fix Ingress capabilities check

Signed-off-by: Max Brenner <xamrennerb@gmail.com>

.github/workflows/helm-build.yml

@@ -3,28 +3,60 @@ name: Helm CI - TIP WLAN Cloud Master
 on: 
   push:
     branches: [ master ]
+    tags: [ "v*" ]
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-        with:
-          ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
-          submodules: true
-      - name: Login to TIP Docker registry 
-        uses: azure/docker-login@v1
-        with:
-          login-server: tip-tip-wlan-cloud-docker-repo.jfrog.io
-          username: build-pipeline
-          password: ${{ secrets.DOCKER_REPO_PASSWORD }}
       - name: Login to TIP Helm chart registry
         run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }}
       - name: Build tip-wlan chart file
-        run: tar -czf tip-wlan.tgz tip-wlan
-      - name: Upload tip-wlan chart to the TIP helm registry
-        run: curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan.tgz"
-      - name: Verify that chart was uploaded successfully
         run: |
-          helm repo update
-          helm search repo tip
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            PACKAGE_OPTS="--version ${GITHUB_REF#refs/tags/v}"
+          else
+            PACKAGE_OPTS=""
+          fi
+          helm package $PACKAGE_OPTS -u tip-wlan
+      - name: Store chart as artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: helm-chart
+          path: tip-wlan-*.tgz
+      - name: Upload tip-wlan chart to the TIP helm registry
+        run: |
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-${GITHUB_REF#refs/tags/v}.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-${GITHUB_REF#refs/tags/v}.tgz"
+          else
+            curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-*.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-master.tgz"
+          fi
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [ build ]
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.8"
+      - name: install keepachangelog
+        run: pip install keepachangelog
+      - name: create release description
+        continue-on-error: true
+        run: python .github/workflows/prepare-release-description.py ${GITHUB_REF#refs/tags/v} > RELEASE.md
+      - name: download Helm chart artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: helm-chart
+      - name: create release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          files: tip-wlan-*.tgz
+          body_path: RELEASE.md
+          prerelease: ${{ contains(github.ref, 'rc') }}

.github/workflows/prepare-release-description.py

@@ -0,0 +1,24 @@
+import sys
+
+import keepachangelog
+
+CATEGORIES = ['added', 'changed', 'deprecated', 'removed', 'fixed', 'security']
+
+version = sys.argv[1]
+
+try:
+    changes = keepachangelog.to_dict("CHANGELOG.md")[version]
+except KeyError:
+    print(f'No changelog entry for version {version}', file=sys.stderr)
+    exit(1)
+
+
+print('## Changelog')
+for category in CATEGORIES:
+    entries = changes.get(category, [])
+
+    if entries:
+        print(f'### {category.capitalize()}') 
+
+    for entry in entries:
+        print(f'- {entry}') 

CHANGELOG.md

@@ -5,29 +5,59 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased](xxx)
+## [Unreleased] - YYYY-MM-DD
 
 ### Added
 
-- Replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
-- Centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+- export servo MBeans with JMX Prometheus exporter [#65](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/65)
+- render post-deployment message [#73](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/73)
 
 ### Changed
 
-- Improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
-- Improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
-- Improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+- migrate to networking.k8s.io/v1 API version for Ingress resources [#74](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/74)
 
-### Removed
+## [1.0.1] - 2021-04-12
 
-- Removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
-- Various outdated sections in values.yaml and environment files
-- Various secrets in subcharts as they are now part of the parent chart
-- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
+### Changed
 
-## [0.4.0](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4) - 2021-01-28
+- bump cloud controller version to 1.0.1
+
+### Fixed
+
+- correct SQL and CQL schema URLs
+
+### Changed
+
+- make images for all init containers configurable [#67](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/67)
+
+## [1.0.0] - 2021-04-01
 
 ### Added
 
-- Initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
+- replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
+- centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
 
