Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-20 22:39:08 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:feature/update-postgres
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
..
compare: Telecominfraproject:TOOLS-23--fix-validation
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

4 Commits
feature/up ... TOOLS-23--

Author SHA1 Message Date
Eugene Taranov
cac6fbc698 cleanup 2020-06-23 20:56:45 +03:00
Eugene Taranov
1d00ff19fa test 2020-06-23 20:50:29 +03:00
Eugene Taranov
51b4717fdd test 2020-06-23 20:43:04 +03:00
Eugene Taranov
6640fbeb61 TOOLS-23: fix validation 2020-06-23 20:15:35 +03:00
145 changed files with 3636 additions and 5425 deletions
Expand all files Collapse all files

17
.gitignore vendored
View File

@@ -1,17 +0,0 @@
*.pem
*.jks
*.pkcs12
*.p12
*.csr
*.cnf
*.DS_Store
*.lock
# local development
*.local_dev
tip-wlan/resources/certs
tip-wlan/resources/scripts
tip-wlan/templates
stern*
*.tgz

29
LICENSE
View File

@@ -1,29 +0,0 @@
BSD 3-Clause License
Copyright (c) 2020, Telecom Infra Project
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

129
README.md
View File

@@ -45,132 +45,3 @@ This repository contains helm charts for various deployment types of the tip wla
- Run the following command under tip-wlan-helm directory _after_ the components are running:
- helm test <RELEASE_NAME> -n default
(For more details add --debug flag to the above command)
# Local environment
In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
```
mqtt-server.cnf:
-commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build
+commonName_default = opensync-mqtt-broker.wlan.local
openssl-server.cnf:
-DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build
-DNS.2 = opensync-controller.zone1.lab.wlan.tip.build
+DNS.1 = opensync-redirector.wlan.local
+DNS.2 = opensync-controller.wlan.local
DNS.3 = tip-wlan-postgresql
-DNS.4 = ftp.example.com
```
In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
Optionally, in order to speedup first and subsequent runs, you may cache some images:
```
minikube cache add zookeeper:3.5.5
minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
minikube cache add postgres:latest
minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
minikube cache add eclipse-mosquitto:latest
minikube cache add opsfleet/depends-on
```
These images may occasionally need to be updated with these commands:
```
minikube cache reload ## reload images from the upstream
eval $( minikube docker-env )
for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
minikube cache add $img;
done
```
Run minikube:
```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
Deploy CloudSDK chart:
```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
Kubefwd:
kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
Forward to all interfaces (useful if you need to connect from other devices in your local network):
```
sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
```
Kubectl port forwarding (alternative to kubefwd):
```
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
```
Add certificate to the trust store.
Firefox:
1. Open settings, `Privacy and security`, `View certificates`.
2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
Repeat the step for `https://wlan-ui-graphql.wlan.local`
Chrome and other browsers using system certificate store:
1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
```
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
-----END CERTIFICATE-----
```
2. Double click on it, enter the system admin password, if prompted.

2
glusterfs/kube-templates/glusterfs-storage-class.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: glusterfs-storage
provisioner: kubernetes.io/glusterfs
allowVolumeExpansion: true
reclaimPolicy: Delete
reclaimPolicy: Retain
parameters:
resturl: "http://192.168.56.101:31080"
restuser: "admin"

