WIFI-1669 TIP 1.0 Update image tags in release 1.0 branch

Merge pull request #61 from Telecominfraproject/WIFI-1319-SslIssue
Wifi 1319 ssl issue
2026-03-20 22:39:08 +00:00 · 2021-02-26 19:34:20 -05:00 · 2021-02-22 14:32:54 -05:00 · 2021-02-22 14:24:33 -05:00 · 2021-02-20 17:57:55 -05:00 · 2021-02-19 22:22:26 -05:00
108 changed files with 858 additions and 1342 deletions
--- a/.github/workflows/enforce-jira-issue-key.yml
+++ b/.github/workflows/enforce-jira-issue-key.yml
@@ -0,0 +1,37 @@
+name: Ensure Jira issue is linked
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  check_for_issue_key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log into Jira
+        uses: atlassian/gajira-login@v2.0.0
+        env: 
+          JIRA_BASE_URL: ${{ secrets.TIP_JIRA_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.TIP_JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.TIP_JIRA_API_TOKEN }}
+      - name: Find issue key in PR title
+        id: issue_key_pr_title
+        continue-on-error: true
+        uses: atlassian/gajira-find-issue-key@v2.0.2
+        with:
+          string: ${{ github.event.pull_request.title }}
+          from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
+      - name: Find issue key in branch name
+        continue-on-error: true
+        id: issue_key_branch_name
+        uses: atlassian/gajira-find-issue-key@v2.0.2
+        with:
+          string: ${{ github.event.pull_request.head.ref }}
+          from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
+
+      - name: Check if issue key was found
+        run: |
+          if [[ -z "${{ steps.issue_key_pr_title.outputs.issue }}" && -z "${{ steps.issue_key_branch_name.outputs.issue }}" ]]; then
+             echo "Jira issue key could not be found!"
+             exit 1
+          fi
--- a/.github/workflows/nightly-scenario-test.yml
+++ b/.github/workflows/nightly-scenario-test.yml
@@ -0,0 +1,98 @@
+name: Nightly testing of all supported deployment scenarios
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron: '15 0 * * *'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  microk8s:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout PKI scripts repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-pki-cert-scripts
+        repository: Telecominfraproject/wlan-pki-cert-scripts
+
+    - name: Checkout Cloud SDK repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-cloud-helm
+        repository: Telecominfraproject/wlan-cloud-helm
+
+    - name: Generate and copy certs
+      working-directory: wlan-pki-cert-scripts
+      run: |
+        ./generate_all.sh
+        ./copy-certs-to-helm.sh ../wlan-cloud-helm
+
+    - name: Determine public IP address
+      id: ip
+      uses: haythem/public-ip@v1.2
+
+    - uses: balchua/microk8s-actions@v0.2.1
+      with:
+        channel: 'latest/stable'
+        addons: '["dns", "helm3", "storage", "metallb:${{ steps.ip.outputs.ipv4 }}-${{ steps.ip.outputs.ipv4 }}"]'
+
+    - name: Deploy Cloud SDK
+      working-directory: wlan-cloud-helm
+      run: |
+        helm dependency update tip-wlan
+        # Github runners only have 2 CPU cores and 7GB of RAM. Thus we need to disable some of our resource requests
+        helm upgrade --install tip-wlan tip-wlan -f tip-wlan/example-values/microk8s-basic/values.yaml --create-namespace --namespace tip --set cassandra.resources=null --wait --timeout 10m
+
+    - name: Show pod state on deployment failure
+      if: failure()
+      run: |
+        kubectl get pods -n tip
+        kubectl describe pods -n tip
+
+    - name: Set custom DNS entries
+      run: |
+        sudo sh -c "echo -n \"\n${{ steps.ip.outputs.ipv4 }} wlan-ui.wlan.local wlan-ui-graphql.wlan.local\" >> /etc/hosts"
+
+    - name: Test HTTP endpoints
+      run: |
+        # this is needed to make until work
+        set +e
+
+        urls="https://wlan-ui.wlan.local https://wlan-ui-graphql.wlan.local/graphql"
+        for url in $urls; do
+          max_retry=300
+          counter=0
+          until curl --silent --insecure $url > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $url not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached URL $url
+        done
+
+    - name: Test MQTT and OpenSync endpoints
+      working-directory: wlan-cloud-helm/tip-wlan/resources/certs
+      run: |
+        # this is needed to make until work
+        set +e
+
+        endpoints="${{ steps.ip.outputs.ipv4 }}:1883 ${{ steps.ip.outputs.ipv4 }}:6640 ${{ steps.ip.outputs.ipv4 }}:6643"
+        for endpoint in $endpoints; do
+          max_retry=300
+          counter=0
+          until echo Q | openssl s_client -connect $endpoint -CAfile cacert.pem -cert clientcert.pem -key clientkey.pem > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$endpoint not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $endpoint not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached endpoint $endpoint
+        done
+ 
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,9 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

-## [Unreleased]
+## [Unreleased](xxx)

+### Added

+- Replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
+- Centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+
+### Changed
+
+- Improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- Improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- Improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+
+### Removed
+
+- Removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- Various outdated sections in values.yaml and environment files
+- Various secrets in subcharts as they are now part of the parent chart
+- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)

 ## [0.4.0](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4) - 2021-01-28

--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 # wlan-cloud-helm
 This repository contains helm charts for various deployment types of the tip wlan cloud services.

-# IMPORTANT - CloudSDK Helm charts v0.4 to v1.x migration procedure
+# IMPORTANT - Cloud Controller Helm charts v0.4 to v1.x migration procedure

-We've introduced breaking changes to how CloudSDK database charts are managed.
-If you want to preserve your data when moving from v0.4 to v1.x of the CloudSDK Helm charts, follow the steps outlined below.
-If you can re-install your CloudSDK and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.
+We've introduced breaking changes to how Cloud Controller database charts are managed.
+If you want to preserve your data when moving from v0.4 to v1.x of the Cloud Controller Helm charts, follow the steps outlined below.
+If you can re-install your Cloud Controller and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.

 ## Prerequisites

@@ -98,7 +98,6 @@ helm del tip-wlan -n tip (replace the namespace with your namespace)
 	- helm test <RELEASE_NAME> -n default
 	(For more details add --debug flag to the above command) 

-
 # Local environment

 In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
@@ -109,7 +108,6 @@ mqtt-server.cnf:
 -commonName_default   = opensync-mqtt-broker.zone1.lab.wlan.tip.build
 +commonName_default   = opensync-mqtt-broker.wlan.local

-
 openssl-server.cnf:
 -DNS.1  = opensync-redirector.zone1.lab.wlan.tip.build
 -DNS.2  = opensync-controller.zone1.lab.wlan.tip.build
@@ -150,7 +148,7 @@ minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.

 Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.

