release v1.0.1

* automate Helm chart release process

.github/workflows/enforce-jira-issue-key.yml

@@ -0,0 +1,37 @@
+name: Ensure Jira issue is linked
+
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  check_for_issue_key:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log into Jira
+        uses: atlassian/gajira-login@v2.0.0
+        env: 
+          JIRA_BASE_URL: ${{ secrets.TIP_JIRA_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.TIP_JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.TIP_JIRA_API_TOKEN }}
+      - name: Find issue key in PR title
+        id: issue_key_pr_title
+        continue-on-error: true
+        uses: atlassian/gajira-find-issue-key@v2.0.2
+        with:
+          string: ${{ github.event.pull_request.title }}
+          from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
+      - name: Find issue key in branch name
+        continue-on-error: true
+        id: issue_key_branch_name
+        uses: atlassian/gajira-find-issue-key@v2.0.2
+        with:
+          string: ${{ github.event.pull_request.head.ref }}
+          from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
+
+      - name: Check if issue key was found
+        run: |
+          if [[ -z "${{ steps.issue_key_pr_title.outputs.issue }}" && -z "${{ steps.issue_key_branch_name.outputs.issue }}" ]]; then
+             echo "Jira issue key could not be found!"
+             exit 1
+          fi

.github/workflows/helm-build.yml

@@ -3,28 +3,60 @@ name: Helm CI - TIP WLAN Cloud Master
 on: 
   push:
     branches: [ master ]
+    tags: [ "v*" ]
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-        with:
-          ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
-          submodules: true
-      - name: Login to TIP Docker registry 
-        uses: azure/docker-login@v1
-        with:
-          login-server: tip-tip-wlan-cloud-docker-repo.jfrog.io
-          username: build-pipeline
-          password: ${{ secrets.DOCKER_REPO_PASSWORD }}
       - name: Login to TIP Helm chart registry
         run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }}
       - name: Build tip-wlan chart file
-        run: tar -czf tip-wlan.tgz tip-wlan
-      - name: Upload tip-wlan chart to the TIP helm registry
-        run: curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan.tgz"
-      - name: Verify that chart was uploaded successfully
         run: |
-          helm repo update
-          helm search repo tip
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            PACKAGE_OPTS="--version ${GITHUB_REF#refs/tags/v}"
+          else
+            PACKAGE_OPTS=""
+          fi
+          helm package $PACKAGE_OPTS -u tip-wlan
+      - name: Store chart as artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: helm-chart
+          path: tip-wlan-*.tgz
+      - name: Upload tip-wlan chart to the TIP helm registry
+        run: |
+          if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
+            curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-${GITHUB_REF#refs/tags/v}.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-${GITHUB_REF#refs/tags/v}.tgz"
+          else
+            curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-*.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-master.tgz"
+          fi
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [ build ]
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - uses: actions/checkout@v2
+      - name: setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.8"
+      - name: install keepachangelog
+        run: pip install keepachangelog
+      - name: create release description
+        continue-on-error: true
+        run: python .github/workflows/prepare-release-description.py ${GITHUB_REF#refs/tags/v} > RELEASE.md
+      - name: download Helm chart artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: helm-chart
+      - name: create release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          files: tip-wlan-*.tgz
+          body_path: RELEASE.md
+          prerelease: ${{ contains(github.ref, 'rc') }}

.github/workflows/helm-validation.yml

@@ -45,7 +45,8 @@ jobs:
           helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
 
           echo "Kube-score test"
-          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
+          # will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
+          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score - || true
       - name: Test glusterfs
         working-directory: glusterfs/kube-templates
         run: |
@@ -53,4 +54,5 @@ jobs:
           /tmp/k8s-validators/kubeval *.yaml
 
           echo "Kube-score test"
-          /tmp/k8s-validators/kube-score score *.yaml
+          # will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
+          /tmp/k8s-validators/kube-score score *.yaml || true

.github/workflows/nightly-scenario-test.yml

@@ -0,0 +1,98 @@
+name: Nightly testing of all supported deployment scenarios
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron: '15 0 * * *'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  microk8s:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout PKI scripts repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-pki-cert-scripts
+        repository: Telecominfraproject/wlan-pki-cert-scripts
+
+    - name: Checkout Cloud SDK repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-cloud-helm
+        repository: Telecominfraproject/wlan-cloud-helm
+
+    - name: Generate and copy certs
+      working-directory: wlan-pki-cert-scripts
+      run: |
+        ./generate_all.sh
+        ./copy-certs-to-helm.sh ../wlan-cloud-helm
+
+    - name: Determine public IP address
+      id: ip
+      uses: haythem/public-ip@v1.2
+
+    - uses: balchua/microk8s-actions@v0.2.1
+      with:
+        channel: 'latest/stable'
+        addons: '["dns", "helm3", "storage", "metallb:${{ steps.ip.outputs.ipv4 }}-${{ steps.ip.outputs.ipv4 }}"]'
+
+    - name: Deploy Cloud SDK
+      working-directory: wlan-cloud-helm
+      run: |
+        helm dependency update tip-wlan
+        # Github runners only have 2 CPU cores and 7GB of RAM. Thus we need to disable some of our resource requests
+        helm upgrade --install tip-wlan tip-wlan -f tip-wlan/example-values/microk8s-basic/values.yaml --create-namespace --namespace tip --set cassandra.resources=null --wait --timeout 10m
+
+    - name: Show pod state on deployment failure
+      if: failure()
+      run: |
+        kubectl get pods -n tip
+        kubectl describe pods -n tip
+
+    - name: Set custom DNS entries
+      run: |
+        sudo sh -c "echo -n \"\n${{ steps.ip.outputs.ipv4 }} wlan-ui.wlan.local wlan-ui-graphql.wlan.local\" >> /etc/hosts"
+
+    - name: Test HTTP endpoints
+      run: |
+        # this is needed to make until work
+        set +e
+
+        urls="https://wlan-ui.wlan.local https://wlan-ui-graphql.wlan.local/graphql"
+        for url in $urls; do
+          max_retry=300
+          counter=0
+          until curl --silent --insecure $url > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $url not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached URL $url
+        done
+
+    - name: Test MQTT and OpenSync endpoints
+      working-directory: wlan-cloud-helm/tip-wlan/resources/certs
+      run: |
+        # this is needed to make until work
+        set +e
+
+        endpoints="${{ steps.ip.outputs.ipv4 }}:1883 ${{ steps.ip.outputs.ipv4 }}:6640 ${{ steps.ip.outputs.ipv4 }}:6643"
+        for endpoint in $endpoints; do
+          max_retry=300
+          counter=0
+          until echo Q | openssl s_client -connect $endpoint -CAfile cacert.pem -cert clientcert.pem -key clientkey.pem > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$endpoint not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $endpoint not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached endpoint $endpoint
+        done
+ 

.github/workflows/prepare-release-description.py

@@ -0,0 +1,24 @@
+import sys
+
+import keepachangelog
+
+CATEGORIES = ['added', 'changed', 'deprecated', 'removed', 'fixed', 'security']
+
+version = sys.argv[1]
+
+try:
+    changes = keepachangelog.to_dict("CHANGELOG.md")[version]
+except KeyError:
+    print(f'No changelog entry for version {version}', file=sys.stderr)
+    exit(1)
+
+
+print('## Changelog')
+for category in CATEGORIES:
+    entries = changes.get(category, [])
+
+    if entries:
+        print(f'### {category.capitalize()}') 
+
+    for entry in entries:
+        print(f'- {entry}') 

.github/workflows/testing.yml

@@ -0,0 +1,103 @@
+name: CloudSDK deployment and testing
+
+env:
+  PR_NUMBER: ${{ github.event.number }}
+  HELM_RELEASE_PREFIX: tip-wlan
+  AWS_EKS_NAME: tip-wlan-main
+  AWS_DEFAULT_OUTPUT: json
+  AWS_DEFAULT_REGION: us-east-2
+  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+on:
+  pull_request:
+     branches: [ master ]
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout required repos
+      uses: actions/checkout@v2
+      with:
+        path: wlan-pki-cert-scripts
+        repository: Telecominfraproject/wlan-pki-cert-scripts
+    - name: Checkout Cloud SDK repo
+      uses: actions/checkout@v2
+      with:
+        path: wlan-cloud-helm
+        repository: Telecominfraproject/wlan-cloud-helm
+    - name: Checkout helm values repo
+      uses: actions/checkout@v2
+      with:
+        path: Toolsmith
+        repository: Telecominfraproject/Toolsmith
+        token: ${{ secrets.PAT_TOKEN }}
+
+    - name: Generate Helm values file
+      run: |
+        ./Toolsmith/helm-values/aws-cicd-testing-pr-deployment.yaml.sh ${{ env.PR_NUMBER }} > pr-deployment.yaml
+
+    - name: Generate certs
+      working-directory: wlan-pki-cert-scripts
+      run: |
+        ./generate_all.sh
+        ./copy-certs-to-helm.sh ../wlan-cloud-helm
+
+    - name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
+      run: |
+        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
+
+    - name: Deploy Cloud SDK
+      run: |
+        helm dependency update wlan-cloud-helm/${{ env.HELM_RELEASE_PREFIX }}
+        # using a timeout of 20 minutes as the EKS nodes may need to be scaled which takes some time
+        helm upgrade --install ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} wlan-cloud-helm/tip-wlan -f pr-deployment.yaml --create-namespace --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait --timeout 20m
+
+  test:
+    runs-on: ubuntu-latest
+    needs: [ deploy ]
+    steps:
+    - name: Execute tests
+      run: |
+        echo Running tests...
+        # this is needed to make until work
+        set +e
+
+        urls="https://wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build/graphql"
+        for url in $urls; do
+          max_retry=300
+          counter=0
+          until curl --silent $url > /dev/null
+          do
+             sleep 1
+             [[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
+             echo "#$counter: $url not reachable. trying again..."
+             ((counter++))
+          done
+          echo Successfully reached URL $url
+        done
+
+        echo Tests were successful
+
+  cleanup:
+    runs-on: ubuntu-latest
+    needs: [ deploy, test ]
+    if: ${{ always() }}
+    steps:
+    - name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
+      run: |
+        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
+
+    - name: Delete Cloud SDK Helm release
+      run: |
+        helm delete ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} || true
+
+    - name: Delete namespace
+      run: |
+        kubectl delete namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait=true --ignore-not-found true