95
tip-wlan/Chart.yaml
View File

@@ -26,55 +26,48 @@ sources:
icon:
dependencies:
- name: opensync-gw-static
version: 0.1.0
condition: opensync-gw-static.enabled
- name: opensync-gw-cloud
version: 0.1.0
condition: opensync-gw-cloud.enabled
- name: opensync-mqtt-broker
version: 0.1.0
condition: opensync-mqtt-broker.enabled
- name: wlan-cloud-graphql-gw
version: 0.1.0
condition: wlan-cloud-graphql-gw.enabled
- name: wlan-cloud-static-portal
version: 0.1.0
condition: wlan-cloud-static-portal.enabled
- name: opensync-gw-static
version: 0.1.0
condition: opensync-gw-static.enabled
- name: opensync-gw-cloud
version: 0.1.0
condition: opensync-gw-cloud.enabled
- name: opensync-mqtt-broker
version: 0.1.0
condition: opensync-mqtt-broker.enabled
- name: wlan-cloud-graphql-gw
version: 0.1.0
condition: wlan-cloud-graphql-gw.enabled
- name: wlan-cloud-static-portal
version: 0.1.0
condition: wlan-cloud-static-portal.enabled
## IntegratedCloudComponent should be disabled for distributed deployment
- name: wlan-integrated-cloud-component-service
version: 0.1.0
condition: wlan-integrated-cloud-component-service.enabled
- name: wlan-portal-service
version: 0.1.0
condition: wlan-portal-service.enabled
- name: wlan-prov-service
version: 0.1.0
condition: wlan-prov-service.enabled
- name: wlan-ssc-service
version: 0.1.0
condition: wlan-ssc-service.enabled
- name: wlan-spc-service
version: 0.1.0
condition: wlan-spc-service.enabled
- name: wlan-port-forwarding-gateway-service
version: 0.1.0
condition: wlan-port-forwarding-gateway-service.enabled
- name: nginx-ingress-controller
version: 0.1.0
condition: nginx-ingress-controller.enabled
- name: common
version: 0.1.0
- name: zookeeper
version: 0.1.0
condition: zookeeper.enabled
- name: kafka
version: 0.1.0
condition: kafka.enabled
- name: postgresql
version: 10.1.0
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: cassandra
version: 5.5.3
condition: cassandra.enabled
- name: wlan-integrated-cloud-component-service
version: 0.1.0
condition: wlan-integrated-cloud-component-service.enabled
- name: wlan-portal-service
version: 0.1.0
condition: wlan-portal-service.enabled
- name: wlan-prov-service
version: 0.1.0
condition: wlan-prov-service.enabled
- name: wlan-ssc-service
version: 0.1.0
condition: wlan-ssc-service.enabled
- name: nginx-ingress-controller
version: 0.1.0
condition: nginx-ingress-controller.enabled
- name: common
version: 0.1.0
- name: zookeeper
version: 0.1.0
condition: zookeeper.enabled
- name: kafka
version: 0.1.0
condition: kafka.enabled
- name: cassandra
version: 0.1.0
condition: cassandra.enabled
- name: postgresql
version: 8.9.6
condition: postgresql.enabled

27
tip-wlan/charts/cassandra/Chart.yaml
View File

@@ -1,21 +1,12 @@
name: cassandra
apiVersion: v2
version: 5.5.3
name: cassandra
version: 0.1.0
appVersion: 3.11.6
description: Apache Cassandra is a free and open-source distributed database management system
designed to handle large amounts of data across many commodity servers, providing high
availability with no single point of failure.
Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous
masterless replication allowing low latency operations for all clients.
keywords:
- cassandra
- database
- nosql
description: Apache Cassandra is a free and open-source distributed database management
system designed to handle large amounts of data across many commodity servers, providing
high availability with no single point of failure.
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/5/5e/Cassandra_logo.svg/330px-Cassandra_logo.svg.png
sources:
- https://github.com/bitnami/bitnami-docker-cassandra
home: http://cassandra.apache.org
maintainers:
- name: Bitnami
email: containers@bitnami.com
engine: gotpl
keywords:
- cassandra
- database
- nosql

1
tip-wlan/charts/cassandra/resources/config/certs/README.md
View File

@@ -1 +0,0 @@
Contains certs needed for this service to start. Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

