Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-20 21:39:10 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:feature/update-cassandra
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
..
compare: Telecominfraproject:release/v1.0.1
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

66 Commits
feature/up ... release/v1

Author SHA1 Message Date
Max Brenner
52ed395249 release v1.0.1 2021-04-12 18:24:21 +02:00
Max Brenner
68b6e3c873 release v1.0.0 2021-04-01 11:34:39 +02:00
Max
852cb52309 automate Helm chart release process (#69) 
* automate Helm chart release process
 2021-04-01 11:29:05 +02:00
Norm Traxler
3af9776f1c [WIFI-1724] SSC reconnect to cassandra after cassandra pod restart 2021-04-01 11:28:37 +02:00
Dmitry Toptygin
a2a3180420 WIFI-1877 - add topics in kafka where messages are partitioned by locationId - location_metrics and location_events 2021-04-01 11:28:28 +02:00
Gleb Boushev
ccf14eded4 Update statefulset.yaml (#64) 
work around the imagepullbackoff issue on updates
 2021-04-01 11:28:07 +02:00
Chris Busch
4a3c056514 Merge pull request #71 from Telecominfraproject/1.0.0-artifacts 
1.0.0 artifacts
Signed-off-by: Chris Busch chrisbusch@fb.com
 2021-03-31 16:57:24 -04:00
Jaspreet Sachdev
b5d9f11f9e Pull to 1.0.0 artifact 2021-03-31 16:09:13 -04:00
AkshayJagadish-ne
a2ed08345d Merge pull request #63 from Telecominfraproject/WIFI-1669 
WIFI-1669 TIP 1.0 Update image tags in release 1.0 branch
 2021-02-27 22:07:01 -05:00
Akshay Jagadish
6c389d2395 WIFI-1669 TIP 1.0 Update image tags in release 1.0 branch 2021-02-26 19:34:20 -05:00
yongchen-cu
0060ce09ac Merge pull request #61 from Telecominfraproject/WIFI-1319-SslIssue 
Wifi 1319 ssl issue
 2021-02-22 14:32:54 -05:00
yongchen-cu
8670131e21 Merge pull request #62 from Telecominfraproject/WIFI-1610 
WIFI-1610: Changed tag of FE components from latest to 0.0.1-SNAPSHOT
 2021-02-22 14:24:33 -05:00
Akshay Jagadish
a15f091632 WIFI-1610: Changed tag of FE components from latest to 0.0.1-SNAPSHOT 2021-02-20 17:57:55 -05:00
Rahul Sharma
b833901b14 WIFI-1319: Renaming tlsv1.3 flag 2021-02-19 22:22:26 -05:00
Rahul Sharma
f8161542cf Moving Ssl.properties out of Secret and reading it instead as a file 2021-02-19 18:36:12 -05:00
Rahul Sharma
98e29d4f21 WIFI-1319: Adding ssl.properties directly 2021-02-19 18:24:38 -05:00
Rahul Sharma
be0f3512ae WIFI-1319: Updating charts to add TLS related properties in ssl.properties. 
Since these are only relevant to microK8s environment, we only enable them in it.
 2021-02-19 18:04:53 -05:00
Max
de8e8897f1 WIFI-1172 add JMX to Prometheus PoC (#51) 
* add JMX to Prometheus PoC

* add JMX prometheus exporter to all Java services
 2021-02-19 12:12:43 -05:00
Max
43233798b2 add debug output on failure (#60) 2021-02-17 18:32:05 +01:00
Max
73eec7509a WIFI-1524 add nightly microk8s scenario test (#57) 
* add nightly microk8s scenario test
* add README for microk8s setup
 2021-02-16 12:47:55 +01:00
Max
f824125224 WIFI-1028 remove vendor specific default values (#40) 
* remove vendor specific default values
 2021-02-15 12:15:52 +01:00
Max
6b4934c451 adjust resource request/limit values (#59) 
* adjust resource request/limit values
* adjust cassandra values
* adjust postgres values
 2021-02-11 13:02:24 +01:00
Gleb Boushev
d4a45ad10a found an error (#58) 
* found an error
 2021-02-11 12:49:33 +03:00
4c74356b41
915eb1d625 WIFI-1478 - all credentials moved to globals (#54) 
* all credentials moved to globals

* cassandra fix

* centralized certificates, removed unneded entities

* minor fixes, local-multi-namespace example fixes

* removing unneeded sections in the yaml files

* updates to changelog and multiple namespaces examples

* fixing last couple of services, removed not needed secrets, centralized httpclientconfig.json and ssl.properties

* minor improvements

* changelog reformatted

* fixing startupprobe and changelog

Co-authored-by: Gleb Boushev <4c74356b41@outlook.com>
 2021-02-04 13:03:51 +03:00
Max
cfda82150b Create enforce-jira-issue-key.yml (#55) 2021-02-03 11:33:41 +01:00
4c74356b41
fc783ea948 Merge pull request #53 from Telecominfraproject/feature/thirdparties-fixes 
fixing docker secret and fixing kafka topics
 2021-01-29 16:29:22 +01:00
4c74356b41
86c29ae62c Update README.md 2021-01-29 13:13:41 +03:00
Gleb Boushev
8484fc3f87 fixing docker secret and fixing kafka topics 2021-01-29 10:52:53 +03:00
4c74356b41
a3e523f922 Feature/thirdparties (#49) 
* thirdparties replaced with latest bitnami charts

* migration values example for persistence, dev-local example for thirdparties

* removing hardcoded passwords

* changing storage classes to mimic what minikube has

* fixing missing folder

* fixing PR comments, fixing testing build

* forgot to fix the namespace in the testing build

* fixing path issues

* fixing another path issue

* fixing build issues

* improving namespace support

* fixing cleanup task

* fixing yaml files

* further yaml formatting

* Update README.md

* Update testing.yml

Co-authored-by: Gleb Boushev <4c74356b41@outlook.com>
Co-authored-by: Leonid Mirsky <leonid@opsfleet.com>
 2021-01-28 16:51:39 +02:00
Leonid Mirsky
c8c1650f5b Merge pull request #52 from Telecominfraproject/changelog-v0.4-bump 
Bump Helm chart's version and add initial Changelog
 2021-01-28 16:30:42 +02:00
Leonid Mirsky
d8516225a9 Bump Helm chart's version and add initial Changelog 2021-01-27 15:32:34 +02:00
AkshayJagadish-ne
e1b2008a89 WIFI-1287 (#50) 
* WIFI-1287

*Removed run.sh as it overrides the run.sh from the back-end
https://github.com/Telecominfraproject/wlan-cloud-services/blob/master/port-forwarding-gateway-docker/src/main/docker/app/run.sh

*created two env variables LOCAL_PORT_RANGE_START and
LOCAL_PORT_RANGE_END with values {{ include "apDebugPortsStart" . }} and
{{ include "apDebugPortsStart" . }} respectively

* removed files folder from configmap
subtracted end port by 1
 2021-01-20 15:44:36 -05:00
Chris Busch
7bd33edb36 fix wlan.local references 
Signed-off-by: Chris Busch <cbusch@fb.com>
 2021-01-19 08:25:18 -05:00
AkshayJagadish-ne
cc987968d8 Merge pull request #48 from Telecominfraproject/revert-46-WIFI-1287 
Revert "WIFI-1287  Add configurable variable for pfgw local port range"
 2021-01-18 19:40:30 -05:00
AkshayJagadish-ne
d98d4ace39 Revert "WIFI-1287 Add configurable variable for pfgw local port range (#46)" 
This reverts commit aac7b07801.
 2021-01-18 19:39:49 -05:00
AkshayJagadish-ne
aac7b07801 WIFI-1287 Add configurable variable for pfgw local port range (#46) 2021-01-18 16:02:34 -05:00
Chris Busch
da7bbf1723 Merge pull request #47 from Telecominfraproject/microk8s-patch-1 
New microk8s with metallb deployment file
 2021-01-18 11:53:50 -05:00
Chris Busch
76fca7ef14 New microk8s with metallb deployment file 
Signed-off-by: Chris Busch <cbusch@fb.com>
 2021-01-17 15:08:09 -05:00
Max
e5d5c92f61 decrease cpu requests (#45) 2021-01-14 17:43:39 +01:00
Max
b2d8d7b205 WIFI-990 prefix ap debug ports (#34) 
* WIFI-990: disable hardcoded NodePort for AWS deployments
* add prefix to AP debug ports
* update debug port range in port-forwarding run.sh

Co-authored-by: Eugene Taranov <eugene@opsfleet.com>
 2021-01-11 14:34:20 +01:00
Max
0a1f9abd00 WIFI-1259 disable kube-score validation (#44) 
* disable kube-score validation
 2021-01-11 10:24:20 +01:00
Max
63a175bd29 WIFI-1246 add default CPU/memory limits/requests (#42) 
* add default CPU/memory limits/requests
* set minimum values to 128Mi and 500m
 2021-01-05 18:15:38 +01:00
Max
ee606a6204 remove reference of Toolsmith repo branch (#43) 2021-01-04 18:34:25 +01:00
Max
448ad243a4 add prototype of workflow (#39) 
* add prototype of workflow
* generate Helm values for PR deployment
* add proper test
 2021-01-04 18:14:22 +01:00
Max
174f1a4308 WIFI-1207 add example values for a multi namespace deployment (#41) 
* add example value for a multi namespace deployment
 2021-01-04 12:09:44 +01:00
Max
83c14c6548 WIFI-1238 set all imagePullPolicies to Always (#38) 
* set all imagePullPolicies to Always
* use chart-level and global image pull policy
* make images configurable
 2020-12-23 12:13:09 +01:00
Max
4960fb3654 add default server cert for Ingresses (#36) 2020-12-22 18:34:31 +01:00
Max
2550ed3ec2 replace hardcoded PSQL references (#35) 2020-12-22 17:43:53 +01:00
AkshayJagadish-ne
786fb43652 Merge pull request #37 from Telecominfraproject/zone3-albingress-testing 
Changed mqtt version to 2.0.3 for more logs
 2020-12-22 11:35:30 -05:00
Akshay Jagadish
ea829b67c8 Increase mqtt logging 2020-12-22 11:00:53 -05:00
Akshay Jagadish
63163f7520 Changed version to 2.0.3 for more logs 2020-12-21 19:07:59 -05:00
Max
3c1afd50cb Merge pull request #32 from Telecominfraproject/WIFI-1199-fix-cassandra-headless-hostname 
WIFI-1199 fix cassandra headless hostname
 2020-12-17 16:13:46 +01:00
Max
f46612fa61 Merge pull request #33 from Telecominfraproject/WIFI-1120-remove-hardcoded-kafka-references 
WIFI-1120 remove hardcoded kafka references
 2020-12-17 15:43:18 +01:00
Max Brenner
f10c416e19 add missing env variable for Kafka 2020-12-17 14:52:54 +01:00
Max Brenner
b5a47cc61c use common include for Cassandra headless service 2020-12-15 12:35:27 +01:00
Max Brenner
fac4df0a64 remove hardcoded reference from Cassandra test config 2020-12-15 12:34:32 +01:00
Max Brenner
5b81f38a0c remove hardcoded Kafka headless service references 2020-12-15 11:45:37 +01:00
Max Brenner
13cac13445 remove hardcoded reference in Kafka config 2020-12-14 18:31:58 +01:00
Max Brenner
2174cd4971 preserve newlines in config map 2020-12-14 18:19:58 +01:00
Max Brenner
ab6a4528d8 dynamically adjust references to Cassandra headless service 2020-12-14 17:56:05 +01:00
Dmitry Toptygin
6a846f9358 added scalability section with known tunable parameters into opensync-gw-cloud, wlan-portal-service, wlan-prov-service, wlan-spc-service, wlan-ssc-service. provided an example of overrides for those parameters in tip-wlan/resources/environments/dev-local.yaml 2020-12-09 16:35:51 -05:00
Dmitry Toptygin
8bd62a3dc6 second attempt to use explicit string as the value of environment variable tip_wlan_ovsdb_listener_threadPoolSize 2020-12-09 15:18:44 -05:00
Dmitry Toptygin
4ad3bb3b0c use explicit string as the value of environment variable tip_wlan_ovsdb_listener_threadPoolSize 2020-12-09 15:08:31 -05:00
Dmitry Toptygin
22ab0dbcf0 in opensync-gw-cloud exposed a property tip_wlan_ovsdb_listener_threadPoolSize 2020-12-09 14:00:59 -05:00
eugenetaranov-opsfleet
0c6f53eb9e WIFI-991: alb ingress (#29) 
* rebased

