: {{ .Environment.Values.postgres.replication.user }}
+      password: {{ .Environment.Values.postgres.replication.password }}
+      slaveReplicas: 1
+    persistence:
+      enabled: true
+      storageClass: {{ .Environment.Values.storageClass }}
+    volumePermissions:
+      enabled: true
+    livenessProbe:
+      enabled: false
+    readinessProbe:
+      enabled: false
+    tls:
+      enabled: true
+      certificatesSecret: tip-{{ .Environment.Values.global.namespace }}-common-postgres-certs
+      certFilename: cert.crt
+      certKeyFilename: cert.key
+      certCAFilename: cacert.pem
+    initdbScriptsConfigMap: tip-{{ .Environment.Values.global.namespace }}-common-postgres-scripts
+    extraEnv:
+    - name: PGSSLCERT
+      value: /opt/tip-wlan/certs/postgresclientcert.pem
+    - name: PGSSLKEY
+      value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
+    - name: PGSSLROOTCERT
+      value: "/opt/tip-wlan/certs/cacert.pem"
+    slave:
+      extraVolumes:
+  jsonPatches:
+  - target:
+      version: v1
+      group: apps
+      kind: StatefulSet
+      name: postgres-{{ .Environment.Values.global.namespace }}-postgresql-master
+    patch:
+    - op: replace
+      path: /spec/template/spec/initContainers/0/command
+      value:
+      - /bin/sh
+      - -cx
+      - |
+        chown 1001:1001 /bitnami/postgresql
+        mkdir -p /bitnami/postgresql/data /bitnami/postgresql/conf
+        chmod 700 /bitnami/postgresql/data /bitnami/postgresql/conf
+        find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R 1001:1001
+        chmod -R 777 /dev/shm
+        cp /tmp/certs/* /opt/bitnami/postgresql/certs/
+        chown -R 1001:1001 /opt/bitnami/postgresql/certs/
+        chmod 600 /opt/bitnami/postgresql/certs/cert.key
+        chmod 600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem
+
+- name: zookeeper-{{ .Environment.Values.global.namespace }}
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: incubator/zookeeper
+  version: 2.1.4
+  condition: zookeeper.enabled
+  labels:
+    role: prerequisites
+    app: zookeeper
+  values:
+  - persistence:
+      enabled: true
+      storageClass: {{ .Environment.Values.storageClass }}
+    replicaCount: 1
+
+- name: kafka-{{ .Environment.Values.global.namespace }}
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: bitnami/kafka
+  version: 11.8.7
+  condition: kafka.enabled
+  labels:
+    role: prerequisites
+    app: kafka
+  values:
+  - replicaCount: 1
+    image:
+      debug: true
+    auth:
+      clientProtocol: mtls
+      interBrokerProtocol: plaintext
+      jksSecret: tip-{{ .Environment.Values.global.namespace }}-common-kafka-certs
+      jksPassword: {{ .Environment.Values.credentials.keyPassword }}
+      tlsEndpointIdentificationAlgorithm: https
+      jaas:
+        clientUsers:
+        - brokerUser
+        clientPassword:
+        - brokerPassword
+    # existingConfigmap: tip-{{ .Environment.Values.global.namespace }}-common-kafka-config
+    # allowPlaintextListener: true
+    persistence:
+      enabled: true
+      storageClass: {{ .Environment.Values.storageClass }}
+    metrics:
+      serviceMonitor:
+        enabled: false
+        namespace: {{ .Environment.Values.global.monitoring.namespace }}
+        selector:
+          release: prometheus-operator
+    zookeeper:
+      enabled: false
+    externalZookeeper:
+      servers:
+      - zookeeper-{{ .Environment.Values.global.namespace }}
+
+- name: cassandra-{{ .Environment.Values.global.namespace }}
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: bitnami/cassandra
+  version: 6.0.1
+  condition: cassandra.enabled
+  labels:
+    role: prerequisites
+    app: cassandra
+  values:
+  - tlsEncryptionSecretName: tip-{{ .Environment.Values.global.namespace }}-common-cassandra-certs
+  - image:
+      debug: true
+  - persistence:
+      enabled: true
+      storageClass: {{ .Environment.Values.storageClass }}
+  - replicaCount: 3
+  - cluster:
+      name: TipWlanCluster
+      seedCount: 1
+      internodeEncryption: all
+      clientEncryption: true
+  - exporter:
+      enabled: false
+      serviceMonitor:
+        enabled: true
+        additionalLabels:
+          release: prometheus-operator
+  - dbUser:
+      user: {{ .Environment.Values.cassandra.user }}
+      password: {{ .Environment.Values.cassandra.password }}
+  - resources:
+      limits: {}
+      requests:
+        cpu: 1
+        memory: 3Gi
+
+- name: tip-{{ .Environment.Values.global.namespace }}-credentials
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: credentials
+  labels:
+    role: prerequisites
+    app: credentials
+  values:
+  - ssl:
+      keyPassword: {{ .Environment.Values.credentials.keyPassword }}
+      keystorePassword: {{ .Environment.Values.credentials.keystorePassword }}
+      truststorePassword: {{ .Environment.Values.credentials.truststorePassword }}
+    db:
+      postgresUser:
+        password: {{ .Environment.Values.postgres.password }}
+      tipUser:
+        password: {{ .Environment.Values.postgres.password }}
+    schema_repo:
+      username: {{ .Environment.Values.credentials.jFrog.user }}
+      password: {{ .Environment.Values.credentials.jFrog.password }}
+    cassandra:
+      tip_user: {{ .Environment.Values.cassandra.user }}
+      tip_password: {{ .Environment.Values.cassandra.password }}
+    websocketSessionTokenEncKey: {{ .Environment.Values.credentials.websocketSessionTokenEncKey }}
+    dockerRegistrySecret: {{ .Environment.Values.credentials.dockerSecret }}
+
+- name: tip-{{ .Environment.Values.global.namespace }}-efs-provisioner
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: stable/efs-provisioner
+  version: 0.13.0
+  condition: efs-provisioner.enabled
+  labels:
+    role: prerequisites
+    app: efs-provisioner
+  values:
+  - serviceAccount:
+      create: true
+      name: efs-provisioner
+  - provisioner:
+      nameExtension: efs-provisioner
+      replicaCount: 1
+      strategyType: Recreate
+      image:
+        name: quay.io/external_storage/efs-provisioner
+        tag: latest
+      efsFileSystemId: fs-8a3fa867
+      awsRegion: ca-central-1
+      dnsName: ""
+      provisionerName: shared-provisioner
+      efsDnsName: fs-8a3fa867.efs.ca-central-1.amazonaws.com
+      storageClass: aws-efs