238
tip-wlan/charts/cassandra/resources/config/cqlshrc.default
View File

@@ -1,238 +0,0 @@
; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
;
; http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
;
; Sample ~/.cqlshrc file.
[authentication]
;; If Cassandra has auth enabled, fill out these options
username = cassandra
password = cassandra
; keyspace = ks1
[ui]
;; Whether or not to display query results with colors
color = on
;; Used for displaying timestamps (and reading them with COPY)
; datetimeformat = %Y-%m-%d %H:%M:%S%z
;; Display timezone
;timezone = Etc/UTC
;; The number of digits displayed after the decimal point for single and double precision numbers
;; (note that increasing this to large numbers can result in unusual values)
;float_precision = 5
;double_precision = 12
;; Used for automatic completion and suggestions
; completekey = tab
;; The encoding used for characters
; encoding = utf8
; To use another than the system default browser for cqlsh HELP to open
; the CQL doc HTML, use the 'browser' preference.
; If the field value is empty or not specified, cqlsh will use the
; default browser (specifying 'browser = default' does not work).
;
; Supported browsers are those supported by the Python webbrowser module.
; (https://docs.python.org/2/library/webbrowser.html).
;
; Hint: to use Google Chome, use
; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
;
; This setting can be overridden with the --browser command line option.
;
;browser =
[cql]
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
;; The port to connect to (9042 is the native protocol default)
port = 9042
;; Always connect using SSL - false by default
ssl = true
;; A timeout in seconds for opening new connections
; timeout = 10
;; A timeout in seconds for executing queries
; request_timeout = 10
[csv]
;; The size limit for parsed fields
; field_size_limit = 131072
[tracing]
;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0
[ssl]
certfile = /opt/tip-wlan/certs/cacert.pem
;; Optional - true by default.
;validate = true
;; To be provided when require_client_auth=true
userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
;; To be provided when require_client_auth=true
usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM
; [copy]
;; The string placeholder for null values
; nullval = null
;; For COPY TO, controls whether the first line in the CSV output file will
;; contain the column names. For COPY FROM, specifies whether the first
;; line in the CSV file contains column names.
; header = false
;; The character that is used as the decimal point separator
; decimalsep = .
;; The character that is used to separate thousands
;; (defaults to the empty string)
; thousandssep =
;; The string literal format for boolean values
; boolstyle = True,False
;; The number of child worker processes to create for
;; COPY tasks. Defaults to a max of 4 for COPY FROM and 16
;; for COPY TO. However, at most (num_cores - 1) processes
;; will be created.
; numprocesses =
;; The maximum number of failed attempts to fetch a range of data (when using
;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
; maxattempts = 5
;; How often status updates are refreshed, in seconds
; reportfrequency = 0.25
;; An optional file to output rate statistics to
; ratefile =
;; Options specific to COPY TO
; [copy-to]
;; The maximum number token ranges to fetch simultaneously
; maxrequests = 6
;; The number of rows to fetch in a single page
; pagesize = 1000
;; By default the page timeout is 10 seconds per 1000 entries
;; in the page size or 10 seconds if pagesize is smaller
; pagetimeout = 10
;; Token range to export. Defaults to exporting the full ring.
; begintoken =
; endtoken =
; The maximum size of the output file measured in number of lines;
; beyond this maximum the output file will be split into segments.
; -1 means unlimited.
; maxoutputsize = -1
;; The encoding used for characters
; encoding = utf8
;; Options specific to COPY FROM
; [copy-from]
;; The maximum number of rows to process per second
; ingestrate = 100000
;; The maximum number of rows to import (-1 means unlimited)
; maxrows = -1
;; A number of initial rows to skip
; skiprows = 0
;; A comma-separated list of column names to ignore
; skipcols =
;; The maximum global number of parsing errors to ignore, -1 means unlimited
; maxparseerrors = -1
;; The maximum global number of insert errors to ignore, -1 means unlimited
; maxinserterrors = 1000
;; A file to store all rows that could not be imported, by default this is
;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
; errfile =
;; The min and max number of rows inserted in a single batch
; maxbatchsize = 20
; minbatchsize = 2
;; The number of rows that are passed to child worker processes from
;; the main process at a time
; chunksize = 1000
;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this.
;; Optional table-specific options for COPY
; [copy:mykeyspace.mytable]
; chunksize = 1000
;; Optional table-specific options for COPY FROM
; [copy-from:mykeyspace.mytable]
; ingestrate = 20000
;; Optional table-specific options for COPY TO
; [copy-to:mykeyspace.mytable]
; pagetimeout = 30