.gitignore

@@ -4,14 +4,14 @@
 *.p12
 *.csr
 *.cnf
+*.key
 *.DS_Store
-*.lock
 
 # local development
+*.lock
 *.local_dev
-tip-wlan/resources/certs
-tip-wlan/resources/scripts
 
-stern*
+*.zip
 *.tgz
+stern*
 helmfile

CHANGELOG.md

@@ -0,0 +1,47 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.1] - 2021-04-12
+
+### Changed
+
+- bump cloud controller version to 1.0.1
+
+### Fixed
+
+- correct SQL and CQL schema URLs
+
+## [1.0.0] - 2021-04-01
+
+### Added
+
+- replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
+- centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+
+### Changed
+
+- improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
+
+### Removed
+
+- removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
+- various outdated sections in values.yaml and environment files
+- various secrets in subcharts as they are now part of the parent chart
+- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
+
+### Fixed
+
+- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
+
+## [0.4.0] - 2021-01-28
+
+### Added
+
+- initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
+- [changes since first commit](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4)

README.md

@@ -1,16 +1,68 @@
 # wlan-cloud-helm
 This repository contains helm charts for various deployment types of the tip wlan cloud services.
 
+# IMPORTANT - Cloud Controller Helm charts v0.4 to v1.x migration procedure
+
+We've introduced breaking changes to how Cloud Controller database charts are managed.
+If you want to preserve your data when moving from v0.4 to v1.x of the Cloud Controller Helm charts, follow the steps outlined below.
+If you can re-install your Cloud Controller and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.
+
+## Prerequisites
+
+1. Checkout latest wlan-cloud-helm repository
+2. Have your certificates for existing installation
+3. Helm 3.2+
+
+## Procedure
+
+All of the commands should be run under tip-wlan-helm directory.
+
+1. Delete your current Helm release. The following commands will remove the pods, however, the PVC (your databases data) **won't be deleted**:
+```
+helm list -n default (to look up the name of the release)
+helm uninstall -n default tip-wlan (tip-wlan is usually the name of the release)
+```
+2. Replace `REPLACEME` with your storage class name in the `tip-wlan/resources/environments/migration.yaml` file. You can check the available storageclasses with the `kubectl get storageclass` command.
+3. Update your values file that you used for deploying the original release with the values from `migration.yaml` to preserve existing cassandra\postgres data (or skip that step and use the second upgrade command mentioned in #7)
+4. If you want to preserve the PKI certificates from the original Helm installation, copy them to a new location using the command below (or checkout the latest wlan-pki-cert-script repo and use `copy-certs-to-helm.sh %path_to_new_helm_code%` to generate new self-signed keys):
+```
+find . -regextype posix-extended -regex '.+(jks|pem|key|pkcs12|p12)$' -exec cp "{}" tip-wlan/resources/certs/ \;
+```
+5. Remove the old charts from the helm directory, so that the upgrade command can successfully pull new chart depedencies:
+```
+rm -rf tip-wlan/charts/cassandra tip-wlan/charts/kafka tip-wlan/charts/postgresql
+```
+6. Pull 3rd party subcharts:
+```
+helm dependency update tip-wlan
+```
+7. Perform Helm upgrade:
+```
+helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/your_values_with_fixes.yaml
+```
+
+Alternatively, you can run the upgrade command as follows (the order of the -f arguments is important!):
+
+```
+helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/original_values.yaml -f tip-wlan/resources/environments/migration.yaml
+```
+
+As a precaution you can also run `helm template` with the same arguments as the upgrade command and examine the output before actually installing the chart
+
 # Deploying the wlan-cloud deployment
- - Run the following command under tip-wlan-helm directory:
- 	- helm install <RELEASE_NAME> tip-wlan/ -n default -f tip-wlan/resources/environments/dev.yaml
-	
-	More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
+Run the following command under tip-wlan-helm directory:
+```
+helm dependency update tip-wlan
+helm upgrade --install <RELEASE_NAME> tip-wlan/ --namespace tip  --create-namespace -f tip-wlan/resources/environments/dev.yaml
+```
+
+More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
 
 # Deleting the wlan-cloud deployment:
-- Run the following command:
-	- helm del tip-wlan -n default
-	
+Run the following command:
+```
+helm del tip-wlan -n tip (replace the namespace with your namespace)
+```
 	(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)
 	
 	To get rid of them (PVC/PV/Endpoints), you can use the following script (expects that you are in the `tip` namespace or add `-n tip` to the below set of commands):
@@ -46,7 +98,6 @@ This repository contains helm charts for various deployment types of the tip wla
  	- helm test <RELEASE_NAME> -n default
 	(For more details add --debug flag to the above command) 
 
-
 # Local environment
 
 In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
@@ -57,7 +108,6 @@ mqtt-server.cnf:
 -commonName_default   = opensync-mqtt-broker.zone1.lab.wlan.tip.build
 +commonName_default   = opensync-mqtt-broker.wlan.local
 
-
 openssl-server.cnf:
 -DNS.1  = opensync-redirector.zone1.lab.wlan.tip.build
 -DNS.2  = opensync-controller.zone1.lab.wlan.tip.build
@@ -92,13 +142,17 @@ done
 
 Run minikube:
 
-```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
+```
+minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10
+```
 
 Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
 
-Deploy CloudSDK chart:
+Deploy Cloud Controller chart:
 
-```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
+```
+helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default
+```
 
 Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
 
@@ -133,7 +187,6 @@ Firefox:
 2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
 Repeat the step for `https://wlan-ui-graphql.wlan.local`
 
-
 Chrome and other browsers using system certificate store:
 