helmfile/helmfile-03-cloudsdk.yaml

@@ -0,0 +1,196 @@
+bases:
+- helmfile-environment.yaml
+- helmfile-defaults.yaml
+---
+
+releases:
+- name: tip-{{ .Environment.Values.global.namespace }}-opensync-gw-cloud
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: opensync-gw-cloud
+  condition: opensync-gw-cloud.enabled
+  labels:
+    role: payload
+    app: opensync-gw-cloud
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always
+  - externalhostaddress:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
+    persistence:
+      enabled: true
+    filestore:
+      url: "https://tip-wlan-opensync-gw-cloud:9096"
+
+- name: tip-{{ .Environment.Values.global.namespace }}-opensync-gw-static
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: opensync-gw-static
+  condition: opensync-gw-static.enabled
+  labels:
+    role: payload
+    app: opensync-gw-static
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always
+
+- name: tip-{{ .Environment.Values.global.namespace }}-opensync-mqtt-broker
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: opensync-mqtt-broker
+  condition: opensync-mqtt-broker.enabled
+  labels:
+    role: payload
+    app: opensync-mqtt-broker
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always
+  - replicaCount: 1
+    persistence:
+      enabled: true
+      storageClass: {{ .Environment.Values.storageClass }}
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-cloud-graphql-gw
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-cloud-graphql-gw
+  condition: wlan-cloud-graphql-gw.enabled
+  labels:
+    role: payload
+    app: wlan-cloud-graphql-gw
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always
+  - env:
+      portalsvc: graphql.{{ .Environment.Values.global.domain }}
+    ingress:
+      hosts:
+      - host: graphql.{{ .Environment.Values.global.domain }}
+        paths:
+        - "/"
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-cloud-static-portal
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-cloud-static-portal
+  condition: wlan-cloud-static-portal.enabled
+  labels:
+    role: payload
+    app: wlan-cloud-static-portal
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 
+  - ingress:
+      hosts:
+      - host: portal.{{ .Environment.Values.global.domain }}
+        paths:
+        - "/"
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-integrated-cloud-component-service
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-integrated-cloud-component-service
+  condition: wlan-integrated-cloud-component-service.enabled
+  labels:
+    role: payload
+    app: wlan-integrated-cloud-component-service
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-port-forwarding-gateway-service
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-port-forwarding-gateway-service
+  condition: wlan-port-forwarding-gateway-service.enabled
+  labels:
+    role: payload
+    app: port-forwarding-gateway-service
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-portal-service
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-portal-service
+  condition: wlan-portal-service.enabled
+  labels:
+    role: payload
+    app: wlan-portal-service
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 
+  - persistence:
+      enabled: true
+      storageClass: {{ .Environment.Values.storageClass }}
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-prov-service
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-prov-service
+  condition: wlan-prov-service.enabled
+  labels:
+    role: payload
+    app: wlan-prov-service
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-spc-service
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-spc-service
+  condition: wlan-spc-service.enabled
+  labels:
+    role: payload
+    app: wlan-spc-service
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 
+
+- name: tip-{{ .Environment.Values.global.namespace }}-wlan-ssc-service
+  namespace: {{ .Environment.Values.global.namespace }}
+  chart: wlan-ssc-service
+  condition: wlan-ssc-service.enabled
+  labels:
+    role: payload
+    app: wlan-ssc-service
+  values:
+  - global:
+      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
+      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
+      repository: {{ .Environment.Values.global.repository }}
+      isCloudDeployment: true
+      pullPolicy: Always 

helmfile/helmfile-defaults.yaml

@@ -0,0 +1,5 @@
+helmDefaults:
+  createNamespace: false
+  force: false
+  verify: false
+  wait: false