238
tip-wlan/charts/cassandra/resources/config/cqlshrc.tip-wlan
View File

@@ -1,238 +0,0 @@
; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
;
; http://www.apache.org/licenses/LICENSE-2.0
;
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
;
; Sample ~/.cqlshrc file.
[authentication]
;; If Cassandra has auth enabled, fill out these options
username = tip_user
password = tip_password
; keyspace = ks1
[ui]
;; Whether or not to display query results with colors
color = on
;; Used for displaying timestamps (and reading them with COPY)
; datetimeformat = %Y-%m-%d %H:%M:%S%z
;; Display timezone
;timezone = Etc/UTC
;; The number of digits displayed after the decimal point for single and double precision numbers
;; (note that increasing this to large numbers can result in unusual values)
;float_precision = 5
;double_precision = 12
;; Used for automatic completion and suggestions
; completekey = tab
;; The encoding used for characters
; encoding = utf8
; To use another than the system default browser for cqlsh HELP to open
; the CQL doc HTML, use the 'browser' preference.
; If the field value is empty or not specified, cqlsh will use the
; default browser (specifying 'browser = default' does not work).
;
; Supported browsers are those supported by the Python webbrowser module.
; (https://docs.python.org/2/library/webbrowser.html).
;
; Hint: to use Google Chome, use
; 'browser = open -a /Applications/Google\ Chrome.app %s' on Mac OS X and
; 'browser = /usr/bin/google-chrome-stable %s' on Linux and
; 'browser = C:/Program Files (x86)/Google/Chrome/Application/chrome.exe %s' on Windows.
;
; This setting can be overridden with the --browser command line option.
;
;browser =
[cql]
;; A version of CQL to use (this should almost never be set)
; version = 3.2.1
[connection]
;; The host to connect to
hostname = tip-wlan-cassandra-headless
;; The port to connect to (9042 is the native protocol default)
port = 9042
;; Always connect using SSL - false by default
ssl = true
;; A timeout in seconds for opening new connections
; timeout = 10
;; A timeout in seconds for executing queries
; request_timeout = 10
[csv]
;; The size limit for parsed fields
; field_size_limit = 131072
[tracing]
;; The max number of seconds to wait for a trace to complete
; max_trace_wait = 10.0
[ssl]
certfile = /opt/tip-wlan/certs/cacert.pem
;; Optional - true by default.
;validate = true
;; To be provided when require_client_auth=true
userkey = /opt/tip-wlan/certs/cassandraserverkey_dec.pem
;; To be provided when require_client_auth=true
usercert = /opt/tip-wlan/certs/cassandraservercert.pem
;; Optional section, overrides default certfile in [ssl] section, if present
; [certfiles]
; 192.168.1.3 = ~/keys/cassandra01.cert
; 192.168.1.4 = ~/keys/cassandra02.cert
;; Options that are common to both COPY TO and COPY FROM
; [copy]
;; The string placeholder for null values
; nullval = null
;; For COPY TO, controls whether the first line in the CSV output file will
;; contain the column names. For COPY FROM, specifies whether the first
;; line in the CSV file contains column names.
; header = false
;; The character that is used as the decimal point separator
; decimalsep = .
;; The character that is used to separate thousands
;; (defaults to the empty string)
; thousandssep =
;; The string literal format for boolean values
; boolstyle = True,False
;; The number of child worker processes to create for
;; COPY tasks. Defaults to a max of 4 for COPY FROM and 16
;; for COPY TO. However, at most (num_cores - 1) processes
;; will be created.
; numprocesses =
;; The maximum number of failed attempts to fetch a range of data (when using
;; COPY TO) or insert a chunk of data (when using COPY FROM) before giving up
; maxattempts = 5
;; How often status updates are refreshed, in seconds
; reportfrequency = 0.25
;; An optional file to output rate statistics to
; ratefile =
;; Options specific to COPY TO
; [copy-to]
;; The maximum number token ranges to fetch simultaneously
; maxrequests = 6
;; The number of rows to fetch in a single page
; pagesize = 1000
;; By default the page timeout is 10 seconds per 1000 entries
;; in the page size or 10 seconds if pagesize is smaller
; pagetimeout = 10
;; Token range to export. Defaults to exporting the full ring.
; begintoken =
; endtoken =
; The maximum size of the output file measured in number of lines;
; beyond this maximum the output file will be split into segments.
; -1 means unlimited.
; maxoutputsize = -1
;; The encoding used for characters
; encoding = utf8
;; Options specific to COPY FROM
; [copy-from]
;; The maximum number of rows to process per second
; ingestrate = 100000
;; The maximum number of rows to import (-1 means unlimited)
; maxrows = -1
;; A number of initial rows to skip
; skiprows = 0
;; A comma-separated list of column names to ignore
; skipcols =
;; The maximum global number of parsing errors to ignore, -1 means unlimited
; maxparseerrors = -1
;; The maximum global number of insert errors to ignore, -1 means unlimited
; maxinserterrors = 1000
;; A file to store all rows that could not be imported, by default this is
;; import_<ks>_<table>.err where <ks> is your keyspace and <table> is your table name.
; errfile =
;; The min and max number of rows inserted in a single batch
; maxbatchsize = 20
; minbatchsize = 2
;; The number of rows that are passed to child worker processes from
;; the main process at a time
; chunksize = 1000
;; The options for COPY can also be specified per-table. The following
;; three sections demonstrate this.
;; Optional table-specific options for COPY
; [copy:mykeyspace.mytable]
; chunksize = 1000
;; Optional table-specific options for COPY FROM
; [copy-from:mykeyspace.mytable]
; ingestrate = 20000
;; Optional table-specific options for COPY TO
; [copy-to:mykeyspace.mytable]
; pagetimeout = 30