* removed map-hash-bucket-size from nginx config map

* synced requests/limits for cassandra

* enabled alb for graphql and static

* added plain http

* added ingress + alb for tip-wlan-wlan-portal-service

* enabled http->https redirect for ingress/alb services

* enabled nlb for opensync-gw-cloud and mqtt services

* disabled nginx ingress

* refactored service annotations

* sync: works

* disabled nodePort hardcoded value for wlan-portal-service AWS deployment

* synced helm values

* sync

* fix prov service ssl creds

* enabled efs

* sync dev-amazon-tip from master

* disabled nodeport static for opensync-gw-cloud

* wlan-port-forwarding-gateway-service nodeport static

* opensync-mqttt-broker nodeport static

* removed whitespace in tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

* renamed nodePort_static

* renamed alb_https_redirect

* added comment to nodePortStatic

* added a comment to   lb_https_redirect

Co-authored-by: Eugene Taranov <eugene@taranov.me>
 2020-12-03 12:48:52 +03:00
eugenetaranov-opsfleet
b5ff727d92 WIFI-752: healthchecks cloudsdk (#28) 
* opensync-gw-cloud healthchecks

* added sha image ref

* upd depends-on to latest tag
 2020-12-02 09:56:07 +03:00
154 changed files with 2476 additions and 3396 deletions
Expand all files Collapse all files

37
.github/workflows/enforce-jira-issue-key.yml vendored Normal file
View File

@@ -0,0 +1,37 @@
name: Ensure Jira issue is linked
on:
pull_request:
types: [opened, edited, reopened, synchronize]
jobs:
check_for_issue_key:
runs-on: ubuntu-latest
steps:
- name: Log into Jira
uses: atlassian/gajira-login@v2.0.0
env:
JIRA_BASE_URL: ${{ secrets.TIP_JIRA_URL }}
JIRA_USER_EMAIL: ${{ secrets.TIP_JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.TIP_JIRA_API_TOKEN }}
- name: Find issue key in PR title
id: issue_key_pr_title
continue-on-error: true
uses: atlassian/gajira-find-issue-key@v2.0.2
with:
string: ${{ github.event.pull_request.title }}
from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
- name: Find issue key in branch name
continue-on-error: true
id: issue_key_branch_name
uses: atlassian/gajira-find-issue-key@v2.0.2
with:
string: ${{ github.event.pull_request.head.ref }}
from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
- name: Check if issue key was found
run: |
if [[ -z "${{ steps.issue_key_pr_title.outputs.issue }}" && -z "${{ steps.issue_key_branch_name.outputs.issue }}" ]]; then
echo "Jira issue key could not be found!"
exit 1
fi

62
.github/workflows/helm-build.yml vendored
View File

@@ -3,28 +3,60 @@ name: Helm CI - TIP WLAN Cloud Master
on:
push:
branches: [ master ]
tags: [ "v*" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
submodules: true
- name: Login to TIP Docker registry
uses: azure/docker-login@v1
with:
login-server: tip-tip-wlan-cloud-docker-repo.jfrog.io
username: build-pipeline
password: ${{ secrets.DOCKER_REPO_PASSWORD }}
- name: Login to TIP Helm chart registry
run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }}
- name: Build tip-wlan chart file
run: tar -czf tip-wlan.tgz tip-wlan
- name: Upload tip-wlan chart to the TIP helm registry
run: curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan.tgz"
- name: Verify that chart was uploaded successfully
run: |
helm repo update
helm search repo tip
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
PACKAGE_OPTS="--version ${GITHUB_REF#refs/tags/v}"
else
PACKAGE_OPTS=""
fi
helm package $PACKAGE_OPTS -u tip-wlan
- name: Store chart as artifact
uses: actions/upload-artifact@v2
with:
name: helm-chart
path: tip-wlan-*.tgz
- name: Upload tip-wlan chart to the TIP helm registry
run: |
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-${GITHUB_REF#refs/tags/v}.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-${GITHUB_REF#refs/tags/v}.tgz"
else
curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-*.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-master.tgz"
fi
release:
runs-on: ubuntu-latest
needs: [ build ]
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v2
- name: setup Python
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: install keepachangelog
run: pip install keepachangelog
- name: create release description
continue-on-error: true
run: python .github/workflows/prepare-release-description.py ${GITHUB_REF#refs/tags/v} > RELEASE.md
- name: download Helm chart artifact
uses: actions/download-artifact@v2
with:
name: helm-chart
- name: create release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: tip-wlan-*.tgz
body_path: RELEASE.md
prerelease: ${{ contains(github.ref, 'rc') }}

6
.github/workflows/helm-validation.yml vendored
View File

@@ -45,7 +45,8 @@ jobs:
helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
echo "Kube-score test"
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
# will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score - || true
- name: Test glusterfs
working-directory: glusterfs/kube-templates
run: |
@@ -53,4 +54,5 @@ jobs:
/tmp/k8s-validators/kubeval *.yaml
echo "Kube-score test"
/tmp/k8s-validators/kube-score score *.yaml
# will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
/tmp/k8s-validators/kube-score score *.yaml || true

98
.github/workflows/nightly-scenario-test.yml vendored Normal file
View File

@@ -0,0 +1,98 @@
name: Nightly testing of all supported deployment scenarios
on:
workflow_dispatch:
schedule:
- cron: '15 0 * * *'
defaults:
run:
shell: bash
jobs:
microk8s:
runs-on: ubuntu-latest
steps:
- name: Checkout PKI scripts repo
uses: actions/checkout@v2
with:
path: wlan-pki-cert-scripts
repository: Telecominfraproject/wlan-pki-cert-scripts
- name: Checkout Cloud SDK repo
uses: actions/checkout@v2
with:
path: wlan-cloud-helm
repository: Telecominfraproject/wlan-cloud-helm
- name: Generate and copy certs
working-directory: wlan-pki-cert-scripts
run: |
./generate_all.sh
./copy-certs-to-helm.sh ../wlan-cloud-helm
- name: Determine public IP address
id: ip
uses: haythem/public-ip@v1.2
- uses: balchua/microk8s-actions@v0.2.1
with:
channel: 'latest/stable'
addons: '["dns", "helm3", "storage", "metallb:${{ steps.ip.outputs.ipv4 }}-${{ steps.ip.outputs.ipv4 }}"]'
- name: Deploy Cloud SDK
working-directory: wlan-cloud-helm
run: |
helm dependency update tip-wlan
# Github runners only have 2 CPU cores and 7GB of RAM. Thus we need to disable some of our resource requests
helm upgrade --install tip-wlan tip-wlan -f tip-wlan/example-values/microk8s-basic/values.yaml --create-namespace --namespace tip --set cassandra.resources=null --wait --timeout 10m
- name: Show pod state on deployment failure
if: failure()
run: |
kubectl get pods -n tip
kubectl describe pods -n tip
- name: Set custom DNS entries
run: |
sudo sh -c "echo -n \"\n${{ steps.ip.outputs.ipv4 }} wlan-ui.wlan.local wlan-ui-graphql.wlan.local\" >> /etc/hosts"
- name: Test HTTP endpoints
run: |
# this is needed to make until work
set +e
urls="https://wlan-ui.wlan.local https://wlan-ui-graphql.wlan.local/graphql"
for url in $urls; do
max_retry=300
counter=0
until curl --silent --insecure $url > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $url not reachable. trying again..."
((counter++))
done
echo Successfully reached URL $url
done
- name: Test MQTT and OpenSync endpoints
working-directory: wlan-cloud-helm/tip-wlan/resources/certs
run: |
# this is needed to make until work
set +e
endpoints="${{ steps.ip.outputs.ipv4 }}:1883 ${{ steps.ip.outputs.ipv4 }}:6640 ${{ steps.ip.outputs.ipv4 }}:6643"
for endpoint in $endpoints; do
max_retry=300
counter=0
until echo Q | openssl s_client -connect $endpoint -CAfile cacert.pem -cert clientcert.pem -key clientkey.pem > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$endpoint not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $endpoint not reachable. trying again..."
((counter++))
done
echo Successfully reached endpoint $endpoint
done

24
.github/workflows/prepare-release-description.py vendored Normal file
View File

@@ -0,0 +1,24 @@
import sys
import keepachangelog
CATEGORIES = ['added', 'changed', 'deprecated', 'removed', 'fixed', 'security']
version = sys.argv[1]
try:
changes = keepachangelog.to_dict("CHANGELOG.md")[version]
except KeyError:
print(f'No changelog entry for version {version}', file=sys.stderr)
exit(1)
print('## Changelog')
for category in CATEGORIES:
entries = changes.get(category, [])
if entries:
print(f'### {category.capitalize()}')
for entry in entries:
print(f'- {entry}')

103
.github/workflows/testing.yml vendored Normal file
View File

@@ -0,0 +1,103 @@
name: CloudSDK deployment and testing
env:
PR_NUMBER: ${{ github.event.number }}
HELM_RELEASE_PREFIX: tip-wlan
AWS_EKS_NAME: tip-wlan-main
AWS_DEFAULT_OUTPUT: json
AWS_DEFAULT_REGION: us-east-2
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
on:
pull_request:
branches: [ master ]
defaults:
run:
shell: bash
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout required repos
uses: actions/checkout@v2
with:
path: wlan-pki-cert-scripts
repository: Telecominfraproject/wlan-pki-cert-scripts
- name: Checkout Cloud SDK repo
uses: actions/checkout@v2
with:
path: wlan-cloud-helm
repository: Telecominfraproject/wlan-cloud-helm
- name: Checkout helm values repo
uses: actions/checkout@v2
with:
path: Toolsmith
repository: Telecominfraproject/Toolsmith
token: ${{ secrets.PAT_TOKEN }}
- name: Generate Helm values file
run: |
./Toolsmith/helm-values/aws-cicd-testing-pr-deployment.yaml.sh ${{ env.PR_NUMBER }} > pr-deployment.yaml
- name: Generate certs
working-directory: wlan-pki-cert-scripts
run: |
./generate_all.sh
./copy-certs-to-helm.sh ../wlan-cloud-helm
- name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
run: |
aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Deploy Cloud SDK
run: |
helm dependency update wlan-cloud-helm/${{ env.HELM_RELEASE_PREFIX }}
# using a timeout of 20 minutes as the EKS nodes may need to be scaled which takes some time
helm upgrade --install ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} wlan-cloud-helm/tip-wlan -f pr-deployment.yaml --create-namespace --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait --timeout 20m
test:
runs-on: ubuntu-latest
needs: [ deploy ]
steps:
- name: Execute tests
run: |
echo Running tests...
# this is needed to make until work
set +e
urls="https://wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build/graphql"
for url in $urls; do
max_retry=300
counter=0
until curl --silent $url > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $url not reachable. trying again..."
((counter++))
done
echo Successfully reached URL $url
done
echo Tests were successful
cleanup:
runs-on: ubuntu-latest
needs: [ deploy, test ]
if: ${{ always() }}
steps:
- name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
run: |
aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Delete Cloud SDK Helm release
run: |
helm delete ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} || true
- name: Delete namespace
run: |
kubectl delete namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait=true --ignore-not-found true

9
.gitignore vendored
View File

@@ -4,13 +4,14 @@
*.p12
*.csr
*.cnf
*.key
*.DS_Store
*.lock
# local development
*.lock
*.local_dev
tip-wlan/resources/certs
tip-wlan/resources/scripts
stern*
*.zip
*.tgz
stern*
helmfile

47
CHANGELOG.md Normal file
View File

@@ -0,0 +1,47 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.0.1] - 2021-04-12
### Changed
- bump cloud controller version to 1.0.1
### Fixed
- correct SQL and CQL schema URLs
## [1.0.0] - 2021-04-01
### Added
- replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
- centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
### Changed
- improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
### Removed
- removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- various outdated sections in values.yaml and environment files
- various secrets in subcharts as they are now part of the parent chart
- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
### Fixed
- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
## [0.4.0] - 2021-01-28
### Added
- initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
- [changes since first commit](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4)

