Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-20 21:39:10 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:feature/thirdparties-fixes
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
..
compare: Telecominfraproject:feature/thirdparties
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

25 Commits
feature/th ... feature/th

Author SHA1 Message Date
4c74356b41
9257b2a067 Merge branch 'master' into feature/thirdparties 2021-01-28 15:36:26 +01:00
4c74356b41
7e568c4ab7 Update testing.yml 2021-01-28 17:21:50 +03:00
4c74356b41
d78131d344 Update README.md 2021-01-28 16:07:39 +03:00
4c74356b41
d8702fd85f Update README.md 2021-01-28 16:03:50 +03:00
Leonid Mirsky
4f1454bcb2 Update README.md with the migration plan for v0.4 to v1.x 2021-01-28 14:06:13 +02:00
4c74356b41
414ffd719f Update README.md 2021-01-28 14:54:28 +03:00
4c74356b41
67087b61d0 Update README.md 2021-01-28 08:02:35 +03:00
4c74356b41
e2db9c038b Update README.md 2021-01-28 08:01:21 +03:00
4c74356b41
1c88325ac7 Update README.md 2021-01-28 08:00:16 +03:00
Gleb Boushev
489345ab5d further yaml formatting 2021-01-27 10:51:47 +03:00
Gleb Boushev
ced36d1b83 fixing yaml files 2021-01-27 10:18:01 +03:00
Gleb Boushev
9697cceba6 fixing cleanup task 2021-01-26 16:07:50 +03:00
Gleb Boushev
7e04919d20 improving namespace support 2021-01-26 15:20:35 +03:00
Gleb Boushev
500c50774d found the culprit 2021-01-25 17:25:09 +03:00
Gleb Boushev
e8106f649f debugging the build 2021-01-25 17:21:27 +03:00
Gleb Boushev
8cea5fea15 debugging the build 2021-01-25 17:19:37 +03:00
Gleb Boushev
f964705a84 fixing another path issue 2021-01-25 17:13:40 +03:00
Gleb Boushev
7e9b11c829 fixing path issues 2021-01-25 17:09:34 +03:00
Gleb Boushev
cfdaf147b2 forgot to fix the namespace in the testing build 2021-01-25 17:07:36 +03:00
Gleb Boushev
3a894f5b81 fixing PR comments, fixing testing build 2021-01-25 17:02:45 +03:00
Gleb Boushev
19a5b59657 fixing missing folder 2021-01-20 13:25:44 +03:00
Gleb Boushev
d3b360ed30 changing storage classes to mimic what minikube has 2021-01-19 19:07:19 +03:00
Gleb Boushev
7d0f4d9a0e removing hardcoded passwords 2021-01-19 12:23:45 +03:00
Gleb Boushev
8d0b5210a0 migration values example for persistence, dev-local example for thirdparties 2021-01-19 07:59:06 +03:00
Gleb Boushev
1382dfe18f thirdparties replaced with latest bitnami charts 2021-01-19 07:45:29 +03:00
24 changed files with 1017 additions and 178 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -61,7 +61,7 @@ More details can be found here: https://telecominfraproject.atlassian.net/wiki/s
# Deleting the wlan-cloud deployment:
Run the following command:
```
helm del tip-wlan -n tip (replace the namespace with your namespace)
helm del tip-wlan -n default
```
(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)

4
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -67,9 +67,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}

4
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -82,9 +82,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
View File

@@ -53,9 +53,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -49,9 +49,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
View File

@@ -119,9 +119,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-spc-service/templates/deployment.yaml
View File

@@ -33,9 +33,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml
View File

@@ -113,9 +113,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

105
tip-wlan/resources/environments/dev-amazon-tip.yaml
View File

@@ -3,6 +3,7 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment:
testingEnabled:
@@ -114,19 +115,121 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: gp2
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: gp2
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: gp2
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

119
tip-wlan/resources/environments/dev-docker-on-windows.yaml
View File

@@ -3,9 +3,23 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -159,22 +173,123 @@ nginx-ingress-controller:
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: hostpath
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: hostpath
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: hostpath
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