-Deploy CloudSDK chart:
+Deploy Cloud Controller chart:

 ```
 helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default
@@ -189,7 +187,6 @@ Firefox:
 2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
 Repeat the step for `https://wlan-ui-graphql.wlan.local`

-
 Chrome and other browsers using system certificate store:

 1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
--- a/glusterfs/README.md
+++ b/glusterfs/README.md
@@ -28,7 +28,6 @@ For other issues faced during deployment, see here:
    - If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources.
    - If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources.

-
 - Deletion:
  ./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE>
    - Note: 
--- a/glusterfs/gk-deploy
+++ b/glusterfs/gk-deploy
@@ -990,7 +990,6 @@ parameters:
  output ""
 fi

-
 if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then
  if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then
    eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs"
--- a/tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml
+++ b/tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml
@@ -7,7 +7,7 @@ metadata:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.provisioner.replicaCount }}
-  strategy: 
+  strategy:
    type: {{ .Values.provisioner.strategyType }}
  selector:
    matchLabels:
--- a/tip-wlan/charts/common/templates/_ports.tpl
+++ b/tip-wlan/charts/common/templates/_ports.tpl
@@ -10,7 +10,6 @@
 {{- printf "%d%d" $portPrefix $start -}}
 {{- end -}}

-
 {{- define "apDebugPortsEnd" -}}
 {{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
 {{- $start := $.Values.accessPointDebugPortRange.start | int -}}
@@ -19,7 +18,6 @@
 {{- end -}}


-
 {{- define "container.dev.apDebugPorts" -}}
 {{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
  {{- range $index, $port := $accessPointDebugPorts }}
@@ -38,6 +36,6 @@
    name: apdebugport-{{ $index }}
    {{- if eq $.Values.service.type "NodePort" }}
    nodePort: {{ $port }}
-    {{- end }}   
+    {{- end }}
  {{- end }}
 {{- end -}}
--- a/tip-wlan/charts/common/templates/_svc.tpl
+++ b/tip-wlan/charts/common/templates/_svc.tpl
@@ -1,5 +1,5 @@
 {{/*
-    Resolve the Postgres service-name to apply to a chart. 
+    Resolve the Postgres service-name to apply to a chart.
 */}}
 {{- define "postgresql.service" -}}
  {{- printf "%s-%s" .Release.Name .Values.postgresql.url | trunc 63 -}}
@@ -19,63 +19,63 @@ else use user-provided URL
 {{- end -}}

 {{/*
-  Resolve the Kafka service-name to apply to a chart. 
+  Resolve the Kafka service-name to apply to a chart.
 */}}
 {{- define "kafka.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.kafka.url | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the Cassandra service-name to apply to a chart. 
+  Resolve the Cassandra service-name to apply to a chart.
 */}}
 {{- define "cassandra.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.cassandra.url | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the MQTT service-name to apply to a chart. 
+  Resolve the MQTT service-name to apply to a chart.
 */}}
 {{- define "mqtt.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the integratedcloudcomponent service-name to apply to a chart. 
+  Resolve the integratedcloudcomponent service-name to apply to a chart.
 */}}
 {{- define "integratedcloudcomponent.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the provisioning service-name to apply to a chart. 
+  Resolve the provisioning service-name to apply to a chart.
 */}}
 {{- define "prov.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the ssc service-name to apply to a chart. 
+  Resolve the ssc service-name to apply to a chart.
 */}}
 {{- define "ssc.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the Opensync-gw service-name to apply to a chart. 
+  Resolve the Opensync-gw service-name to apply to a chart.
 */}}
 {{- define "opensyncgw.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw 
+  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
 */}}
 {{- define "portal.sharedPvc.name" -}}
 {{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
 {{- end -}}

 {{/*
-  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw 
+  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
 */}}
 {{- define "filestore.dir.name" -}}
  {{- printf "%s" .Values.filestore.internal | trunc 63 -}}
--- a/tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
+++ b/tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
@@ -4,7 +4,8 @@ metadata:
  name: {{ include "nginx-ingress.configName" . }}
  namespace: {{ include "common.namespace" . }}
  labels:
-    {{- include "common.labels" . | nindent 4 }}  
+    {{- include "common.labels" . | nindent 4 }}
 data:
    external-status-address: {{ .Values.controller.config.externalStatusAddress }}
-    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    error-log-level: {{ .Values.controller.config.errorLogLevel }}
--- a/tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml
+++ b/tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml
@@ -1,6 +1,6 @@
 {{- if not .Values.byPassNginxForTcpConnections.enabled -}}
 apiVersion: k8s.nginx.org/v1alpha1
-kind: GlobalConfiguration 
+kind: GlobalConfiguration
 metadata:
  name: {{ include "common.name" . }}-global-configuration
  namespace: {{ include "common.namespace" . }}
--- a/tip-wlan/charts/nginx-ingress-controller/values.yaml
+++ b/tip-wlan/charts/nginx-ingress-controller/values.yaml
@@ -56,6 +56,8 @@ controller:
    ## Max message size coming from the Client
    clientMaxBodySize: "20m"

+    ## Error 
+    errorLogLevel: "error"
  ## It is recommended to use your own TLS certificates and keys
  defaultTLS:
    ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
@@ -137,7 +139,7 @@ controller:

  ## Enable the custom resources.
  enableTLSPassthrough: true
-  
+
  ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
  ## Useful for external health-checking of the Ingress controller.
  healthStatus: false
@@ -274,7 +276,7 @@ rbac:

  ## This property will prevent exposing TCP ports for passthrough connections
  ## Instead we are opening up these services as NodePorts
-  ## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX 
+  ## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
  ## as passthrough for TCP Connections
 byPassNginxForTcpConnections:
  enabled: true
--- a/tip-wlan/charts/opensync-gw-cloud/resources/config/certs/httpClientConfig.json
+++ b/tip-wlan/charts/opensync-gw-cloud/resources/config/certs/httpClientConfig.json
@@ -1,21 +0,0 @@
-{
-    "maxConnectionsTotal": 100,
-    "maxConnectionsPerRoute": 10,
-    "truststoreType": "JKS",
-    "truststoreProvider": "SUN",
-    "truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
-    "truststorePass": "mypassword",
-    "keystoreType": "JKS",
-    "keystoreProvider": "SUN",
-    "keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
-    "keystorePass": "mypassword",
-    "keyAlias": "clientkeyalias",
-    "credentialsList": [
-        {
-            "host": "localhost",
-            "port": -1,
-            "user": "user",
-            "password": "password"
-        }
-    ]
-}
--- a/tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml
+++ b/tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml
@@ -29,7 +29,7 @@
      <maxFileSize>20MB</maxFileSize>
    </triggeringPolicy>
  </appender>
-  
+
  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/app/logs/opensyncgw.log</file>
    <append>true</append>
@@ -45,23 +45,23 @@
      <maxFileSize>20MB</maxFileSize>
    </triggeringPolicy>
  </appender>
-      
+
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
-   
-  runtime configuration, if need to override the defaults: 
+
+  runtime configuration, if need to override the defaults:
  	-Dlogback.configurationFile=/path/to/logback.xml
-  
-  for log configuration debugging - use 
+
+  for log configuration debugging - use
  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
-  
+
  log levels:
-	OFF ERROR WARN INFO DEBUG TRACE  
+	OFF ERROR WARN INFO DEBUG TRACE
   -->
  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
-  
+
  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
  <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
  <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
--- a/tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml
+++ b/tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml
@@ -4,4 +4,4 @@ metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
--- a/tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
+++ b/tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
@@ -27,6 +27,7 @@ spec:
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
        - name: wait-for-services
          image: opsfleet/depends-on:latest
          args:
@@ -37,7 +38,7 @@ spec:
      {{- if .Values.global.integratedDeployment }}
        - name: {{ include "common.name" . }}-readiness-int-cloud
          image: alpine
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          command:
          - sh
          - -c
@@ -71,7 +72,7 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          {{- if .Values.probes.enabled }}
          livenessProbe:
            tcpSocket:
@@ -89,6 +90,11 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          env:
            {{- include "common.env" . | nindent 12 }}
@@ -142,7 +148,7 @@ spec:
            - name: tip_wlan_maxHttpThreads
              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
            name: certificates
@@ -164,6 +170,8 @@ spec:
            subPath: logback.xml
          - mountPath: {{ $file_store_path }}
            name: file-store-data
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
@@ -182,6 +190,7 @@ spec:
              containerPort: {{ .Values.service.port5 }}
              protocol: TCP
            {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
@@ -200,7 +209,7 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-opensync-gw-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
@@ -211,3 +220,5 @@ spec:
      {{- else }}
        emptyDir: {}
      {{- end }}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
--- a/tip-wlan/charts/opensync-gw-cloud/templates/pod-monitor.yaml
+++ b/tip-wlan/charts/opensync-gw-cloud/templates/pod-monitor.yaml
@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}
--- a/tip-wlan/charts/opensync-gw-cloud/templates/secret.yaml
+++ b/tip-wlan/charts/opensync-gw-cloud/templates/secret.yaml
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
--- a/tip-wlan/charts/opensync-gw-cloud/values.yaml
+++ b/tip-wlan/charts/opensync-gw-cloud/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: opensync-gateway-cloud
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -52,6 +52,9 @@ probes:
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 # Enable/Disable Helm tests
 testsEnabled: false
@@ -115,7 +118,6 @@ portal:
      name: file-store-data
      ordinal: 0

-
 # These are the address and ports for the externalhost
 # This is important for ovsdb and mqtt since
 # that's what AP sees. Please make sure to override
@@ -129,8 +131,6 @@ externalhost:
    ovsdb: 6640
    mqtt: 1883

-
-
 ethernetType:
  lanName: "lan"
  lanType: "bridge"
@@ -171,7 +171,7 @@ resources:
    cpu: 500m
    memory: 750Mi
  requests:
-    cpu: 50m
+    cpu: 10m
    memory: 500Mi

 nodeSelector: {}
--- a/tip-wlan/charts/opensync-gw-static/resources/config/certs/README.md
+++ b/tip-wlan/charts/opensync-gw-static/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/opensync-gw-static/resources/config/certs/ssl.properties
+++ b/tip-wlan/charts/opensync-gw-static/resources/config/certs/ssl.properties
@@ -1,13 +0,0 @@
-truststorePass=mypassword
-truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
-truststoreType=JKS
-truststoreProvider=SUN
-
-keyAlias=1
-keystorePass=mypassword
-keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
-keystoreType=pkcs12
-keystoreProvider=SunJSSE
-
-sslProtocol=TLS
-
--- a/tip-wlan/charts/opensync-gw-static/resources/config/logback.xml