 1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
@@ -173,4 +226,4 @@ xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
 
 ```
 
-2. Double click on it, enter the system admin password, if prompted.
+2. Double click on it, enter the system admin password, if prompted.

glusterfs/README.md

@@ -28,7 +28,6 @@ For other issues faced during deployment, see here:
     - If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources.
     - If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources.
 
-
 - Deletion:
   ./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE>
     - Note: 

glusterfs/gk-deploy

@@ -990,7 +990,6 @@ parameters:
   output ""
 fi
 
-
 if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then
   if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then
     eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs"

tip-wlan/Chart.yaml

@@ -14,11 +14,11 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.0
+version: 1.0.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.16.0
+appVersion: 1.0.1
 
 home: https://telecominfraproject.com/wifi/
 sources:

tip-wlan/charts/common/Chart.yaml

@@ -7,5 +7,5 @@ version: 0.1.0
 
 dependencies:
   - name: efs-provisioner
-    version: 1.0.0
+    version: 1.0.1
     condition: efs-provisioner.enabled

tip-wlan/charts/common/charts/efs-provisioner/Chart.yaml

@@ -4,4 +4,4 @@
 apiVersion: v1
 description: EFS-Provisioner Chart to be used by other charts for file storage
 name: efs-provisioner
-version: 1.0.0
+version: 1.0.1

tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     {{- include "common.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.provisioner.replicaCount }}
-  strategy: 
+  strategy:
     type: {{ .Values.provisioner.strategyType }}
   selector:
     matchLabels:

tip-wlan/charts/common/templates/_env.tpl

@@ -1,12 +1,5 @@
-{{/*
-  Resolve the environment variables to apply to a chart. The default namespace suffix
-  is the name of the chart. This can be overridden if necessary (eg. for subcharts)
-  using the following value:
-
-  - .Values.nsPrefix  : override namespace prefix
-*/}}
 {{- define "common.namespace" -}}
-  {{- default .Values.global.nsPrefix -}}
+  {{- .Release.Namespace -}}
 {{- end -}}
 
 {{- define "common.env" -}}

tip-wlan/charts/common/templates/_namespace.tpl

@@ -1,10 +0,0 @@
-{{/*
-  Resolve the namespace to apply to a chart. The default namespace suffix
-  is the name of the chart. This can be overridden if necessary (eg. for subcharts)
-  using the following value:
-
-  - .Values.nsPrefix  : override namespace prefix
-*/}}
-{{- define "common.namespace" -}}
-  {{- default .Values.global.nsPrefix -}}
-{{- end -}}

tip-wlan/charts/common/templates/_ports.tpl

@@ -1,24 +1,41 @@
 {{/*
-    This template will be used to iterate through the debug-ports and generate
-    debug-ports mapping
+    This template will be used to iterate through the access point debug ports and generate
+    access point debug ports mapping
   */}}
 
-{{- define "container.dev.debugport" -}}
-  {{- range $index, $portid := .Values.debugPorts }}
-  - name: debugport-{{ $index }}
-    containerPort: {{ $portid }}
+{{- define "apDebugPortsStart" -}}
+{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
+{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
+{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
+{{- printf "%d%d" $portPrefix $start -}}
+{{- end -}}
+
+{{- define "apDebugPortsEnd" -}}
+{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
+{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
+{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
+{{- printf "%d%d" $portPrefix $end -}}
+{{- end -}}
+
+
+{{- define "container.dev.apDebugPorts" -}}
+{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
+  {{- range $index, $port := $accessPointDebugPorts }}
+  - name: apdebugport-{{ $index }}
+    containerPort: {{ $port }}
     protocol: TCP
   {{- end }}
 {{- end -}}
 
-{{- define "service.dev.debugport" -}}
-  {{- range $index, $portid := .Values.debugPorts }}
-  - port: {{ $portid }}
-    targetPort: {{ $portid }}
+{{- define "service.dev.apDebugPorts" -}}
+{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
+  {{- range $index, $port := $accessPointDebugPorts }}
+  - port: {{ $port }}
+    targetPort: {{ $port }}
     protocol: TCP
-    name: debugport-{{ $index }}
+    name: apdebugport-{{ $index }}
     {{- if eq $.Values.service.type "NodePort" }}
-    nodePort: {{ $portid }}
-    {{- end }}   
+    nodePort: {{ $port }}
+    {{- end }}
   {{- end }}
 {{- end -}}

tip-wlan/charts/common/templates/_svc.tpl

@@ -1,5 +1,5 @@
 {{/*
-    Resolve the Postgres service-name to apply to a chart. 
+    Resolve the Postgres service-name to apply to a chart.
 */}}
 {{- define "postgresql.service" -}}
   {{- printf "%s-%s" .Release.Name .Values.postgresql.url | trunc 63 -}}
@@ -19,63 +19,63 @@ else use user-provided URL
 {{- end -}}
 
 {{/*
-  Resolve the Kafka service-name to apply to a chart. 
+  Resolve the Kafka service-name to apply to a chart.
 */}}
 {{- define "kafka.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.kafka.url | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the Cassandra service-name to apply to a chart. 
+  Resolve the Cassandra service-name to apply to a chart.
 */}}
 {{- define "cassandra.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.cassandra.url | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the MQTT service-name to apply to a chart. 
+  Resolve the MQTT service-name to apply to a chart.
 */}}
 {{- define "mqtt.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the integratedcloudcomponent service-name to apply to a chart. 
+  Resolve the integratedcloudcomponent service-name to apply to a chart.
 */}}
 {{- define "integratedcloudcomponent.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the provisioning service-name to apply to a chart. 
+  Resolve the provisioning service-name to apply to a chart.
 */}}
 {{- define "prov.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the ssc service-name to apply to a chart. 
+  Resolve the ssc service-name to apply to a chart.
 */}}
 {{- define "ssc.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the Opensync-gw service-name to apply to a chart. 
+  Resolve the Opensync-gw service-name to apply to a chart.
 */}}
 {{- define "opensyncgw.service" -}}
   {{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw 
+  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
 */}}
 {{- define "portal.sharedPvc.name" -}}
 {{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
 {{- end -}}
 
 {{/*
-  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw 
+  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
 */}}
 {{- define "filestore.dir.name" -}}
   {{- printf "%s" .Values.filestore.internal | trunc 63 -}}

tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

@@ -4,7 +4,8 @@ metadata:
   name: {{ include "nginx-ingress.configName" . }}
   namespace: {{ include "common.namespace" . }}
   labels:
-    {{- include "common.labels" . | nindent 4 }}  
+    {{- include "common.labels" . | nindent 4 }}
 data:
     external-status-address: {{ .Values.controller.config.externalStatusAddress }}
-    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    error-log-level: {{ .Values.controller.config.errorLogLevel }}

tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml

@@ -1,6 +1,6 @@
 {{- if not .Values.byPassNginxForTcpConnections.enabled -}}
 apiVersion: k8s.nginx.org/v1alpha1
-kind: GlobalConfiguration 
+kind: GlobalConfiguration
 metadata:
   name: {{ include "common.name" . }}-global-configuration
   namespace: {{ include "common.namespace" . }}

tip-wlan/charts/nginx-ingress-controller/values.yaml

@@ -40,7 +40,7 @@ controller:
     tag: "1.7.0"
 
     ## The pull policy for the Ingress controller image.
-    pullPolicy: IfNotPresent
+    pullPolicy: Always
 
   config:
     ## The name of the ConfigMap used by the Ingress controller.
@@ -56,6 +56,8 @@ controller:
     ## Max message size coming from the Client
     clientMaxBodySize: "20m"
 
+    ## Error 
+    errorLogLevel: "error"
   ## It is recommended to use your own TLS certificates and keys
   defaultTLS:
     ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
@@ -92,13 +94,13 @@ controller:
   terminationGracePeriodSeconds: 30
 
   ## The resources of the Ingress controller pods.
-  resources: {}
-    # limits:
-    #   cpu: 100m
-    #   memory: 64Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 64Mi
+  resources:
+    limits:
+      cpu: 500m
+      memory: 200Mi
+    requests:
+      cpu: 50m
+      memory: 140Mi
 
   ## The tolerations of the Ingress controller pods.
   tolerations: []
@@ -137,7 +139,7 @@ controller:
 
   ## Enable the custom resources.
   enableTLSPassthrough: true
-  
+
   ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request.
   ## Useful for external health-checking of the Ingress controller.
   healthStatus: false
@@ -274,7 +276,7 @@ rbac:
 
   ## This property will prevent exposing TCP ports for passthrough connections
   ## Instead we are opening up these services as NodePorts
-  ## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX 
+  ## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
   ## as passthrough for TCP Connections
 byPassNginxForTcpConnections:
   enabled: true

tip-wlan/charts/opensync-gw-cloud/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/opensync-gw-cloud/resources/config/certs/httpClientConfig.json

@@ -1,21 +0,0 @@
-{
-    "maxConnectionsTotal": 100,
-    "maxConnectionsPerRoute": 10,
-    "truststoreType": "JKS",
-    "truststoreProvider": "SUN",
-    "truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
-    "truststorePass": "mypassword",
-    "keystoreType": "JKS",
-    "keystoreProvider": "SUN",
-    "keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
-    "keystorePass": "mypassword",
-    "keyAlias": "clientkeyalias",
-    "credentialsList": [
-        {
-            "host": "localhost",
-            "port": -1,
-            "user": "user",
-            "password": "password"
-        }
-    ]
-}

tip-wlan/charts/opensync-gw-cloud/resources/config/certs/ssl.properties

@@ -1,13 +0,0 @@
-truststorePass=mypassword
-truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
-truststoreType=JKS
-truststoreProvider=SUN
-
-keyAlias=1
-keystorePass=mypassword
-keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
-keystoreType=pkcs12
-keystoreProvider=SunJSSE
-
-sslProtocol=TLS
-

tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml

@@ -29,7 +29,7 @@
       <maxFileSize>20MB</maxFileSize>
     </triggeringPolicy>
   </appender>
-  
+
   <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>/app/logs/opensyncgw.log</file>
     <append>true</append>
@@ -45,23 +45,23 @@
       <maxFileSize>20MB</maxFileSize>
     </triggeringPolicy>
   </appender>
-      
+
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
-   
-  runtime configuration, if need to override the defaults: 
+
+  runtime configuration, if need to override the defaults:
   	-Dlogback.configurationFile=/path/to/logback.xml
-  
-  for log configuration debugging - use 
+
+  for log configuration debugging - use
   	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
-  
+
   log levels:
-	OFF ERROR WARN INFO DEBUG TRACE  
+	OFF ERROR WARN INFO DEBUG TRACE
    -->
   <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
   <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
   <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
-  
+
   <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
   <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
   <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>

tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml

@@ -27,47 +27,18 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-mqtt-readiness
-          image: eclipse-mosquitto:latest
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
-            status=$(echo $?)
-            echo mosquitto_pub response of the request = $status
-            counter=0
-            while [ $counter -lt 10 ] && [ $status -ne 0 ]
-            do
-              echo {{ $mqtt }} service isnt ready. Tried $counter times
-              sleep 2
-              counter=`expr $counter + 1`
-              mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
-              status=$(echo $?)
