WIFI-1669 TIP 1.0 Update image tags in release 1.0 branch

Wifi 1319 ssl issue

tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

@@ -7,4 +7,5 @@ metadata:
     {{- include "common.labels" . | nindent 4 }}
 data:
     external-status-address: {{ .Values.controller.config.externalStatusAddress }}
-    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    error-log-level: {{ .Values.controller.config.errorLogLevel }}

tip-wlan/charts/nginx-ingress-controller/values.yaml

@@ -56,6 +56,8 @@ controller:
     ## Max message size coming from the Client
     clientMaxBodySize: "20m"
 
+    ## Error 
+    errorLogLevel: "error"
   ## It is recommended to use your own TLS certificates and keys
   defaultTLS:
     ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-cloud
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/opensync-gw-static/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-static
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-cloud-graphql-gw
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
   pullPolicy: IfNotPresent
 
 nameOverride: ""

tip-wlan/charts/wlan-cloud-static-portal/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-cloud-ui
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
   pullPolicy: IfNotPresent
 
 nameOverride: ""

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml

@@ -58,7 +58,7 @@ spec:
           apt update
           apt -y install curl
           echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
-          curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
+          curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
           echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
           PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
           exit

tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-integrated-cloud-component-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-port-forwarding-gateway-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-portal-service/resources/config/logback.xml

@@ -7,7 +7,7 @@
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
-<configuration>
+<configuration scan="true" scanPeriod="30 seconds">
   <conversionRule conversionWord="filteredStack"
                   converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
 

tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties

@@ -0,0 +1,14 @@
+truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
+sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA

tip-wlan/charts/wlan-portal-service/templates/secret.yaml

@@ -0,0 +1,10 @@
+{{- if not .Values.tlsv13.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-ssl-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+  ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
+{{- end }}

tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml

@@ -113,9 +113,12 @@ spec:
           - mountPath: /opt/tip-wlan/certs/server.pkcs12
             name: certificates
             subPath: server.pkcs12
-          - mountPath: /app/portal/logback.xml
+          - mountPath: /app/portal/log
             name: logback-config
-            subPath: logback.xml
+          {{- if not .Values.tlsv13.enabled }}
+          - mountPath: /app/portal/certs
+            name: ssl-config
+          {{- end }}
           - mountPath: {{ $file_store_path }}
             name: file-store-data
           {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
@@ -155,6 +158,11 @@ spec:
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config
+      {{- if not .Values.tlsv13.enabled }}
+      - name: ssl-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-ssl-config
+      {{- end }}
       {{- if not .Values.persistence.enabled }}
       - name: file-store-data
         emptyDir: {}

tip-wlan/charts/wlan-portal-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-portal-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""
@@ -153,3 +153,6 @@ env:
 # on the PV
 filestore:
   internal: "/tmp/filestore"
+
+tlsv13:
+  enabled: true

tip-wlan/charts/wlan-prov-service/templates/deployment.yaml

@@ -62,8 +62,8 @@ spec:
             apt update
             apt -y install curl
             echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
             echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
             ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
             ### really ready when running Postgres in Master-Slave config... hence the below retry-logic

tip-wlan/charts/wlan-prov-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-prov-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""
@@ -128,7 +128,7 @@ affinity: {}
 
 postgresql:
   url: postgresql
-  image: postgres:latest
+  image: postgres:11
 
 env:
   protocol: https

tip-wlan/charts/wlan-spc-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-spc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml

@@ -54,7 +54,7 @@ spec:
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
             echo "***** Now executing cloud-sdk-schema-cassandra.cql and creating/updating schema on Cassandra instance *****"
             counter=0
             status=1

tip-wlan/charts/wlan-ssc-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-ssc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT
 
 nameOverride: ""
 fullnameOverride: ""

tip-wlan/example-values/microk8s-basic/values.yaml

@@ -31,6 +31,8 @@ wlan-cloud-graphql-gw:
   enabled: true
   env:
     portalsvc: tip-wlan-wlan-portal-service:9051
+  service:
+    type: ClusterIP
   ingress:
     hosts:
       - host: wlan-ui-graphql.wlan.local
@@ -45,8 +47,6 @@ wlan-cloud-static-portal:
   enabled: true
   env:
     graphql: https://wlan-ui-graphql.wlan.local
-  service:
-    type: NodePort
   ingress:
     hosts:
       - host: wlan-ui.wlan.local
@@ -67,6 +67,8 @@ wlan-portal-service:
     type: LoadBalancer
     annotations:
       metallb.universe.tf/allow-shared-ip: default
+  tlsv13:
+    enabled: false
 
 wlan-prov-service:
   enabled: true