+### Changed
+
+- improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
+
+### Removed
+
+- removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- various outdated sections in values.yaml and environment files
+- various secrets in subcharts as they are now part of the parent chart
+- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
+
+### Fixed
+
+- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
+
+## [0.4.0] - 2021-01-28
+
+### Added
+
+- initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
+- [changes since first commit](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4)

tip-wlan/Chart.yaml

@@ -14,11 +14,11 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.4.0
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.16.0
+appVersion: 1.0.0
 
 home: https://telecominfraproject.com/wifi/
 sources:

tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

@@ -7,4 +7,5 @@ metadata:
     {{- include "common.labels" . | nindent 4 }}
 data:
     external-status-address: {{ .Values.controller.config.externalStatusAddress }}
-    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    error-log-level: {{ .Values.controller.config.errorLogLevel }}

tip-wlan/charts/nginx-ingress-controller/values.yaml

@@ -56,6 +56,8 @@ controller:
     ## Max message size coming from the Client
     clientMaxBodySize: "20m"
 
+    ## Error 
+    errorLogLevel: "error"
   ## It is recommended to use your own TLS certificates and keys
   defaultTLS:
     ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.

tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml

@@ -29,7 +29,7 @@ spec:
       initContainers:
         {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
         - name: wait-for-services
-          image: opsfleet/depends-on:latest
+          image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }}
           args:
           - "-service={{ .Release.Name }}-opensync-mqtt-broker"
           - "-service={{ .Release.Name }}-wlan-prov-service"
@@ -37,7 +37,7 @@ spec:
           - -check_interval=5
       {{- if .Values.global.integratedDeployment }}
         - name: {{ include "common.name" . }}-readiness-int-cloud
-          image: alpine
+          image: {{ .Values.intCloudReadiness.registry }}/{{ .Values.intCloudReadiness.repository }}:{{ .Values.intCloudReadiness.tag }}
           imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh

tip-wlan/charts/opensync-gw-cloud/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -11,7 +11,22 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-cloud
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+waitForServicesImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: opsfleet/depends-on
+  tag: v1.0.0
+
+intCloudReadinessImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/opensync-gw-static/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/opensync-gw-static/values.yaml

@@ -11,7 +11,12 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-static
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml

@@ -45,7 +45,7 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: {{ include "common.name" . }}-init-dir-ownership-change
-          image: {{ .Values.alpine.image }}
+          image: {{ .Values.alpine.registry }}/{{ .Values.alpine.repository }}:{{ .Values.alpine.tag }}
           imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           # Change ownership to `mosquitto` user for a mounted volume
           command:
@@ -63,7 +63,7 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:

tip-wlan/charts/opensync-mqtt-broker/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/opensync-mqtt-broker/values.yaml

@@ -5,11 +5,19 @@
 replicaCount: 1
 
 image:
-  name: eclipse-mosquitto
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/eclipse-mosquitto
   tag: 2.0.3
 
 alpine:
-  image: alpine:3.6
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.6
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml

@@ -1,7 +1,9 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+apiVersion: networking.k8s.io/v1
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@@ -36,15 +38,35 @@ spec:
         paths:
         {{- if $.Values.ingress.lb_https_redirect }}
           - path: /*
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: ImplementationSpecific
+            {{- end }}
             backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+              {{- else -}}
               serviceName: ssl-redirect
               servicePort: use-annotation
+              {{- end }}
         {{- end }}
         {{- range .paths }}
           - path: {{ . }}
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: ImplementationSpecific
+            {{- end }}
             backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else -}}
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+              {{- end }}
         {{- end }}
   {{- end }}
 {{- end }}

tip-wlan/charts/wlan-cloud-graphql-gw/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
   restartPolicy: Never

tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml

@@ -11,9 +11,14 @@ replicaCount: 1
 
 image:
   name: wlan-cloud-graphql-gw
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
   pullPolicy: IfNotPresent
 