-              echo mosquitto_pub response of the request = $status
-            done
-            if [ $status -eq 0 ]
-            then
-              echo {{ $mqtt }} service is ready!
-            else
-              echo {{ $mqtt }} service failed to respond after 20 secs
-              exit 1
-            fi
-          volumeMounts:
-          - mountPath: /certs/cacert.pem
-            name: certificates
-            subPath: cacert.pem
-          - mountPath: /certs/clientcert.pem
-            name: certificates
-            subPath: clientcert.pem
-          - mountPath: /certs/clientkey.pem
-            name: certificates
-            subPath: clientkey.pem
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-opensync-mqtt-broker"
+          - "-service={{ .Release.Name }}-wlan-prov-service"
+          - "-service={{ .Release.Name }}-wlan-ssc-service"
+          - -check_interval=5
       {{- if .Values.global.integratedDeployment }}
         - name: {{ include "common.name" . }}-readiness-int-cloud
           image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh
           - -c
@@ -76,34 +47,7 @@ spec:
             url=https://{{ $icc }}/ping
             counter=0
             status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-            do
-              echo ${url} service isnt ready. Tried $counter times
-              sleep 5
-              counter=`expr $counter + 1`
-              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-              echo Http Response code of ping request = $status
-            done
-            if [ $status -eq 200 ]
-            then
-              echo ${url} service is ready!
-            else
-              echo ${url} service failed to respond after 50 secs
-              exit 1
-            fi 
-      {{- else }}
-        - name: {{ include "common.name" . }}-readiness-prov
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            apk add curl
-            url=https://{{ $prov }}/ping
-            counter=0
-            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            while [ $counter -lt 10 ] && [ $status -ne 200 ]
             do
               echo ${url} service isnt ready. Tried $counter times
               sleep 5
@@ -118,48 +62,22 @@ spec:
               echo ${url} service failed to respond after 50 secs
               exit 1
             fi
-        - name: {{ include "common.name" . }}-readiness-ssc
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            apk add curl
-            url=https://{{ $ssc }}/ping
-            counter=0
-            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-            do
-              echo ${url} service isnt ready. Tried $counter times
-              sleep 5
-              counter=`expr $counter + 1`
-              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-              echo Http Response code of ping request = $status
-            done
-            if [ $status -eq 200 ]
-            then
-              echo ${url} service is ready!
-            else
-              echo ${url} service failed to respond after 50 secs
-              exit 1
-            fi        
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port2 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -172,6 +90,11 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           env:
             {{- include "common.env" . | nindent 12 }}
@@ -210,6 +133,22 @@ spec:
               value: {{ .Values.ethernetType.wanType }}
             - name: DEFAULT_WAN_NAME
               value: {{ .Values.ethernetType.wanName }}
+            - name: tip_wlan_ovsdb_listener_threadPoolSize
+              value: "{{ .Values.scalability.tip_wlan_ovsdb_listener_threadPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_CorePoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
+            - name: tip_wlan_AsyncExecutor_MaxPoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_QueueCapacity
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
+            - name: tip_wlan_maxHttpThreads
+              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
             name: certificates
@@ -231,6 +170,8 @@ spec:
             subPath: logback.xml
           - mountPath: {{ $file_store_path }}
             name: file-store-data
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -249,6 +190,7 @@ spec:
               containerPort: {{ .Values.service.port5 }}
               protocol: TCP
             {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -267,7 +209,7 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-opensync-gw-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config
@@ -278,3 +220,5 @@ spec:
       {{- else }}
         emptyDir: {}
       {{- end }}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

tip-wlan/charts/opensync-gw-cloud/templates/pod-monitor.yaml

@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}

tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/opensync-gw-cloud/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/opensync-gw-cloud/templates/service.yaml

@@ -16,28 +16,38 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
     - port: {{ .Values.service.port3 }}
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+      {{- end }}
     - port: {{ .Values.service.port4 }}
       targetPort: {{ .Values.service.port4 }}
       protocol: TCP
       name: {{ .Values.service.name4 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+      {{- end }}
     {{- if .Values.debug.enabled }}
     - port: {{ .Values.service.port5 }}
       targetPort: {{ .Values.service.port5 }}
       protocol: TCP
       name: {{ .Values.service.name5 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
+      {{- end }}
     {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-cloud
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -52,12 +52,15 @@ probes:
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 # Enable/Disable Helm tests
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug: 
+debug:
   enabled: false
 
 service:
@@ -77,6 +80,8 @@ service:
   port5: 5005
   name5: debug
   nodePort5: 26
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 persistence:
   enabled: false
@@ -85,9 +90,9 @@ persistence:
 
 # the filestore internal: location of the folder where UI files will be stored
 # on the PV
-# the filestore url: externally reachable URL i.e.; reachable from AP, where it 
+# the filestore url: externally reachable URL i.e.; reachable from AP, where it
 # can download the files from. Override this value (url) to the configured
-# HTTP server in your system 
+# HTTP server in your system
 filestore:
   internal: "/tmp/filestore"
   url: DUMMY_FILESTORE_HTTPS_URL
@@ -113,9 +118,8 @@ portal:
       name: file-store-data
       ordinal: 0
 
-
 # These are the address and ports for the externalhost
-# This is important for ovsdb and mqtt since 
+# This is important for ovsdb and mqtt since
 # that's what AP sees. Please make sure to override
 # them in dev override file for your respective environments.
 # the default values below would be used if not overriden
@@ -127,14 +131,28 @@ externalhost:
     ovsdb: 6640
     mqtt: 1883
 
-
-
 ethernetType:
   lanName: "lan"
   lanType: "bridge"
   wanType: "bridge"
   wanName: "wan"
 
+scalability:
+  #how many concurrent connections single instance of OpenSyncGateway can accept
+  tip_wlan_ovsdb_listener_threadPoolSize: 50
+  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
+  tip_wlan_AsyncExecutor_CorePoolSize: 10
+  tip_wlan_AsyncExecutor_MaxPoolSize: 50
+  tip_wlan_AsyncExecutor_QueueCapacity: 50
+  #max total number of persistent connections in the http client pool
+  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
+  #max number of persistent connections in the http client pool per destination
+  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
+  #max number of concurrent REST API calls a single instance of this service can process
+  tip_wlan_maxHttpThreads:  100
+  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
+  JVM_MEM_OPTIONS: " "
+
 ingress:
   enabled: false
   annotations: {}
@@ -148,17 +166,13 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 750Mi
+  requests:
+    cpu: 10m
+    memory: 500Mi
 
 nodeSelector: {}
 

tip-wlan/charts/opensync-gw-static/resources/config/logback.xml

@@ -13,8 +13,8 @@
       <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
     </encoder>
   </appender>
-  
-  <!-- 
+
+  <!--
   <appender name="FILE" class="ch.qos.logback.core.FileAppender">
     <file>myApp.log</file>
 
@@ -23,7 +23,7 @@
     </encoder>
   </appender>
   -->
-  
+
   <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>/app/logs/opensyncgw.log</file>
     <append>true</append>
@@ -39,37 +39,37 @@
       <maxFileSize>20MB</maxFileSize>
     </triggeringPolicy>
   </appender>
-      
+
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
-   
-  runtime configuration, if need to override the defaults: 
+
+  runtime configuration, if need to override the defaults:
   	-Dlogback.configurationFile=/path/to/logback.xml
-  
-  for log configuration debugging - use 
+
+  for log configuration debugging - use
   	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
-  
+
   log levels:
-	OFF ERROR WARN INFO DEBUG TRACE  
+	OFF ERROR WARN INFO DEBUG TRACE
    -->
   <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
   <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
   <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
-  
+
   <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
   <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
   <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
   <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
-  
+
   <logger name="MQTT_DATA" level="DEBUG"/>
 
-  <!--   
+  <!--
   <logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
    -->
-   
+
   <root level="WARN">
     <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/opensync-gw-static/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/opensync-gw-static/templates/deployment.yaml

@@ -25,16 +25,16 @@ spec:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port2 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -47,7 +47,12 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          {{- end }}       
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port2 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
+          {{- end }}
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
             name: certificates
@@ -92,7 +97,7 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-opensync-gw-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config

tip-wlan/charts/opensync-gw-static/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/opensync-gw-static/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

tip-wlan/charts/opensync-gw-static/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: opensync-gateway-static
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -52,6 +52,9 @@ probes:
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 # Enable/Disable Helm tests
 testsEnabled: false

tip-wlan/charts/opensync-mqtt-broker/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/opensync-mqtt-broker/resources/config/mosquitto.conf

@@ -6,7 +6,18 @@ use_identity_as_username true
 allow_anonymous false
 allow_duplicate_messages true
 autosave_interval 900
-log_dest stdout
+log_dest file /mosquitto/log/mosquitto.log
+log_timestamp true
+log_timestamp_format %Y-%m-%dT%H:%M:%S
+log_type error
+log_type warning
+log_type notice
+log_type information
+# log_type debug
+# log_type websockets
+# log_type subscribe
+# log_type all
+connection_messages true
 max_queued_bytes 0
 max_queued_messages 0
 message_size_limit 0

tip-wlan/charts/opensync-mqtt-broker/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: mosquitto-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/mosquitto.conf").AsConfig | indent 2 }}

tip-wlan/charts/opensync-mqtt-broker/templates/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: opensync-mqtt-broker-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml

@@ -16,11 +16,15 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml

@@ -45,7 +45,8 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: {{ include "common.name" . }}-init-dir-ownership-change