helmfile/helmfile-environment.yaml

@@ -0,0 +1,65 @@
+environments:
+  default:
+    values:
+    - global:
+        namespace: testota
+        domain: lab.wlan.tip.build
+        repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
+        monitoring:
+          namespace: monitoring
+        nodePortPrefix: 311
+        nodePortPrefixExt: 313
+    
+    - credentials:
+        jFrog:
+          user: tip-read
+          password: tip-read
+        websocketSessionTokenEncKey: MyToKeN0MyToKeN1
+        keyPassword: mypassword
+        keystorePassword: mypassword
+        truststorePassword: mypassword
+        dockerSecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
+    
+    # Stateful components start here
+    - storageClass: gp2
+    - postgres:
+        enabled: true
+        user: tip_user
+        password: DUMMY_POSTGRES_PASSWORD
+        replication:
+          user: repl_user
+          password: repl_password
+    - zookeeper:
+        enabled: true
+    - kafka:
+        enabled: true
+    - cassandra:
+        enabled: true
+        user: cassandra
+        password: cassandra
+    - efs-provisioner:
+        enabled: false
+
+    # Wlan components start here
+    - opensync-gw-cloud:
+        enabled: true
+    - opensync-gw-static:
+        enabled: true
+    - opensync-mqtt-broker:
+        enabled: true
+    - wlan-cloud-graphql-gw:
+        enabled: true
+    - wlan-cloud-static-portal:
+        enabled: true
+    - wlan-integrated-cloud-component-service:
+        enabled: true
+    - wlan-port-forwarding-gateway-service:
+        enabled: true
+    - wlan-portal-service:
+        enabled: true
+    - wlan-prov-service:
+        enabled: true
+    - wlan-spc-service:
+        enabled: true
+    - wlan-ssc-service:
+        enabled: true

helmfile/helmfile-repositories.yaml.gotmpl

@@ -0,0 +1,7 @@
+repositories:
+- name: stable
+  url: https://kubernetes-charts.storage.googleapis.com
+- name: incubator
+  url: https://kubernetes-charts-incubator.storage.googleapis.com
+- name: bitnami
+  url: https://charts.bitnami.com/bitnami

helmfile/helmfile.yaml

@@ -0,0 +1,3 @@
+
+helmfiles:
+- helmfile-0*

helmfile/opensync-gw-cloud/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helmfile/opensync-gw-cloud/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 0.1.0
+digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
+generated: "2020-10-19T11:29:27.1946594Z"

helmfile/opensync-gw-cloud/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: opensync-gw-cloud
+description: WLAN Opensync Gateway Cloud Helm chart for Kubernetes
+
+type: application
+version: 0.1.0
+appVersion: 1.16.0
+
+dependencies:
+- name: common
+  version: 0.1.0
+  repository: file://../common

helmfile/opensync-gw-cloud/resources/config/certs/README.md

@@ -0,0 +1,2 @@
+Contains certs needed for this service to start.
+Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

helmfile/opensync-gw-cloud/resources/config/certs/httpClientConfig.json

@@ -0,0 +1,18 @@
+{
+"maxConnectionsTotal":100,
+"maxConnectionsPerRoute":10,
+"truststoreType":"JKS",
+"truststoreProvider":"SUN",
+"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
+"truststorePass":"mypassword",
+"keystoreType":"JKS",
+"keystoreProvider":"SUN",
+"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
+"keystorePass":"mypassword",
+"keyAlias":"clientkeyalias",
+"credentialsList":[
+    {"host":"localhost","port":-1,"user":"user","password":"password"}
+    ]
+
+}
+

helmfile/opensync-gw-cloud/resources/config/certs/ssl.properties

@@ -0,0 +1,13 @@
+truststorePass=mypassword
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass=mypassword
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+

helmfile/opensync-gw-cloud/resources/config/logback.xml

@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- For assistance related to logback-translator or configuration  -->
+<!-- files in general, please contact the logback user mailing list -->
+<!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
+<!--                                                                -->
+<!-- For professional support please see                            -->
+<!--    http://www.qos.ch/shop/products/professionalSupport         -->
+<!--                                                                -->
+<configuration>
+  <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="mqttDataFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>/app/logs/mqttData.log</file>
+    <append>true</append>
+    <encoder>
+      <pattern>%date %msg%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>/app/logs/mqttData.%i.log.gz</fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>3</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>20MB</maxFileSize>
+    </triggeringPolicy>
+  </appender>
+  
+  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>/app/logs/opensyncgw.log</file>
+    <append>true</append>
+    <encoder>
+      <pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>3</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>20MB</maxFileSize>
+    </triggeringPolicy>
+  </appender>
+      
+  <!--
+  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
+   
+  runtime configuration, if need to override the defaults: 
+  	-Dlogback.configurationFile=/path/to/logback.xml
+  
+  for log configuration debugging - use 
+  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
+  
+  log levels:
+	OFF ERROR WARN INFO DEBUG TRACE  
+   -->
+  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
+  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
+  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
+  
+  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
+  <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
+  <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
+  <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
+
+  <logger name="MQTT_DATA" level="DEBUG" additivity="false">
+    <appender-ref ref="mqttDataFile"/>
+  </logger>
+
+  <root level="WARN">
+    <appender-ref ref="logfile"/>
+  </root>
+
+</configuration>

helmfile/opensync-gw-cloud/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

helmfile/opensync-gw-cloud/templates/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log-config
+  namespace: {{ .Release.Namespace }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