80
tip-wlan/charts/cassandra/templates/NOTES.txt
View File

@@ -1,65 +1,35 @@
** Please be patient while the chart is being deployed **
Cassandra CQL can be accessed via port {{ .Values.config.ports.cql }} on the following DNS name from within your cluster:
Cassandra Thrift can be accessed via port {{ .Values.config.ports.thrift }} on the following DNS name from within your cluster:
Cassandra can be accessed through the following URLs from within the cluster:
- CQL: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.port }}
- Thrift: {{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.domain }}:{{ .Values.service.thriftPort }}
To get your password run:
export CASSANDRA_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} -o jsonpath="{.data.cassandra-password}" | base64 --decode)
Check the cluster status by running:
kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "common.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status
To connect to your Cassandra cluster using CQL:
1. Run a Cassandra pod that you can use as a client:
kubectl run --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }}-client --rm --tty -i --restart='Never' \
--env CASSANDRA_PASSWORD=$CASSANDRA_PASSWORD \
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.name" . }}-client=true"{{ end }} \
--image {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} -- bash
2. Connect using the cqlsh client:
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD {{ template "common.fullname" . }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
"{{ template "common.fullname" . }}-client=true"
will be able to connect to Cassandra.
{{- else -}}
To connect to your database from outside the cluster execute the following commands:
If you want to connect to the remote instance with your local Cassandra CQL cli. To forward the API port to localhost:9042 run the following:
- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }') 9042:{{ .Values.config.ports.cql }}
If you want to connect to the Cassandra CQL run the following:
{{- if contains "NodePort" .Values.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.fullname" . }})
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $NODE_IP $NODE_PORT
- export CQL_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export CQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- cqlsh $CQL_HOST $CQL_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD $SERVICE_IP
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo cqlsh $SERVICE_IP
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} &
cqlsh -u {{ .Values.dbUser.user }} -p $CASSANDRA_PASSWORD 127.0.0.1 {{ .Values.service.port }}
{{- end }}
- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 9042:{{ .Values.config.ports.cql }}
echo cqlsh 127.0.0.1 9042
{{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
You can also see the cluster status by run the following:
- kubectl exec -it --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.name" . }},release={{ .Release.Name }} -o jsonpath='{.items[0].metadata.name}') nodetool status
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
To tail the logs for the Cassandra pod run the following:
- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "common.name" . }},release={{ .Release.Name }} -o jsonpath='{ .items[0].metadata.name }')
{{- end }}
{{- if not .Values.persistence.enabled }}
Note that the cluster is running with node-local storage instead of PersistentVolumes. In order to prevent data loss,
pods will be decommissioned upon termination. Decommissioning may take some time, so you might also want to adjust the
pod termination gace period, which is currently set to {{ .Values.podSettings.terminationGracePeriodSeconds }} seconds.
{{- end}}

76
tip-wlan/charts/cassandra/templates/_helpers.tpl
View File

@@ -1,71 +1,17 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cassandra.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
Create the name of the service account to use
*/}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- define "cassandra.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "cassandra.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the proper metrics image name
*/}}
{{- define "cassandra.metrics.image" -}}
{{- $registryName := .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "cassandra.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "cassandra.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "cassandra.tplValue" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