-          image: alpine:3.6
+          image: {{ .Values.alpine.image }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           # Change ownership to `mosquitto` user for a mounted volume
           command:
           - sh
@@ -63,12 +64,12 @@ spec:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.image.name }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port1 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -81,6 +82,11 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.port1 }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           volumeMounts:
           - mountPath: /certs/cacert.pem
@@ -123,7 +129,7 @@ spec:
       volumes:
       - name: opensync-mqtt-broker-truststore
         secret:
-          secretName: opensync-mqtt-broker-certs
+          secretName: tip-common-opensync-mqtt-broker-certs
       - name: opensync-mqtt-broker-conf
         configMap:
             name: mosquitto-config

tip-wlan/charts/opensync-mqtt-broker/values.yaml

@@ -6,7 +6,10 @@ replicaCount: 1
 
 image:
   name: eclipse-mosquitto
-  tag: latest
+  tag: 2.0.3
+
+alpine:
+  image: alpine:3.6
 
 nameOverride: ""
 fullnameOverride: ""
@@ -49,6 +52,9 @@ probes:
     timeoutSeconds: 5
     successThreshold: 1
     failureThreshold: 3
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 # Enable/Disable Helm tests
 testsEnabled: false
@@ -61,6 +67,8 @@ service:
   port2: 9001
   name2: debug
   nodePort2: 32
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false
@@ -75,17 +83,13 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 128Mi
+  requests:
+    cpu: 10m
+    memory: 5Mi
 
 priorityClassName: ""
 
@@ -104,7 +108,7 @@ persistence:
   ## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
   ## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
   ## volumeReclaimPolicy: Retain
-  ## If you want to bind to an existing PV, uncomment below with the pv name 
+  ## If you want to bind to an existing PV, uncomment below with the pv name
   ## and comment storageClass and belowannotation
   ## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
   ## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e

tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml

@@ -25,9 +25,9 @@ spec:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:

tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml

@@ -24,7 +24,9 @@ spec:
       {{- range .hosts }}
         - {{ . | quote }}
       {{- end }}
+      {{- if .secretName }}
       secretName: {{ .secretName }}
+      {{- end }}
   {{- end }}
 {{- end }}
   rules:
@@ -32,6 +34,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,6 +12,8 @@ spec:
       targetPort: {{ .Values.service.port }}
       protocol: TCP
       name: {{ .Values.service.name }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml

@@ -9,9 +9,9 @@
 
 replicaCount: 1
 
-image: 
+image:
   name: wlan-cloud-graphql-gw
-  tag: latest
+  tag: 1.0.1
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -51,33 +51,31 @@ service:
   port: 4000
   name: graphui
   nodePort: 23
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: true
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: wlan-ui-graphql.zone3.lab.connectus.ai
-      paths: [
-         /
-        ]
+  hosts: []
+  #  - host: wlan-ui-graphql.local
+  #    paths: [
+  #       /
+  #      ]
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
-  #      - chart-example.local
+  #      - wlan-ui-graphql.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 128Mi
+  requests:
+    cpu: 10m
+    memory: 128Mi
 
 nodeSelector: {}
 

tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml

@@ -25,11 +25,11 @@ spec:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           env:
           - name: API
             value: {{ .Values.env.graphql }}

tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml

@@ -24,7 +24,9 @@ spec:
       {{- range .hosts }}
         - {{ . | quote }}
       {{- end }}
+      {{- if .secretName }}
       secretName: {{ .secretName }}
+      {{- end }}
   {{- end }}
 {{- end }}
   rules:
@@ -32,6 +34,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-static-portal/values.yaml

@@ -9,9 +9,9 @@
 
 replicaCount: 1
 
-image: 
+image:
   name: wlan-cloud-ui
-  tag: latest
+  tag: 1.0.1
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -50,30 +50,27 @@ service:
 
 ingress:
   enabled: true
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: wlan-ui.zone3.lab.connectus.ai
-      paths: [
-         /
-        ]
+  hosts: []
+  #  - host: wlan-ui.local
+  #    paths: [
+  #       /
+  #      ]
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
-  #      - chart-example.local
+  #      - wlan-ui.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 128Mi
+  requests:
+    cpu: 10m
+    memory: 5Mi
 
 nodeSelector: {}
 

tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml

@@ -46,7 +46,6 @@
     </triggeringPolicy>
   </appender>
 
-
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
 
@@ -71,5 +70,5 @@
     <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml

@@ -19,121 +19,125 @@ spec:
         {{- include "common.selectorLabels" . | nindent 8 }}
     spec:
       imagePullSecrets:
-        - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
       serviceAccountName: {{ include "common.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       {{- if .Values.integratedWithPersistence.enabled }}
       initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
-        - name: {{ include "common.name" . }}-create-db-schema
-          env:
-          - name: POSTGRESQL_PORT_NUMBER
-            value: "5432"
-          - name: POSTGRES_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.fullname" . }}-creds
-                key: postgresql-password
-          - name: SCHEMA_REPO_USER
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.fullname" . }}-creds
-                key: schema-repo-user
-          - name: SCHEMA_REPO_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.fullname" . }}-creds
-                key: schema-repo-password
-          image: postgres:latest
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            apt update
-            apt -y install curl
-            echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
-            curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
-            echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
-            PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
-            exit
-          ports:
-          - containerPort: 5432
-            name: tcp-postgresql
-            protocol: TCP
-          resources:
-            requests:
-              cpu: 250m
-              memory: 256Mi
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          volumeMounts:
-          - mountPath: /dev/shm
-            name: dshm
-          - mountPath: /bitnami/postgresql
-            name: data
+      - name: wait-for-services
+        image: opsfleet/depends-on:latest
+        args:
+        - "-service={{ .Release.Name }}-postgresql"
+        - -check_interval=5
+      - name: {{ include "common.name" . }}-create-db-schema
+        env:
+        - name: POSTGRESQL_PORT_NUMBER
+          value: "5432"
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}-creds
+              key: postgresql-password
+        - name: SCHEMA_REPO_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}-creds
+              key: schema-repo-user
+        - name: SCHEMA_REPO_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}-creds
+              key: schema-repo-password
+        image: postgres:latest
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+        command:
+        - sh
+        - -c
+        - |
+          apt update
+          apt -y install curl
+          echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
+          curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.1/sql/cloud-sdk-schema-postgresql.sql"
+          echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
+          PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
+          exit
+        resources:
+          requests:
+            cpu: 50m
+            memory: 256Mi
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /dev/shm
+          name: dshm
+        - mountPath: /bitnami/postgresql
+          name: data
       {{- end }}
       containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          env:
-            - name: BACKEND_SERVER
-              value: {{ .Release.Name }}-{{ .Chart.Name }}
-          {{- if .Values.probes.enabled }}
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: {{ .Values.service.port1 }}
-              scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
-            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
-            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
-            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: {{ .Values.service.port1 }}
-              scheme: {{ .Values.probes.readinessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
-            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
-            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
-            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          {{- end }}
-          volumeMounts:
-          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
-            name: certificates
-            subPath: client_keystore.jks
-          - mountPath: /opt/tip-wlan/certs/truststore.jks
-            name: certificates
-            subPath: truststore.jks
-          - mountPath: /opt/tip-wlan/certs/server.pkcs12
-            name: certificates
-            subPath: server.pkcs12
-          - mountPath: /app/intcloudcomp/logback.xml
-            name: logback-config
-            subPath: logback.xml
-          ports:
-            - name: {{ .Values.service.name1 }}
-              containerPort: {{ .Values.service.port1 }}
-              protocol: TCP
-            - name: {{ .Values.service.name2 }}
-              containerPort: {{ .Values.service.port2 }}
-              protocol: TCP
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+      - name: {{ .Chart.Name }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}
+        {{- if .Values.global.testingEnabled }}
+        image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+        {{- else }}
+        image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+        {{- end }}
+        imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+        env:
+          - name: BACKEND_SERVER
+            value: {{ .Release.Name }}-{{ .Chart.Name }}
+        {{- if .Values.probes.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.service.port1 }}
+            scheme: {{ .Values.probes.livenessProbe.scheme }}
+          initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
+          failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
+          periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
+          successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.service.port1 }}
+            scheme: {{ .Values.probes.readinessProbe.scheme }}
+          initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
+          failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
+          periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
+          successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+        startupProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.service.port1 }}
+            scheme: {{ .Values.probes.readinessProbe.scheme }}
+          failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+          periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
+        {{- end }}
+        volumeMounts:
+        - mountPath: /opt/tip-wlan/certs/client_keystore.jks
+          name: certificates
+          subPath: client_keystore.jks
+        - mountPath: /opt/tip-wlan/certs/truststore.jks
+          name: certificates
+          subPath: truststore.jks
+        - mountPath: /opt/tip-wlan/certs/server.pkcs12
+          name: certificates
+          subPath: server.pkcs12
+        - mountPath: /app/intcloudcomp/logback.xml
+          name: logback-config
+          subPath: logback.xml
+        ports:
+          - name: {{ .Values.service.name1 }}
+            containerPort: {{ .Values.service.port1 }}