helmfile/opensync-gw-cloud/templates/deployment.yaml

@@ -0,0 +1,287 @@
+{{- $icc := include "integratedcloudcomponent.service" . -}}
+{{- $prov := include "prov.service" . -}}
+{{- $ssc := include "ssc.service" . -}}
+{{- $mqtt := include "mqtt.service" . -}}
+{{- $file_store_path := include "filestore.dir.name" . -}}
+{{- $cloudeployment := .Values.global.isCloudDeployment -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "common.selectorLabels" . | nindent 8 }}
+    spec:
+      imagePullSecrets:
+        - name: "{{ .Release.Namespace }}-docker-registry-key"
+      serviceAccountName: {{ include "common.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: {{ include "common.name" . }}-mqtt-readiness
+          image: eclipse-mosquitto:latest
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
+            status=$(echo $?)
+            echo mosquitto_pub response of the request = $status
+            counter=0
+            while [ $counter -lt 10 ] && [ $status -ne 0 ]
+            do
+              echo {{ $mqtt }} service isnt ready. Tried $counter times
+              sleep 2
+              counter=`expr $counter + 1`
+              mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
+              status=$(echo $?)
+              echo mosquitto_pub response of the request = $status
+            done
+            if [ $status -eq 0 ]
+            then
+              echo {{ $mqtt }} service is ready!
+            else
+              echo {{ $mqtt }} service failed to respond after 20 secs
+              exit 1
+            fi
+          volumeMounts:
+          - mountPath: /certs/cacert.pem
+            name: certificates
+            subPath: cacert.pem
+          - mountPath: /certs/clientcert.pem
+            name: certificates
+            subPath: clientcert.pem
+          - mountPath: /certs/clientkey.pem
+            name: certificates
+            subPath: clientkey.pem
+      {{- if .Values.global.integratedDeployment }}
+        - name: {{ include "common.name" . }}-readiness-int-cloud
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            if [ {{ $cloudeployment }} = false ]
+            then            
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
+            apk add curl
+            url=https://{{ $icc }}/ping
+            counter=0
+            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi 
+      {{- else }}
+        - name: {{ include "common.name" . }}-readiness-prov
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            if [ {{ $cloudeployment }} = false ]
+            then          
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
+            apk add curl
+            url=https://{{ $prov }}/ping
+            counter=0
+            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi
+        - name: {{ include "common.name" . }}-readiness-ssc
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            if [ {{ $cloudeployment }} = false ]
+            then          
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
+            apk add curl
+            url=https://{{ $ssc }}/ping
+            counter=0
+            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi        
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          {{- if .Values.probes.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
+            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
+            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          {{- end }}
+          env:
+            {{- include "common.env" . | nindent 12 }}
+            - name: OVSDB_MANAGER
+              value: {{ .Values.externalhostaddress.ovsdb }}
+            - name: OVSDB_MANAGER_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: MQTT_SERVER_INTERNAL
+              value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
+            - name: MQTT_SERVER_EXTERNAL
+              value: {{ .Values.externalhostaddress.mqtt }}
+            {{- if .Values.global.integratedDeployment }}
+            - name: INTEGRATED_SERVER
+              value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
+            {{- else }}
+            - name: PROV_SERVER
+              value: {{ .Release.Name }}-{{ .Values.prov.url }}
+            - name: SSC_SERVER
+              value: {{ .Release.Name }}-{{ .Values.ssc.url }}
+            {{- end }}
+            - name: FILE_STORE_DIRECTORY_INTERNAL
+              value: {{ $file_store_path }}
+            - name: FILE_STORE_URL
+              value: {{ .Values.filestore.url }}
+            - name: DEFAULT_LAN_NAME
+              value: {{ .Values.ethernetType.lanName }}
+            - name: DEFAULT_LAN_TYPE
+              value: {{ .Values.ethernetType.lanType }}
+            - name: DEFAULT_WAN_TYPE
+              value: {{ .Values.ethernetType.wanType }}
+            - name: DEFAULT_WAN_NAME
+              value: {{ .Values.ethernetType.wanName }}
+          volumeMounts:
+          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
+            name: certificates
+            subPath: client_keystore.jks
+          - mountPath: /opt/tip-wlan/certs/truststore.jks
+            name: certificates
+            subPath: truststore.jks
+          - mountPath: /opt/tip-wlan/certs/server.pkcs12
+            name: certificates
+            subPath: server.pkcs12
+          - mountPath: /opt/tip-wlan/certs/httpClientConfig.json
+            name: certificates
+            subPath: httpClientConfig.json
+          - mountPath: /opt/tip-wlan/certs/ssl.properties
+            name: certificates
+            subPath: ssl.properties
+          - mountPath: /app/opensync/logback.xml
+            name: logback-config
+            subPath: logback.xml
+          - mountPath: {{ $file_store_path }}
+            name: file-store-data
+          ports:
+            - name: {{ .Values.service.name1 }}
+              containerPort: {{ .Values.service.port1 }}
+              protocol: TCP
+            - name: {{ .Values.service.name2 }}
+              containerPort: {{ .Values.service.port2 }}
+              protocol: TCP
+            - name: {{ .Values.service.name3 }}
+              containerPort: {{ .Values.service.port3 }}
+              protocol: TCP
+            - name: {{ .Values.service.name4 }}
+              containerPort: {{ .Values.service.port4 }}
+              protocol: TCP
+            {{- if .Values.debug.enabled }}
+            - name: {{ .Values.service.name5 }}
+              containerPort: {{ .Values.service.port5 }}
+              protocol: TCP
+            {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+
+      volumes:
+      - name: certificates
+        secret:
+          secretName: {{ include "common.fullname" . }}-certs
+      - name: logback-config
+        configMap:
+            name: {{ include "common.fullname" . }}-log-config
+      - name: file-store-data
+      {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ include "portal.sharedPvc.name" . }}
+      {{- else }}
+        emptyDir: {}
+      {{- end }}

helmfile/opensync-gw-cloud/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

helmfile/opensync-gw-cloud/templates/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

helmfile/opensync-gw-cloud/templates/service.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port1 }}
+      targetPort: {{ .Values.service.port1 }}
+      protocol: TCP
+      name: {{ .Values.service.name1 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+    - port: {{ .Values.service.port2 }}
+      targetPort: {{ .Values.service.port2 }}
+      protocol: TCP
+      name: {{ .Values.service.name2 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+    - port: {{ .Values.service.port3 }}
+      targetPort: {{ .Values.service.port3 }}
+      protocol: TCP
+      name: {{ .Values.service.name3 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+    - port: {{ .Values.service.port4 }}
+      targetPort: {{ .Values.service.port4 }}
+      protocol: TCP
+      name: {{ .Values.service.name4 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+    {{- if .Values.debug.enabled }}
+    - port: {{ .Values.service.port5 }}
+      targetPort: {{ .Values.service.port5 }}
+      protocol: TCP
+      name: {{ .Values.service.name5 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
+    {{- end }}
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