90
tip-wlan/charts/cassandra/templates/backup/cronjob.yaml Normal file
View File

@@ -0,0 +1,90 @@
{{- if .Values.backup.enabled }}
{{- $release := .Release }}
{{- $values := .Values }}
{{- $backup := $values.backup }}
{{- range $index, $schedule := $backup.schedule }}
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ include "common.fullname" $ }}-backup-{{ $schedule.keyspace | replace "_" "-" }}
labels:
app: {{ include "common.name" $ }}-cain
chart: {{ template "cassandra.chart" $ }}
release: "{{ $release.Name }}"
heritage: "{{ $release.Service }}"
spec:
schedule: {{ $schedule.cron | quote }}
concurrencyPolicy: Forbid
startingDeadlineSeconds: 120
jobTemplate:
spec:
template:
metadata:
annotations:
{{ toYaml $backup.annotations }}
spec:
restartPolicy: OnFailure
serviceAccountName: {{ template "cassandra.serviceAccountName" $ }}
containers:
- name: cassandra-backup
image: "{{ $backup.image.repository }}:{{ $backup.image.tag }}"
command: ["cain"]
args:
- backup
- --namespace
- {{ $release.Namespace }}
- --selector
- release={{ $release.Name }},app={{ include "common.name" $ }}
- --keyspace
- {{ $schedule.keyspace }}
- --dst
- {{ $backup.destination }}
{{- with $backup.extraArgs }}
{{ toYaml . | indent 12 }}
{{- end }}
env:
{{- if $backup.google.serviceAccountSecret }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/secrets/google/credentials.json"
{{- end }}
{{- with $backup.env }}
{{ toYaml . | indent 12 }}
{{- end }}
{{- with $backup.resources }}
resources:
{{ toYaml . | indent 14 }}
{{- end }}
{{- if $backup.google.serviceAccountSecret }}
volumeMounts:
- name: google-service-account
mountPath: /etc/secrets/google/
{{- end }}
{{- if $backup.google.serviceAccountSecret }}
volumes:
- name: google-service-account
secret:
secretName: {{ $backup.google.serviceAccountSecret | quote }}
{{- end }}
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ include "common.fullname" $ }}
- key: release
operator: In
values:
- {{ $release.Name }}
topologyKey: "kubernetes.io/hostname"
{{- with $values.tolerations }}
tolerations:
{{ toYaml . | indent 12 }}
{{- end }}
{{- end }}
{{- end }}

50
tip-wlan/charts/cassandra/templates/backup/rbac.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- if .Values.backup.enabled }}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "cassandra.serviceAccountName" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
---
{{- end }}
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "common.fullname" . }}-backup
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
rules:
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "common.fullname" . }}-backup
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "common.fullname" . }}-backup
subjects:
- kind: ServiceAccount
name: {{ template "cassandra.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

13
tip-wlan/charts/cassandra/templates/configmap.yaml
View File

@@ -1,7 +1,14 @@
apiVersion: v1
{{- if .Values.configOverrides }}
kind: ConfigMap
apiVersion: v1
metadata:
name: cassandra-configurations-override
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
{{ toYaml .Values.configOverrides | indent 2 }}
{{- end }}

29
tip-wlan/charts/cassandra/templates/headless-svc.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}-headless
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
spec:
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: intra
port: 7000
targetPort: intra
- name: tls
port: 7001
targetPort: tls
- name: jmx
port: 7199
targetPort: jmx
- name: cql
port: {{ .Values.service.port }}
targetPort: cql
{{- if .Values.cluster.enableRPC }}
- name: thrift
port: {{ .Values.service.thriftPort }}
targetPort: thrift
{{- end }}
selector: {{- include "common.selectorLabels" . | nindent 4 }}