+            protocol: TCP
+          - name: {{ .Values.service.name2 }}
+            containerPort: {{ .Values.service.port2 }}
+            protocol: TCP
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -150,7 +154,7 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-postgres-client-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/secret.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.global.integratedDeployment }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,9 +8,8 @@ metadata:
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-{{- end}}
+
 ---
-{{- if .Values.global.integratedDeployment }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -22,9 +22,7 @@ metadata:
     heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  postgresql-password: {{ .Values.creds.postgres.password | b64enc | quote }}
-  schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
-  schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
-  {{- end }}
+  postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }}
+  schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
+  schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}
 {{- end}}

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/service.yaml

@@ -6,10 +6,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-integrated-cloud-component-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
     successThreshold: 1
     failureThreshold: 3
     scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 securityContext: {}
   # capabilities:
@@ -58,14 +61,6 @@ securityContext: {}
 # Enable/Disable Helm tests
 testsEnabled: false
 
-creds:
-  enabled: true
-  postgres:
-    password: DUMMY_POSTGRES_PASSWORD
-  schema_repo:
-    username: DUMMY_SCHEMA_REPO_USERNAME
-    password: DUMMY_SCHEMA_REPO_PASSWORD
-
 service:
   type: NodePort
   port1: 9091
@@ -75,7 +70,7 @@ service:
   name2: secondary-port
   nodePort2: 52
 
-postgresql: 
+postgresql:
   url: postgresql-headless
 
 integratedWithPersistence:
@@ -86,19 +81,19 @@ ingress:
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: example.com
-      paths: [
-         /portal 
-        ]
-  tls: 
-   - secretName: portal-secret
-     hosts:
-       - example.com
+  hosts: []
+  #  - host: wlan-integrated-cloud-component-service.local
+  #    paths: [
+  #       /portal
+  #      ]
+  tls: []
+  # - secretName: portal-secret
+  #   hosts:
+  #     - wlan-integrated-cloud-component-service.local
 
  # Transport-Server-passthrough properties
 tsp:
-  host: wlan-portal-service.zone3.lab.connectus.ai
+  host: wlan-portal-service.local
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -116,4 +111,4 @@ nodeSelector: {}
 
 tolerations: []
 
-affinity: {}
+affinity: {}

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml

@@ -46,7 +46,6 @@
     </triggeringPolicy>
   </appender>
 
-
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
 
@@ -71,5 +70,5 @@
     <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/run.sh

@@ -1,56 +0,0 @@
-#!/bin/bash
-
-# local_port_range that Java process can use
-# These are then assigned to the container ports (in the deployment.yaml) which can either:
-# later be opened by the port-forwarding-gateway service as NodePorts (preferred)
-# or use kubectl port-forwarding to forward the container ports. Example:
-# kubectl port-forward pods/<port-forwarding-gw-pod> <local-machine-port>:<debugPort on the Pod>
-sysctl -w net.ipv4.ip_local_port_range="30410    30435"
-
-PROFILES=" -Dspring.profiles.include=use_ssl_with_client_cert_and_digest_auth,client_certificate_and_digest_auth,RestTemplateConfiguration_X509_client_cert_auth"
-
-LOGGING_PROPS=" -Dlogging.config=file:/app/port-forwarding-gateway/logback.xml"
-
-# SSC_URL: something like https://${SSC_SERVER_HOST}:9031
-SSC_URL=${SSC_RELEASE_URL}
-# PROV_URL: something like https://${PROV_SERVER_HOST}:9091
-PROV_URL=${PROV_RELEASE_URL}
-# PF_GATEWAY_URL: something like https://${PF_GATEWAY_SERVER_HOST}:7070
-PF_GATEWAY_URL=${PF_GATEWAY_RELEASE_URL}
-PF_GATEWAY_ENCRYPTION_KEY=${PF_GATEWAY_RELEASE_ENCRYPTION_KEY:='MyToKeN0MyToKeN1'}
-PF_GATEWAY_EXT_HOST=${PF_GATEWAY_RELEASE_EXT_HOST:=''}
-PF_GATEWAY_EXT_PORT=${PF_GATEWAY_RELEASE_EXT_PORT:='0'}
-
-
-# SSC URLs
-HOST_PROPS=" "
-HOST_PROPS+=" -Dtip.wlan.cloudEventDispatcherBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.statusServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.routingServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.alarmServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.systemEventServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.clientServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.serviceMetricServiceBaseUrl=$SSC_URL"
-
-# PROV URLs
-HOST_PROPS+=" -Dtip.wlan.customerServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.portalUserServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.firmwareServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.locationServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.manufacturerServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.equipmentServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.profileServiceBaseUrl=$PROV_URL"
-
-# Port-Forwarder Gateway Specific
-HOST_PROPS+=" -Dtip.wlan.portForwarderGatewayBaseUrl=$PF_GATEWAY_URL"
-HOST_PROPS+=" -Dtip.wlan.websocketSessionTokenEncryptionKey=$PF_GATEWAY_ENCRYPTION_KEY"
-HOST_PROPS+=" -Dtip.wlan.externallyVisibleHostName=$PF_GATEWAY_EXT_HOST"
-HOST_PROPS+=" -Dtip.wlan.externallyVisiblePort=$PF_GATEWAY_EXT_PORT"
-
-
-REMOTE_DEBUG_PORT=5010
-REMOTE_DEBUG=" -agentlib:jdwp=transport=dt_socket,server=y,address=*:$REMOTE_DEBUG_PORT,suspend=n"
-
-export ALL_PROPS="$PROFILES $LOGGING_PROPS $HOST_PROPS $REMOTE_DEBUG"
-
-java $ALL_PROPS -jar app.jar

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml

@@ -4,4 +4,5 @@ metadata:
   name: {{ include "common.fullname" . }}-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
+

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml

@@ -22,9 +22,10 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
         - name: {{ include "common.name" . }}-readiness-opensync-gw
           image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh
           - -c
@@ -47,17 +48,17 @@ spec:
             else
               echo ${url} service failed to respond after 50 secs
               exit 1
-            fi        
+            fi
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: PF_GATEWAY_RELEASE_URL
@@ -71,13 +72,19 @@ spec:
               value: {{ .Values.externallyVisible.host }}
             - name: PF_GATEWAY_RELEASE_EXT_PORT
               value: "{{ .Values.externallyVisible.port }}"
+            - name: EXT_PORT_RANGE_START
+              value: "{{ include "apDebugPortsStart" . }}"
+            - name: EXT_PORT_RANGE_END
+              value: "{{ sub (include "apDebugPortsEnd" . | atoi) 1 }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ include "jmxPrometheus.jvmOpts" . }}"
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port2 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -92,6 +99,13 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -106,9 +120,9 @@ spec:
           - mountPath: /app/port-forwarding-gateway/logback.xml
             name: configuration
             subPath: logback.xml
-          - mountPath: /app/run.sh
-            name: configuration
-            subPath: run.sh
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
+
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -121,7 +135,8 @@ spec:
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
             {{- end }}
-            {{- include "container.dev.debugport" . | nindent 10 }}
+            {{- include "container.dev.apDebugPorts" . | nindent 10 }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -139,9 +154,11 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-kafka-client-certs
           defaultMode: 0400
       - name: configuration
         configMap:
             name: {{ include "common.fullname" . }}-config
-            defaultMode: 0755
+            defaultMode: 0755
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/pod-monitor.yaml

@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml

@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
 metadata:
   name: {{ include "common.fullname" . }}-creds
   namespace: {{ include "common.namespace" . }}
@@ -19,6 +10,4 @@ metadata:
     heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
-  {{- end }}
+  websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -31,10 +27,10 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
       {{- end }}
-    {{- end }}      
-    {{- include "service.dev.debugport" . | nindent 2 }}
+    {{- end }}
+    {{- include "service.dev.apDebugPorts" . | nindent 2 }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-port-forwarding-gateway-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -50,6 +50,9 @@ probes:
     successThreshold: 1
     failureThreshold: 3
     scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 securityContext:
   privileged: true
@@ -64,7 +67,7 @@ securityContext:
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug: 
+debug:
   enabled: false
 
 service:
@@ -78,46 +81,24 @@ service:
   port3: 5010
   name3: debug-appl
   nodePort3: '03'
+  nodePortStatic: true ## if true, nodePort ports are calculated by Helm based on the given start index and length; if false, nodePort ports are chosen dynamically by k8s
 
-# The below ports are the ports that Java would choose as Local ports whenever it opens up
+# The below range will be combined with the nodePortPrefixExt to create a list of ports.
+# e.g. nodePortPrefixExt = 304, accessPointDebugPortRange.start = 10, accessPointDebugPortRange.length = 2, resulting ports = 30410, 30411
+# These ports are the ports that Java would choose as Local ports whenever it opens up
 # a developer session for debug.
-# These ports are therefore assigned as container ports (in the deployment.yaml), so we 
+# These ports are therefore assigned as container ports (in the deployment.yaml), so we
 # can reach them from inside the cluster.
 # Also, we open equivalent NodePorts on the Kubernetes cluster (see service.yaml), so a developer
 # can connect to it to debug an AP.
-# NOTE: Another way to reach these container ports without opening NodePorts was to use 
+# NOTE: Another way to reach these container ports without opening NodePorts was to use
 # kubectl port forwarding. However, we dont want the developer to install kubectl.
 
-debugPorts:
-  - 30410
-  - 30411
-  - 30412
-  - 30413
-  - 30414
-  - 30415
-  - 30416
-  - 30417
-  - 30418
-  - 30419
-  - 30420
-  - 30421
-  - 30422
-  - 30423
-  - 30424
-  - 30425
-  - 30426
-  - 30427
-  - 30428
-  - 30429
-  - 30430
-  - 30431
-  - 30432
-  - 30433
-  - 30434
-  - 30435
+accessPointDebugPortRange:
+  start: 10
+  length: 26
 
 creds:
-  enabled: true
   websocketSessionTokenEncKey: DUMMY_ENC_KEY
 
 opensyncgw:
@@ -132,24 +113,20 @@ ingress:
   hosts:
     - host: example.com
       paths: [
-         /portal 
+         /portal
         ]
-  tls: 
+  tls:
    - secretName: portal-secret
      hosts:
        - example.com
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 350Mi
+  requests:
+    cpu: 10m
+    memory: 280Mi
 
 nodeSelector: {}
 
@@ -175,4 +152,3 @@ env:
     service: wlan-port-forwarding-gateway-service
     port: 7070
 
-

tip-wlan/charts/wlan-portal-service/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-portal-service/resources/config/logback.xml

@@ -7,7 +7,7 @@
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
-<configuration>
+<configuration scan="true" scanPeriod="30 seconds">
   <conversionRule conversionWord="filteredStack"
                   converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
 
@@ -46,7 +46,6 @@
     </triggeringPolicy>
   </appender>
 
-
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
 
@@ -71,5 +70,5 @@
     <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties

@@ -0,0 +1,14 @@
+truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
+sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA

tip-wlan/charts/wlan-portal-service/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/wlan-portal-service/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-portal-service/templates/pod-monitor.yaml

@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}