helmfile/opensync-gw-cloud/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

helmfile/opensync-gw-cloud/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.testsEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "common.fullname" . }}-test-connection"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
+  restartPolicy: Never
+{{- end }}

helmfile/opensync-gw-cloud/templates/transport-server-tcp.yaml

@@ -0,0 +1,35 @@
+apiVersion: k8s.nginx.org/v1alpha1
+kind: TransportServer
+metadata:
+  name: {{ include "common.name" . }}-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  listener:
+    name: opensync-gw-controller-port-listener
+    protocol: TCP
+  upstreams:
+  - name: {{ include "common.name" . }}
+    service: {{ include "common.fullname" . }}
+    port: {{ .Values.service.port1 }}
+  action:
+    pass: {{ include "common.name" . }}
+---
+apiVersion: k8s.nginx.org/v1alpha1
+kind: TransportServer
+metadata:
+  name: {{ include "common.name" . }}-redirector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  listener:
+    name: opensync-gw-redirector-port-listener
+    protocol: TCP
+  upstreams:
+  - name: {{ include "common.name" . }}
+    service: {{ include "common.fullname" . }}
+    port: {{ .Values.service.port2 }}
+  action:
+    pass: {{ include "common.name" . }}

helmfile/opensync-gw-cloud/values.yaml

@@ -0,0 +1,170 @@
+# Default values for opensync-gw.
+# This is a YAML-formatted file.
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  name: opensync-gateway-cloud
+  tag: 0.0.1-SNAPSHOT
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+## Liveness and Readiness probe values.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+probes:
+  enabled: false
+  livenessProbe:
+    initialDelaySeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    initialDelaySeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+
+# Enable/Disable Helm tests
+testsEnabled: false
+
+# Enable/Disable Remote debugging
+debug: 
+  enabled: false
+
+service:
+  type: NodePort
+  port1: 6640
+  nodePort1: 29
+  name1: controller
+  port2: 6643
+  name2: redirector
+  nodePort2: 30
+  port3: 9096
+  name3: server
+  nodePort3: 27
+  port4: 9097
+  name4: internal
+  nodePort4: 28
+  port5: 5005
+  name5: debug
+  nodePort5: 26
+
+persistence:
+  enabled: false
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+
+# the filestore internal: location of the folder where UI files will be stored
+# on the PV
+# the filestore url: externally reachable URL i.e.; reachable from AP, where it 
+# can download the files from. Override this value (url) to the configured
+# HTTP server in your system 
+filestore:
+  internal: "/tmp/filestore"
+  url: DUMMY_FILESTORE_HTTPS_URL
+
+integratedcloudcomponent:
+  url: wlan-integrated-cloud-component-service
+  port: 9091
+
+prov:
+  url: wlan-prov-service
+  port: 9092
+
+ssc:
+  url: wlan-ssc-service
+  port: 9032
+
+mqtt:
+  url: opensync-mqtt-broker
+
+portal:
+  url: wlan-portal-service
+  sharedPvc:
+    name: file-store-data
+    ordinal: 0
+
+ # These are list of external HostAddresses for ovsdb, mqtt. 
+ # This is important for ovsdb and mqtt since 
+ # that's what AP sees. Please make sure to override
+ # them in dev override file for your respective environments.
+externalhostaddress:
+  ovsdb: opensync-gw-cloud
+  mqtt: opensync-mqtt-broker
+
+ethernetType:
+  lanName: "lan"
+  lanType: "bridge"
+  wanType: "bridge"
+  wanName: "wan"
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+env:
+  protocol: https
+  ssc_url: SSC_RELEASE_URL
+  prov_url: PROV_RELEASE_URL
+  ssc:
+    service: wlan-ssc-service
+    port: 9031
+  prov:
+    service: wlan-prov-service
+    port: 9091

helmfile/opensync-gw-static/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helmfile/opensync-gw-static/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 0.1.0
+digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
+generated: "2020-10-19T12:15:04.8106439Z"

helmfile/opensync-gw-static/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: opensync-gw-static
+description: WLAN Opensync Gateway Helm chart for Kubernetes
+
+type: application
+version: 0.1.0
+appVersion: 1.16.0
+
+dependencies:
+- name: common
+  version: 0.1.0
+  repository: file://../common

helmfile/opensync-gw-static/resources/config/certs/README.md

@@ -0,0 +1,2 @@
+Contains certs needed for this service to start.
+Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

helmfile/opensync-gw-static/resources/config/certs/httpClientConfig.json

@@ -0,0 +1,18 @@
+{
+"maxConnectionsTotal":100,
+"maxConnectionsPerRoute":10,
+"truststoreType":"JKS",
+"truststoreProvider":"SUN",
+"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
+"truststorePass":"mypassword",
+"keystoreType":"JKS",
+"keystoreProvider":"SUN",
+"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
+"keystorePass":"mypassword",
+"keyAlias":"clientkeyalias",
+"credentialsList":[
+    {"host":"localhost","port":-1,"user":"user","password":"password"}
+    ]
+
+}
+

helmfile/opensync-gw-static/resources/config/certs/ssl.properties

@@ -0,0 +1,13 @@
+truststorePass=mypassword
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass=mypassword
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+