81
README.md
View File

@@ -1,16 +1,68 @@
# wlan-cloud-helm
This repository contains helm charts for various deployment types of the tip wlan cloud services.
# IMPORTANT - Cloud Controller Helm charts v0.4 to v1.x migration procedure
We've introduced breaking changes to how Cloud Controller database charts are managed.
If you want to preserve your data when moving from v0.4 to v1.x of the Cloud Controller Helm charts, follow the steps outlined below.
If you can re-install your Cloud Controller and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.
## Prerequisites
1. Checkout latest wlan-cloud-helm repository
2. Have your certificates for existing installation
3. Helm 3.2+
## Procedure
All of the commands should be run under tip-wlan-helm directory.
1. Delete your current Helm release. The following commands will remove the pods, however, the PVC (your databases data) **won't be deleted**:
```
helm list -n default (to look up the name of the release)
helm uninstall -n default tip-wlan (tip-wlan is usually the name of the release)
```
2. Replace `REPLACEME` with your storage class name in the `tip-wlan/resources/environments/migration.yaml` file. You can check the available storageclasses with the `kubectl get storageclass` command.
3. Update your values file that you used for deploying the original release with the values from `migration.yaml` to preserve existing cassandra\postgres data (or skip that step and use the second upgrade command mentioned in #7)
4. If you want to preserve the PKI certificates from the original Helm installation, copy them to a new location using the command below (or checkout the latest wlan-pki-cert-script repo and use `copy-certs-to-helm.sh %path_to_new_helm_code%` to generate new self-signed keys):
```
find . -regextype posix-extended -regex '.+(jks|pem|key|pkcs12|p12)$' -exec cp "{}" tip-wlan/resources/certs/ \;
```
5. Remove the old charts from the helm directory, so that the upgrade command can successfully pull new chart depedencies:
```
rm -rf tip-wlan/charts/cassandra tip-wlan/charts/kafka tip-wlan/charts/postgresql
```
6. Pull 3rd party subcharts:
```
helm dependency update tip-wlan
```
7. Perform Helm upgrade:
```
helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/your_values_with_fixes.yaml
```
Alternatively, you can run the upgrade command as follows (the order of the -f arguments is important!):
```
helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/original_values.yaml -f tip-wlan/resources/environments/migration.yaml
```
As a precaution you can also run `helm template` with the same arguments as the upgrade command and examine the output before actually installing the chart
# Deploying the wlan-cloud deployment
- Run the following command under tip-wlan-helm directory:
- helm install <RELEASE_NAME> tip-wlan/ -n default -f tip-wlan/resources/environments/dev.yaml
More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
Run the following command under tip-wlan-helm directory:
```
helm dependency update tip-wlan
helm upgrade --install <RELEASE_NAME> tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/dev.yaml
```
More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
# Deleting the wlan-cloud deployment:
- Run the following command:
- helm del tip-wlan -n default
Run the following command:
```
helm del tip-wlan -n tip (replace the namespace with your namespace)
```
(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)
To get rid of them (PVC/PV/Endpoints), you can use the following script (expects that you are in the `tip` namespace or add `-n tip` to the below set of commands):
@@ -46,7 +98,6 @@ This repository contains helm charts for various deployment types of the tip wla
- helm test <RELEASE_NAME> -n default
(For more details add --debug flag to the above command)
# Local environment
In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
@@ -57,7 +108,6 @@ mqtt-server.cnf:
-commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build
+commonName_default = opensync-mqtt-broker.wlan.local
openssl-server.cnf:
-DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build
-DNS.2 = opensync-controller.zone1.lab.wlan.tip.build
@@ -92,13 +142,17 @@ done
Run minikube:
```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
```
minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10
```
Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
Deploy CloudSDK chart:
Deploy Cloud Controller chart:
```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
```
helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default
```
Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
@@ -133,7 +187,6 @@ Firefox:
2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
Repeat the step for `https://wlan-ui-graphql.wlan.local`
Chrome and other browsers using system certificate store:
1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
@@ -173,4 +226,4 @@ xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
```
2. Double click on it, enter the system admin password, if prompted.
2. Double click on it, enter the system admin password, if prompted.

1
glusterfs/README.md
View File

@@ -28,7 +28,6 @@ For other issues faced during deployment, see here:
- If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources.
- If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources.
- Deletion:
./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE>
- Note:

1
glusterfs/gk-deploy
View File

@@ -990,7 +990,6 @@ parameters:
output ""
fi
if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then
if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then
eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs"

14
tip-wlan/Chart.yaml
View File

@@ -14,11 +14,11 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.1.0
version: 1.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 1.16.0
appVersion: 1.0.1
home: https://telecominfraproject.com/wifi/
sources:
@@ -65,13 +65,11 @@ dependencies:
condition: nginx-ingress-controller.enabled
- name: common
version: 0.1.0
- name: zookeeper
version: 0.1.0
condition: zookeeper.enabled
- name: kafka
version: 0.1.0
condition: kafka.enabled
- name: kafka
version: 12.2.0
repository: https://charts.bitnami.com/bitnami
condition: kafka.enabled
- name: postgresql
version: 10.1.0
repository: https://charts.bitnami.com/bitnami

2
tip-wlan/charts/common/Chart.yaml
View File

@@ -7,5 +7,5 @@ version: 0.1.0
dependencies:
- name: efs-provisioner
version: 1.0.0
version: 1.0.1
condition: efs-provisioner.enabled

2
tip-wlan/charts/common/charts/efs-provisioner/Chart.yaml
View File

@@ -4,4 +4,4 @@
apiVersion: v1
description: EFS-Provisioner Chart to be used by other charts for file storage
name: efs-provisioner
version: 1.0.0
version: 1.0.1

2
tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml
View File

@@ -7,7 +7,7 @@ metadata:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.provisioner.replicaCount }}
strategy:
strategy:
type: {{ .Values.provisioner.strategyType }}
selector:
matchLabels:

9
tip-wlan/charts/common/templates/_env.tpl
View File

@@ -1,12 +1,5 @@
{{/*
Resolve the environment variables to apply to a chart. The default namespace suffix
is the name of the chart. This can be overridden if necessary (eg. for subcharts)
using the following value:
- .Values.nsPrefix : override namespace prefix
*/}}
{{- define "common.namespace" -}}
{{- default .Values.global.nsPrefix -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- define "common.env" -}}

10
tip-wlan/charts/common/templates/_namespace.tpl
View File

@@ -1,10 +0,0 @@
{{/*
Resolve the namespace to apply to a chart. The default namespace suffix
is the name of the chart. This can be overridden if necessary (eg. for subcharts)
using the following value:
- .Values.nsPrefix : override namespace prefix
*/}}
{{- define "common.namespace" -}}
{{- default .Values.global.nsPrefix -}}
{{- end -}}

43
tip-wlan/charts/common/templates/_ports.tpl
View File

@@ -1,24 +1,41 @@
{{/*
This template will be used to iterate through the debug-ports and generate
debug-ports mapping
This template will be used to iterate through the access point debug ports and generate
access point debug ports mapping
*/}}
{{- define "container.dev.debugport" -}}
{{- range $index, $portid := .Values.debugPorts }}
- name: debugport-{{ $index }}
containerPort: {{ $portid }}
{{- define "apDebugPortsStart" -}}
{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
{{- printf "%d%d" $portPrefix $start -}}
{{- end -}}
{{- define "apDebugPortsEnd" -}}
{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
{{- printf "%d%d" $portPrefix $end -}}
{{- end -}}
{{- define "container.dev.apDebugPorts" -}}
{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
{{- range $index, $port := $accessPointDebugPorts }}
- name: apdebugport-{{ $index }}
containerPort: {{ $port }}
protocol: TCP
{{- end }}
{{- end -}}
{{- define "service.dev.debugport" -}}
{{- range $index, $portid := .Values.debugPorts }}
- port: {{ $portid }}
targetPort: {{ $portid }}
{{- define "service.dev.apDebugPorts" -}}
{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
{{- range $index, $port := $accessPointDebugPorts }}
- port: {{ $port }}
targetPort: {{ $port }}
protocol: TCP
name: debugport-{{ $index }}
name: apdebugport-{{ $index }}
{{- if eq $.Values.service.type "NodePort" }}
nodePort: {{ $portid }}
{{- end }}
nodePort: {{ $port }}
{{- end }}
{{- end }}
{{- end -}}

25
tip-wlan/charts/common/templates/_svc.tpl
View File

@@ -1,5 +1,5 @@
{{/*
Resolve the Postgres service-name to apply to a chart.
Resolve the Postgres service-name to apply to a chart.
*/}}
{{- define "postgresql.service" -}}
{{- printf "%s-%s" .Release.Name .Values.postgresql.url | trunc 63 -}}
@@ -16,68 +16,67 @@ else use user-provided URL
{{- $zookeeperService := printf "%s-%s" .Release.Name .Values.zookeeper.url }}
{{- default $zookeeperService }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Resolve the Kafka service-name to apply to a chart.
Resolve the Kafka service-name to apply to a chart.
*/}}
{{- define "kafka.service" -}}
{{- printf "%s-%s" .Release.Name .Values.kafka.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Cassandra service-name to apply to a chart.
Resolve the Cassandra service-name to apply to a chart.
*/}}
{{- define "cassandra.service" -}}
{{- printf "%s-%s" .Release.Name .Values.cassandra.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the MQTT service-name to apply to a chart.
Resolve the MQTT service-name to apply to a chart.
*/}}
{{- define "mqtt.service" -}}
{{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the integratedcloudcomponent service-name to apply to a chart.
Resolve the integratedcloudcomponent service-name to apply to a chart.
*/}}
{{- define "integratedcloudcomponent.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the provisioning service-name to apply to a chart.
Resolve the provisioning service-name to apply to a chart.
*/}}
{{- define "prov.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the ssc service-name to apply to a chart.
Resolve the ssc service-name to apply to a chart.
*/}}
{{- define "ssc.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Opensync-gw service-name to apply to a chart.
Resolve the Opensync-gw service-name to apply to a chart.
*/}}
{{- define "opensyncgw.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "portal.sharedPvc.name" -}}
{{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
{{- end -}}
{{/*
Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "filestore.dir.name" -}}
{{- printf "%s" .Values.filestore.internal | trunc 63 -}}
{{- end -}}
{{- end -}}

8
tip-wlan/charts/kafka/Chart.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v2
description: Apache Kafka is publish-subscribe messaging
name: kafka
version: 0.1.0
appVersion: 1.0.0
dependencies:
- name: zookeeper
version: 0.1.0

2
tip-wlan/charts/kafka/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

67
tip-wlan/charts/kafka/templates/NOTES.txt
View File

@@ -1,67 +0,0 @@
### Connecting to Kafka from inside Kubernetes
You can connect to Kafka by running a simple pod in the K8s cluster like this with a configuration like this:
apiVersion: v1
kind: Pod
metadata:
name: testclient
namespace: {{ .Release.Namespace }}
spec:
containers:
- name: kafka
image: {{ .Values.image }}:{{ .Values.imageTag }}
command:
- sh
- -c
- "exec tail -f /dev/null"
Once you have the testclient pod above running, you can list all kafka
topics with:
kubectl -n {{ .Release.Namespace }} exec testclient -- kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --list
To create a new topic:
kubectl -n {{ .Release.Namespace }} exec testclient -- kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --topic test1 --create --partitions 1 --replication-factor 1
To listen for messages on a topic:
kubectl -n {{ .Release.Namespace }} exec -ti testclient -- kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}:9092 --topic test1 --from-beginning
To stop the listener session above press: Ctrl+C
To start an interactive message producer session:
kubectl -n {{ .Release.Namespace }} exec -ti testclient -- kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9092 --topic test1
To create a message in the above session, simply type the message and press "enter"
To end the producer session try: Ctrl+C
If you specify "zookeeper.connect" in configurationOverrides, please replace "{{ .Release.Name }}-zookeeper:2181" with the value of "zookeeper.connect", or you will get error.
{{ if .Values.external.enabled }}
### Connecting to Kafka from outside Kubernetes
You have enabled the external access feature of this chart.
**WARNING:** By default this feature allows Kafka clients outside Kubernetes to
connect to Kafka via NodePort(s) in `PLAINTEXT`.