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
+
 nameOverride: ""
 fullnameOverride: ""
 

tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml

@@ -1,7 +1,9 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+apiVersion: networking.k8s.io/v1
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@@ -36,15 +38,35 @@ spec:
         paths:
         {{- if $.Values.ingress.lb_https_redirect }}
           - path: /*
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: ImplementationSpecific
+            {{- end }}
             backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+              {{- else -}}
               serviceName: ssl-redirect
               servicePort: use-annotation
+              {{- end }}
         {{- end }}
         {{- range .paths }}
           - path: {{ . }}
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: ImplementationSpecific
+            {{- end }}
             backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else -}}
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+              {{- end }}
         {{- end }}
   {{- end }}
 {{- end }}

tip-wlan/charts/wlan-cloud-static-portal/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
   restartPolicy: Never

tip-wlan/charts/wlan-cloud-static-portal/values.yaml

@@ -11,9 +11,14 @@ replicaCount: 1
 
 image:
   name: wlan-cloud-ui
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
   pullPolicy: IfNotPresent
 
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
+
 nameOverride: ""
 fullnameOverride: ""
 

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       {{- if .Values.integratedWithPersistence.enabled }}
       initContainers:
       - name: wait-for-services
-        image: opsfleet/depends-on:latest
+        image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }}
         args:
         - "-service={{ .Release.Name }}-postgresql"
         - -check_interval=5
@@ -49,7 +49,8 @@ spec:
             secretKeyRef:
               name: {{ include "common.fullname" . }}-creds
               key: schema-repo-password
-        image: postgres:latest
+        image: {{ .Values.createDbSchemaImage.registry }}/{{ .Values.createDbSchemaImage.repository }}:{{ .Values.createDbSchemaImage.tag }}
+        args:
         imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
         command:
         - sh

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml

@@ -11,7 +11,22 @@ replicaCount: 1
 
 image:
   name: wlan-integrated-cloud-component-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+waitForServicesImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: opsfleet/depends-on
+  tag: v1.0.0
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
+
+createDbSchemaImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/postgres
+  tag: 13.2-alpine
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml

@@ -24,7 +24,7 @@ spec:
       initContainers:
         {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
         - name: {{ include "common.name" . }}-readiness-opensync-gw
-          image: alpine
+          image: {{ .Values.opensyncGwReadinessImage.registry }}/{{ .Values.opensyncGwReadinessImage.repository }}:{{ .Values.opensyncGwReadinessImage.tag }}
           imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml

@@ -11,7 +11,17 @@ replicaCount: 1
 
 image:
   name: wlan-port-forwarding-gateway-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+opensyncGwReadinessImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-portal-service/resources/config/logback.xml

@@ -7,7 +7,7 @@
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
-<configuration>
+<configuration scan="true" scanPeriod="30 seconds">
   <conversionRule conversionWord="filteredStack"
                   converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
 

tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties

@@ -0,0 +1,14 @@
+truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
+sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA

tip-wlan/charts/wlan-portal-service/templates/ingress.yaml

@@ -1,7 +1,9 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port1 -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+apiVersion: networking.k8s.io/v1
+{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
@@ -34,15 +36,35 @@ spec:
         paths:
         {{- if $.Values.ingress.lb_https_redirect }}
           - path: /*
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: ImplementationSpecific
+            {{- end }}
             backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: ssl-redirect
+                port:
+                  name: use-annotation
+              {{- else -}}
               serviceName: ssl-redirect
               servicePort: use-annotation
+              {{- end }}
         {{- end }}
         {{- range .paths }}
           - path: {{ . }}
+            {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+            pathType: ImplementationSpecific
+            {{- end }}
             backend:
+              {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else -}}
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+              {{- end -}}
         {{- end }}
   {{- end }}
 {{- end }}

tip-wlan/charts/wlan-portal-service/templates/secret.yaml

@@ -0,0 +1,10 @@
+{{- if not .Values.tlsv13.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-ssl-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+  ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
+{{- end }}

tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml

@@ -7,6 +7,7 @@ metadata:
   labels:
     {{- include "common.labels" . | nindent 4 }}
 spec:
+  podManagementPolicy: Parallel
   serviceName: {{ include "common.fullname" . }}
   replicas: {{ .Values.replicaCount }}
   selector:
@@ -113,9 +114,12 @@ spec:
           - mountPath: /opt/tip-wlan/certs/server.pkcs12
             name: certificates
             subPath: server.pkcs12
-          - mountPath: /app/portal/logback.xml
+          - mountPath: /app/portal/log
             name: logback-config
-            subPath: logback.xml
+          {{- if not .Values.tlsv13.enabled }}
+          - mountPath: /app/portal/certs
+            name: ssl-config
+          {{- end }}
           - mountPath: {{ $file_store_path }}
             name: file-store-data
           {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
@@ -155,6 +159,11 @@ spec:
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config
+      {{- if not .Values.tlsv13.enabled }}
+      - name: ssl-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-ssl-config
+      {{- end }}
       {{- if not .Values.persistence.enabled }}
       - name: file-store-data
         emptyDir: {}