helmfile/opensync-gw-static/resources/config/logback.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- For assistance related to logback-translator or configuration  -->
+<!-- files in general, please contact the logback user mailing list -->
+<!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
+<!--                                                                -->
+<!-- For professional support please see                            -->
+<!--    http://www.qos.ch/shop/products/professionalSupport         -->
+<!--                                                                -->
+<configuration>
+  <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+  
+  <!-- 
+  <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+    <file>myApp.log</file>
+
+    <encoder>
+      <pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
+    </encoder>
+  </appender>
+  -->
+  
+  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>/app/logs/opensyncgw.log</file>
+    <append>true</append>
+    <encoder>
+      <pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>3</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>20MB</maxFileSize>
+    </triggeringPolicy>
+  </appender>
+      
+  <!--
+  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
+   
+  runtime configuration, if need to override the defaults: 
+  	-Dlogback.configurationFile=/path/to/logback.xml
+  
+  for log configuration debugging - use 
+  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
+  
+  log levels:
+	OFF ERROR WARN INFO DEBUG TRACE  
+   -->
+  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
+  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
+  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
+  
+  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
+  <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
+  <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
+  <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
+  
+  <logger name="MQTT_DATA" level="DEBUG"/>
+
+  <!--   
+  <logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
+   -->
+   
+  <root level="WARN">
+<!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="logfile"/>
+  </root>
+  
+</configuration>

helmfile/opensync-gw-static/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

helmfile/opensync-gw-static/templates/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-log-config
+  namespace: {{ .Release.Namespace }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

helmfile/opensync-gw-static/templates/deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
 spec:
@@ -16,7 +16,7 @@ spec:
         {{- include "common.selectorLabels" . | nindent 8 }}
     spec:
       imagePullSecrets:
-        - name: "{{ include "common.namespace" . }}-docker-registry-key"
+        - name: "{{ .Release.Namespace }}-docker-registry-key"
       serviceAccountName: {{ include "common.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
@@ -26,30 +26,24 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
-          env:
-            {{- include "common.env" . | nindent 12 }}  
           {{- if .Values.probes.enabled }}
           livenessProbe:
-            httpGet:
-              path: /ping
-              port: {{ .Values.service.port1 }}
-              scheme: {{ .Values.probes.livenessProbe.scheme }}
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
             initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
           readinessProbe:
-            httpGet:
-              path: /ping
-              port: {{ .Values.service.port1 }}
-              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
             initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          {{- end }}
+          {{- end }}       
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
             name: certificates
@@ -60,6 +54,15 @@ spec:
           - mountPath: /opt/tip-wlan/certs/server.pkcs12
             name: certificates
             subPath: server.pkcs12
+          - mountPath: /opt/tip-wlan/certs/httpClientConfig.json
+            name: certificates
+            subPath: httpClientConfig.json
+          - mountPath: /opt/tip-wlan/certs/ssl.properties
+            name: certificates
+            subPath: ssl.properties
+          - mountPath: /app/opensync/logback.xml
+            name: logback-config
+            subPath: logback.xml
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -86,3 +89,6 @@ spec:
       - name: certificates
         secret:
           secretName: {{ include "common.fullname" . }}-certs
+      - name: logback-config
+        configMap:
+            name: {{ include "common.fullname" . }}-log-config

helmfile/opensync-gw-static/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

helmfile/opensync-gw-static/templates/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

helmfile/opensync-gw-static/templates/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port1 }}
+      targetPort: {{ .Values.service.port1 }}
+      protocol: TCP
+      name: {{ .Values.service.name1 }}
+    - port: {{ .Values.service.port2 }}
+      targetPort: {{ .Values.service.port2 }}
+      protocol: TCP
+      name: {{ .Values.service.name2 }}
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

helmfile/opensync-gw-static/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

helmfile/opensync-gw-static/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.testsEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "common.fullname" . }}-test-connection"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
+  restartPolicy: Never
+{{- end }}

helmfile/opensync-gw-static/templates/transport-server-tcp.yaml

@@ -0,0 +1,35 @@
+apiVersion: k8s.nginx.org/v1alpha1
+kind: TransportServer
+metadata:
+  name: {{ include "common.name" . }}-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  listener:
+    name: opensync-gw-controller-port-listener
+    protocol: TCP
+  upstreams:
+  - name: {{ include "common.name" . }}
+    service: {{ include "common.fullname" . }}
+    port: {{ .Values.service.port1 }}
+  action:
+    pass: {{ include "common.name" . }}
+---
+apiVersion: k8s.nginx.org/v1alpha1
+kind: TransportServer
+metadata:
+  name: {{ include "common.name" . }}-redirector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  listener:
+    name: opensync-gw-redirector-port-listener
+    protocol: TCP
+  upstreams:
+  - name: {{ include "common.name" . }}
+    service: {{ include "common.fullname" . }}
+    port: {{ .Values.service.port2 }}
+  action:
+    pass: {{ include "common.name" . }}

helmfile/opensync-gw-static/values.yaml

@@ -0,0 +1,95 @@
+# Default values for opensync-gw.
+# This is a YAML-formatted file.
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  name: opensync-gateway-static
+  tag: 0.0.1-SNAPSHOT
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+## Liveness and Readiness probe values.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+probes:
+  enabled: false
+  livenessProbe:
+    initialDelaySeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    initialDelaySeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+
+# Enable/Disable Helm tests
+testsEnabled: false
+
+service:
+  type: ClusterIP
+  port1: 6640
+  name1: controller
+  port2: 6643
+  name2: redirector
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

helmfile/opensync-mqtt-broker/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helmfile/opensync-mqtt-broker/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 0.1.0
+digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
+generated: "2020-10-19T12:15:25.5035557Z"