38
tip-wlan/charts/cassandra/templates/networkpolicy.yaml
View File

@@ -1,38 +0,0 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "networkPolicy.apiVersion" . }}
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
ingress:
# Allow inbound connections
# CQL and Thrift ports
- ports:
- port: {{ .Values.service.port }}
- port: {{ .Values.service.thriftPort }}
from:
{{- if not .Values.networkPolicy.allowExternal }}
- podSelector:
matchLabels:
{{ include "common.fullname" . }}-client: "true"
{{- end }}
- podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
# Internal ports
- ports:
- port: intra
- port: tls
- port: jmx
from:
- podSelector:
matchLabels: {{- include "common.selectorLabels" . | nindent 14 }}
{{- if .Values.metrics.enabled }}
# Allow prometheus scrapes for metrics
- ports:
- port: 8080
{{- end }}
{{- end }}

40
tip-wlan/charts/cassandra/templates/secret.yaml
View File

@@ -1,40 +0,0 @@
{{- if (not .Values.dbUser.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.dbUser.password }}
cassandra-password: {{ .Values.dbUser.password | b64enc | quote }}
{{- else if (not .Values.dbUser.forcePassword) }}
cassandra-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ else }}
cassandra-password: {{ required "A Cassandra Password is required!" .Values.dbUser.password }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: cassandra-ssl-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
truststore-password: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ .Values.creds.sslKeystorePassword | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-client-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}

62
tip-wlan/charts/cassandra/templates/service.yaml
View File

@@ -3,30 +3,44 @@ kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
spec:
type: {{ .Values.service.type }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
clusterIP: None
type: {{ .Values.service.type }}
ports:
- name: cql
port: {{ .Values.service.port }}
targetPort: cql
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.cql)) }}
nodePort: {{ .Values.service.nodePorts.cql }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.cluster.enableRPC }}
- name: thrift
port: {{ .Values.service.thriftPort }}
targetPort: thrift
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.thrift)) }}
nodePort: {{ .Values.service.nodePorts.thrift }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.exporter.enabled }}
- name: metrics
port: 5556
targetPort: {{ .Values.exporter.port }}
{{- end }}
selector: {{- include "common.selectorLabels" . | nindent 4 }}
- name: intra
port: 7000
targetPort: 7000
- name: tls
port: 7001
targetPort: 7001
- name: jmx
port: 7199
targetPort: 7199
- name: cql
port: {{ default 9042 .Values.config.ports.cql }}
targetPort: {{ default 9042 .Values.config.ports.cql }}
- name: thrift
port: {{ default 9160 .Values.config.ports.thrift }}
targetPort: {{ default 9160 .Values.config.ports.thrift }}
{{- if .Values.config.ports.agent }}
- name: agent
port: {{ .Values.config.ports.agent }}
targetPort: {{ .Values.config.ports.agent }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}