tip-wlan/charts/wlan-portal-service/templates/tests/test-connection.yaml

@@ -11,8 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
-      command: ['wget']
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never
 {{- end }}

tip-wlan/charts/wlan-portal-service/values.yaml

@@ -11,7 +11,12 @@ replicaCount: 1
 
 image:
   name: wlan-portal-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""
@@ -153,3 +158,6 @@ env:
 # on the PV
 filestore:
   internal: "/tmp/filestore"
+
+tlsv13:
+  enabled: true

tip-wlan/charts/wlan-prov-service/templates/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       initContainers:
         {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
         - name: wait-for-services
-          image: opsfleet/depends-on:latest
+          image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }}
           args:
           - "-service={{ .Release.Name }}-postgresql"
           - -check_interval=5
@@ -53,7 +53,7 @@ spec:
               secretKeyRef:
                 name: {{ include "common.fullname" . }}-creds
                 key: schema-repo-password
-          image: {{ .Values.postgresql.image }}
+          image: {{ .Values.postgresql.registry }}/{{ .Values.postgresql.repository }}:{{ .Values.postgresql.tag }}
           imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh
@@ -62,8 +62,8 @@ spec:
             apt update
             apt -y install curl
             echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.2.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.2.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
             echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
             ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
             ### really ready when running Postgres in Master-Slave config... hence the below retry-logic

tip-wlan/charts/wlan-prov-service/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/wlan-prov-service/values.yaml

@@ -11,7 +11,17 @@ replicaCount: 1
 
 image:
   name: wlan-prov-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+waitForServicesImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: opsfleet/depends-on
+  tag: v1.0.0
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""
@@ -128,7 +138,9 @@ affinity: {}
 
 postgresql:
   url: postgresql
-  image: postgres:latest
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/postgres
+  tag: 11
 
 env:
   protocol: https

tip-wlan/charts/wlan-spc-service/templates/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       initContainers:
         {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
         - name: wait-for-services
-          image: opsfleet/depends-on:latest
+          image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }}
           args:
           - "-service={{ .Release.Name }}-kafka-headless"
           - -check_interval=5

tip-wlan/charts/wlan-spc-service/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/wlan-spc-service/values.yaml

@@ -11,7 +11,17 @@ replicaCount: 1
 
 image:
   name: wlan-spc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+waitForServicesImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: opsfleet/depends-on
+  tag: v1.0.0
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml

@@ -11,8 +11,10 @@ data:
             contact-points = [ "{{ include "cassandra.service" . }}:9042" ]
             load-balancing-policy.local-datacenter = datacenter1
             session-keyspace = tip_wlan_keyspace
+            request.consistency = LOCAL_QUORUM
         }
 
+        advanced.resolve-contact-points = false
         advanced.ssl-engine-factory {
             class = DefaultSslEngineFactory
             hostname-validation = false

tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       initContainers:
         {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
         - name: wait-for-services
-          image: opsfleet/depends-on:latest
+          image: {{ .Values.waitForServicesImage.registry }}/{{ .Values.waitForServicesImage.repository }}:{{ .Values.waitForServicesImage.tag }}
           args:
           - "-service={{ .Release.Name }}-kafka-headless"
           - "-service={{ .Release.Name }}-cassandra"
@@ -45,7 +45,7 @@ spec:
               secretKeyRef:
                 name: {{ include "common.fullname" . }}-creds
                 key: schema-repo-password
-          image: {{ .Values.cassandra.image }}
+          image: {{ .Values.cassandra.registry }}/{{ .Values.cassandra.repository }}:{{ .Values.cassandra.tag }}
           imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh
@@ -54,7 +54,7 @@ spec:
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.2.0-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
             echo "***** Now executing cloud-sdk-schema-cassandra.cql and creating/updating schema on Cassandra instance *****"
             counter=0
             status=1