helmfile/opensync-mqtt-broker/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: opensync-mqtt-broker
+description: A Helm chart for Kubernetes
+
+type: application
+version: 0.1.0
+appVersion: 1.16.0
+
+dependencies:
+- name: common
+  version: 0.1.0
+  repository: file://../common

helmfile/opensync-mqtt-broker/resources/config/certs/README.md

@@ -0,0 +1,2 @@
+Contains certs needed for this service to start.
+Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

helmfile/opensync-mqtt-broker/resources/config/mosquitto.conf

@@ -0,0 +1,17 @@
+cafile /certs/cacert.pem
+certfile /certs/mqttservercert.pem
+keyfile /certs/mqttserverkey_dec.pem
+require_certificate true
+use_identity_as_username true
+allow_anonymous false
+allow_duplicate_messages true
+autosave_interval 900
+log_dest stdout
+max_queued_bytes 0
+max_queued_messages 0
+message_size_limit 0
+persistence true
+persistence_file mosquitto.db
+persistence_location /mosquitto/db/
+pid_file /mosquitto/mosquitto.pid
+port 1883

helmfile/opensync-mqtt-broker/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

helmfile/opensync-mqtt-broker/templates/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mosquitto-config
+  namespace: {{ .Release.Namespace }}
+data:
+{{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}

helmfile/opensync-mqtt-broker/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

helmfile/opensync-mqtt-broker/templates/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: opensync-mqtt-broker-certs
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

helmfile/opensync-mqtt-broker/templates/service.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port1 }}
+      targetPort: {{ .Values.service.port1 }}
+      protocol: TCP
+      name: {{ .Values.service.name1 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+    - port: {{ .Values.service.port2 }}
+      targetPort: {{ .Values.service.port2 }}
+      protocol: TCP
+      name: {{ .Values.service.name2 }}
+      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

helmfile/opensync-mqtt-broker/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

helmfile/opensync-mqtt-broker/templates/statefulset.yaml

@@ -0,0 +1,168 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  serviceName: {{ include "common.fullname" . }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
+  updateStrategy:
+{{ toYaml .Values.updateStrategy | indent 4 }}
+  template:
+    metadata:
+      labels:
+        {{- include "common.selectorLabels" . | nindent 8 }}
+      {{- if .Values.podLabels }}
+        ## Custom pod labels
+        {{- range $key, $value := .Values.podLabels }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+        ## Custom pod annotations
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+{{- end }}
+    spec:
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+{{- if .Values.schedulerName }}
+      schedulerName: "{{ .Values.schedulerName }}"
+{{- end }}
+{{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+{{- end }}
+      imagePullSecrets:
+        - name: "{{ .Release.Namespace }}-docker-registry-key"
+      serviceAccountName: {{ include "common.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: {{ include "common.name" . }}-init-dir-ownership-change
+          image: alpine:3.6
+          # Change ownership to `mosquitto` user for a mounted volume
+          command:
+          - sh
+          - -c
+          - |
+            chown -R 1883:1883 /mosquitto/data
+            chown -R 1883:1883 /mosquitto/db
+          volumeMounts:
+          - name: data
+            mountPath: /mosquitto/data
+          - name: db
+            mountPath: /mosquitto/db
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.image.name }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          {{- if .Values.probes.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
+            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          {{- end }}
+          volumeMounts:
+          - mountPath: /certs/cacert.pem
+            name: opensync-mqtt-broker-truststore
+            subPath: cacert.pem
+          - mountPath: /certs/mqttservercert.pem
+            name: opensync-mqtt-broker-truststore
+            subPath: mqttservercert.pem
+          - mountPath: /certs/mqttserverkey_dec.pem
+            name: opensync-mqtt-broker-truststore
+            subPath: mqttserverkey_dec.pem
+          - mountPath: /mosquitto/config/mosquitto.conf
+            name: opensync-mqtt-broker-conf
+            subPath: mosquitto.conf
+          - mountPath: /mosquitto/db/
+            name: db
+          - mountPath: /mosquitto/data/
+            name: data
+          ports:
+            - name: {{ .Values.service.name1 }}
+              containerPort: {{ .Values.service.port1 }}
+              protocol: TCP
+            - name: {{ .Values.service.name2 }}
+              containerPort: {{ .Values.service.port2 }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+      - name: opensync-mqtt-broker-truststore
+        secret:
+          secretName: opensync-mqtt-broker-certs
+      - name: opensync-mqtt-broker-conf
+        configMap:
+            name: mosquitto-config
+      {{- if not .Values.persistence.enabled }}
+      - name: db
+        emptyDir: {}
+      - name: data
+        emptyDir: {}
+      {{- end }}
+  {{- if .Values.persistence.enabled }}
+  volumeClaimTemplates:
+    - metadata:
+        name: db
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode | quote }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.sizeDb | quote }}
+      {{- if .Values.persistence.storageClass }}
+        {{- if (eq "-" .Values.persistence.storageClass) }}
+        storageClassName: ""
+        {{- else }}
+        storageClassName: "{{ .Values.persistence.storageClass }}"
+        {{- end }}
+      {{- end }}
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode | quote }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.sizeData | quote }}
+      {{- if .Values.persistence.storageClass }}
+        {{- if (eq "-" .Values.persistence.storageClass) }}
+        storageClassName: ""
+        {{- else }}
+        storageClassName: "{{ .Values.persistence.storageClass }}"
+        {{- end }}
+      {{- end }}
+  {{- end }}