tip-wlan/charts/wlan-portal-service/templates/secret.yaml

@@ -1,8 +1,10 @@
+{{- if not .Values.tlsv13.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "common.fullname" . }}-certs
+  name: {{ include "common.fullname" . }}-ssl-config
   namespace: {{ include "common.namespace" . }}
 type: Opaque
 data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
+  ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
+{{- end }}

tip-wlan/charts/wlan-portal-service/templates/service.yaml

@@ -16,14 +16,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -31,7 +31,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}

tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml

@@ -7,13 +7,14 @@ metadata:
   labels:
     {{- include "common.labels" . | nindent 4 }}
 spec:
+  podManagementPolicy: Parallel
   serviceName: {{ include "common.fullname" . }}
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       {{- include "common.selectorLabels" . | nindent 6 }}
   updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}      
+{{ toYaml .Values.updateStrategy | indent 4 }}
   template:
     metadata:
       labels:
@@ -30,7 +31,7 @@ spec:
         {{- range $key, $value := .Values.podAnnotations }}
         {{ $key }}: {{ $value | quote }}
         {{- end }}
-{{- end }}        
+{{- end }}
     spec:
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
 {{- if .Values.schedulerName }}
@@ -38,33 +39,49 @@ spec:
 {{- end }}
 {{- if .Values.priorityClassName }}
       priorityClassName: "{{ .Values.priorityClassName }}"
-{{- end }}    
+{{- end }}
       imagePullSecrets:
         - name: "{{ include "common.namespace" . }}-docker-registry-key"
       serviceAccountName: {{ include "common.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+      {{- include "jmxPrometheus.initContainer" . | nindent 6 }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: FILE_STORE_DIRECTORY_INTERNAL
               value: {{ $file_store_path }}
+            - name: tip_wlan_AsyncExecutor_CorePoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
+            - name: tip_wlan_AsyncExecutor_MaxPoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_QueueCapacity
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
+            - name: tip_wlan_maxHttpThreads
+              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port1 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -79,6 +96,13 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port1 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -90,11 +114,16 @@ spec:
           - mountPath: /opt/tip-wlan/certs/server.pkcs12
             name: certificates
             subPath: server.pkcs12
-          - mountPath: /app/portal/logback.xml
+          - mountPath: /app/portal/log
             name: logback-config
-            subPath: logback.xml
+          {{- if not .Values.tlsv13.enabled }}
+          - mountPath: /app/portal/certs
+            name: ssl-config
+          {{- end }}
           - mountPath: {{ $file_store_path }}
             name: file-store-data
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -107,6 +136,7 @@ spec:
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
             {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -125,14 +155,21 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-postgres-client-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config
+      {{- if not .Values.tlsv13.enabled }}
+      - name: ssl-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-ssl-config
+      {{- end }}
       {{- if not .Values.persistence.enabled }}
       - name: file-store-data
         emptyDir: {}
       {{- end }}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}
   {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
     - metadata:
@@ -150,4 +187,4 @@ spec:
         storageClassName: "{{ .Values.persistence.storageClass }}"
         {{- end }}
       {{- end }}
-  {{- end }}
+  {{- end }}

tip-wlan/charts/wlan-portal-service/values.yaml

@@ -9,11 +9,9 @@
 
 replicaCount: 1
 
-
-
 image:
   name: wlan-portal-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -48,6 +46,9 @@ probes:
     successThreshold: 1
     failureThreshold: 3
     scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 securityContext: {}
   # capabilities:
@@ -61,7 +62,7 @@ securityContext: {}
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug: 
+debug:
   enabled: false
 
 service:
@@ -74,34 +75,46 @@ service:
   nodePort2: 52
   port3: 5006
   name3: debug
-  nodePort3: 15  
+  nodePort3: 15
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
+
+scalability:
+  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
+  tip_wlan_AsyncExecutor_CorePoolSize: 10
+  tip_wlan_AsyncExecutor_MaxPoolSize: 50
+  tip_wlan_AsyncExecutor_QueueCapacity: 50
+  #max total number of persistent connections in the http client pool
+  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
+  #max number of persistent connections in the http client pool per destination
+  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
+  #max number of concurrent REST API calls a single instance of this service can process
+  tip_wlan_maxHttpThreads:  100
+  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
+  JVM_MEM_OPTIONS: " "
 
 ingress:
   enabled: false
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: wlan-portal-service.zone3.lab.connectus.ai
-      paths: [
-         /portal 
-        ]
-  tls: 
-   - secretName: portal-secret
-     hosts:
-       - wlan-portal-service.zone3.lab.connectus.ai
+  hosts: []
+  #  - host: wlan-portal-service.local
+  #    paths: [
+  #       /portal
+  #      ]
+  tls: []
+  # - secretName: portal-secret
+  #   hosts:
+  #     - wlan-portal-service.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 450Mi
+  requests:
+    cpu: 50m
+    memory: 420Mi
 
 persistence:
   enabled: false
@@ -123,7 +136,7 @@ affinity: {}
 
 # Transport-Server-passthrough properties
 tsp:
-  host: wlan-portal-service.zone3.lab.connectus.ai
+  host: wlan-portal-service.local
 
 env:
   protocol: https
@@ -140,3 +153,6 @@ env:
 # on the PV
 filestore:
   internal: "/tmp/filestore"
+
+tlsv13:
+  enabled: true

tip-wlan/charts/wlan-prov-service/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-prov-service/resources/config/logback.xml

@@ -46,7 +46,6 @@
     </triggeringPolicy>
   </appender>
 
-
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
 
@@ -71,5 +70,5 @@
     <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/wlan-prov-service/templates/configmap.yaml

@@ -4,11 +4,11 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}
   datasource.properties: |-
-    singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
-    singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
-    singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
+    singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db
+    singleDataSource.username={{ .Values.global.postgres.singleDataSource.username }}
+    singleDataSource.password={{ .Values.global.postgres.singleDataSource.password }}
     singleDataSource.driverClass=org.postgresql.Driver
     singleDataSource.ssl=true
     singleDataSource.sslmode=verify-ca
@@ -16,4 +16,4 @@ data:
     singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
     singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
     singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
-    singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}
+    singleDataSource.sslkeypassword={{ .Values.global.certificatePasswords.sslKey }}

tip-wlan/charts/wlan-prov-service/templates/deployment.yaml

@@ -23,10 +23,12 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-postgresql"
+          - -check_interval=5
         - name: {{ include "common.name" . }}-create-db-schema
           env:
           - name: POSTGRESQL_PORT_NUMBER
@@ -51,19 +53,19 @@ spec:
               secretKeyRef:
                 name: {{ include "common.fullname" . }}-creds
                 key: schema-repo-password
-          image: postgres:latest
-          imagePullPolicy: IfNotPresent
+          image: {{ .Values.postgresql.image }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           command:
           - sh
           - -c
-          - |      
+          - |
             apt update
             apt -y install curl
             echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
-            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.1/sql/cloud-sdk-schema-postgresql-db-user.sql"
+            curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/1.0.1/sql/cloud-sdk-schema-postgresql-tables.sql"
             echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
-            ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt 
+            ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
             ### really ready when running Postgres in Master-Slave config... hence the below retry-logic
             psql 'host={{ $pg }} port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-db-user.sql
             status=$(echo $?)
@@ -95,7 +97,7 @@ spec:
             protocol: TCP
           resources:
             requests:
-              cpu: 250m
+              cpu: 50m
               memory: 256Mi
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
@@ -118,20 +120,42 @@ spec:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
+            - name: tip_wlan_AsyncExecutor_CorePoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
+            - name: tip_wlan_AsyncExecutor_MaxPoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_QueueCapacity
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
+            - name: tip_wlan_maxHttpThreads
+              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
+            - name: singleDataSource_maxTotalConnections
+              value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}"
+            - name: singleDataSource_maxIdleConnections
+              value: "{{ .Values.scalability.singleDataSource_maxIdleConnections }}"
+            - name: singleDataSource_maxPreparedStatements
+              value: "{{ .Values.scalability.singleDataSource_maxPreparedStatements }}"
+            - name: singleDataSource_maxIdlePreparedStatements
+              value: "{{ .Values.scalability.singleDataSource_maxIdlePreparedStatements }}"
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port2 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -146,6 +170,13 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -172,6 +203,8 @@ spec:
           - mountPath: /app/prov/datasource.properties
             name: logback-config
             subPath: datasource.properties
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -183,7 +216,8 @@ spec:
             - name: {{ .Values.service.name3 }}
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
-            {{- end }}              
+            {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -201,7 +235,7 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-postgres-client-certs
           defaultMode: 0400
       - name: logback-config
         configMap:
@@ -209,4 +243,6 @@ spec:
       - name: data
         emptyDir: {}
       - name: dshm
-        emptyDir: {}
+        emptyDir: {}
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

tip-wlan/charts/wlan-prov-service/templates/pod-monitor.yaml

@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}

tip-wlan/charts/wlan-prov-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-prov-service/templates/secret.yaml

@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
 metadata:
   name: {{ include "common.fullname" . }}-creds
   namespace: {{ include "common.namespace" . }}
@@ -19,9 +10,7 @@ metadata:
     heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  postgresql-password: {{ .Values.creds.db.postgresUser.password | b64enc | quote }}
-  tipuser-password: {{ .Values.creds.db.tipUser.password | b64enc | quote }}
-  schema-repo-user: {{ .Values.creds.schema_repo.username | b64enc | quote }}
-  schema-repo-password: {{ .Values.creds.schema_repo.password | b64enc | quote }}
-  {{- end }}
+  postgresql-password: {{ .Values.global.postgres.password | b64enc | quote }}
+  tipuser-password: {{ .Values.global.tip.password | b64enc | quote }}
+  schema-repo-user: {{ .Values.global.schema.username | b64enc | quote }}