Please see this chart's README.md for more details and guidance.
If you wish to connect to Kafka from outside please configure your external Kafka
clients to point at the following brokers. Please allow a few minutes for all
associated resources to become healthy.
{{ $fullName := include "common.fullname" . }}
{{- $replicas := .Values.replicas | int }}
{{- $servicePort := .Values.external.servicePort | int}}
{{- $root := . }}
{{- range $i, $e := until $replicas }}
{{- $externalListenerPort := add $root.Values.external.firstListenerPort $i }}
{{- if $root.Values.external.distinct }}
{{ printf "%s-%d.%s:%d" $root.Release.Name $i $root.Values.external.domain $servicePort | indent 2 }}
{{- else }}
{{ printf "%s.%s:%d" $root.Release.Name $root.Values.external.domain $externalListenerPort | indent 2 }}
{{- end }}
{{- end }}
{{- end }}

89
tip-wlan/charts/kafka/templates/_helpers.tpl
View File

@@ -1,89 +0,0 @@
{{/*
Form the Zookeeper URL. If zookeeper is installed as part of this chart, use k8s service discovery,
else use user-provided URL
*/}}
{{- define "zookeeper.url" }}
{{- $port := .Values.zookeeper.port | toString }}
{{- if .Values.zookeeper.enabled -}}
{{- printf "%s:%s" (include "kafka.zookeeper.fullname" .) $port }}
{{- else -}}
{{- $zookeeperConnect := printf "%s-%s:%s" .Release.Name .Values.zookeeper.url $port }}
{{- $zookeeperConnectOverride := index .Values "configurationOverrides" "zookeeper.connect" }}
{{- default $zookeeperConnect $zookeeperConnectOverride }}
{{- end -}}
{{- end -}}
{{/*
Derive offsets.topic.replication.factor in following priority order: configurationOverrides, replicas
*/}}
{{- define "kafka.replication.factor" }}
{{- $replicationFactorOverride := index .Values "configurationOverrides" "offsets.topic.replication.factor" }}
{{- default .Values.replicas $replicationFactorOverride }}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kafka.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create unified labels for kafka components
*/}}
{{- define "kafka.common.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "kafka.common.metaLabels" -}}
helm.sh/chart: {{ include "kafka.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "kafka.broker.matchLabels" -}}
app.kubernetes.io/component: kafka-broker
{{ include "kafka.common.matchLabels" . }}
{{- end -}}
{{- define "kafka.broker.labels" -}}
{{ include "kafka.common.metaLabels" . }}
{{ include "kafka.broker.matchLabels" . }}
{{- end -}}
{{- define "kafka.config.matchLabels" -}}
app.kubernetes.io/component: kafka-config
{{ include "kafka.common.matchLabels" . }}
{{- end -}}
{{- define "kafka.config.labels" -}}
{{ include "kafka.common.metaLabels" . }}
{{ include "kafka.config.matchLabels" . }}
{{- end -}}
{{- define "kafka.monitor.matchLabels" -}}
app.kubernetes.io/component: kafka-monitor
{{ include "kafka.common.matchLabels" . }}
{{- end -}}
{{- define "kafka.monitor.labels" -}}
{{ include "kafka.common.metaLabels" . }}
{{ include "kafka.monitor.matchLabels" . }}
{{- end -}}
{{- define "serviceMonitor.namespace" -}}
{{- if .Values.prometheus.operator.serviceMonitor.releaseNamespace -}}
{{ .Release.Namespace }}
{{- else -}}
{{ .Values.prometheus.operator.serviceMonitor.namespace }}
{{- end -}}
{{- end -}}
{{- define "prometheusRule.namespace" -}}
{{- if .Values.prometheus.operator.prometheusRule.releaseNamespace -}}
{{ .Release.Namespace }}
{{- else -}}
{{ .Values.prometheus.operator.prometheusRule.namespace }}
{{- end -}}
{{- end -}}

59
tip-wlan/charts/kafka/templates/configmap-config.yaml
View File

@@ -1,59 +0,0 @@
{{- if .Values.topics -}}
{{- $zk := include "zookeeper.url" . -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "kafka.config.labels" . | nindent 4 }}
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
data:
runtimeConfig.sh: |
#!/bin/bash
set -e
cd /usr/bin
until kafka-configs --zookeeper {{ $zk }} --entity-type topics --describe || (( count++ >= 6 ))
do
echo "Waiting for Zookeeper..."
sleep 20
done
until nc -z {{ template "common.fullname" . }} 9092 || (( retries++ >= 6 ))
do
echo "Waiting for Kafka..."
sleep 20
done
echo "Applying runtime configuration using {{ .Values.image }}:{{ .Values.imageTag }}"
{{- range $n, $topic := .Values.topics }}
{{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }}
cat << EOF > {{ $topic.name }}-increase-replication-factor.json
{"version":1, "partitions":[
{{- $partitions := (int $topic.partitions) }}
{{- $replicas := (int $topic.replicationFactor) }}
{{- range $i := until $partitions }}
{"topic":"{{ $topic.name }}","partition":{{ $i }},"replicas":[{{- range $j := until $replicas }}{{ $j }}{{- if ne $j (sub $replicas 1) }},{{- end }}{{- end }}]}{{- if ne $i (sub $partitions 1) }},{{- end }}
{{- end }}
]}
EOF
kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --execute
kafka-reassign-partitions --zookeeper {{ $zk }} --reassignment-json-file {{ $topic.name }}-increase-replication-factor.json --verify
{{- else if and $topic.partitions $topic.replicationFactor }}
kafka-topics --zookeeper {{ $zk }} --create --if-not-exists --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} --replication-factor {{ $topic.replicationFactor }}
{{- else if $topic.partitions }}
kafka-topics --zookeeper {{ $zk }} --alter --force --topic {{ $topic.name }} --partitions {{ $topic.partitions }} || true
{{- end }}
{{- if $topic.defaultConfig }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --delete-config {{ nospace $topic.defaultConfig }} || true
{{- end }}
{{- if $topic.config }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --alter --force --add-config {{ nospace $topic.config }}
{{- end }}
kafka-configs --zookeeper {{ $zk }} --entity-type topics --entity-name {{ $topic.name }} --describe
{{- if $topic.acls }}
{{- range $a, $acl := $topic.acls }}
{{ if and $acl.user $acl.operations }}
kafka-acls --authorizer-properties zookeeper.connect={{ $zk }} --force --add --allow-principal User:{{ $acl.user }}{{- range $operation := $acl.operations }} --operation {{ $operation }} {{- end }} --topic {{ $topic.name }} {{ $topic.extraParams }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

17
tip-wlan/charts/kafka/templates/configmap.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-clientconfig
namespace: {{ include "common.namespace" . }}
data:
admin-client.properties: |
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
ssl.keystore.type=PKCS12
ssl.truststore.location=/etc/kafka/secrets/truststore.jks
ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
ssl.truststore.type=JKS
bootstrap.servers=tip-wlan-kafka-headless:9093

30
tip-wlan/charts/kafka/templates/job-config.yaml
View File

@@ -1,30 +0,0 @@
{{- if .Values.topics -}}
{{- $scriptHash := include (print $.Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 8 -}}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "common.fullname" . }}-config-{{ $scriptHash }}"
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.config.labels" . | nindent 4 }}
spec:
backoffLimit: {{ .Values.configJob.backoffLimit }}
template:
metadata:
labels:
{{- include "kafka.config.matchLabels" . | nindent 8 }}
spec:
restartPolicy: OnFailure
volumes:
- name: config-volume
configMap:
name: {{ include "common.fullname" . }}-config
defaultMode: 0744
containers:
- name: {{ include "common.fullname" . }}-config
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
command: ["/usr/local/script/runtimeConfig.sh"]
volumeMounts:
- name: config-volume
mountPath: "/usr/local/script"
{{- end -}}

18
tip-wlan/charts/kafka/templates/secret.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
type: Opaque
data:
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}

14
tip-wlan/charts/kafka/templates/service-brokers.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}
spec:
ports:
- name: broker
port: {{ .Values.headless.sslPort }}
targetPort: kafka
selector:
{{- include "kafka.broker.matchLabels" . | nindent 4 }}

27
tip-wlan/charts/kafka/templates/service-headless.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
namespace: {{ include "common.namespace" . }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if .Values.headless.annotations }}
{{ .Values.headless.annotations | toYaml | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
ports:
# - name: broker
# port: {{ .Values.headless.port }}
# {{- if .Values.headless.targetPort }}
# targetPort: {{ .Values.headless.targetPort }}
# {{- end }}
- name: broker
port: {{ .Values.headless.sslPort }}
{{- if .Values.headless.targetSslPort }}
targetPort: {{ .Values.headless.targetSslPort }}
{{- end }}
clusterIP: None
selector:
{{- include "kafka.broker.matchLabels" . | nindent 4 }}

249
tip-wlan/charts/kafka/templates/statefulset.yaml
View File

@@ -1,249 +0,0 @@
{{- $advertisedListenersOverride := first (pluck "advertised.listeners" .Values.configurationOverrides) }}
{{- $zk := include "zookeeper.service" . -}}
{{- $ns := include "common.namespace" . -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ $ns }}
labels:
{{- include "kafka.broker.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "kafka.broker.matchLabels" . | nindent 6 }}
serviceName: {{ include "common.fullname" . }}-headless
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
replicas: {{ default 3 .Values.replicas }}
template:
metadata:
annotations:
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "kafka.broker.labels" . | nindent 8 }}
{{- if .Values.podLabels }}
## Custom pod labels
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.serviceAccountName }}
serviceAccountName: {{ .Values.serviceAccountName }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
command: ['sh', '-c', "until nslookup {{ $zk }}.{{ $ns }}.svc.cluster.local; do echo waiting for myservice; sleep 2; done"]
containers:
- name: {{ include "common.name" . }}-broker
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
livenessProbe:
exec:
command:
- sh
- -ec
- /usr/bin/jps | /bin/grep -q SupportedKafka
{{- if not .Values.livenessProbe }}
initialDelaySeconds: 30
timeoutSeconds: 5
{{- else }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30}}
{{- if .Values.livenessProbe.periodSeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
{{- end }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5}}
{{- if .Values.livenessProbe.successThreshold }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.livenessProbe.failureThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- end }}
readinessProbe:
tcpSocket:
port: kafka
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
ports:
- containerPort: {{ .Values.headless.sslPort }}
name: kafka
{{- if .Values.external.enabled }}
{{- $replicas := .Values.replicas | int }}
{{- $root := . }}
{{- range $i, $e := until $replicas }}
- containerPort: {{ add $root.Values.external.firstListenerPort $i }}
name: external-{{ $i }}
{{- end }}
{{- end }}
{{- if .Values.additionalPorts }}
{{ toYaml .Values.additionalPorts | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KAFKA_HEAP_OPTS
value: {{ .Values.kafkaHeapOptions }}
- name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
value: {{ include "kafka.replication.factor" . | quote }}
{{- if not (hasKey .Values.configurationOverrides "zookeeper.connect") }}
- name: KAFKA_ZOOKEEPER_CONNECT
value: {{ include "zookeeper.url" . | quote }}
{{- end }}
{{- if not (hasKey .Values.configurationOverrides "log.dirs") }}
- name: KAFKA_LOG_DIRS
value: {{ printf "%s/%s" .Values.persistence.mountPath .Values.logSubPath | quote }}
{{- end }}
{{- range $key, $value := .Values.configurationOverrides }}
- name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
{{- range $secret := .Values.secrets }}
{{- if not $secret.mountPath }}
{{- range $key := $secret.keys }}
- name: {{ (print ($secret.name | replace "-" "_") "_" $key) | upper }}
valueFrom:
secretKeyRef:
name: {{ $secret.name }}
key: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.envOverrides }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
# This is required because the Downward API does not yet support identification of
# pod numbering in statefulsets. Thus, we are required to specify a command which
# allows us to extract the pod ID for usage as the Kafka Broker ID.
# See: https://github.com/kubernetes/kubernetes/issues/31218
command:
- sh
- -exc
- |
unset KAFKA_PORT && \
export KAFKA_BROKER_ID=${POD_NAME##*-} && \
{{- if eq .Values.external.type "LoadBalancer" }}
export LOAD_BALANCER_IP=$(echo '{{ .Values.external.loadBalancerIP }}' | tr -d '[]' | cut -d ' ' -f "$(($KAFKA_BROKER_ID + 1))") && \
{{- end }}
{{- if eq .Values.external.type "NodePort" }}
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
{{- else }}
export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
{{- end }}
exec /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
- mountPath: /etc/kafka/secrets/key_creds
name: kafka-certificates
subPath: key_creds
- mountPath: /etc/kafka/secrets/keystore_creds
name: kafka-certificates
subPath: keystore_creds
- mountPath: /etc/kafka/secrets/truststore_creds
name: kafka-certificates
subPath: truststore_creds
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- name: datadir
mountPath: {{ .Values.persistence.mountPath | quote }}
{{- range $secret := .Values.secrets }}
{{- if $secret.mountPath }}
{{- if $secret.keys }}
{{- range $key := $secret.keys }}
- name: {{ include "common.fullname" $ }}-{{ $secret.name }}
mountPath: {{ $secret.mountPath }}/{{ $key }}
subPath: {{ $key }}
readOnly: true
{{- end }}
{{- else }}
- name: {{ include "common.fullname" $ }}-{{ $secret.name }}
mountPath: {{ $secret.mountPath }}
readOnly: true
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
{{- if not .Values.persistence.enabled }}
- name: datadir
emptyDir: {}