+++ b/tip-wlan/charts/opensync-gw-static/resources/config/logback.xml
@@ -13,8 +13,8 @@
      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>
-  
-  <!-- 
+
+  <!--
  <appender name="FILE" class="ch.qos.logback.core.FileAppender">
    <file>myApp.log</file>

@@ -23,7 +23,7 @@
    </encoder>
  </appender>
  -->
-  
+
  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/app/logs/opensyncgw.log</file>
    <append>true</append>
@@ -39,37 +39,37 @@
      <maxFileSize>20MB</maxFileSize>
    </triggeringPolicy>
  </appender>
-      
+
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
-   
-  runtime configuration, if need to override the defaults: 
+
+  runtime configuration, if need to override the defaults:
  	-Dlogback.configurationFile=/path/to/logback.xml
-  
-  for log configuration debugging - use 
+
+  for log configuration debugging - use
  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
-  
+
  log levels:
-	OFF ERROR WARN INFO DEBUG TRACE  
+	OFF ERROR WARN INFO DEBUG TRACE
   -->
  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
-  
+
  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
  <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
  <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
  <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
-  
+
  <logger name="MQTT_DATA" level="DEBUG"/>

-  <!--   
+  <!--
  <logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
   -->
-   
+
  <root level="WARN">
    <appender-ref ref="stdout"/>
    <appender-ref ref="logfile"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/opensync-gw-static/templates/configmap.yaml
+++ b/tip-wlan/charts/opensync-gw-static/templates/configmap.yaml
@@ -4,4 +4,4 @@ metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
--- a/tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
+++ b/tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
@@ -29,12 +29,12 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          {{- if .Values.probes.enabled }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.port2 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -47,7 +47,12 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          {{- end }}       
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
+          {{- end }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
            name: certificates
@@ -92,7 +97,7 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-opensync-gw-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
--- a/tip-wlan/charts/opensync-gw-static/templates/secret.yaml
+++ b/tip-wlan/charts/opensync-gw-static/templates/secret.yaml
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
--- a/tip-wlan/charts/opensync-gw-static/values.yaml
+++ b/tip-wlan/charts/opensync-gw-static/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: opensync-gateway-static
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -52,6 +52,9 @@ probes:
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 # Enable/Disable Helm tests
 testsEnabled: false
--- a/tip-wlan/charts/opensync-mqtt-broker/resources/config/certs/README.md
+++ b/tip-wlan/charts/opensync-mqtt-broker/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/opensync-mqtt-broker/templates/configmap.yaml
+++ b/tip-wlan/charts/opensync-mqtt-broker/templates/configmap.yaml
@@ -4,4 +4,4 @@ metadata:
  name: mosquitto-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/mosquitto.conf").AsConfig | indent 2 }}
--- a/tip-wlan/charts/opensync-mqtt-broker/templates/secret.yaml
+++ b/tip-wlan/charts/opensync-mqtt-broker/templates/secret.yaml
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: opensync-mqtt-broker-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
--- a/tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
+++ b/tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
@@ -45,8 +45,8 @@ spec:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
        - name: {{ include "common.name" . }}-init-dir-ownership-change
-          image: {{ .Values.alpine.image }} 
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          image: {{ .Values.alpine.image }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          # Change ownership to `mosquitto` user for a mounted volume
          command:
          - sh
@@ -64,12 +64,12 @@ spec:
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.image.name }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          {{- if .Values.probes.enabled }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.port1 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -82,6 +82,11 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          volumeMounts:
          - mountPath: /certs/cacert.pem
@@ -124,7 +129,7 @@ spec:
      volumes:
      - name: opensync-mqtt-broker-truststore
        secret:
-          secretName: opensync-mqtt-broker-certs
+          secretName: tip-common-opensync-mqtt-broker-certs
      - name: opensync-mqtt-broker-conf
        configMap:
            name: mosquitto-config
--- a/tip-wlan/charts/opensync-mqtt-broker/values.yaml
+++ b/tip-wlan/charts/opensync-mqtt-broker/values.yaml
@@ -52,6 +52,9 @@ probes:
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 # Enable/Disable Helm tests
 testsEnabled: false
@@ -85,8 +88,8 @@ resources:
    cpu: 500m
    memory: 128Mi
  requests:
-    cpu: 50m
-    memory: 128Mi
+    cpu: 10m
+    memory: 5Mi

 priorityClassName: ""

@@ -105,7 +108,7 @@ persistence:
  ## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
  ## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
  ## volumeReclaimPolicy: Retain
-  ## If you want to bind to an existing PV, uncomment below with the pv name 
+  ## If you want to bind to an existing PV, uncomment below with the pv name
  ## and comment storageClass and belowannotation
  ## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
  ## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e
--- a/tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml
+++ b/tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml
@@ -9,9 +9,9 @@

 replicaCount: 1

-image: 
+image:
  name: wlan-cloud-graphql-gw
-  tag: latest
+  tag: 1.0.0-SNAPSHOT
  pullPolicy: IfNotPresent

 nameOverride: ""
@@ -59,22 +59,22 @@ ingress:
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: wlan-ui-graphql.zone3.lab.connectus.ai
-      paths: [
-         /
-        ]
+  hosts: []
+  #  - host: wlan-ui-graphql.local
+  #    paths: [
+  #       /
+  #      ]
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
-  #      - chart-example.local
+  #      - wlan-ui-graphql.local

 resources:
  limits:
    cpu: 500m
    memory: 128Mi
  requests:
-    cpu: 50m
+    cpu: 10m
    memory: 128Mi

 nodeSelector: {}
--- a/tip-wlan/charts/wlan-cloud-static-portal/values.yaml
+++ b/tip-wlan/charts/wlan-cloud-static-portal/values.yaml
@@ -9,9 +9,9 @@

 replicaCount: 1

-image: 
+image:
  name: wlan-cloud-ui
-  tag: latest
+  tag: 1.0.0-SNAPSHOT
  pullPolicy: IfNotPresent

 nameOverride: ""
@@ -54,23 +54,23 @@ ingress:
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: wlan-ui.zone3.lab.connectus.ai
-      paths: [
-         /
-        ]
+  hosts: []
+  #  - host: wlan-ui.local
+  #    paths: [
+  #       /
+  #      ]
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
-  #      - chart-example.local
+  #      - wlan-ui.local

 resources:
  limits:
    cpu: 500m
    memory: 128Mi
  requests:
-    cpu: 50m
-    memory: 128Mi
+    cpu: 10m
+    memory: 5Mi

 nodeSelector: {}

--- a/tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/certs/README.md
+++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml
@@ -46,7 +46,6 @@
    </triggeringPolicy>
  </appender>

-
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration

@@ -71,5 +70,5 @@
    <appender-ref ref="stdout"/>
    <appender-ref ref="logfile"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml
+++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml
@@ -4,4 +4,4 @@ metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
--- a/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
+++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
@@ -19,121 +19,125 @@ spec:
        {{- include "common.selectorLabels" . | nindent 8 }}
    spec:
      imagePullSecrets:
-        - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- if .Values.integratedWithPersistence.enabled }}
      initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
-          command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
-        - name: {{ include "common.name" . }}-create-db-schema
-          env:
-          - name: POSTGRESQL_PORT_NUMBER
-            value: "5432"
-          - name: POSTGRES_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.fullname" . }}-creds
-                key: postgresql-password
-          - name: SCHEMA_REPO_USER
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.fullname" . }}-creds
-                key: schema-repo-user
-          - name: SCHEMA_REPO_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.fullname" . }}-creds
-                key: schema-repo-password
-          image: postgres:latest
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
-          command:
-          - sh
-          - -c
-          - |
-            apt update
-            apt -y install curl
-            echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
-            curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
-            echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
-            PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
-            exit
-          ports:
-          - containerPort: 5432
-            name: tcp-postgresql
-            protocol: TCP
-          resources:
-            requests:
-              cpu: 50m
-              memory: 256Mi
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          volumeMounts:
-          - mountPath: /dev/shm
-            name: dshm
-          - mountPath: /bitnami/postgresql
-            name: data
+      - name: wait-for-services
+        image: opsfleet/depends-on:latest
+        args:
+        - "-service={{ .Release.Name }}-postgresql"
+        - -check_interval=5
+      - name: {{ include "common.name" . }}-create-db-schema
+        env:
+        - name: POSTGRESQL_PORT_NUMBER
+          value: "5432"
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}-creds
+              key: postgresql-password
+        - name: SCHEMA_REPO_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}-creds
+              key: schema-repo-user
+        - name: SCHEMA_REPO_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}-creds
+              key: schema-repo-password
+        image: postgres:latest
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+        command:
+        - sh
+        - -c
+        - |
+          apt update
+          apt -y install curl
+          echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
+          curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
+          echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
+          PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
+          exit
+        resources:
+          requests:
+            cpu: 50m
+            memory: 256Mi
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /dev/shm
+          name: dshm
+        - mountPath: /bitnami/postgresql
+          name: data
      {{- end }}
      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
-          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
-          env:
-            - name: BACKEND_SERVER
-              value: {{ .Release.Name }}-{{ .Chart.Name }}
-          {{- if .Values.probes.enabled }}
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: {{ .Values.service.port1 }}
-              scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
-            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
-            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