+  schema-repo-password: {{ .Values.global.schema.password | b64enc | quote }}

tip-wlan/charts/wlan-prov-service/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -31,9 +27,9 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
-    {{- end }}      
+    {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-prov-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-prov-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
     successThreshold: 1
     failureThreshold: 3
     scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 securityContext: {}
   # capabilities:
@@ -58,24 +61,8 @@ securityContext: {}
 # Enable/Disable Helm tests
 testsEnabled: false
 
-creds:
-  enabled: true
-  db:
-    postgresUser:
-      password: DUMMY_POSTGRES_PASSWORD
-    tipUser:
-      password: DUMMY_TIPUSER_PASSWORD
-    
-  schema_repo:
-    username: DUMMY_SCHEMA_REPO_USERNAME
-    password: DUMMY_SCHEMA_REPO_PASSWORD
-  postgres:
-    singleDataSourceUsername: DUMMY_POSTGRES_USER
-    singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
-    singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
-
 # Enable/Disable Remote debugging
-debug: 
+debug:
   enabled: false
 
 service:
@@ -86,6 +73,29 @@ service:
   name2: secondary-port
   port3: 5007
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
+
+scalability:
+  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
+  tip_wlan_AsyncExecutor_CorePoolSize: 10
+  tip_wlan_AsyncExecutor_MaxPoolSize: 50
+  tip_wlan_AsyncExecutor_QueueCapacity: 50
+  #max total number of persistent connections in the http client pool
+  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
+  #max number of persistent connections in the http client pool per destination
+  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
+  #max number of concurrent REST API calls a single instance of this service can process
+  tip_wlan_maxHttpThreads:  100
+  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
+  JVM_MEM_OPTIONS: " "
+  #max number of connections to PostgreSQL database
+  singleDataSource_maxTotalConnections: 8
+  #max number of idle connections to PostgreSQL database
+  singleDataSource_maxIdleConnections: 8
+  #max number of cached prepared statements used in PostgreSQL database
+  singleDataSource_maxPreparedStatements: 200
+  #max number of cached idle prepared statements used in PostgreSQL database
+  singleDataSource_maxIdlePreparedStatements: 200
 
 ingress:
   enabled: false
@@ -95,24 +105,20 @@ ingress:
   hosts:
     - host: example.com
       paths: [
-         /portal 
+         /portal
         ]
-  tls: 
+  tls:
    - secretName: portal-secret
      hosts:
        - example.com
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 320Mi
+  requests:
+    cpu: 10m
+    memory: 300Mi
 
 nodeSelector: {}
 
@@ -120,8 +126,9 @@ tolerations: []
 
 affinity: {}
 
-postgresql: 
+postgresql:
   url: postgresql
+  image: postgres:11
 
 env:
   protocol: https

tip-wlan/charts/wlan-spc-service/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-spc-service/resources/config/logback.xml

@@ -46,7 +46,6 @@
     </triggeringPolicy>
   </appender>
 
-
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
 
@@ -67,7 +66,6 @@
   <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
-
   <logger name="com.telecominfraproject.wlan.streams.provisioning.EquipmentConfigPushTrigger" level="TRACE"/>
   <logger name="com.telecominfraproject.wlan.streams.kafka.KafkaStreamsConfig" level="TRACE"/>
   <logger name="com.telecominfraproject.wlan.stream.StreamMessageDispatcher" level="TRACE"/>
@@ -76,5 +74,5 @@
     <appender-ref ref="logfile"/>
     <appender-ref ref="stdout"/>
   </root>
-  
+
 </configuration>

tip-wlan/charts/wlan-spc-service/templates/configmap.yaml

@@ -4,4 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ (.Files.Glob "resources/config/logback.xml").AsConfig | indent 2 }}

tip-wlan/charts/wlan-spc-service/templates/deployment.yaml

@@ -23,20 +23,22 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
+        {{- include "jmxPrometheus.initContainer" . | nindent 8 }}
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-kafka-headless"
+          - -check_interval=5
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
           {{- else }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          image: {{ .Values.global.repository.registry  }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
           {{- end }}
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: tip.wlan.kafka.bootstrapServers
@@ -68,13 +70,28 @@ spec:
               value: SSL
             - name: tip.wlan.kafka.sslEndpointIdentificationAlgorithm
               value: ''
+            - name: tip_wlan_AsyncExecutor_CorePoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
+            - name: tip_wlan_AsyncExecutor_MaxPoolSize
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
+            - name: tip_wlan_AsyncExecutor_QueueCapacity
+              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
+            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
+              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
+            - name: tip_wlan_maxHttpThreads
+              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
+            - name: JVM_MEM_OPTIONS
+              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }} {{ include "jmxPrometheus.jvmOpts" . }}"
+
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port2 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -89,6 +106,13 @@ spec:
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            failureThreshold: {{ .Values.probes.startupProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.startupProbe.periodSeconds}}
           {{- end }}
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
@@ -106,6 +130,8 @@ spec:
           - mountPath: /app/spc/logback.xml
             name: logback-config
             subPath: logback.xml
+          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
+          {{- include "jmxPrometheus.tmpVolumeMount" . | nindent 10 }}
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
@@ -118,6 +144,7 @@ spec:
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
             {{- end }}
+            {{- include "jmxPrometheus.port" . | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -136,7 +163,9 @@ spec:
       volumes:
       - name: certificates
         secret:
-          secretName: {{ include "common.fullname" . }}-certs
+          secretName: tip-common-kafka-client-certs
       - name: logback-config
         configMap:
             name: {{ include "common.fullname" . }}-log-config
+      {{- include "jmxPrometheus.configVolume" . | nindent 6 }}
+      {{- include "jmxPrometheus.tmpVolume" . | nindent 6 }}

tip-wlan/charts/wlan-spc-service/templates/pod-monitor.yaml

@@ -0,0 +1 @@
+{{ include "jmxPrometheus.podMonitor" . }}

tip-wlan/charts/wlan-spc-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-spc-service/templates/secret.yaml

@@ -1,14 +1,5 @@
 apiVersion: v1
 kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-certs
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
 metadata:
   name: {{ include "common.fullname" . }}-creds
   namespace: {{ include "common.namespace" . }}
@@ -19,8 +10,6 @@ metadata:
     heritage: {{ .Release.Service | quote }}
 type: Opaque
 data:
-  {{- if .Values.creds.enabled }}
-  sslKeyPassword: {{ .Values.creds.sslKeyPassword | b64enc | quote }}
-  sslKeystorePassword: {{ .Values.creds.sslKeystorePassword | b64enc | quote }}
-  sslTruststorePassword: {{ .Values.creds.sslTruststorePassword | b64enc | quote }}
-  {{- end }}
+  sslKeyPassword: {{ .Values.global.certificatePasswords.sslKey | b64enc | quote }}
+  sslKeystorePassword: {{ .Values.global.certificatePasswords.sslKeystore | b64enc | quote }}
+  sslTruststorePassword: {{ .Values.global.certificatePasswords.sslTruststore | b64enc | quote }}

tip-wlan/charts/wlan-spc-service/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -31,9 +27,9 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
-    {{- end }}      
+    {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-spc-service/values.yaml

@@ -11,7 +11,7 @@ replicaCount: 1
 
 image:
   name: wlan-spc-service
-  tag: 0.0.1-SNAPSHOT
+  tag: 1.0.1
 
 nameOverride: ""
 fullnameOverride: ""
@@ -46,6 +46,9 @@ probes:
     successThreshold: 1
     failureThreshold: 3
     scheme: HTTPS
+  startupProbe:
+    periodSeconds: 30
+    failureThreshold: 500
 
 securityContext: {}
   # capabilities:
@@ -59,7 +62,7 @@ securityContext: {}
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug: 
+debug:
   enabled: false
 
 service:
@@ -70,6 +73,21 @@ service:
   name2: secondary-port
   port3: 5009
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
+
+scalability:
+  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
+  tip_wlan_AsyncExecutor_CorePoolSize: 10
+  tip_wlan_AsyncExecutor_MaxPoolSize: 50
+  tip_wlan_AsyncExecutor_QueueCapacity: 50
+  #max total number of persistent connections in the http client pool
+  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
+  #max number of persistent connections in the http client pool per destination
+  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
+  #max number of concurrent REST API calls a single instance of this service can process
+  tip_wlan_maxHttpThreads:  100
+  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
+  JVM_MEM_OPTIONS: " "
 
 ingress:
   enabled: false
@@ -79,24 +97,20 @@ ingress:
   hosts:
     - host: example.com
       paths: [
-         /portal 
+         /portal
         ]
-  tls: 
+  tls:
    - secretName: portal-secret
      hosts:
        - example.com
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+resources:
+  limits:
+    cpu: 500m
+    memory: 370Mi
+  requests:
+    cpu: 10m
+    memory: 350Mi
 
 nodeSelector: {}
 
@@ -104,13 +118,7 @@ tolerations: []
 
 affinity: {}
 
-creds:
-  enabled: true
-  sslKeyPassword: DUMMY_PASSWORD
-  sslKeystorePassword: DUMMY_PASSWORD
-  sslTruststorePassword: DUMMY_PASSWORD
-
-kafka: 
+kafka:
   url: kafka-headless
 
 env:

tip-wlan/charts/wlan-ssc-service/files/cqlshrc.tip-wlan

@@ -19,12 +19,11 @@
 
 [authentication]
 ;; If Cassandra has auth enabled, fill out these options
-username = cassandra 
+username = cassandra
 password = cassandra
 ; keyspace = ks1
 
 
-
 [ui]
 ;; Whether or not to display query results with colors
 color = on
@@ -67,12 +66,10 @@ color = on
 ;; A version of CQL to use (this should almost never be set)
 ; version = 3.2.1
 
-
-
 [connection]
 
 ;; The host to connect to
-hostname = tip-wlan-cassandra-headless
+hostname = {{ include "cassandra.service" . }}
 
 ;; The port to connect to (9042 is the native protocol default)
 port = 9042
@@ -87,19 +84,16 @@ ssl = true
 ; request_timeout = 10
 
 
-
 [csv]
 ;; The size limit for parsed fields
 ; field_size_limit = 131072
 
 
-
 [tracing]
 ;; The max number of seconds to wait for a trace to complete
 ; max_trace_wait = 10.0
 
 
-
 [ssl]
 certfile = /opt/tip-wlan/certs/cacert.pem
 
@@ -113,14 +107,12 @@ userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
 usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 
 
-
 ;; Optional section, overrides default certfile in [ssl] section, if present
 ; [certfiles]
 ; 192.168.1.3 = ~/keys/cassandra01.cert
 ; 192.168.1.4 = ~/keys/cassandra02.cert
 
 
-
 ;; Options that are common to both COPY TO and COPY FROM
 ; [copy]
 
@@ -159,7 +151,6 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 ; ratefile =
 
 
-
 ;; Options specific to COPY TO
 ; [copy-to]
 
@@ -186,7 +177,6 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 ; encoding = utf8
 
 
-
 ;; Options specific to COPY FROM
 ; [copy-from]
 
@@ -221,7 +211,6 @@ usercert = /opt/tip-wlan/certs/cassandraservercert.pem
 ; chunksize =  1000
 
 
-
 ;; The options for COPY can also be specified per-table.  The following
 ;; three sections demonstrate this.
 

tip-wlan/charts/wlan-ssc-service/resources/config/certs/README.md

@@ -1,2 +0,0 @@
-Contains certs needed for this service to start.
-Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml

@@ -46,7 +46,6 @@
     </triggeringPolicy>
   </appender>
 
-
   <!--
   details: http://logback.qos.ch/manual/configuration.html#auto_configuration
 
@@ -71,5 +70,5 @@
     <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
-  
+
 </configuration>