105
tip-wlan/resources/environments/dev-integrated-aws-tip.yaml
View File

@@ -3,6 +3,7 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment:
testingEnabled: true
@@ -65,19 +66,121 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: gp2
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: gp2
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: gp2
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

103
tip-wlan/resources/environments/dev-integrated.yaml
View File

@@ -66,18 +66,121 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: glusterfs-storage
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: glusterfs-storage
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: glusterfs-storage
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

117
tip-wlan/resources/environments/dev-local.yaml
View File

@@ -22,10 +22,24 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -167,18 +181,121 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: standard
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: standard
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: standard
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

117
tip-wlan/resources/environments/dev-microk8s.yaml
View File

@@ -22,11 +22,25 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled: false
testingTimestamp:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -172,18 +186,121 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: microk8s-hostpath
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: microk8s-hostpath
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

107
tip-wlan/resources/environments/dev-no-gluster.yaml
View File

@@ -3,6 +3,7 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled: false
@@ -96,18 +97,118 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: ""
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: ""
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: ""
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

104
tip-wlan/resources/environments/dev.yaml
View File

@@ -22,6 +22,7 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled: false
@@ -158,18 +159,121 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: glusterfs-storage
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: glusterfs-storage
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: glusterfs-storage
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

1
tip-wlan/resources/environments/disable-allcharts.yaml
View File

@@ -3,6 +3,7 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled:

116
tip-wlan/resources/environments/migration.yaml
View File

@@ -1,4 +1,17 @@
global:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -6,18 +19,121 @@ global:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: REPLACEME
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: REPLACEME
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: false
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
existingClaim: data-tip-wlan-postgresql-master-0
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

10
tip-wlan/templates/docker-secret.yaml
View File

@@ -1,13 +1,6 @@
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.global.repository.registry (printf "%s:%s" .Values.global.repository.username .Values.global.repository.password | b64enc) | b64enc }}
{{- end }}
{{- if (.Values.createDockerRegistrySecret | default false) -}}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
name: {{ .Release.Namespace }}-docker-registry-key
namespace: {{ .Release.Namespace }}
@@ -17,5 +10,6 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
.dockerconfigjson: {{ .Values.dockerRegistrySecret }}
type: kubernetes.io/dockerconfigjson
{{- end}}

8
tip-wlan/templates/kafka-dependencies.yaml
View File

@@ -22,7 +22,7 @@ data:
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
{{ if .Values.kafka.initJobConfig.topics }}
{{ if .Values.global.kafka.topics }}
{{- $zk := printf "%s-zookeeper-headless" .Release.Name -}}
---
apiVersion: batch/v1
@@ -37,7 +37,7 @@ spec:
restartPolicy: OnFailure
initContainers:
- name: depends-on
image: {{ .Values.kafka.initJobConfig.image }}
image: {{ .Values.global.kafka.image }}
command:
- bash
- -c
@@ -47,7 +47,7 @@ spec:
echo "Waiting for Zookeeper..."
sleep 20
done
until nc -z {{ $.Release.Name }}-kafka {{ .Values.kafka.initJobConfig.port }} || (( retries++ >= 6 ))
until nc -z {{ $.Release.Name }}-kafka {{ .Values.global.kafka.port }} || (( retries++ >= 6 ))
do
echo "Waiting for Kafka..."
sleep 20
@@ -60,7 +60,7 @@ spec:
- -c
- |
set -e
{{- range $n, $topic := .Values.kafka.initJobConfig.topics }}
{{- range $n, $topic := .Values.global.kafka.topics }}
{{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }}
cat << EOF > {{ $topic.name }}-increase-replication-factor.json
{"version":1, "partitions":[

141
tip-wlan/values.yaml
View File

@@ -37,13 +37,11 @@ global:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository:
registry: tip-tip-wlan-cloud-docker-repo.jfrog.io
username: tip-read
password: tip-read
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
@@ -86,144 +84,11 @@ wlan-port-forwarding-gateway-service:
enabled: false
wlan-integrated-cloud-component-service:
enabled: false
nginx-ingress-controller:
enabled: false
kafka:
initJobConfig:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
enabled: false
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: glusterfs-storage
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: false
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: glusterfs-storage
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: false
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: glusterfs-storage
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates
enabled: false