-            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: {{ .Values.service.port1 }}
-              scheme: {{ .Values.probes.readinessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
-            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
-            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
-            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          {{- end }}
-          volumeMounts:
-          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
-            name: certificates
-            subPath: client_keystore.jks
-          - mountPath: /opt/tip-wlan/certs/truststore.jks
-            name: certificates
-            subPath: truststore.jks
-          - mountPath: /opt/tip-wlan/certs/server.pkcs12
-            name: certificates
-            subPath: server.pkcs12
-          - mountPath: /app/intcloudcomp/logback.xml
-            name: logback-config
-            subPath: logback.xml
-          ports:
-            - name: {{ .Values.service.name1 }}
-              containerPort: {{ .Values.service.port1 }}
-              protocol: TCP
-            - name: {{ .Values.service.name2 }}
-              containerPort: {{ .Values.service.port2 }}
-              protocol: TCP
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+      - name: {{ .Chart.Name }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        {{- if .Values.global.testingEnabled }}
+        image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+        {{- else }}
+        image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+        {{- end }}
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+        env:
+          - name: BACKEND_SERVER
+            value: {{ .Release.Name }}-{{ .Chart.Name }}
+        {{- if .Values.probes.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.service.port1 }}
+            scheme: {{ .Values.probes.livenessProbe.scheme }}
+          initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
+          failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
+          periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
+          successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.service.port1 }}
+            scheme: {{ .Values.probes.readinessProbe.scheme }}
+          initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
+          failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
+          periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
+          successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+        startupProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.service.port1 }}
+            scheme: {{ .Values.probes.readinessProbe.scheme }}
+          failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+          periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
+        {{- end }}
+        volumeMounts:
+        - mountPath: /opt/tip-wlan/certs/client_keystore.jks
+          name: certificates
+          subPath: client_keystore.jks
+        - mountPath: /opt/tip-wlan/certs/truststore.jks
+          name: certificates
+          subPath: truststore.jks
+        - mountPath: /opt/tip-wlan/certs/server.pkcs12
+          name: certificates
+          subPath: server.pkcs12
+        - mountPath: /app/intcloudcomp/logback.xml
+          name: logback-config
+          subPath: logback.xml
+        ports:
+          - name: {{ .Values.service.name1 }}
+            containerPort: {{ .Values.service.port1 }}
+            protocol: TCP
+          - name: {{ .Values.service.name2 }}
+            containerPort: {{ .Values.service.port2 }}
+            protocol: TCP
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@@ -150,7 +154,7 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-postgres-client-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
--- a/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/secret.yaml
@@ -1,4 +1,5 @@
 {{- if .Values.global.integratedDeployment }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,9 +8,8 @@ metadata:
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-{{- end}}
+
 ---
-{{- if .Values.global.integratedDeployment }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -22,9 +22,7 @@ metadata:
    heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  postgresql-password: {{ .Values.creds.postgres.password | b64enc | quote }}
-  schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
-  schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
-  {{- end }}
+  postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }}
+  schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
+  schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}
 {{- end}}
--- a/tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml
+++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: wlan-integrated-cloud-component-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
    successThreshold: 1
    failureThreshold: 3
    scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 securityContext: {}
  # capabilities:
@@ -58,14 +61,6 @@ securityContext: {}
 # Enable/Disable Helm tests
 testsEnabled: false

-creds:
-  enabled: true
-  postgres:
-    password: DUMMY_POSTGRES_PASSWORD
-  schema_repo:
-    username: DUMMY_SCHEMA_REPO_USERNAME
-    password: DUMMY_SCHEMA_REPO_PASSWORD
-
 service:
  type: NodePort
  port1: 9091
@@ -75,7 +70,7 @@ service:
  name2: secondary-port
  nodePort2: 52

-postgresql: 
+postgresql:
  url: postgresql-headless

 integratedWithPersistence:
@@ -86,19 +81,19 @@ ingress:
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: example.com
-      paths: [
-         /portal 
-        ]
-  tls: 
-   - secretName: portal-secret
-     hosts:
-       - example.com
+  hosts: []
+  #  - host: wlan-integrated-cloud-component-service.local
+  #    paths: [
+  #       /portal
+  #      ]
+  tls: []
+  # - secretName: portal-secret
+  #   hosts:
+  #     - wlan-integrated-cloud-component-service.local

 # Transport-Server-passthrough properties
 tsp:
-  host: wlan-portal-service.zone3.lab.connectus.ai
+  host: wlan-portal-service.local

 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml
@@ -46,7 +46,6 @@
    </triggeringPolicy>
  </appender>

-
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration

@@ -71,5 +70,5 @@
    <appender-ref ref="stdout"/>
    <appender-ref ref="logfile"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml
@@ -4,4 +4,5 @@ metadata:
  name: {{ include "common.fullname" . }}-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
+
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
@@ -22,9 +22,10 @@ spec:
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
        - name: {{ include "common.name" . }}-readiness-opensync-gw
          image: alpine
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          command:
          - sh
          - -c
@@ -47,7 +48,7 @@ spec:
            else
              echo ${url} service failed to respond after 50 secs
              exit 1
-            fi        
+            fi
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
@@ -57,7 +58,7 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          env:
            {{- include "common.env" . | nindent 12 }}
            - name: PF_GATEWAY_RELEASE_URL
@@ -75,13 +76,15 @@ spec:
              value: "{{ include "apDebugPortsStart" . }}"
            - name: EXT_PORT_RANGE_END
              value: "{{ sub (include "apDebugPortsEnd" . | atoi) 1 }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ include "jmxPrometheus.jvmOpts" . }}"
          {{- if .Values.probes.enabled }}
          livenessProbe:
            httpGet:
              path: /ping
              port: {{ .Values.service.port2 }}
              scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -96,6 +99,13 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -110,6 +120,8 @@ spec:
          - mountPath: /app/port-forwarding-gateway/logback.xml
            name: configuration
            subPath: logback.xml
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}

          ports:
            - name: {{ .Values.service.name1 }}
@@ -124,6 +136,7 @@ spec:
              protocol: TCP
            {{- end }}
            {{- include "container.dev.apDebugPorts" . | nindent 10 }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
@@ -141,9 +154,11 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-kafka-client-certs
          defaultMode: 0400
      - name: configuration
        configMap:
            name: {{ include "common.fullname" . }}-config
-            defaultMode: 0755
+            defaultMode: 0755
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/pod-monitor.yaml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/pod-monitor.yaml
@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml
@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
-apiVersion: v1
-kind: Secret
 metadata:
  name: {{ include "common.fullname" . }}-creds
  namespace: {{ include "common.namespace" . }}
@@ -19,6 +10,4 @@ metadata:
    heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
-  {{- end }}
+  websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml
@@ -30,7 +30,7 @@ spec:
      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
      {{- end }}
-    {{- end }}      
+    {{- end }}
    {{- include "service.dev.apDebugPorts" . | nindent 2 }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml
+++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: wlan-port-forwarding-gateway-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -50,6 +50,9 @@ probes:
    successThreshold: 1
    failureThreshold: 3
    scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 securityContext:
  privileged: true
@@ -64,7 +67,7 @@ securityContext:
 testsEnabled: false

 # Enable/Disable Remote debugging
-debug: 
+debug:
  enabled: false

 service:
@@ -84,11 +87,11 @@ service:
 # e.g. nodePortPrefixExt = 304, accessPointDebugPortRange.start = 10, accessPointDebugPortRange.length = 2, resulting ports = 30410, 30411
 # These ports are the ports that Java would choose as Local ports whenever it opens up
 # a developer session for debug.
-# These ports are therefore assigned as container ports (in the deployment.yaml), so we 
+# These ports are therefore assigned as container ports (in the deployment.yaml), so we
 # can reach them from inside the cluster.
 # Also, we open equivalent NodePorts on the Kubernetes cluster (see service.yaml), so a developer
 # can connect to it to debug an AP.
-# NOTE: Another way to reach these container ports without opening NodePorts was to use 
+# NOTE: Another way to reach these container ports without opening NodePorts was to use
 # kubectl port forwarding. However, we dont want the developer to install kubectl.

 accessPointDebugPortRange:
@@ -96,7 +99,6 @@ accessPointDebugPortRange:
  length: 26

 creds:
-  enabled: true
  websocketSessionTokenEncKey: DUMMY_ENC_KEY

 opensyncgw:
@@ -111,9 +113,9 @@ ingress:
  hosts:
    - host: example.com
      paths: [
-         /portal 
+         /portal
        ]
-  tls: 
+  tls:
   - secretName: portal-secret
     hosts:
       - example.com
@@ -123,7 +125,7 @@ resources:
    cpu: 500m
    memory: 350Mi
  requests:
-    cpu: 50m
+    cpu: 10m
    memory: 280Mi

 nodeSelector: {}
@@ -150,4 +152,3 @@ env:
    service: wlan-port-forwarding-gateway-service
    port: 7070

-
--- a/tip-wlan/charts/wlan-portal-service/resources/config/certs/README.md
+++ b/tip-wlan/charts/wlan-portal-service/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
@@ -7,7 +7,7 @@
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
-<configuration>
+<configuration scan="true" scanPeriod="30 seconds">
  <conversionRule conversionWord="filteredStack"
                  converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />

@@ -46,7 +46,6 @@
    </triggeringPolicy>
  </appender>

-
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration

@@ -71,5 +70,5 @@
    <appender-ref ref="stdout"/>
    <appender-ref ref="logfile"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties
+++ b/tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties
@@ -0,0 +1,14 @@
+truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
+sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA
--- a/tip-wlan/charts/wlan-portal-service/templates/configmap.yaml
+++ b/tip-wlan/charts/wlan-portal-service/templates/configmap.yaml
@@ -4,4 +4,4 @@ metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
--- a/tip-wlan/charts/wlan-portal-service/templates/pod-monitor.yaml
+++ b/tip-wlan/charts/wlan-portal-service/templates/pod-monitor.yaml
@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}
--- a/tip-wlan/charts/wlan-portal-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-portal-service/templates/secret.yaml
@@ -1,8 +1,10 @@
+{{- if not .Values.tlsv13.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "common.fullname" . }}-certs
+  name: {{ include "common.fullname" . }}-ssl-config
  namespace: {{ include "common.namespace" . }}
 type: Opaque
 data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
+  ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
+{{- end }}
--- a/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
+++ b/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
@@ -44,6 +44,8 @@ spec:
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+      {{- include "jmxPrometheus.initContainer" . | nindent 6 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
@@ -53,7 +55,7 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          env:
            {{- include "common.env" . | nindent 12 }}
            - name: FILE_STORE_DIRECTORY_INTERNAL
@@ -71,7 +73,7 @@ spec:
            - name: tip_wlan_maxHttpThreads
              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
          {{- if .Values.probes.enabled }}
          livenessProbe:
            httpGet:
@@ -93,6 +95,13 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port1 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -104,11 +113,16 @@ spec:
          - mountPath: /opt/tip-wlan/certs/server.pkcs12
            name: certificates
            subPath: server.pkcs12
-          - mountPath: /app/portal/logback.xml
+          - mountPath: /app/portal/log
            name: logback-config
-            subPath: logback.xml
+          {{- if not .Values.tlsv13.enabled }}
+          - mountPath: /app/portal/certs
+            name: ssl-config
+          {{- end }}
          - mountPath: {{ $file_store_path }}
            name: file-store-data
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
@@ -121,6 +135,7 @@ spec:
              containerPort: {{ .Values.service.port3 }}
              protocol: TCP
            {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
@@ -139,14 +154,21 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-postgres-client-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
+      {{- if not .Values.tlsv13.enabled }}
+      - name: ssl-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-ssl-config
+      {{- end }}
      {{- if not .Values.persistence.enabled }}
      - name: file-store-data
        emptyDir: {}
      {{- end }}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
  {{- if .Values.persistence.enabled }}
  volumeClaimTemplates:
    - metadata:
--- a/tip-wlan/charts/wlan-portal-service/values.yaml
+++ b/tip-wlan/charts/wlan-portal-service/values.yaml
@@ -9,11 +9,9 @@

 replicaCount: 1

-
-
 image:
  name: wlan-portal-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -48,6 +46,9 @@ probes:
    successThreshold: 1
    failureThreshold: 3
    scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 securityContext: {}
  # capabilities:
@@ -97,15 +98,15 @@ ingress:
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: wlan-portal-service.zone3.lab.connectus.ai
-      paths: [
-         /portal
-        ]
-  tls:
-   - secretName: portal-secret
-     hosts:
-       - wlan-portal-service.zone3.lab.connectus.ai
+  hosts: []
+  #  - host: wlan-portal-service.local
+  #    paths: [
+  #       /portal
+  #      ]
+  tls: []
+  # - secretName: portal-secret
+  #   hosts:
+  #     - wlan-portal-service.local

 resources:
  limits:
@@ -135,7 +136,7 @@ affinity: {}

 # Transport-Server-passthrough properties
 tsp:
-  host: wlan-portal-service.zone3.lab.connectus.ai
+  host: wlan-portal-service.local

 env:
  protocol: https
@@ -152,3 +153,6 @@ env:
 # on the PV
 filestore:
  internal: "/tmp/filestore"
+
+tlsv13:
+  enabled: true
--- a/tip-wlan/charts/wlan-prov-service/resources/config/certs/README.md
+++ b/tip-wlan/charts/wlan-prov-service/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/wlan-prov-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-prov-service/resources/config/logback.xml
@@ -46,7 +46,6 @@
    </triggeringPolicy>
  </appender>

-
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration

@@ -71,5 +70,5 @@
    <appender-ref ref="stdout"/>
    <appender-ref ref="logfile"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/wlan-prov-service/templates/configmap.yaml
+++ b/tip-wlan/charts/wlan-prov-service/templates/configmap.yaml
@@ -4,11 +4,11 @@ metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
  datasource.properties: |-
    singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db
-    singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
-    singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
+    singleDataSource.username={{ .Values.global.postgres.singleDataSource.username }}
+    singleDataSource.password={{ .Values.global.postgres.singleDataSource.password }}
    singleDataSource.driverClass=org.postgresql.Driver
    singleDataSource.ssl=true
    singleDataSource.sslmode=verify-ca
@@ -16,4 +16,4 @@ data:
    singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
    singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
    singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
-    singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}
+    singleDataSource.sslkeypassword={{ .Values.global.certificatePasswords.sslKey }}
--- a/tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
+++ b/tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
@@ -23,6 +23,7 @@ spec:
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
        - name: wait-for-services
          image: opsfleet/depends-on:latest
          args:
@@ -53,7 +54,7 @@ spec:
                name: {{ include "common.fullname" . }}-creds
                key: schema-repo-password
          image: {{ .Values.postgresql.image }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          command:
          - sh
          - -c
@@ -61,8 +62,8 @@ spec:
            apt update
            apt -y install curl
            echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
            echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
            ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
            ### really ready when running Postgres in Master-Slave config... hence the below retry-logic
@@ -123,7 +124,7 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          env:
            {{- include "common.env" . | nindent 12 }}
            - name: tip_wlan_AsyncExecutor_CorePoolSize
@@ -139,7 +140,7 @@ spec:
            - name: tip_wlan_maxHttpThreads
              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
            - name: singleDataSource_maxTotalConnections
              value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}"
            - name: singleDataSource_maxIdleConnections
@@ -169,6 +170,13 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -195,6 +203,8 @@ spec:
          - mountPath: /app/prov/datasource.properties
            name: logback-config
            subPath: datasource.properties
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
@@ -207,6 +217,7 @@ spec:
              containerPort: {{ .Values.service.port3 }}
              protocol: TCP
            {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
@@ -224,7 +235,7 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-postgres-client-certs
          defaultMode: 0400
      - name: logback-config
        configMap:
@@ -233,3 +244,5 @@ spec:
        emptyDir: {}
      - name: dshm
        emptyDir: {}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
--- a/tip-wlan/charts/wlan-prov-service/templates/pod-monitor.yaml
+++ b/tip-wlan/charts/wlan-prov-service/templates/pod-monitor.yaml
@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}
--- a/tip-wlan/charts/wlan-prov-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-prov-service/templates/secret.yaml
@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
-apiVersion: v1
-kind: Secret
 metadata:
  name: {{ include "common.fullname" . }}-creds
  namespace: {{ include "common.namespace" . }}
@@ -19,9 +10,7 @@ metadata:
    heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  postgresql-password: {{ .Values.creds.db.postgresUser.password | b64enc | quote }}
-  tipuser-password: {{ .Values.creds.db.tipUser.password | b64enc | quote }}
-  schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
-  schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
-  {{- end }}
+  postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }}
+  tipuser-password: {{ .Values.global.tip.password | b64enc | quote }}
+  schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
+  schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}
--- a/tip-wlan/charts/wlan-prov-service/templates/service.yaml
+++ b/tip-wlan/charts/wlan-prov-service/templates/service.yaml
@@ -30,6 +30,6 @@ spec:
      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
      {{- end }}
-    {{- end }}      
+    {{- end }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/tip-wlan/charts/wlan-prov-service/values.yaml
+++ b/tip-wlan/charts/wlan-prov-service/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: wlan-prov-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
    successThreshold: 1
    failureThreshold: 3
    scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 securityContext: {}
  # capabilities:
@@ -58,22 +61,6 @@ securityContext: {}
 # Enable/Disable Helm tests
 testsEnabled: false

-creds:
-  enabled: true
-  db:
-    postgresUser:
-      password: DUMMY_POSTGRES_PASSWORD
-    tipUser:
-      password: DUMMY_TIPUSER_PASSWORD
-
-  schema_repo:
-    username: DUMMY_SCHEMA_REPO_USERNAME
-    password: DUMMY_SCHEMA_REPO_PASSWORD
-  postgres:
-    singleDataSourceUsername: DUMMY_POSTGRES_USER
-    singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
-    singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
-
 # Enable/Disable Remote debugging
 debug:
  enabled: false
@@ -130,7 +117,7 @@ resources:
    cpu: 500m
    memory: 320Mi
  requests:
-    cpu: 50m
+    cpu: 10m
    memory: 300Mi

 nodeSelector: {}
@@ -141,7 +128,7 @@ affinity: {}

 postgresql:
  url: postgresql
-  image: postgres:latest
+  image: postgres:11

 env:
  protocol: https
--- a/tip-wlan/charts/wlan-spc-service/resources/config/certs/README.md
+++ b/tip-wlan/charts/wlan-spc-service/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/wlan-spc-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-spc-service/resources/config/logback.xml
@@ -46,7 +46,6 @@
    </triggeringPolicy>
  </appender>

-
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration

@@ -67,7 +66,6 @@
  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
  <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>

-
  <logger name="com.telecominfraproject.wlan.streams.provisioning.EquipmentConfigPushTrigger" level="TRACE"/>
  <logger name="com.telecominfraproject.wlan.streams.kafka.KafkaStreamsConfig" level="TRACE"/>
  <logger name="com.telecominfraproject.wlan.stream.StreamMessageDispatcher" level="TRACE"/>
@@ -76,5 +74,5 @@
    <appender-ref ref="logfile"/>
    <appender-ref ref="stdout"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/wlan-spc-service/templates/configmap.yaml
+++ b/tip-wlan/charts/wlan-spc-service/templates/configmap.yaml
@@ -4,4 +4,4 @@ metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