tip-wlan/charts/wlan-ssc-service/templates/tests/test-connection.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   containers:
     - name: wget
-      image: busybox
+      image: {{ .Values.testConnectionImage.registry }}/{{ .Values.testConnectionImage.repository }}:{{ .Values.testConnectionImage.tag }}
       command: ['wget']
       args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
   restartPolicy: Never

tip-wlan/charts/wlan-ssc-service/values.yaml

@@ -11,7 +11,17 @@ replicaCount: 1
 
 image:
   name: wlan-ssc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.2.0-SNAPSHOT
+
+waitForServicesImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: opsfleet/depends-on
+  tag: v1.0.0
+
+testConnectionImage:
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/alpine
+  tag: 3.13
 
 nameOverride: ""
 fullnameOverride: ""
@@ -124,7 +134,9 @@ kafka:
 cassandra:
   url: cassandra-headless
   port: 9042
-  image: cassandra:3.11.6
+  registry: tip-docker-cache-repo.jfrog.io
+  repository: library/cassandra
+  tag: 3.11.6
 
 env:
   protocol: https

tip-wlan/example-values/aws-basic/README.md

@@ -0,0 +1,5 @@
+# Helm values for deploying a cloud controller onto an AWS EKS cluster
+
+[Detailed instructions](https://openwifi.tip.build/getting-started/controller-installation/aws-install)
+
+[This Terraform module](https://github.com/Telecominfraproject/wlan-cloud-terraform/tree/master/aws-cloudsdk) can be used to set up the required EKS cluster including all necessary addons.

tip-wlan/example-values/aws-basic/values.yml

@@ -0,0 +1,129 @@
+shared:
+  service:
+    srv-https-annotations: &srv-https-annotations
+      kubernetes.io/ingress.class: alb
+      alb.ingress.kubernetes.io/scheme: internet-facing
+      alb.ingress.kubernetes.io/group.name: wlan-cloudsdk
+      alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:0123456789:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+
+# Annotations for namespace
+annotations: {
+    "helm.sh/resource-policy": keep
+}
+dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
+
+opensync-gw-static:
+  enabled: false
+
+opensync-gw-cloud:
+  service:
+    type: LoadBalancer
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: opensync-controller.cloudsdk.lab.wlan.tip.build,opensync-redirector.cloudsdk.lab.wlan.tip.build
+      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+  enabled: true
+  externalhost:
+    address:
+      ovsdb: opensync-controller.cloudsdk.lab.wlan.tip.build
+      mqtt: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
+  persistence:
+    enabled: false
+  image:
+    name: opensync-gateway-cloud
+
+opensync-mqtt-broker:
+  service:
+    type: LoadBalancer
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
+      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: "gp2"
+
+wlan-cloud-graphql-gw:
+  enabled: true
+  ingress:
+    annotations:
+      <<: *srv-https-annotations
+    enabled: true
+    alb_https_redirect: true
+    hosts:
+    - host: wlan-graphql.cloudsdk.lab.wlan.tip.build
+      paths: [
+        /*
+        ]
+  env:
+    portalsvc: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
+
+wlan-cloud-static-portal:
+  enabled: true
+  env:
+    graphql: https://wlan-graphql.cloudsdk.lab.wlan.tip.build
+  service:
+    type: NodePort
+  ingress:
+    annotations:
+      <<: *srv-https-annotations
+    alb_https_redirect: true
+    hosts:
+      - host: wlan-ui.cloudsdk.lab.wlan.tip.build
+        paths: [
+           /*
+          ]
+wlan-portal-service:
+  service:
+    type: NodePort
+    nodePortStatic: false
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: gp2
+  tsp:
+    host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
+  ingress:
+    enabled: true
+    alb_https_redirect: true
+    tls: []
+    annotations:
+      <<: *srv-https-annotations
+      alb.ingress.kubernetes.io/backend-protocol: HTTPS
+      alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+      alb.ingress.kubernetes.io/healthcheck-path: /ping
+    hosts:
+      - host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
+        paths: [
+           /*
+          ]
+
+wlan-prov-service:
+  enabled: true
+
+wlan-ssc-service:
+  enabled: true
+
+wlan-spc-service:
+  enabled: true
+
+wlan-port-forwarding-gateway-service:
+  enabled: true
+
+kafka:
+  enabled: true
+  persistence:
+
+cassandra:
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: gp2
+
+postgresql:
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: gp2