helmfile/opensync-mqtt-broker/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.testsEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "common.fullname" . }}-test-connection"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
+  restartPolicy: Never
+{{- end }}

helmfile/opensync-mqtt-broker/templates/transport-server-tcp.yaml

@@ -0,0 +1,17 @@
+apiVersion: k8s.nginx.org/v1alpha1
+kind: TransportServer
+metadata:
+  name: {{ include "common.name" . }}-mqtt
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  listener:
+    name: opensync-mqtt-port-listener
+    protocol: TCP
+  upstreams:
+  - name: {{ include "common.name" . }}
+    service: {{ include "common.fullname" . }}
+    port: {{ .Values.service.port1 }}
+  action:
+    pass: {{ include "common.name" . }}

helmfile/opensync-mqtt-broker/values.yaml

@@ -0,0 +1,129 @@
+# Default values for mqtt.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  name: eclipse-mosquitto
+  tag: latest
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+terminationGracePeriodSeconds: 1800  # Duration in seconds a mosquitto pod needs to terminate gracefully.
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+## Liveness and Readiness probe values.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+probes:
+  enabled: true
+  livenessProbe:
+    initialDelaySeconds: 30
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    initialDelaySeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+
+# Enable/Disable Helm tests
+testsEnabled: false
+
+service:
+  type: NodePort
+  port1: 1883
+  name1: listener
+  nodePort1: 31
+  port2: 9001
+  name2: debug
+  nodePort2: 32
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+priorityClassName: ""
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+persistence:
+  enabled: false
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+
+  ## If defined, PVC must be created manually before volume will be bound
+  ## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
+  ## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
+  ## volumeReclaimPolicy: Retain
+  ## If you want to bind to an existing PV, uncomment below with the pv name 
+  ## and comment storageClass and belowannotation
+  ## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
+  ## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e
+
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  storageClass: "-"
+  accessMode: ReadWriteOnce
+  ## Size of Db PVC
+  sizeDb: 1Gi
+  ## Size of Data PVC
+  sizeData: 1Gi
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+# schedulerName:

helmfile/wlan-cloud-graphql-gw/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helmfile/wlan-cloud-graphql-gw/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 0.1.0
+digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
+generated: "2020-10-19T12:15:26.5973407Z"

helmfile/wlan-cloud-graphql-gw/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: wlan-cloud-graphql-gw
+description: WLAN Cloud Apollo Server Helm Chart
+
+type: application
+version: 0.1.0
+appVersion: 0.0.1
+
+dependencies:
+- name: common
+  version: 0.1.0
+  repository: file://../common

helmfile/wlan-cloud-graphql-gw/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

helmfile/wlan-cloud-graphql-gw/templates/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "common.selectorLabels" . | nindent 8 }}
+    spec:
+      imagePullSecrets:
+        - name: "{{ .Release.Namespace }}-docker-registry-key"
+      serviceAccountName: {{ include "common.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          env:
+          - name: API
+          {{- if .Values.env.localService }}
+            value: {{ .Release.Name }}-{{ .Values.env.portalsvc }}
+          {{- else }}
+            value: {{ .Values.env.portalsvc }}
+          {{- end }}
+          ports:
+            - name: {{ .Values.service.name }}
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}

helmfile/wlan-cloud-graphql-gw/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

helmfile/wlan-cloud-graphql-gw/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.port }}
+      protocol: TCP
+      name: {{ .Values.service.name }}
+      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

helmfile/wlan-cloud-graphql-gw/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

helmfile/wlan-cloud-graphql-gw/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.testsEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "common.fullname" . }}-test-connection"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
+{{- end }}

helmfile/wlan-cloud-graphql-gw/values.yaml

@@ -0,0 +1,86 @@
+# Default values for opensync-gw.
+# This is a YAML-formatted file.
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image: 
+  name: wlan-cloud-graphql-gw
+  tag: latest
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+# Enable/Disable Helm tests
+testsEnabled: false
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+# If it's a localService, we will prefix ReleaseName to portalsvc, so service
+# is reachable.
+env:
+  portalsvc: wlan-portal-service:9051
+  localService: false
+
+service:
+  type: NodePort
+  port: 4000
+  name: graphui
+  nodePort: 23
+
+ingress:
+  enabled: true
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: wlan-ui-graphql.zone3.lab.connectus.ai
+      paths: [
+         /
+        ]
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

helmfile/wlan-cloud-static-portal/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helmfile/wlan-cloud-static-portal/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../common
+  version: 0.1.0
+digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
+generated: "2020-10-19T12:15:47.5451817Z"

helmfile/wlan-cloud-static-portal/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: wlan-cloud-static-portal
+description: WLAN Cloud Portal Helm Chart
+
+type: application
+version: 0.1.0
+appVersion: 0.0.1
+
+dependencies:
+- name: common
+  version: 0.1.0
+  repository: file://../common

helmfile/wlan-cloud-static-portal/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

helmfile/wlan-cloud-static-portal/templates/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "common.selectorLabels" . | nindent 8 }}
+    spec:
+      imagePullSecrets:
+        - name: "{{ .Release.Namespace }}-docker-registry-key"
+      serviceAccountName: {{ include "common.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          env:
+          - name: API
+            value: {{ .Values.env.graphql }}
+          ports:
+            - name: {{ .Values.service.name }}
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}

helmfile/wlan-cloud-static-portal/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

helmfile/wlan-cloud-static-portal/templates/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.port }}
+      protocol: TCP
+      name: {{ .Values.service.name }}
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

helmfile/wlan-cloud-static-portal/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

helmfile/wlan-cloud-static-portal/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.testsEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "common.fullname" . }}-test-connection"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
+{{- end }}