--- a/tip-wlan/charts/wlan-spc-service/templates/deployment.yaml
+++ b/tip-wlan/charts/wlan-spc-service/templates/deployment.yaml
@@ -23,6 +23,7 @@ spec:
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
        - name: wait-for-services
          image: opsfleet/depends-on:latest
          args:
@@ -37,7 +38,7 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          env:
            {{- include "common.env" . | nindent 12 }}
            - name: tip.wlan.kafka.bootstrapServers
@@ -82,7 +83,7 @@ spec:
            - name: tip_wlan_maxHttpThreads
              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"

          {{- if .Values.probes.enabled }}
          livenessProbe:
@@ -105,6 +106,13 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -122,6 +130,8 @@ spec:
          - mountPath: /app/spc/logback.xml
            name: logback-config
            subPath: logback.xml
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
@@ -134,6 +144,7 @@ spec:
              containerPort: {{ .Values.service.port3 }}
              protocol: TCP
            {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
@@ -152,7 +163,9 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-kafka-client-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
--- a/tip-wlan/charts/wlan-spc-service/templates/pod-monitor.yaml
+++ b/tip-wlan/charts/wlan-spc-service/templates/pod-monitor.yaml
@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}
--- a/tip-wlan/charts/wlan-spc-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-spc-service/templates/secret.yaml
@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
-apiVersion: v1
-kind: Secret
 metadata:
  name: {{ include "common.fullname" . }}-creds
  namespace: {{ include "common.namespace" . }}
@@ -19,8 +10,6 @@ metadata:
    heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  sslKeyPassword: {{ .Values.creds.sslKeyPassword | b64enc | quote }}
-  sslKeystorePassword: {{ .Values.creds.sslKeystorePassword | b64enc | quote }}
-  sslTruststorePassword: {{ .Values.creds.sslTruststorePassword | b64enc | quote }}
-  {{- end }}
+  sslKeyPassword: {{ .Values.global.certificatePasswords.sslKey | b64enc | quote }}
+  sslKeystorePassword: {{ .Values.global.certificatePasswords.sslKeystore | b64enc | quote }}
+  sslTruststorePassword: {{ .Values.global.certificatePasswords.sslTruststore | b64enc | quote }}
--- a/tip-wlan/charts/wlan-spc-service/templates/service.yaml
+++ b/tip-wlan/charts/wlan-spc-service/templates/service.yaml
@@ -30,6 +30,6 @@ spec:
      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
      {{- end }}
-    {{- end }}      
+    {{- end }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/tip-wlan/charts/wlan-spc-service/values.yaml
+++ b/tip-wlan/charts/wlan-spc-service/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: wlan-spc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
    successThreshold: 1
    failureThreshold: 3
    scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 securityContext: {}
  # capabilities:
@@ -106,7 +109,7 @@ resources:
    cpu: 500m
    memory: 370Mi
  requests:
-    cpu: 50m
+    cpu: 10m
    memory: 350Mi

 nodeSelector: {}
@@ -115,12 +118,6 @@ tolerations: []

 affinity: {}

-creds:
-  enabled: true
-  sslKeyPassword: DUMMY_PASSWORD
-  sslKeystorePassword: DUMMY_PASSWORD
-  sslTruststorePassword: DUMMY_PASSWORD
-
 kafka:
  url: kafka-headless

--- a/tip-wlan/charts/wlan-ssc-service/files/cqlshrc.tip-wlan
+++ b/tip-wlan/charts/wlan-ssc-service/files/cqlshrc.tip-wlan
@@ -19,12 +19,11 @@

 [authentication]
 ;; If Cassandra has auth enabled, fill out these options
-username = cassandra 
+username = cassandra
 password = cassandra
 ; keyspace = ks1


-
 [ui]
 ;; Whether or not to display query results with colors
 color = on
@@ -85,19 +84,16 @@ ssl = true
 ; request_timeout = 10


-
 [csv]
 ;; The size limit for parsed fields
 ; field_size_limit = 131072


-
 [tracing]
 ;; The max number of seconds to wait for a trace to complete
 ; max_trace_wait = 10.0


-
 [ssl]
 certfile = /opt/tip-wlan/certs/cacert.pem

@@ -111,14 +107,12 @@ userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
 usercert = /opt/tip-wlan/certs/cassandraservercert.pem


-
 ;; Optional section, overrides default certfile in [ssl] section, if present
 ; [certfiles]
 ; 192.168.1.3 = ~/keys/cassandra01.cert
 ; 192.168.1.4 = ~/keys/cassandra02.cert


-
 ;; Options that are common to both COPY TO and COPY FROM
 ; [copy]

@@ -157,7 +151,6 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 ; ratefile =


-
 ;; Options specific to COPY TO
 ; [copy-to]

@@ -184,7 +177,6 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 ; encoding = utf8


-
 ;; Options specific to COPY FROM
 ; [copy-from]

@@ -219,7 +211,6 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 ; chunksize =  1000


-
 ;; The options for COPY can also be specified per-table.  The following
 ;; three sections demonstrate this.

--- a/tip-wlan/charts/wlan-ssc-service/resources/config/certs/README.md
+++ b/tip-wlan/charts/wlan-ssc-service/resources/config/certs/README.md
@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml
@@ -46,7 +46,6 @@
    </triggeringPolicy>
  </appender>

-
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration

@@ -71,5 +70,5 @@
    <appender-ref ref="stdout"/>
    <appender-ref ref="logfile"/>
  </root>
-  
+
 </configuration>
--- a/tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml
+++ b/tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml
@@ -4,7 +4,7 @@ metadata:
  name: {{ include "common.fullname" . }}-ssc-config
  namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
  cassandra-application.conf: >-
    datastax-java-driver {
        basic {
@@ -17,15 +17,15 @@ data:
            class = DefaultSslEngineFactory
            hostname-validation = false
            truststore-path = /opt/tip-wlan/certs/truststore.jks
-            truststore-password = {{ .Values.creds.sslTruststorePassword }}
+            truststore-password = {{ .Values.global.certificatePasswords.sslTruststore }}
            keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
-            keystore-password = {{ .Values.creds.sslKeystorePassword }}
+            keystore-password = {{ .Values.global.certificatePasswords.sslKeystore }}
        }

        advanced.auth-provider {
            class = PlainTextAuthProvider
-            username = {{ .Values.creds.cassandra.tip_user }}
-            password = {{ .Values.creds.cassandra.tip_password }}
+            username = {{ .Values.global.cassandra.username }}
+            password = {{ .Values.global.cassandra.password }}
        }
    }

--- a/tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml
+++ b/tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml
@@ -24,6 +24,7 @@ spec:
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
        - name: wait-for-services
          image: opsfleet/depends-on:latest
          args:
@@ -45,7 +46,7 @@ spec:
                name: {{ include "common.fullname" . }}-creds
                key: schema-repo-password
          image: {{ .Values.cassandra.image }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          command:
          - sh
          - -c
@@ -53,7 +54,7 @@ spec:
            apt update
            apt -y install curl
            echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.0-SNAPSHOT/cql/cloud-sdk-schema-cassandra.cql"
            echo "***** Now executing cloud-sdk-schema-cassandra.cql and creating/updating schema on Cassandra instance *****"
            counter=0
            status=1
@@ -117,7 +118,7 @@ spec:
          {{- else }}
          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
          env:
            {{- include "common.env" . | nindent 12 }}
            - name: tip.wlan.kafka.bootstrapServers
@@ -174,7 +175,7 @@ spec:
            - name: tip_wlan_maxHttpThreads
              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"

          {{- if .Values.probes.enabled }}
          livenessProbe:
@@ -197,6 +198,13 @@ spec:
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
          {{- end }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -220,6 +228,8 @@ spec:
          - mountPath: /app/ssc/cassandra-application.conf
            name: ssc-configurations
            subPath: cassandra-application.conf
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
@@ -232,6 +242,7 @@ spec:
              containerPort: {{ .Values.service.port3 }}
              protocol: TCP
            {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
@@ -250,7 +261,9 @@ spec:
      volumes:
      - name: certificates
        secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-cassandra-client-certs
      - name: ssc-configurations
        configMap:
            name: {{ include "common.fullname" . }}-ssc-config
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
--- a/tip-wlan/charts/wlan-ssc-service/templates/pod-monitor.yaml
+++ b/tip-wlan/charts/wlan-ssc-service/templates/pod-monitor.yaml
@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}
--- a/tip-wlan/charts/wlan-ssc-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-ssc-service/templates/secret.yaml
@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
-apiVersion: v1
-kind: Secret
 metadata:
  name: {{ include "common.fullname" . }}-creds
  namespace: {{ include "common.namespace" . }}
@@ -19,12 +10,10 @@ metadata:
    heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  sslKeyPassword: {{ .Values.creds.sslKeyPassword | b64enc | quote }}
-  sslKeystorePassword: {{ .Values.creds.sslKeystorePassword | b64enc | quote }}
-  sslTruststorePassword: {{ .Values.creds.sslTruststorePassword | b64enc | quote }}
-  cassandra_tip_password: {{ .Values.creds.cassandra.tip_password | b64enc | quote }}
-  cassandra_tip_user: {{ .Values.creds.cassandra.tip_user | b64enc | quote }}
-  schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
-  schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
-  {{- end }}
+  sslKeyPassword: {{ .Values.global.certificatePasswords.sslKey | b64enc | quote }}
+  sslKeystorePassword: {{ .Values.global.certificatePasswords.sslKeystore | b64enc | quote }}
+  sslTruststorePassword: {{ .Values.global.certificatePasswords.sslTruststore | b64enc | quote }}
+  cassandra_tip_user: {{ .Values.global.cassandra.username | b64enc | quote }}
+  cassandra_tip_password: {{ .Values.global.cassandra.password | b64enc | quote }}
+  schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
+  schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}
--- a/tip-wlan/charts/wlan-ssc-service/templates/service.yaml
+++ b/tip-wlan/charts/wlan-ssc-service/templates/service.yaml
@@ -30,6 +30,6 @@ spec:
      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
      {{- end }}
-    {{- end }}      
+    {{- end }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/tip-wlan/charts/wlan-ssc-service/values.yaml
+++ b/tip-wlan/charts/wlan-ssc-service/values.yaml
@@ -11,7 +11,7 @@ replicaCount: 1

 image:
  name: wlan-ssc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.0-SNAPSHOT

 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
    successThreshold: 1
    failureThreshold: 3
    scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500

 securityContext: {}
  # capabilities:
@@ -106,7 +109,7 @@ resources:
    cpu: 500m
    memory: 420Mi
  requests:
-    cpu: 50m
+    cpu: 10m
    memory: 400Mi

 nodeSelector: {}
@@ -115,18 +118,6 @@ tolerations: []

 affinity: {}

-creds:
-  enabled: true
-  sslKeyPassword: DUMMY_PASSWORD
-  sslKeystorePassword: DUMMY_PASSWORD
-  sslTruststorePassword: DUMMY_PASSWORD
-  cassandra:
-    tip_user: DUMMY_TIP_USERNAME
-    tip_password: DUMMY_TIP_USERS_PASSWORD
-  schema_repo:
-    username: DUMMY_SCHEMA_REPO_USERNAME
-    password: DUMMY_SCHEMA_REPO_PASSWORD
-
 kafka:
  url: kafka-headless

--- a/tip-wlan/example-values/local-multi-namespace/README.md
+++ b/tip-wlan/example-values/local-multi-namespace/README.md
@@ -3,8 +3,8 @@
 ## Usage