tip-wlan/example-values/aws-internal/README.md

@@ -0,0 +1,8 @@
+# Helm values for deploying a cloud controller onto an AWS EKS cluster with internal accessibility
+
+These values are almost the same as you can find in [aws-basic](../aws-basic) example values, but this case adds required annotations to make your installaion work in private mode without any endpoints exposed to the Internet.
+
+[Detailed instructions](https://openwifi.tip.build/getting-started/controller-installation/aws-install)
+
+[This Terraform module](https://github.com/Telecominfraproject/wlan-cloud-terraform/tree/master/aws-cloudsdk) can be used to set up the required EKS cluster including all necessary addons.
+

tip-wlan/example-values/aws-internal/values.yml

@@ -0,0 +1,131 @@
+shared:
+  service:
+    srv-https-annotations: &srv-https-annotations
+      kubernetes.io/ingress.class: alb
+      alb.ingress.kubernetes.io/scheme: internal
+      alb.ingress.kubernetes.io/group.name: wlan-cloudsdk
+      alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-central-1:0123456789:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+
+# Annotations for namespace
+annotations: {
+    "helm.sh/resource-policy": keep
+}
+dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
+
+opensync-gw-static:
+  enabled: false
+
+opensync-gw-cloud:
+  service:
+    type: LoadBalancer
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: opensync-controller.cloudsdk.lab.wlan.tip.build,opensync-redirector.cloudsdk.lab.wlan.tip.build
+      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+  enabled: true
+  externalhost:
+    address:
+      ovsdb: opensync-controller.cloudsdk.lab.wlan.tip.build
+      mqtt: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
+  persistence:
+    enabled: false
+  image:
+    name: opensync-gateway-cloud
+
+opensync-mqtt-broker:
+  service:
+    type: LoadBalancer
+    annotations:
+      external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker.cloudsdk.lab.wlan.tip.build
+      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: "gp2"
+
+wlan-cloud-graphql-gw:
+  enabled: true
+  ingress:
+    annotations:
+      <<: *srv-https-annotations
+    enabled: true
+    alb_https_redirect: true
+    hosts:
+    - host: wlan-graphql.cloudsdk.lab.wlan.tip.build
+      paths: [
+        /*
+        ]
+  env:
+    portalsvc: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
+
+wlan-cloud-static-portal:
+  enabled: true
+  env:
+    graphql: https://wlan-graphql.cloudsdk.lab.wlan.tip.build
+  service:
+    type: NodePort
+  ingress:
+    annotations:
+      <<: *srv-https-annotations
+    alb_https_redirect: true
+    hosts:
+      - host: wlan-ui.cloudsdk.lab.wlan.tip.build
+        paths: [
+           /*
+          ]
+wlan-portal-service:
+  service:
+    type: NodePort
+    nodePortStatic: false
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: gp2
+  tsp:
+    host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
+  ingress:
+    enabled: true
+    alb_https_redirect: true
+    tls: []
+    annotations:
+      <<: *srv-https-annotations
+      alb.ingress.kubernetes.io/backend-protocol: HTTPS
+      alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
+      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
+      alb.ingress.kubernetes.io/healthcheck-path: /ping
+    hosts:
+      - host: wlan-portal-svc.cloudsdk.lab.wlan.tip.build
+        paths: [
+           /*
+          ]
+
+wlan-prov-service:
+  enabled: true
+
+wlan-ssc-service:
+  enabled: true
+
+wlan-spc-service:
+  enabled: true
+
+wlan-port-forwarding-gateway-service:
+  enabled: true
+
+kafka:
+  enabled: true
+  persistence:
+
+cassandra:
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: gp2
+
+postgresql:
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: gp2