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }}
{{- range .Values.secrets }}
{{- if .mountPath }}
- name: {{ include "common.fullname" $ }}-{{ .name }}
secret:
secretName: {{ .name }}
{{- end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: datadir
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

60
tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml
View File

@@ -1,60 +0,0 @@
{{- if .Values.testsEnabled -}}
apiVersion: v1
kind: Pod
metadata:
name: {{ include "common.fullname" . }}-test-topic-create-produce-consume
namespace: {{ include "common.namespace" . }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: {{ include "common.name" . }}-test-consume
image: {{ .Values.image }}:{{ .Values.imageTag }}
command:
- sh
- -c
- |
# List topics:
echo "##### Listing existing topics #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Create the topic
echo "##### Create topic helm-test-topic-create-consume-produce #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists
echo "##### Produce the test message #####"
# Create a message
MESSAGE="`date -u`"
# Produce a test message to the topic
echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9093 --producer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce
echo "##### Consume the test message from the topic #####"
# Consume a test message from the topic
kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9093 --consumer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
echo "##### Listing current topics including our new topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Delete the messages from topic
echo "##### Delete messages from our topic #####"
kafka-configs --zookeeper {{ include "zookeeper.url" . }} --alter --entity-type topics --entity-name helm-test-topic-create-consume-produce --add-config retention.ms=1000
# Mark topic for deletion
echo "##### Mark our topic for Deletion #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --delete --topic helm-test-topic-create-consume-produce
# List topics:
echo "##### Listing topics after deleting our newly created topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
volumeMounts:
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
restartPolicy: Never
volumes:
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
{{- end }}

360
tip-wlan/charts/kafka/values.yaml
View File

@@ -1,360 +0,0 @@
# ------------------------------------------------------------------------------
# Kafka:
# ------------------------------------------------------------------------------
## The StatefulSet installs 1 pod by default
replicas: 1
## The kafka image repository
image: "confluentinc/cp-kafka"
# image: "wurstmeister/kafka"
## The kafka image tag
imageTag: "5.0.1" # Confluent image for Kafka 2.0.0
# imageTag: "latest"
## Specify a imagePullPolicy
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
imagePullPolicy: "IfNotPresent"
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# cpu: 200m
# memory: 1536Mi
# requests:
# cpu: 100m
# memory: 1024Mi
kafkaHeapOptions: "-Xmx1G -Xms1G"
## Optional Container Security context
securityContext: {}
## The StatefulSet Update Strategy which Kafka will use when changes are applied.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategy:
type: "OnDelete"
## Start and stop pods in Parallel or OrderedReady (one-by-one.) Note - Can not change after first release.
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
podManagementPolicy: OrderedReady
## Useful if using any custom authorizer
## Pass in some secrets to use (if required)
# secrets:
# - name: myKafkaSecret
# keys:
# - username
# - password
# # mountPath: /opt/kafka/secret
# - name: myZkSecret
# keys:
# - user
# - pass
# mountPath: /opt/zookeeper/secret
## The subpath within the Kafka container's PV where logs will be stored.
## This is combined with `persistence.mountPath`, to create, by default: /opt/kafka/data/logs
logSubPath: "logs"
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Use an alternate serviceAccount
## Useful when using images in custom repositories
# serviceAccountName:
## Set a pod priorityClassName
# priorityClassName: high-priority
## Pod scheduling preferences (by default keep pods within a release on separate nodes).
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## By default we don't set affinity
affinity: {}
## Alternatively, this typical example defines:
## antiAffinity (to keep Kafka pods on separate pods)
## and affinity (to encourage Kafka pods to be collocated with Zookeeper pods)
# affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - kafka
# topologyKey: "kubernetes.io/hostname"
# podAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 50
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - zookeeper
# topologyKey: "kubernetes.io/hostname"
## Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {}
## Readiness probe config.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
## Period to wait for broker graceful shutdown (sigterm) before pod is killed (sigkill)
## ref: https://kubernetes-v1-4.github.io/docs/user-guide/production-pods/#lifecycle-hooks-and-termination-notice
## ref: https://kafka.apache.org/10/documentation.html#brokerconfigs controlled.shutdown.*
terminationGracePeriodSeconds: 60
# Tolerations for nodes that have taints on them.
# Useful if you want to dedicate nodes to just run kafka
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
## Headless service.
##
headless:
# annotations:
# targetPort:
port: 9092
sslPort: 9093
## External access.
##
external:
enabled: false
# type can be either NodePort or LoadBalancer
type: NodePort
# annotations:
# service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
dns:
useInternal: false
useExternal: true
# If using external service type LoadBalancer and external dns, set distinct to true below.
# This creates an A record for each statefulset pod/broker. You should then map the
# A record of the broker to the EXTERNAL IP given by the LoadBalancer in your DNS server.
distinct: false
servicePort: 19092
firstListenerPort: 31090
domain: cluster.local
loadBalancerIP: []
loadBalancerSourceRanges: []
init:
image: "lwolf/kubectl_deployer"
imageTag: "0.4"
imagePullPolicy: "IfNotPresent"
# Annotation to be added to Kafka pods
podAnnotations: {}
# Labels to be added to Kafka pods
podLabels: {}
# service: broker
# team: developers
podDisruptionBudget: {}
# maxUnavailable: 1 # Limits how many Kafka pods may be unavailable due to voluntary disruptions.
## Configuration Overrides. Specify any Kafka settings you would like set on the StatefulSet
## here in map format, as defined in the official docs.
## ref: https://kafka.apache.org/documentation/#brokerconfigs
##
configurationOverrides:
"confluent.support.metrics.enable": false # Disables confluent metric submission
# "auto.leader.rebalance.enable": true
# "auto.create.topics.enable": true
# "controlled.shutdown.enable": true
# "controlled.shutdown.max.retries": 100
# "ssl.secret.dir": "/opt/tip-wlan/certs"
# "ssl.keystore.filename": "kafka-server.pkcs12"
# "ssl.key.credentials": "mypassword"
# "ssl.truststore.filename": "kafka_server_keystore.jks"
# "ssl.truststore.credentials": "mypassword"
advertised.listeners: SSL://tip-wlan-kafka-headless:9093
ssl.client.auth: required
ssl.endpoint.identification.algorithm: ""
security.inter.broker.protocol: SSL
ssl.key.credentials: "key_creds"
ssl.keystore.filename: "kafka-server.pkcs12"
ssl.keystore.credentials: "keystore_creds"
ssl.keystore.type: "PKCS12"
ssl.truststore.filename: "truststore.jks"
ssl.truststore.credentials: "truststore_creds"
ssl.truststore.type: "JKS"
## Options required for external access via NodePort
## ref:
## - http://kafka.apache.org/documentation/#security_configbroker
## - https://cwiki.apache.org/confluence/display/KAFKA/KIP-103%3A+Separation+of+Internal+and+External+traffic
##
## Setting "advertised.listeners" here appends to "PLAINTEXT://${POD_IP}:9092,", ensure you update the domain
## If external service type is Nodeport:
# "advertised.listeners": |-
# EXTERNAL://kafka.cluster.local:$((31090 + ${KAFKA_BROKER_ID}))
## If external service type is LoadBalancer and distinct is true:
# "advertised.listeners": |-
# EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).cluster.local:19092
## If external service type is LoadBalancer and distinct is false:
# "advertised.listeners": |-
# EXTERNAL://${LOAD_BALANCER_IP}:31090
## Uncomment to define the EXTERNAL Listener protocol
# "listener.security.protocol.map": |-
# PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT
## set extra ENVs
# key: "value"
envOverrides: {}
## A collection of additional ports to expose on brokers (formatted as normal containerPort yaml)
# Useful when the image exposes metrics (like prometheus, etc.) through a javaagent instead of a sidecar
additionalPorts: {}
## Persistence configuration. Specify if and how to persist data to a persistent volume.
##
persistence:
enabled: false
## The size of the PersistentVolume to allocate to each Kafka Pod in the StatefulSet. For
## production servers this number should likely be much larger.
##
size: 1Gi
accessMode: ReadWriteOnce
## The location within the Kafka container where the PV will mount its storage and Kafka will
## store its logs.
##
mountPath: "/opt/kafka/data"
## Kafka data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "-"
## Kafka Config job configuration
##
configJob:
## Specify the number of retries before considering kafka-config job as failed.
## https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#pod-backoff-failure-policy
backoffLimit: 6
## Topic creation and configuration.
## The job will be run on a deployment only when the config has been changed.
## - If 'partitions' and 'replicationFactor' are specified we create the topic (with --if-not-exists.)
## - If 'partitions', 'replicationFactor' and 'reassignPartitions' are specified we reassign the partitions to
## increase the replication factor of an existing topic.
## - If 'partitions' is specified we 'alter' the number of partitions. This will
## silently and safely fail if the new setting isnt strictly larger than the old (i.e. a NOOP.) Do be aware of the
## implications for keyed topics (ref: https://docs.confluent.io/current/kafka/post-deployment.html#admin-operations)
## - If 'defaultConfig' is specified it's deleted from the topic configuration. If it isn't present,
## it will silently and safely fail.
## - If 'config' is specified it's added to the topic configuration.
##
## Note: To increase the 'replicationFactor' of a topic, 'reassignPartitions' must be set to true (see above).
##
topics:
# - name: myExistingTopicConfig
# config: "cleanup.policy=compact,delete.retention.ms=604800000"
# - name: myExistingTopicReassignPartitions
# partitions: 8
# replicationFactor: 5
# reassignPartitions: true
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
# - name: myNewTopicWithConfig
# partitions: 8
# replicationFactor: 3
# defaultConfig: "segment.bytes,segment.ms"
# config: "cleanup.policy=compact,delete.retention.ms=604800000"
# - name: myAclTopicPartitions
# partitions: 8
# acls:
# - user: read
# operations: [ Read ]
# - user: read_and_write
# operations:
# - Read
# - Write
# - user: all
# operations: [ All ]
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
testsEnabled: true
# ------------------------------------------------------------------------------
# Zookeeper:
# ------------------------------------------------------------------------------
zookeeper:
## If true, install the Zookeeper chart alongside Kafka
## ref: https://github.com/kubernetes/charts/tree/master/incubator/zookeeper
enabled: false
## Configure Zookeeper resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources: ~
## Environmental variables to set in Zookeeper
env:
## The JVM heap size to allocate to Zookeeper
ZK_HEAP_SIZE: "1G"
persistence:
enabled: false
## The amount of PV storage allocated to each Zookeeper pod in the statefulset
# size: "2Gi"
## Specify a Zookeeper imagePullPolicy
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
image:
PullPolicy: "IfNotPresent"
## If the Zookeeper Chart is disabled a URL and port are required to connect
url: "zookeeper-headless"
port: 2181
## Pod scheduling preferences (by default keep pods within a release on separate nodes).
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## By default we don't set affinity:
affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - topologyKey: "kubernetes.io/hostname"
# labelSelector:
# matchLabels:
# release: zookeeper
creds:
sslTruststorePassword: DUMMY_PASSWORD
sslKeystorePassword: DUMMY_PASSWORD
sslKeyPassword: DUMMY_PASSWORD

5
tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
View File

@@ -4,7 +4,8 @@ metadata:
name: {{ include "nginx-ingress.configName" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- include "common.labels" . | nindent 4 }}
data:
external-status-address: {{ .Values.controller.config.externalStatusAddress }}
client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
error-log-level: {{ .Values.controller.config.errorLogLevel }}

2
tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml
View File

@@ -1,6 +1,6 @@
{{- if not .Values.byPassNginxForTcpConnections.enabled -}}
apiVersion: k8s.nginx.org/v1alpha1
kind: GlobalConfiguration
kind: GlobalConfiguration
metadata:
name: {{ include "common.name" . }}-global-configuration
namespace: {{ include "common.namespace" . }}

22
tip-wlan/charts/nginx-ingress-controller/values.yaml
View File

@@ -40,7 +40,7 @@ controller:
tag: "1.7.0"
## The pull policy for the Ingress controller image.
pullPolicy: IfNotPresent
pullPolicy: Always
config:
## The name of the ConfigMap used by the Ingress controller.
@@ -56,6 +56,8 @@ controller:
## Max message size coming from the Client
clientMaxBodySize: "20m"
## Error
errorLogLevel: "error"
## It is recommended to use your own TLS certificates and keys
defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
@@ -92,13 +94,13 @@ controller:
terminationGracePeriodSeconds: 30
## The resources of the Ingress controller pods.
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
resources:
limits:
cpu: 500m
memory: 200Mi
requests:
cpu: 50m
memory: 140Mi
## The tolerations of the Ingress controller pods.
tolerations: []
@@ -137,7 +139,7 @@ controller:
## Enable the custom resources.
enableTLSPassthrough: true
## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
## Useful for external health-checking of the Ingress controller.
healthStatus: false
@@ -274,7 +276,7 @@ rbac:
## This property will prevent exposing TCP ports for passthrough connections
## Instead we are opening up these services as NodePorts
## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
## as passthrough for TCP Connections
byPassNginxForTcpConnections:
enabled: true

13
tip-wlan/charts/opensync-gw-cloud/resources/config/certs/ssl.properties
View File

@@ -1,13 +0,0 @@
truststorePass=mypassword
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass=mypassword
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS

18
tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml
View File

@@ -29,7 +29,7 @@
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
@@ -45,23 +45,23 @@
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>

2
tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

138
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -27,47 +27,18 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-mqtt-readiness
image: eclipse-mosquitto:latest
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
counter=0
while [ $counter -lt 10 ] && [ $status -ne 0 ]
do
echo {{ $mqtt }} service isnt ready. Tried $counter times
sleep 2
counter=`expr $counter + 1`
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
done
if [ $status -eq 0 ]
then
echo {{ $mqtt }} service is ready!
else
echo {{ $mqtt }} service failed to respond after 20 secs
exit 1
fi
volumeMounts:
- mountPath: /certs/cacert.pem
name: certificates
subPath: cacert.pem
- mountPath: /certs/clientcert.pem
name: certificates
subPath: clientcert.pem
- mountPath: /certs/clientkey.pem
name: certificates
subPath: clientkey.pem
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-opensync-mqtt-broker"
- "-service={{ .Release.Name }}-wlan-prov-service"
- "-service={{ .Release.Name }}-wlan-ssc-service"
- -check_interval=5
{{- if .Values.global.integratedDeployment }}
- name: {{ include "common.name" . }}-readiness-int-cloud
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
@@ -76,34 +47,7 @@ spec:
url=https://{{ $icc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- else }}
- name: {{ include "common.name" . }}-readiness-prov
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
apk add curl
url=https://{{ $prov }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
@@ -118,48 +62,22 @@ spec:
echo ${url} service failed to respond after 50 secs
exit 1
fi
- name: {{ include "common.name" . }}-readiness-ssc
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
apk add curl
url=https://{{ $ssc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -172,6 +90,11 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
env:
{{- include "common.env" . | nindent 12 }}
@@ -210,6 +133,22 @@ spec:
value: {{ .Values.ethernetType.wanType }}
- name: DEFAULT_WAN_NAME
value: {{ .Values.ethernetType.wanName }}
- name: tip_wlan_ovsdb_listener_threadPoolSize
value: "{{ .Values.scalability.tip_wlan_ovsdb_listener_threadPoolSize }}"
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
@@ -231,6 +170,8 @@ spec:
subPath: logback.xml
- mountPath: {{ $file_store_path }}
name: file-store-data
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -249,6 +190,7 @@ spec:
containerPort: {{ .Values.service.port5 }}
protocol: TCP
{{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -267,7 +209,7 @@ spec:
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
secretName: tip-common-opensync-gw-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
@@ -278,3 +220,5 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/opensync-gw-cloud/templates/pod-monitor.yaml Normal file
View File

@@ -0,0 +1 @@
{{ include "jmxPrometheus.podMonitor" . }}

24
tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: {{ include "common.fullname" . }}-depends-on
apiGroup: rbac.authorization.k8s.io

8
tip-wlan/charts/opensync-gw-cloud/templates/secret.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

14
tip-wlan/charts/opensync-gw-cloud/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -12,28 +16,38 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
- port: {{ .Values.service.port4 }}
targetPort: {{ .Values.service.port4 }}
protocol: TCP
name: {{ .Values.service.name4 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port5 }}
targetPort: {{ .Values.service.port5 }}
protocol: TCP
name: {{ .Values.service.name5 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
{{- end }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

52
tip-wlan/charts/opensync-gw-cloud/values.yaml
View File

@@ -11,7 +11,7 @@ replicaCount: 1
image:
name: opensync-gateway-cloud
tag: 0.0.1-SNAPSHOT
tag: 1.0.1
nameOverride: ""
fullnameOverride: ""
@@ -52,12 +52,15 @@ probes:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
startupProbe:
periodSeconds: 30
failureThreshold: 500
# Enable/Disable Helm tests
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -77,6 +80,8 @@ service:
port5: 5005
name5: debug
nodePort5: 26
annotations: {}
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
persistence:
enabled: false
@@ -85,9 +90,9 @@ persistence:
# the filestore internal: location of the folder where UI files will be stored
# on the PV
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# can download the files from. Override this value (url) to the configured
# HTTP server in your system
# HTTP server in your system
filestore:
internal: "/tmp/filestore"
url: DUMMY_FILESTORE_HTTPS_URL
@@ -113,9 +118,8 @@ portal:
name: file-store-data
ordinal: 0
# These are the address and ports for the externalhost
# This is important for ovsdb and mqtt since
# This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override
# them in dev override file for your respective environments.
# the default values below would be used if not overriden
@@ -127,14 +131,28 @@ externalhost:
ovsdb: 6640
mqtt: 1883
ethernetType:
lanName: "lan"
lanType: "bridge"
wanType: "bridge"
wanName: "wan"
scalability:
#how many concurrent connections single instance of OpenSyncGateway can accept
tip_wlan_ovsdb_listener_threadPoolSize: 50
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
ingress:
enabled: false
annotations: {}
@@ -148,17 +166,13 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 750Mi
requests:
cpu: 10m
memory: 500Mi
nodeSelector: {}

2
tip-wlan/charts/opensync-gw-static/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

21
tip-wlan/charts/opensync-gw-static/resources/config/certs/httpClientConfig.json
View File

@@ -1,21 +0,0 @@
{
"maxConnectionsTotal": 100,
"maxConnectionsPerRoute": 10,
"truststoreType": "JKS",
"truststoreProvider": "SUN",
"truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass": "mypassword",
"keystoreType": "JKS",
"keystoreProvider": "SUN",
"keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass": "mypassword",
"keyAlias": "clientkeyalias",
"credentialsList": [
{
"host": "localhost",
"port": -1,
"user": "user",
"password": "password"
}
]
}

30
tip-wlan/charts/opensync-gw-static/resources/config/logback.xml
View File

@@ -13,8 +13,8 @@
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!--
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
@@ -23,7 +23,7 @@
</encoder>
</appender>
-->
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
@@ -39,37 +39,37 @@
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG"/>
<!--
<!--
<logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
-->
<root level="WARN">
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

2
tip-wlan/charts/opensync-gw-static/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

17
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -25,16 +25,16 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -47,7 +47,12 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
startupProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
@@ -92,7 +97,7 @@ spec:
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
secretName: tip-common-opensync-gw-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config

8
tip-wlan/charts/opensync-gw-static/templates/secret.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

5
tip-wlan/charts/opensync-gw-static/values.yaml
View File

@@ -11,7 +11,7 @@ replicaCount: 1
image:
name: opensync-gateway-static
tag: 0.0.1-SNAPSHOT
tag: 1.0.1
nameOverride: ""
fullnameOverride: ""
@@ -52,6 +52,9 @@ probes:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
startupProbe:
periodSeconds: 30
failureThreshold: 500
# Enable/Disable Helm tests
testsEnabled: false

2
tip-wlan/charts/opensync-mqtt-broker/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

13
tip-wlan/charts/opensync-mqtt-broker/resources/config/mosquitto.conf
View File

@@ -6,7 +6,18 @@ use_identity_as_username true
allow_anonymous false
allow_duplicate_messages true
autosave_interval 900
log_dest stdout
log_dest file /mosquitto/log/mosquitto.log
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S
log_type error
log_type warning
log_type notice
log_type information
# log_type debug
# log_type websockets
# log_type subscribe
# log_type all
connection_messages true
max_queued_bytes 0
max_queued_messages 0
message_size_limit 0

2
tip-wlan/charts/opensync-mqtt-broker/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: mosquitto-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/mosquitto.conf").AsConfig | indent 2 }}

8
tip-wlan/charts/opensync-mqtt-broker/templates/secret.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: opensync-mqtt-broker-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

8
tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -12,11 +16,15 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

14
tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
View File

@@ -45,7 +45,8 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-init-dir-ownership-change
image: alpine:3.6
image: {{ .Values.alpine.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
# Change ownership to `mosquitto` user for a mounted volume
command:
- sh
@@ -63,12 +64,12 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -81,6 +82,11 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
volumeMounts:
- mountPath: /certs/cacert.pem
@@ -123,7 +129,7 @@ spec:
volumes:
- name: opensync-mqtt-broker-truststore
secret:
secretName: opensync-mqtt-broker-certs
secretName: tip-common-opensync-mqtt-broker-certs
- name: opensync-mqtt-broker-conf
configMap:
name: mosquitto-config

30
tip-wlan/charts/opensync-mqtt-broker/values.yaml
View File

@@ -6,7 +6,10 @@ replicaCount: 1
image:
name: eclipse-mosquitto
tag: latest
tag: 2.0.3
alpine:
image: alpine:3.6
nameOverride: ""
fullnameOverride: ""
@@ -49,6 +52,9 @@ probes:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
startupProbe:
periodSeconds: 30
failureThreshold: 500
# Enable/Disable Helm tests
testsEnabled: false
@@ -61,6 +67,8 @@ service:
port2: 9001
name2: debug
nodePort2: 32
annotations: {}
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
ingress:
enabled: false
@@ -75,17 +83,13 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 5Mi
priorityClassName: ""
@@ -104,7 +108,7 @@ persistence:
## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
## volumeReclaimPolicy: Retain
## If you want to bind to an existing PV, uncomment below with the pv name
## If you want to bind to an existing PV, uncomment below with the pv name
## and comment storageClass and belowannotation
## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:

8
tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml
View File

@@ -24,7 +24,9 @@ spec:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
@@ -32,6 +34,12 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if $.Values.ingress.lb_https_redirect }}
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
{{- end }}
{{- range .paths }}
- path: {{ . }}
backend:

2
tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml
View File

@@ -12,6 +12,8 @@ spec:
targetPort: {{ .Values.service.port }}
protocol: TCP
name: {{ .Values.service.name }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

36
tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml
View File

@@ -9,9 +9,9 @@
replicaCount: 1
image:
image:
name: wlan-cloud-graphql-gw
tag: latest
tag: 1.0.1
pullPolicy: IfNotPresent
nameOverride: ""
@@ -51,33 +51,31 @@ service:
port: 4000
name: graphui
nodePort: 23
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
ingress:
enabled: true
lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: wlan-ui-graphql.zone3.lab.connectus.ai
paths: [
/
]
hosts: []
# - host: wlan-ui-graphql.local
# paths: [
# /
# ]
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# - wlan-ui-graphql.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 128Mi
nodeSelector: {}

6
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -25,11 +25,11 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
- name: API
value: {{ .Values.env.graphql }}

8
tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml
View File