 ```bash
-helm install tip-wlan-1 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
-helm install tip-wlan-2 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
+helm upgrade --install tip-wlan-1 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml --namespace tip-wlan-1 --create-namespace
+helm upgrade --install tip-wlan-2 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml --namespace tip-wlan-2 --create-namespace
 ```

-This will create a Cloud SDK instance in each of the namespaces _tip-1_ and _tip-2_.
+This will create a Cloud SDK instance in each of the namespaces tip-wlan-1 and tip-wlan-2
--- a/tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
+++ b/tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
@@ -1,47 +1,9 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed.
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
 global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
  nodePortPrefix: 302
-  nsPrefix: tip-1
-  # image pull policy
-  pullPolicy: Always

-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-# createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
 opensync-gw-static:
  enabled: false
+
 opensync-gw-cloud:
  enabled: true
  externalhost:
@@ -51,22 +13,7 @@ opensync-gw-cloud:
  persistence:
    enabled: true
  filestore:
-    url: "https://wlan-filestore.wlan.local"
-  scalability:
-    #how many concurrent connections single instance of OpenSyncGateway can accept
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
+    url: https://wlan-filestore.wlan.local

 opensync-mqtt-broker:
  enabled: true
@@ -74,6 +21,7 @@ opensync-mqtt-broker:
  persistence:
    enabled: true
    storageClass: standard
+
 wlan-cloud-graphql-gw:
  enabled: true
  env:
@@ -87,6 +35,7 @@ wlan-cloud-graphql-gw:
    tls:
    - hosts:
      - wlan-ui-graphql-1.wlan.local
+
 wlan-cloud-static-portal:
  enabled: true
  env:
@@ -102,110 +51,23 @@ wlan-cloud-static-portal:
    tls:
    - hosts:
      - wlan-ui-1.wlan.local
+
 wlan-portal-service:
  enabled: true
  persistence:
    enabled: true
    storageClass: standard
    filestoreSize: 1Gi
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    #max number of connections to PostgreSQL database
-    singleDataSource_maxTotalConnections: 8
-    #max number of idle connections to PostgreSQL database
-    singleDataSource_maxIdleConnections: 8
-    #max number of cached prepared statements used in PostgreSQL database
-    singleDataSource_maxPreparedStatements: 200
-    #max number of cached idle prepared statements used in PostgreSQL database
-    singleDataSource_maxIdlePreparedStatements: 200

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    
+
 nginx-ingress-controller:
  enabled: true
  controller:
@@ -221,50 +83,20 @@ nginx-ingress-controller:
      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
 kafka:
  enabled: true
-  replicaCount: 1
  persistence:
    enabled: true
    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
+
 cassandra:
  enabled: true
-  image:
-    debug: true
-  cluster:
-    replicaCount: 1
-    seedCount: 1
  persistence:
    enabled: true
    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
+
 postgresql:
  enabled: true
-  postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful:
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
  persistence:
    enabled: true
    storageClass: standard
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30
--- a/tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
+++ b/tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
@@ -1,47 +1,9 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed.
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
 global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
  nodePortPrefix: 304
-  nsPrefix: tip-2
-  # image pull policy
-  pullPolicy: Always

-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-# createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
 opensync-gw-static:
  enabled: false
+
 opensync-gw-cloud:
  enabled: true
  externalhost:
@@ -51,22 +13,7 @@ opensync-gw-cloud:
  persistence:
    enabled: true
  filestore:
-    url: "https://wlan-filestore.wlan.local"
-  scalability:
-    #how many concurrent connections single instance of OpenSyncGateway can accept
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
+    url: https://wlan-filestore.wlan.local

 opensync-mqtt-broker:
  enabled: true
@@ -74,6 +21,7 @@ opensync-mqtt-broker:
  persistence:
    enabled: true
    storageClass: standard
+
 wlan-cloud-graphql-gw:
  enabled: true
  env:
@@ -87,6 +35,7 @@ wlan-cloud-graphql-gw:
    tls:
    - hosts:
      - wlan-ui-graphql-2.wlan.local
+
 wlan-cloud-static-portal:
  enabled: true
  env:
@@ -102,157 +51,40 @@ wlan-cloud-static-portal:
    tls:
    - hosts:
      - wlan-ui-2.wlan.local
+
 wlan-portal-service:
  enabled: true
  persistence:
    enabled: true
    storageClass: standard
    filestoreSize: 1Gi
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    #max number of connections to PostgreSQL database
-    singleDataSource_maxTotalConnections: 8
-    #max number of idle connections to PostgreSQL database
-    singleDataSource_maxIdleConnections: 8
-    #max number of cached prepared statements used in PostgreSQL database
-    singleDataSource_maxPreparedStatements: 200
-    #max number of cached idle prepared statements used in PostgreSQL database
-    singleDataSource_maxIdlePreparedStatements: 200

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    
+
 nginx-ingress-controller:
  enabled: false

-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
 kafka:
  enabled: true
-  replicaCount: 1
  persistence:
    enabled: true
    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
+
 cassandra:
  enabled: true
-  image:
-    debug: true
-  cluster:
-    replicaCount: 1
-    seedCount: 1
  persistence:
    enabled: true
    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
+
 postgresql:
  enabled: true
-  postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful:
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
  persistence:
    enabled: true
    storageClass: standard
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30
--- a/tip-wlan/example-values/microk8s-basic/README.md
+++ b/tip-wlan/example-values/microk8s-basic/README.md
@@ -0,0 +1,3 @@
+# Helm values for deploying a cloud controller onto a local microk8s cluster
+
+[Detailed instructions](https://openwifi.tip.build/getting-started/controller-installation/microk8s-install)
--- a/tip-wlan/example-values/microk8s-basic/values.yaml
+++ b/tip-wlan/example-values/microk8s-basic/values.yaml
@@ -1,42 +1,3 @@
-shared:
-  scalability: &jvm-options
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    tip_wlan_maxHttpThreads: 100
-    JVM_MEM_OPTIONS: " "
-    singleDataSource_maxTotalConnections: 8
-    singleDataSource_maxIdleConnections: 8
-    singleDataSource_maxPreparedStatements: 200
-    singleDataSource_maxIdlePreparedStatements: 200
-    singleDataSource_maxTotalConnections: 8
-    singleDataSource_maxIdleConnections: 8
-    singleDataSource_maxPreparedStatements: 200
-    singleDataSource_maxIdlePreparedStatements: 200
-
-global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment: false
-  testingEnabled: false
-  testingTimestamp:
-
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
 opensync-gw-static:
  enabled: false

@@ -54,8 +15,6 @@ opensync-gw-cloud:
    type: LoadBalancer
    annotations:
      metallb.universe.tf/allow-shared-ip: default
-  scalability:
-    <<: *jvm-options

 opensync-mqtt-broker:
  enabled: true
@@ -72,6 +31,8 @@ wlan-cloud-graphql-gw:
  enabled: true
  env:
    portalsvc: tip-wlan-wlan-portal-service:9051
+  service:
+    type: ClusterIP
  ingress:
    hosts:
      - host: wlan-ui-graphql.wlan.local
@@ -86,8 +47,6 @@ wlan-cloud-static-portal:
  enabled: true
  env:
    graphql: https://wlan-ui-graphql.wlan.local
-  service:
-    type: NodePort
  ingress:
    hosts:
      - host: wlan-ui.wlan.local
@@ -108,51 +67,17 @@ wlan-portal-service:
    type: LoadBalancer
    annotations:
      metallb.universe.tf/allow-shared-ip: default
-  scalability:
-    <<: *jvm-options
+  tlsv13:
+    enabled: false

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    <<: *jvm-options

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    <<: *jvm-options

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    <<: *jvm-options

 nginx-ingress-controller:
  enabled: true
--- a/tip-wlan/resources/certs/.gitkeep
+++ b/tip-wlan/resources/certs/.gitkeep
--- a/tip-wlan/charts/opensync-gw-cloud/resources/config/certs/README.md
+++ b/tip-wlan/charts/opensync-gw-cloud/resources/config/certs/README.md
@@ -1,2 +1,2 @@
-Contains certs needed for this service to start.
+Contains certs needed for cloud controller to work
 Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/tip-wlan/charts/opensync-gw-static/resources/config/certs/httpClientConfig.json
+++ b/tip-wlan/charts/opensync-gw-static/resources/config/certs/httpClientConfig.json
@@ -4,11 +4,11 @@
    "truststoreType": "JKS",
    "truststoreProvider": "SUN",
    "truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
-    "truststorePass": "mypassword",
+    "truststorePass": "{{ .Values.global.certificatePasswords.sslTruststore }}",
    "keystoreType": "JKS",
    "keystoreProvider": "SUN",
    "keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
-    "keystorePass": "mypassword",
+    "keystorePass": "{{ .Values.global.certificatePasswords.sslKeystore }}",
    "keyAlias": "clientkeyalias",
    "credentialsList": [
        {
--- a/tip-wlan/charts/opensync-gw-cloud/resources/config/certs/ssl.properties
+++ b/tip-wlan/charts/opensync-gw-cloud/resources/config/certs/ssl.properties
@@ -1,13 +1,12 @@
-truststorePass=mypassword
+truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
 truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
 truststoreType=JKS
 truststoreProvider=SUN

 keyAlias=1
-keystorePass=mypassword
+keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
 keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
 keystoreType=pkcs12
 keystoreProvider=SunJSSE

 sslProtocol=TLS
-
--- a/tip-wlan/resources/configs/jmx-prometheus-config.yml
+++ b/tip-wlan/resources/configs/jmx-prometheus-config.yml
@@ -0,0 +1,13 @@
+lowercaseOutputLabelNames: true
+lowercaseOutputName: true
+whitelistObjectNames: ["java.lang:type=OperatingSystem"]
+blacklistObjectNames: []
+rules:
+  - pattern: 'java.lang<type=OperatingSystem><>(committed_virtual_memory|free_physical_memory|free_swap_space|total_physical_memory|total_swap_space)_size:'
+    name: os_$1_bytes
+    type: GAUGE
+    attrNameSnakeCase: true
+  - pattern: 'java.lang<type=OperatingSystem><>((?!process_cpu_time)\w+):'
+    name: os_$1
+    type: GAUGE
+    attrNameSnakeCase: true
--- a/tip-wlan/resources/environments/dev-amazon-tip.yaml
+++ b/tip-wlan/resources/environments/dev-amazon-tip.yaml
@@ -1,17 +1,3 @@
-global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment:
-  testingEnabled:
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
 opensync-gw-static:
  enabled: false

@@ -67,36 +53,12 @@ wlan-portal-service:

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password 
-    schema_repo:
-      username: tip-read
-      password: tip-read

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword

 wlan-port-forwarding-gateway-service:
  enabled: true
@@ -129,4 +91,3 @@ postgresql:
  persistence:
    enabled: true
    storageClass: gp2
-
--- a/tip-wlan/resources/environments/dev-docker-on-windows.yaml
+++ b/tip-wlan/resources/environments/dev-docker-on-windows.yaml
@@ -1,20 +1,5 @@
 global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment: false
-  testingEnabled:
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
+  PullPolicy: IfNotPresent

 common:
  efs-provisioner:
@@ -24,9 +9,9 @@ opensync-gw-static:
  enabled: false

 opensync-gw-cloud:
+  enabled: true
  service:
    type: LoadBalancer
-  enabled: true
  externalhost:
    address:
      ovsdb: opensync-controller.wlan.local
@@ -34,7 +19,7 @@ opensync-gw-cloud:
  persistence:
    enabled: true
  filestore:
-    url: "https://wlan-filestore.wlan.local"
+    url: https://wlan-filestore.wlan.local

 opensync-mqtt-broker:
  enabled: true
@@ -44,6 +29,7 @@ opensync-mqtt-broker:
  persistence:
    enabled: true
    storageClass: hostpath
+
 wlan-cloud-graphql-gw:
  enabled: true
  ingress:
@@ -78,10 +64,10 @@ wlan-cloud-static-portal:
      secretName: nginx-ingress-controller-default-server-secret

 wlan-portal-service:
+  enabled: true
  service:
    type: NodePort
    nodePort_static: false
-  enabled: true
  persistence:
    enabled: true
    storageClass: hostpath
@@ -103,40 +89,12 @@ wlan-portal-service:

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword

 wlan-port-forwarding-gateway-service:
  enabled: true
@@ -159,7 +117,6 @@ nginx-ingress-controller:
      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

-
 kafka:
  enabled: true
  persistence:
@@ -177,4 +134,3 @@ postgresql:
  persistence:
    enabled: true
    storageClass: hostpath
-
--- a/tip-wlan/resources/environments/dev-integrated-aws-tip.yaml
+++ b/tip-wlan/resources/environments/dev-integrated-aws-tip.yaml
@@ -1,16 +1,5 @@
 global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment:
-  testingEnabled: true
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
+  integratedDeployment: true

 opensync-gw-static:
  enabled: false
@@ -80,4 +69,3 @@ postgresql:
  persistence:
    enabled: true
    storageClass: gp2
-
--- a/tip-wlan/resources/environments/dev-integrated.yaml
+++ b/tip-wlan/resources/environments/dev-integrated.yaml
@@ -1,17 +1,7 @@
 global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-
  integratedDeployment: true
-  testingEnabled:
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
+  postgres:
+    password: cG9zdGdyZXMxMjM=

 opensync-gw-static:
  enabled: false
@@ -45,13 +35,6 @@ wlan-integrated-cloud-component-service:
  image:
    name: wlan-integrated-cloud-component-service-persistence
    tag: 0.0.1-SNAPSHOT
-  creds:
-    enabled: true
-    postgres:
-      password: cG9zdGdyZXMxMjM=
-    schema_repo:
-      username: tip-read
-      password: tip-read
  integratedWithPersistence:
    enabled: true

@@ -81,3 +64,4 @@ postgresql:
  persistence:
    enabled: true
    storageClass: glusterfs-storage
+  postgresqlPassword: cG9zdGdyZXMxMjM=
--- a/tip-wlan/resources/environments/dev-local.yaml
+++ b/tip-wlan/resources/environments/dev-local.yaml
@@ -1,41 +1,3 @@
-shared:
-  scalability: &jvm-options
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    tip_wlan_maxHttpThreads: 100
-    JVM_MEM_OPTIONS: " "
-    singleDataSource_maxTotalConnections: 8
-    singleDataSource_maxIdleConnections: 8
-    singleDataSource_maxPreparedStatements: 200
-    singleDataSource_maxIdlePreparedStatements: 200
-    singleDataSource_maxTotalConnections: 8
-    singleDataSource_maxIdleConnections: 8
-    singleDataSource_maxPreparedStatements: 200
-    singleDataSource_maxIdlePreparedStatements: 200
-
-global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment: false
-  testingEnabled:
-
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
 opensync-gw-static:
  enabled: false

@@ -49,8 +11,6 @@ opensync-gw-cloud:
    enabled: true
  filestore:
    url: https://wlan-filestore.wlan.local
-  scalability:
-    <<: *jvm-options

 opensync-mqtt-broker:
  enabled: true
@@ -97,51 +57,15 @@ wlan-portal-service:
    enabled: true
    storageClass: standard
    filestoreSize: 1Gi
-  scalability:
-    <<: *jvm-options

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    <<: *jvm-options

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    <<: *jvm-options

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    <<: *jvm-options

 wlan-port-forwarding-gateway-service:
  enabled: true
--- a/tip-wlan/resources/environments/dev-no-gluster.yaml
+++ b/tip-wlan/resources/environments/dev-no-gluster.yaml
@@ -1,18 +1,3 @@
-global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment: false
-  testingEnabled: false
-  testingTimestamp:
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
 opensync-gw-static:
  enabled: false

@@ -46,36 +31,12 @@ wlan-portal-service:

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password 
-    schema_repo:
-      username: tip-read
-      password: tip-read

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword

 wlan-port-forwarding-gateway-service:
  enabled: true
--- a/tip-wlan/resources/environments/dev.yaml
+++ b/tip-wlan/resources/environments/dev.yaml
@@ -1,37 +1,3 @@
-shared:
-  scalability: &jvm-options
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    tip_wlan_maxHttpThreads:  100
-    JVM_MEM_OPTIONS: " "
-    singleDataSource_maxTotalConnections: 8
-    singleDataSource_maxIdleConnections: 8
-    singleDataSource_maxPreparedStatements: 200
-    singleDataSource_maxIdlePreparedStatements: 200
-    singleDataSource_maxTotalConnections: 8
-    singleDataSource_maxIdleConnections: 8
-    singleDataSource_maxPreparedStatements: 200
-    singleDataSource_maxIdlePreparedStatements: 200
-
-global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment: false
-  testingEnabled: false
-  testingTimestamp:
-
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
 opensync-gw-static:
  enabled: false

@@ -45,8 +11,6 @@ opensync-gw-cloud:
    enabled: true
  filestore:
    url: "https://tip-wlan-opensync-gw-cloud:9096"
-  scalability:
-    <<: *jvm-options

 opensync-mqtt-broker:
  enabled: true
@@ -93,51 +57,15 @@ wlan-portal-service:
    enabled: true
    storageClass: glusterfs-storage
    filestoreSize: 1Gi
-  scalability:
-    <<: *jvm-options

 wlan-prov-service:
  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    <<: *jvm-options

 wlan-ssc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    <<: *jvm-options

 wlan-spc-service:
  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    <<: *jvm-options

 wlan-port-forwarding-gateway-service:
  enabled: true
--- a/tip-wlan/resources/environments/disable-allcharts.yaml
+++ b/tip-wlan/resources/environments/disable-allcharts.yaml
@@ -1,12 +1,3 @@
-global:
-  nodePortPrefix: 302
-  nodePortPrefixExt: 304
-
-  pullPolicy: Always
-
-  integratedDeployment: false
-  testingEnabled:
-
 createDockerRegistrySecret: false

 opensync-gw-static:
--- a/tip-wlan/templates/_prometheus-jmx.tpl
+++ b/tip-wlan/templates/_prometheus-jmx.tpl
@@ -0,0 +1,93 @@
+{{/*
+    This template provides various definitions used for integrating the JMX Prometheus exporter
+  */}}
+
+{{- define "jmxPrometheus.agentDir" -}}
+/jmx-prometheus-exporter-dir
+{{- end -}}
+
+{{- define "jmxPrometheus.configPath" -}}
+/app/jmx-prometheus-config.yml
+{{- end -}}
+
+{{- define "jmxPrometheus.portNumber" -}}
+9404
+{{- end -}}
+
+{{- define "jmxPrometheus.initContainer" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+- name: download-jmx-prometheus-exporter
+  image: alpine:latest
+  command:
+  - wget
+  args:
+  - -P
+  - {{ include "jmxPrometheus.agentDir" . }}
+  - https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.14.0/jmx_prometheus_javaagent-0.14.0.jar
+  volumeMounts:
+{{ include "jmxPrometheus.tmpVolumeMount" . | indent 2 }}
+{{- end -}}
+{{- end -}}
+
+{{- define "jmxPrometheus.port" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+- name: jmx-prometheus
+  containerPort: {{ include "jmxPrometheus.portNumber" . }}
+  protocol: TCP
+{{- end -}}
+{{- end -}}
+
+{{- define "jmxPrometheus.tmpVolume" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+- name: jmx-prometheus-exporter-dir
+  emptyDir: {}
+{{- end -}}
+{{- end -}}
+
+{{- define "jmxPrometheus.tmpVolumeMount" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+- name: jmx-prometheus-exporter-dir
+  mountPath: {{ include "jmxPrometheus.agentDir" . }}
+{{- end -}}
+{{- end -}}
+
+{{- define "jmxPrometheus.configVolume" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+- name: tip-common-jmx-prometheus-config
+  configMap:
+      name: tip-common-jmx-prometheus-config
+{{- end -}}
+{{- end -}}
+
+{{- define "jmxPrometheus.configVolumeMount" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+- mountPath: {{ include "jmxPrometheus.configPath" . }}
+  name: tip-common-jmx-prometheus-config
+  subPath: jmx-prometheus-config.yml
+{{- end -}}
+{{- end -}}
+
+{{- define "jmxPrometheus.jvmOpts" -}}
+{{- if .Values.global.monitoring.enableJmxPrometheusMetrics -}}
+-javaagent:{{ include "jmxPrometheus.agentDir" . }}/jmx_prometheus_javaagent-0.14.0.jar={{ include "jmxPrometheus.portNumber" . }}:{{ include "jmxPrometheus.configPath" . }}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "jmxPrometheus.podMonitor" -}}
+{{- if and .Values.global.monitoring.enableJmxPrometheusMetrics .Values.global.monitoring.enablePrometheusPodMonitors -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    release: prometheus-operator
+spec:
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
+  podMetricsEndpoints:
+  - port: jmx-prometheus
+{{- end -}}
+{{- end -}}
--- a/tip-wlan/templates/cassandra-dependencies.yaml
+++ b/tip-wlan/templates/cassandra-dependencies.yaml
@@ -7,9 +7,9 @@ metadata:
 type: Opaque
 data:
  truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
-  truststore-password: {{ .Values.global.creds.sslTruststorePassword | b64enc }}
+  truststore-password: {{ .Values.global.certificatePasswords.sslTruststore | b64enc }}
  keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
-  keystore-password: {{ .Values.global.creds.sslKeystorePassword | b64enc }}
+  keystore-password: {{ .Values.global.certificatePasswords.sslKeystore | b64enc }}
  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}

@@ -25,6 +25,7 @@ data:
  cassandra_server_keystore.jks: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
+  client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
  kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
-  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
-  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
+  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
+  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Akshay Jagadish	6c389d2395	WIFI-1669 TIP 1.0 Update image tags in release 1.0 branch	2021-02-26 19:34:20 -05:00
yongchen-cu	0060ce09ac	Merge pull request #61 from Telecominfraproject/WIFI-1319-SslIssue Wifi 1319 ssl issue	2021-02-22 14:32:54 -05:00
yongchen-cu	8670131e21	Merge pull request #62 from Telecominfraproject/WIFI-1610 WIFI-1610: Changed tag of FE components from latest to 0.0.1-SNAPSHOT	2021-02-22 14:24:33 -05:00
Akshay Jagadish	a15f091632	WIFI-1610: Changed tag of FE components from latest to 0.0.1-SNAPSHOT	2021-02-20 17:57:55 -05:00
Rahul Sharma	b833901b14	WIFI-1319: Renaming tlsv1.3 flag	2021-02-19 22:22:26 -05:00
Rahul Sharma	f8161542cf	Moving Ssl.properties out of Secret and reading it instead as a file	2021-02-19 18:36:12 -05:00
Rahul Sharma	98e29d4f21	WIFI-1319: Adding ssl.properties directly	2021-02-19 18:24:38 -05:00
Rahul Sharma	be0f3512ae	WIFI-1319: Updating charts to add TLS related properties in ssl.properties. Since these are only relevant to microK8s environment, we only enable them in it.	2021-02-19 18:04:53 -05:00
Max	de8e8897f1	WIFI-1172 add JMX to Prometheus PoC (#51 ) * add JMX to Prometheus PoC * add JMX prometheus exporter to all Java services	2021-02-19 12:12:43 -05:00
Max	43233798b2	add debug output on failure (#60 )	2021-02-17 18:32:05 +01:00
Max	73eec7509a	WIFI-1524 add nightly microk8s scenario test (#57 ) * add nightly microk8s scenario test * add README for microk8s setup	2021-02-16 12:47:55 +01:00
Max	f824125224	WIFI-1028 remove vendor specific default values (#40 ) * remove vendor specific default values	2021-02-15 12:15:52 +01:00
Max	6b4934c451	adjust resource request/limit values (#59 ) * adjust resource request/limit values * adjust cassandra values * adjust postgres values	2021-02-11 13:02:24 +01:00
Gleb Boushev	d4a45ad10a	found an error (#58 ) * found an error	2021-02-11 12:49:33 +03:00
4c74356b41	915eb1d625	WIFI-1478 - all credentials moved to globals (#54 ) * all credentials moved to globals * cassandra fix * centralized certificates, removed unneded entities * minor fixes, local-multi-namespace example fixes * removing unneeded sections in the yaml files * updates to changelog and multiple namespaces examples * fixing last couple of services, removed not needed secrets, centralized httpclientconfig.json and ssl.properties * minor improvements * changelog reformatted * fixing startupprobe and changelog Co-authored-by: Gleb Boushev <4c74356b41@outlook.com>	2021-02-04 13:03:51 +03:00
Max	cfda82150b	Create enforce-jira-issue-key.yml (#55 )	2021-02-03 11:33:41 +01:00
4c74356b41	fc783ea948	Merge pull request #53 from Telecominfraproject/feature/thirdparties-fixes fixing docker secret and fixing kafka topics	2021-01-29 16:29:22 +01:00