tip-wlan/example-values/microk8s-basic/values.yaml

@@ -31,6 +31,8 @@ wlan-cloud-graphql-gw:
   enabled: true
   env:
     portalsvc: tip-wlan-wlan-portal-service:9051
+  service:
+    type: ClusterIP
   ingress:
     hosts:
       - host: wlan-ui-graphql.wlan.local
@@ -45,8 +47,6 @@ wlan-cloud-static-portal:
   enabled: true
   env:
     graphql: https://wlan-ui-graphql.wlan.local
-  service:
-    type: NodePort
   ingress:
     hosts:
       - host: wlan-ui.wlan.local
@@ -67,6 +67,8 @@ wlan-portal-service:
     type: LoadBalancer
     annotations:
       metallb.universe.tf/allow-shared-ip: default
+  tlsv13:
+    enabled: false
 
 wlan-prov-service:
   enabled: true

tip-wlan/resources/configs/jmx-prometheus-config.yml

@@ -1,13 +1,15 @@
 lowercaseOutputLabelNames: true
 lowercaseOutputName: true
-whitelistObjectNames: ["java.lang:type=OperatingSystem"]
+whitelistObjectNames:
+  - "java.lang:type=OperatingSystem"
+  - "com.netflix.servo:name=cassandra*,type=COUNTER"
+  - "com.netflix.servo:name=cassandra*,type=GAUGE"
+  - "com.netflix.servo:name=singleDataSource*,type=GAUGE"
+  - "com.netflix.servo:name=singleDataSource*,type=COUNTER"
+  - "com.netflix.servo:name=jdbc*,type=GAUGE"
+  - "com.netflix.servo:name=jdbc*,type=COUNTER"
+  - "com.netflix.servo:name=kafka*,type=GAUGE"
+  - "com.netflix.servo:name=kafka*,type=COUNTER"
+  - "com.netflix.servo:name=osgw*,type=GAUGE"
+  - "com.netflix.servo:name=osgw*,type=COUNTER"
 blacklistObjectNames: []
-rules:
-  - pattern: 'java.lang<type=OperatingSystem><>(committed_virtual_memory|free_physical_memory|free_swap_space|total_physical_memory|total_swap_space)_size:'
-    name: os_$1_bytes
-    type: GAUGE
-    attrNameSnakeCase: true
-  - pattern: 'java.lang<type=OperatingSystem><>((?!process_cpu_time)\w+):'
-    name: os_$1
-    type: GAUGE
-    attrNameSnakeCase: true

tip-wlan/templates/NOTES.txt

@@ -0,0 +1,20 @@
+
+Your TIP WLAN cloud controller Helm deployment has been successful!
+
+**************************************************************************************
+*** PLEASE BE PATIENT: Some components may need up to 5 minutes to fully start up. ***
+**************************************************************************************
+
+You can check the status with the following command:
+
+kubectl get pods -n {{ .Release.Namespace }} -w
+
+{{ if gt (len (index .Values "wlan-cloud-static-portal").ingress.hosts) 0 }}
+The dashboard should be available at:
+http://{{ (index (index .Values "wlan-cloud-static-portal").ingress.hosts 0).host }}
+
+Login with the following credentials:
+
+Username: support@example.com
+Password: support
+{{ end }}

tip-wlan/templates/_prometheus-jmx.tpl

@@ -16,14 +16,13 @@
 
 {{- define "jmxPrometheus.initContainer" -}}
 {{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
-- name: download-jmx-prometheus-exporter
-  image: alpine:latest
+- name: jmx-prometheus-exporter
+  image: {{ .Values.global.monitoring.jmxExporterAgent.registry }}/{{ .Values.global.monitoring.jmxExporterAgent.repository }}:{{ .Values.global.monitoring.jmxExporterAgent.tag }}
   command:
-  - wget
+  - cp
   args:
-  - -P
+  - {{ .Values.global.monitoring.jmxExporterAgent.path }}
   - {{ include "jmxPrometheus.agentDir" . }}
-  - https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.14.0/jmx_prometheus_javaagent-0.14.0.jar
   volumeMounts:
 {{ include "jmxPrometheus.tmpVolumeMount" . | indent 2 }}
 {{- end -}}
@@ -69,7 +68,7 @@
 