@@ -24,7 +24,9 @@ spec:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
@@ -32,6 +34,12 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if $.Values.ingress.lb_https_redirect }}
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
{{- end }}
{{- range .paths }}
- path: {{ . }}
backend:

4
tip-wlan/charts/wlan-cloud-static-portal/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:

35
tip-wlan/charts/wlan-cloud-static-portal/values.yaml
View File

@@ -9,9 +9,9 @@
replicaCount: 1
image:
image:
name: wlan-cloud-ui
tag: latest
tag: 1.0.1
pullPolicy: IfNotPresent
nameOverride: ""
@@ -50,30 +50,27 @@ service:
ingress:
enabled: true
lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: wlan-ui.zone3.lab.connectus.ai
paths: [
/
]
hosts: []
# - host: wlan-ui.local
# paths: [
# /
# ]
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# - wlan-ui.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 5Mi
nodeSelector: {}

2
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

3
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml
View File

@@ -46,7 +46,6 @@
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
@@ -71,5 +70,5 @@
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

2
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

222
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -19,121 +19,125 @@ spec:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.integratedWithPersistence.enabled }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
- name: {{ include "common.name" . }}-create-db-schema
env:
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: postgresql-password
- name: SCHEMA_REPO_USER
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-user
- name: SCHEMA_REPO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: postgres:latest
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
exit
ports:
- containerPort: 5432
name: tcp-postgresql
protocol: TCP
resources:
requests:
cpu: 250m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /dev/shm
name: dshm
- mountPath: /bitnami/postgresql
name: data
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-postgresql"
- -check_interval=5
- name: {{ include "common.name" . }}-create-db-schema
env:
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: postgresql-password
- name: SCHEMA_REPO_USER
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-user
- name: SCHEMA_REPO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: postgres:latest
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.1/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
exit
resources:
requests:
cpu: 50m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /dev/shm
name: dshm
- mountPath: /bitnami/postgresql
name: data
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: BACKEND_SERVER
value: {{ .Release.Name }}-{{ .Chart.Name }}
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
subPath: client_keystore.jks
- mountPath: /opt/tip-wlan/certs/truststore.jks
name: certificates
subPath: truststore.jks
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/intcloudcomp/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
- name: BACKEND_SERVER
value: {{ .Release.Name }}-{{ .Chart.Name }}
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
subPath: client_keystore.jks
- mountPath: /opt/tip-wlan/certs/truststore.jks
name: certificates
subPath: truststore.jks
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/intcloudcomp/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -150,7 +154,7 @@ spec:
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
secretName: tip-common-postgres-client-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config

12
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/secret.yaml
View File

@@ -1,4 +1,5 @@
{{- if .Values.global.integratedDeployment }}
---
apiVersion: v1
kind: Secret
metadata:
@@ -7,9 +8,8 @@ metadata:
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
{{- end}}
---
{{- if .Values.global.integratedDeployment }}
apiVersion: v1
kind: Secret
metadata:
@@ -22,9 +22,7 @@ metadata:
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- if .Values.creds.enabled }}
postgresql-password: {{ .Values.creds.postgres.password | b64enc | quote }}
schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
{{- end }}
postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }}
schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}
{{- end}}

37
tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml
View File

@@ -11,7 +11,7 @@ replicaCount: 1
image:
name: wlan-integrated-cloud-component-service
tag: 0.0.1-SNAPSHOT
tag: 1.0.1
nameOverride: ""
fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
successThreshold: 1
failureThreshold: 3
scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {}
# capabilities:
@@ -58,14 +61,6 @@ securityContext: {}
# Enable/Disable Helm tests
testsEnabled: false
creds:
enabled: true
postgres:
password: DUMMY_POSTGRES_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
service:
type: NodePort
port1: 9091
@@ -75,7 +70,7 @@ service:
name2: secondary-port
nodePort2: 52
postgresql:
postgresql:
url: postgresql-headless
integratedWithPersistence:
@@ -86,19 +81,19 @@ ingress:
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: example.com
paths: [
/portal
]
tls:
- secretName: portal-secret
hosts:
- example.com
hosts: []
# - host: wlan-integrated-cloud-component-service.local
# paths: [
# /portal
# ]
tls: []
# - secretName: portal-secret
# hosts:
# - wlan-integrated-cloud-component-service.local
# Transport-Server-passthrough properties
tsp:
host: wlan-portal-service.zone3.lab.connectus.ai
host: wlan-portal-service.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
@@ -116,4 +111,4 @@ nodeSelector: {}
tolerations: []
affinity: {}
affinity: {}

2
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

3
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml
View File

@@ -46,7 +46,6 @@
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
@@ -71,5 +70,5 @@
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

56
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/run.sh
View File

@@ -1,56 +0,0 @@
#!/bin/bash
# local_port_range that Java process can use
# These are then assigned to the container ports (in the deployment.yaml) which can either:
# later be opened by the port-forwarding-gateway service as NodePorts (preferred)
# or use kubectl port-forwarding to forward the container ports. Example:
# kubectl port-forward pods/<port-forwarding-gw-pod> <local-machine-port>:<debugPort on the Pod>
sysctl -w net.ipv4.ip_local_port_range="30410 30435"
PROFILES=" -Dspring.profiles.include=use_ssl_with_client_cert_and_digest_auth,client_certificate_and_digest_auth,RestTemplateConfiguration_X509_client_cert_auth"
LOGGING_PROPS=" -Dlogging.config=file:/app/port-forwarding-gateway/logback.xml"
# SSC_URL: something like https://${SSC_SERVER_HOST}:9031
SSC_URL=${SSC_RELEASE_URL}
# PROV_URL: something like https://${PROV_SERVER_HOST}:9091
PROV_URL=${PROV_RELEASE_URL}
# PF_GATEWAY_URL: something like https://${PF_GATEWAY_SERVER_HOST}:7070
PF_GATEWAY_URL=${PF_GATEWAY_RELEASE_URL}
PF_GATEWAY_ENCRYPTION_KEY=${PF_GATEWAY_RELEASE_ENCRYPTION_KEY:='MyToKeN0MyToKeN1'}
PF_GATEWAY_EXT_HOST=${PF_GATEWAY_RELEASE_EXT_HOST:=''}
PF_GATEWAY_EXT_PORT=${PF_GATEWAY_RELEASE_EXT_PORT:='0'}
# SSC URLs
HOST_PROPS=" "
HOST_PROPS+=" -Dtip.wlan.cloudEventDispatcherBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.statusServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.routingServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.alarmServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.systemEventServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.clientServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.serviceMetricServiceBaseUrl=$SSC_URL"
# PROV URLs
HOST_PROPS+=" -Dtip.wlan.customerServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.portalUserServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.firmwareServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.locationServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.manufacturerServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.equipmentServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.profileServiceBaseUrl=$PROV_URL"
# Port-Forwarder Gateway Specific
HOST_PROPS+=" -Dtip.wlan.portForwarderGatewayBaseUrl=$PF_GATEWAY_URL"
HOST_PROPS+=" -Dtip.wlan.websocketSessionTokenEncryptionKey=$PF_GATEWAY_ENCRYPTION_KEY"
HOST_PROPS+=" -Dtip.wlan.externallyVisibleHostName=$PF_GATEWAY_EXT_HOST"
HOST_PROPS+=" -Dtip.wlan.externallyVisiblePort=$PF_GATEWAY_EXT_PORT"
REMOTE_DEBUG_PORT=5010
REMOTE_DEBUG=" -agentlib:jdwp=transport=dt_socket,server=y,address=*:$REMOTE_DEBUG_PORT,suspend=n"
export ALL_PROPS="$PROFILES $LOGGING_PROPS $HOST_PROPS $REMOTE_DEBUG"
java $ALL_PROPS -jar app.jar

3
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml
View File

@@ -4,4 +4,5 @@ metadata:
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

41
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
View File

@@ -22,9 +22,10 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness-opensync-gw
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
@@ -47,17 +48,17 @@ spec:
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
fi
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: PF_GATEWAY_RELEASE_URL
@@ -71,13 +72,19 @@ spec:
value: {{ .Values.externallyVisible.host }}
- name: PF_GATEWAY_RELEASE_EXT_PORT
value: "{{ .Values.externallyVisible.port }}"
- name: EXT_PORT_RANGE_START
value: "{{ include "apDebugPortsStart" . }}"
- name: EXT_PORT_RANGE_END
value: "{{ sub (include "apDebugPortsEnd" . | atoi) 1 }}"
- name: JVM_MEM_OPTIONS
value: "{{ include "jmxPrometheus.jvmOpts" . }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -92,6 +99,13 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -106,9 +120,9 @@ spec:
- mountPath: /app/port-forwarding-gateway/logback.xml
name: configuration
subPath: logback.xml
- mountPath: /app/run.sh
name: configuration
subPath: run.sh
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -121,7 +135,8 @@ spec:
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- include "container.dev.debugport" . | nindent 10 }}
{{- include "container.dev.apDebugPorts" . | nindent 10 }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -139,9 +154,11 @@ spec:
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
secretName: tip-common-kafka-client-certs
defaultMode: 0400
- name: configuration
configMap:
name: {{ include "common.fullname" . }}-config
defaultMode: 0755
defaultMode: 0755
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/pod-monitor.yaml Normal file
View File

@@ -0,0 +1 @@
{{ include "jmxPrometheus.podMonitor" . }}

13
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml
View File

@@ -1,14 +1,5 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }}
@@ -19,6 +10,4 @@ metadata:
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- if .Values.creds.enabled }}
websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
{{- end }}
websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}

10
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml
View File

@@ -12,14 +12,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,10 +27,10 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
{{- include "service.dev.debugport" . | nindent 2 }}
{{- end }}
{{- include "service.dev.apDebugPorts" . | nindent 2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

70
tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml
View File

@@ -11,7 +11,7 @@ replicaCount: 1
image:
name: wlan-port-forwarding-gateway-service
tag: 0.0.1-SNAPSHOT
tag: 1.0.1
nameOverride: ""
fullnameOverride: ""
@@ -50,6 +50,9 @@ probes:
successThreshold: 1
failureThreshold: 3
scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext:
privileged: true
@@ -64,7 +67,7 @@ securityContext:
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -78,46 +81,24 @@ service:
port3: 5010
name3: debug-appl
nodePort3: '03'
nodePortStatic: true ## if true, nodePort ports are calculated by Helm based on the given start index and length; if false, nodePort ports are chosen dynamically by k8s
# The below ports are the ports that Java would choose as Local ports whenever it opens up
# The below range will be combined with the nodePortPrefixExt to create a list of ports.
# e.g. nodePortPrefixExt = 304, accessPointDebugPortRange.start = 10, accessPointDebugPortRange.length = 2, resulting ports = 30410, 30411
# These ports are the ports that Java would choose as Local ports whenever it opens up
# a developer session for debug.
# These ports are therefore assigned as container ports (in the deployment.yaml), so we
# These ports are therefore assigned as container ports (in the deployment.yaml), so we
# can reach them from inside the cluster.
# Also, we open equivalent NodePorts on the Kubernetes cluster (see service.yaml), so a developer
# can connect to it to debug an AP.
# NOTE: Another way to reach these container ports without opening NodePorts was to use
# NOTE: Another way to reach these container ports without opening NodePorts was to use
# kubectl port forwarding. However, we dont want the developer to install kubectl.
debugPorts:
- 30410
- 30411
- 30412
- 30413
- 30414
- 30415
- 30416
- 30417
- 30418
- 30419
- 30420
- 30421
- 30422
- 30423
- 30424
- 30425
- 30426
- 30427
- 30428
- 30429
- 30430
- 30431
- 30432
- 30433
- 30434
- 30435
accessPointDebugPortRange:
start: 10
length: 26
creds:
enabled: true
websocketSessionTokenEncKey: DUMMY_ENC_KEY
opensyncgw:
@@ -132,24 +113,20 @@ ingress:
hosts:
- host: example.com
paths: [
/portal
/portal
]
tls:
tls:
- secretName: portal-secret
hosts:
- example.com
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 350Mi