 {{- define "jmxPrometheus.jvmOpts" -}}
 {{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
--javaagent:{{ include "jmxPrometheus.agentDir" . }}/jmx_prometheus_javaagent-0.14.0.jar={{ include "jmxPrometheus.portNumber" . }}:{{ include "jmxPrometheus.configPath" . }}
+-javaagent:{{ include "jmxPrometheus.agentDir" . }}/{{ .Values.global.monitoring.jmxExporterAgent.path | base }}={{ include "jmxPrometheus.portNumber" . }}:{{ include "jmxPrometheus.configPath" . }}
 {{- end -}}
 {{- end -}}
 

tip-wlan/templates/kafka-dependencies.yaml

@@ -53,7 +53,7 @@ spec:
           done
       containers:
       - name: kafka-config
-        image: confluentinc/cp-kafka:5.0.1
+        image: {{ .Values.kafka.initJobConfig.image }}
         command: 
         - bash
         - -c

tip-wlan/values.yaml

@@ -37,12 +37,15 @@ global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
 
+  imageRoot:
+    registry: tip-docker-cache-repo.jfrog.io
+
   repository:
     registry: tip-tip-wlan-cloud-docker-repo.jfrog.io
     username: tip-read
     password: tip-read
   # image pull policy
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # flag to enable debugging - application support required
   debugEnabled: false
@@ -75,6 +78,12 @@ global:
   monitoring:
     enableJmxPrometheusMetrics: false
     enablePrometheusPodMonitors: false
+    # Docker image containing the JMX exporter Java agent
+    jmxExporterAgent:
+      registry: tip-docker-cache-repo.jfrog.io
+      repository: bitnami/jmx-exporter
+      tag: 0.15.0
+      path: /opt/bitnami/jmx-exporter/jmx_prometheus_javaagent.jar
 
 # DockerRegistry Secret
 createDockerRegistrySecret: true
@@ -130,6 +139,12 @@ kafka:
     - name: customer_events
       partitions: 1
       replicationFactor: 1
+    - name: location_metrics
+      partitions: 1
+      replicationFactor: 1
+    - name: location_events
+      partitions: 1
+      replicationFactor: 1
   creds:
     sslKeyPassword: *sslKeyPassword
     sslKeystorePassword: *sslKeystorePassword
@@ -137,6 +152,7 @@ kafka:
   enabled: false
   replicaCount: 1
   image:
+    registry: tip-docker-cache-repo.jfrog.io
     debug: true
   auth:
     clientProtocol: mtls
@@ -164,6 +180,8 @@ kafka:
         release: prometheus-operator
   zookeeper:
     enabled: true
+    image:
+      registry: tip-docker-cache-repo.jfrog.io
     persistence:
       enabled: true
   resources:
@@ -172,12 +190,13 @@ kafka:
       memory: 2Gi
     requests:
       cpu: 10m
-      memory: 700Mi
+      memory: 1400Mi
 
 cassandra:
   enabled: false
   tlsEncryptionSecretName: tip-common-cassandra-certs
   image:
+    registry: tip-docker-cache-repo.jfrog.io
     debug: true
   persistence:
     enabled: true
@@ -209,6 +228,7 @@ postgresql:
   enabled: false
   postgresqlDatabase: tip
   image:
+    registry: tip-docker-cache-repo.jfrog.io
     debug: true
   metrics:
     enabled: false
@@ -234,6 +254,8 @@ postgresql:
     storageClass: glusterfs-storage
   volumePermissions:
     enabled: true
+    image:
+      registry: tip-docker-cache-repo.jfrog.io
   livenessProbe:
     enabled: false
   readinessProbe:
@@ -255,7 +277,7 @@ postgresql:
   primary:
     extraInitContainers:
     - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
-      image: busybox:latest
+      image: tip-docker-cache-repo.jfrog.io/library/busybox:latest
       name: chmod-client-cert-additional
       securityContext:
         runAsUser: 0