requests:
cpu: 10m
memory: 280Mi
nodeSelector: {}
@@ -175,4 +152,3 @@ env:
service: wlan-port-forwarding-gateway-service
port: 7070

2
tip-wlan/charts/wlan-portal-service/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

5
tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
View File

@@ -7,7 +7,7 @@
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<configuration scan="true" scanPeriod="30 seconds">
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
@@ -46,7 +46,6 @@
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
@@ -71,5 +70,5 @@
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

14
tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties Normal file
View File

@@ -0,0 +1,14 @@
truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS
sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA

2
tip-wlan/charts/wlan-portal-service/templates/configmap.yaml
View File

@@ -4,4 +4,4 @@ metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

6
tip-wlan/charts/wlan-portal-service/templates/ingress.yaml
View File

@@ -32,6 +32,12 @@ spec:
- host: {{ .host | quote }}
http:
paths:
{{- if $.Values.ingress.lb_https_redirect }}
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
{{- end }}
{{- range .paths }}
- path: {{ . }}
backend:

1
tip-wlan/charts/wlan-portal-service/templates/pod-monitor.yaml Normal file
View File

@@ -0,0 +1 @@
{{ include "jmxPrometheus.podMonitor" . }}

6
tip-wlan/charts/wlan-portal-service/templates/secret.yaml
View File

@@ -1,8 +1,10 @@
{{- if not .Values.tlsv13.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
name: {{ include "common.fullname" . }}-ssl-config
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
{{- end }}

10
tip-wlan/charts/wlan-portal-service/templates/service.yaml
View File

@@ -5,6 +5,10 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -12,14 +16,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,7 +31,7 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}

59
tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -7,13 +7,14 @@ metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
podManagementPolicy: Parallel
serviceName: {{ include "common.fullname" . }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
{{ toYaml .Values.updateStrategy | indent 4 }}
template:
metadata:
labels:
@@ -30,7 +31,7 @@ spec:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.schedulerName }}
@@ -38,33 +39,49 @@ spec:
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
{{- include "jmxPrometheus.initContainer" . | nindent 6 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: FILE_STORE_DIRECTORY_INTERNAL
value: {{ $file_store_path }}
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -79,6 +96,13 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port1 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -90,11 +114,16 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/portal/logback.xml
- mountPath: /app/portal/log
name: logback-config
subPath: logback.xml
{{- if not .Values.tlsv13.enabled }}
- mountPath: /app/portal/certs
name: ssl-config
{{- end }}
- mountPath: {{ $file_store_path }}
name: file-store-data
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -107,6 +136,7 @@ spec:
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -125,14 +155,21 @@ spec:
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
secretName: tip-common-postgres-client-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
{{- if not .Values.tlsv13.enabled }}
- name: ssl-config
secret:
secretName: {{ include "common.fullname" . }}-ssl-config
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: file-store-data
emptyDir: {}
{{- end }}
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
@@ -150,4 +187,4 @@ spec:
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

68
tip-wlan/charts/wlan-portal-service/values.yaml
View File

@@ -9,11 +9,9 @@
replicaCount: 1
image:
name: wlan-portal-service
tag: 0.0.1-SNAPSHOT
tag: 1.0.1
nameOverride: ""
fullnameOverride: ""
@@ -48,6 +46,9 @@ probes:
successThreshold: 1
failureThreshold: 3
scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {}
# capabilities:
@@ -61,7 +62,7 @@ securityContext: {}
testsEnabled: false
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -74,34 +75,46 @@ service:
nodePort2: 52
port3: 5006
name3: debug
nodePort3: 15
nodePort3: 15
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
ingress:
enabled: false
lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: wlan-portal-service.zone3.lab.connectus.ai
paths: [
/portal
]
tls:
- secretName: portal-secret
hosts:
- wlan-portal-service.zone3.lab.connectus.ai
hosts: []
# - host: wlan-portal-service.local
# paths: [
# /portal
# ]
tls: []
# - secretName: portal-secret
# hosts:
# - wlan-portal-service.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 450Mi
requests:
cpu: 50m
memory: 420Mi
persistence:
enabled: false
@@ -123,7 +136,7 @@ affinity: {}
# Transport-Server-passthrough properties
tsp:
host: wlan-portal-service.zone3.lab.connectus.ai
host: wlan-portal-service.local
env:
protocol: https
@@ -140,3 +153,6 @@ env:
# on the PV
filestore:
internal: "/tmp/filestore"
tlsv13:
enabled: true

2
tip-wlan/charts/wlan-prov-service/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

3
tip-wlan/charts/wlan-prov-service/resources/config/logback.xml
View File

@@ -46,7 +46,6 @@
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
@@ -71,5 +70,5 @@
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

10
tip-wlan/charts/wlan-prov-service/templates/configmap.yaml
View File

@@ -4,11 +4,11 @@ metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
datasource.properties: |-
singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db
singleDataSource.username={{ .Values.global.postgres.singleDataSource.username }}
singleDataSource.password={{ .Values.global.postgres.singleDataSource.password }}
singleDataSource.driverClass=org.postgresql.Driver
singleDataSource.ssl=true
singleDataSource.sslmode=verify-ca
@@ -16,4 +16,4 @@ data:
singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}
singleDataSource.sslkeypassword={{ .Values.global.certificatePasswords.sslKey }}

72
tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
View File

@@ -23,10 +23,12 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
{{- include "jmxPrometheus.initContainer" . | nindent 8 }}
- name: wait-for-services
image: opsfleet/depends-on:latest
args:
- "-service={{ .Release.Name }}-postgresql"
- -check_interval=5
- name: {{ include "common.name" . }}-create-db-schema
env:
- name: POSTGRESQL_PORT_NUMBER
@@ -51,19 +53,19 @@ spec:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: postgres:latest
imagePullPolicy: IfNotPresent
image: {{ .Values.postgresql.image }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
command:
- sh
- -c
- |
- |
apt update
apt -y install curl
echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.1/sql/cloud-sdk-schema-postgresql-db-user.sql"
curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.1/sql/cloud-sdk-schema-postgresql-tables.sql"
echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
### really ready when running Postgres in Master-Slave config... hence the below retry-logic
psql 'host={{ $pg }} port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-db-user.sql
status=$(echo $?)
@@ -95,7 +97,7 @@ spec:
protocol: TCP
resources:
requests:
cpu: 250m
cpu: 50m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
@@ -118,20 +120,42 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: tip_wlan_AsyncExecutor_CorePoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
- name: tip_wlan_AsyncExecutor_MaxPoolSize
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
- name: tip_wlan_AsyncExecutor_QueueCapacity
value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
- name: tip_wlan_httpClientConfig_maxConnectionsTotal
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
- name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
- name: tip_wlan_maxHttpThreads
value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
- name: JVM_MEM_OPTIONS
value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
- name: singleDataSource_maxTotalConnections
value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}"
- name: singleDataSource_maxIdleConnections
value: "{{ .Values.scalability.singleDataSource_maxIdleConnections }}"
- name: singleDataSource_maxPreparedStatements
value: "{{ .Values.scalability.singleDataSource_maxPreparedStatements }}"
- name: singleDataSource_maxIdlePreparedStatements
value: "{{ .Values.scalability.singleDataSource_maxIdlePreparedStatements }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -146,6 +170,13 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
startupProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -172,6 +203,8 @@ spec:
- mountPath: /app/prov/datasource.properties
name: logback-config
subPath: datasource.properties
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
{{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -183,7 +216,8 @@ spec:
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- end }}
{{- include "jmxPrometheus.port" . | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -201,7 +235,7 @@ spec:
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
secretName: tip-common-postgres-client-certs
defaultMode: 0400
- name: logback-config
configMap:
@@ -209,4 +243,6 @@ spec:
- name: data
emptyDir: {}
- name: dshm
emptyDir: {}
emptyDir: {}
{{- include "jmxPrometheus.configVolume" . | nindent 6 }}
{{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

1
tip-wlan/charts/wlan-prov-service/templates/pod-monitor.yaml Normal file
View File

@@ -0,0 +1 @@
{{ include "jmxPrometheus.podMonitor" . }}

24
tip-wlan/charts/wlan-prov-service/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
rules:
- apiGroups: ["batch", "apps", ""]
resources: ["pods", "services", "jobs"]
verbs: ["get", "list", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.fullname" . }}-depends-on
namespace: {{ include "common.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
roleRef:
kind: Role
name: {{ include "common.fullname" . }}-depends-on
apiGroup: rbac.authorization.k8s.io

19
tip-wlan/charts/wlan-prov-service/templates/secret.yaml
View File

@@ -1,14 +1,5 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }}
@@ -19,9 +10,7 @@ metadata:
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- if .Values.creds.enabled }}
postgresql-password: {{ .Values.creds.db.postgresUser.password | b64enc | quote }}
tipuser-password: {{ .Values.creds.db.tipUser.password | b64enc | quote }}
schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
{{- end }}
postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }}
tipuser-password: {{ .Values.global.tip.password | b64enc | quote }}
schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}

8
tip-wlan/charts/wlan-prov-service/templates/service.yaml
View File

@@ -12,14 +12,14 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
@@ -27,9 +27,9 @@ spec:
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
{{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

71
tip-wlan/charts/wlan-prov-service/values.yaml
View File

@@ -11,7 +11,7 @@ replicaCount: 1
image:
name: wlan-prov-service
tag: 0.0.1-SNAPSHOT
tag: 1.0.1
nameOverride: ""
fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
successThreshold: 1
failureThreshold: 3
scheme: HTTPS
startupProbe:
periodSeconds: 30
failureThreshold: 500
securityContext: {}
# capabilities:
@@ -58,24 +61,8 @@ securityContext: {}
# Enable/Disable Helm tests
testsEnabled: false
creds:
enabled: true
db:
postgresUser:
password: DUMMY_POSTGRES_PASSWORD
tipUser:
password: DUMMY_TIPUSER_PASSWORD
schema_repo:
username: DUMMY_SCHEMA_REPO_USERNAME
password: DUMMY_SCHEMA_REPO_PASSWORD
postgres:
singleDataSourceUsername: DUMMY_POSTGRES_USER
singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
# Enable/Disable Remote debugging
debug:
debug:
enabled: false
service:
@@ -86,6 +73,29 @@ service:
name2: secondary-port
port3: 5007
name3: debug
nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
scalability:
#asynchronous task executor - monitor metrics and adjust if tasks start being rejected
tip_wlan_AsyncExecutor_CorePoolSize: 10
tip_wlan_AsyncExecutor_MaxPoolSize: 50
tip_wlan_AsyncExecutor_QueueCapacity: 50
#max total number of persistent connections in the http client pool
tip_wlan_httpClientConfig_maxConnectionsTotal: 100
#max number of persistent connections in the http client pool per destination
tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
#max number of concurrent REST API calls a single instance of this service can process
tip_wlan_maxHttpThreads: 100
#memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
JVM_MEM_OPTIONS: " "
#max number of connections to PostgreSQL database
singleDataSource_maxTotalConnections: 8
#max number of idle connections to PostgreSQL database
singleDataSource_maxIdleConnections: 8
#max number of cached prepared statements used in PostgreSQL database
singleDataSource_maxPreparedStatements: 200
#max number of cached idle prepared statements used in PostgreSQL database
singleDataSource_maxIdlePreparedStatements: 200
ingress:
enabled: false
@@ -95,24 +105,20 @@ ingress:
hosts:
- host: example.com
paths: [
/portal
/portal
]
tls:
tls:
- secretName: portal-secret
hosts:
- example.com
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
resources:
limits:
cpu: 500m
memory: 320Mi
requests:
cpu: 10m
memory: 300Mi
nodeSelector: {}
@@ -120,8 +126,9 @@ tolerations: []
affinity: {}
postgresql:
postgresql:
url: postgresql
image: postgres:11
env:
protocol: https

Some files were not shown because too many files have changed in this diff Show More