465
tip-wlan/charts/cassandra/templates/statefulset.yaml
View File

@@ -3,304 +3,219 @@ kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
labels:
app: {{ include "common.name" . }}
chart: {{ template "cassandra.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
selector:
matchLabels: {{- include "common.selectorLabels" . | nindent 6 }}
serviceName: {{ include "common.fullname" . }}-headless
replicas: {{ .Values.cluster.replicaCount }}
matchLabels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
serviceName: {{ include "common.fullname" . }}
replicas: {{ .Values.config.cluster_size }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
updateStrategy:
type: {{ .Values.statefulset.updateStrategy }}
{{- if (eq "Recreate" .Values.statefulset.updateStrategy) }}
rollingUpdate: null
{{- else if .Values.statefulset.rollingUpdatePartition }}
rollingUpdate:
partition: {{ .Values.statefulset.rollingUpdatePartition }}
{{- end }}
type: {{ .Values.updateStrategy.type }}
template:
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }}
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
{{- if .Values.metrics.podAnnotations }}
{{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
{{- end }}
{{- end }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.affinity }}
affinity: {{- include "cassandra.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "cassandra.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "cassandra.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
hostNetwork: {{ .Values.hostNetwork }}
{{- if .Values.selector }}
{{ toYaml .Values.selector | indent 6 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.configOverrides }}
initContainers:
- name: volume-permissions
image: {{ include "cassandra.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami/cassandra
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/cassandra
{{- end }}
- name: config-copier
image: busybox
command: [ 'sh', '-c', 'cp /configmap-files/* /cassandra-configs/ && chown 999:999 /cassandra-configs/*']
volumeMounts:
{{- range $key, $value := .Values.configOverrides }}
- name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }}
mountPath: /configmap-files/{{ $key }}
subPath: {{ $key }}
{{- end }}
- name: cassandra-configs
mountPath: /cassandra-configs/
{{- end }}
containers:
- name: cassandra
command:
- bash
- -ec
# Node 0 is the password seeder
- |
if [[ $HOSTNAME =~ (.*)-0$ ]]; then
echo "Setting node as password seeder"
export CASSANDRA_PASSWORD_SEEDER=yes
else
# Only node 0 will execute the startup initdb scripts
export CASSANDRA_IGNORE_INITDB_SCRIPTS=1
fi
{{ .Values.entrypoint }} {{ .Values.cmd }}
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: CASSANDRA_CLUSTER_NAME
value: {{ .Values.cluster.name }}
- name: CASSANDRA_SEEDS
{{- $global := . }}
{{- $replicas := .Values.cluster.seedCount | int }}
{{- $domain := .Values.cluster.domain }}
value: "{{- range $i, $e := until $replicas }}{{ include "common.fullname" $global }}-{{ $i }}.{{ include "common.fullname" $global }}-headless.{{ $global.Values.global.nsPrefix }}.svc.{{ $domain }}{{- if (lt ( add1 $i ) $replicas ) }},{{- end }}{{- end }}"
- name: CASSANDRA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ if .Values.dbUser.existingSecret }}{{ .Values.dbUser.existingSecret }}{{- else }}{{ include "common.fullname" . }}{{- end }}
key: cassandra-password
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CASSANDRA_USER
value: {{ .Values.dbUser.user | quote }}
- name: CASSANDRA_NUM_TOKENS
value: {{ .Values.cluster.numTokens | quote }}
- name: CASSANDRA_DATACENTER
value: {{ .Values.cluster.datacenter }}
- name: CASSANDRA_ENDPOINT_SNITCH
value: {{ .Values.cluster.endpointSnitch }}
{{- if .Values.tlsEncryptionSecretName }}
- name: CASSANDRA_INTERNODE_ENCRYPTION
value: {{ .Values.cluster.internodeEncryption | quote }}
- name: CASSANDRA_CLIENT_ENCRYPTION
value: {{ .Values.cluster.clientEncryption | quote }}
- name: CASSANDRA_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.tlsEncryptionSecretName }}
key: truststore-password
- name: CASSANDRA_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.tlsEncryptionSecretName }}
key: keystore-password
{{- end }}
- name: CASSANDRA_RACK
value: {{ .Values.cluster.rack }}
{{- if .Values.jvm.maxHeapSize }}
- name: MAX_HEAP_SIZE
value: {{ .Values.jvm.maxHeapSize | quote }}
{{- end }}
{{- if .Values.jvm.newHeapSize }}
- name: HEAP_NEWSIZE
value: {{ .Values.jvm.newHeapSize | quote }}
{{- end }}
{{- if .Values.jvm.extraOpts }}
- name: JVM_EXTRA_OPTS
value: {{ .Values.jvm.extraOpts | quote }}
{{- end }}
- name: CASSANDRA_ENABLE_RPC
value: {{ .Values.cluster.enableRPC | quote }}
{{- if .Values.cluster.enableUDF }}
- name: CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS
value: {{ .Values.cluster.enableUDF | quote }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command: ["/bin/sh", "-c", "nodetool status"]
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- if .Values.exporter.enabled }}
- name: cassandra-exporter
image: "{{ .Values.exporter.image.repo }}:{{ .Values.exporter.image.tag }}"
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
env:
- name: CASSANDRA_EXPORTER_CONFIG_listenPort
value: {{ .Values.exporter.port | quote }}
- name: JVM_OPTS
value: {{ .Values.exporter.jvmOpts | quote }}
ports:
- name: metrics
containerPort: {{ .Values.exporter.port }}
protocol: TCP
- name: jmx
containerPort: 5555
livenessProbe:
tcpSocket:
port: {{ .Values.exporter.port }}
readinessProbe:
httpGet:
path: /metrics
port: {{ .Values.exporter.port }}
initialDelaySeconds: 20
timeoutSeconds: 45
{{- end }}
- name: {{ include "common.fullname" . }}
image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.commandOverrides }}
command: {{ .Values.commandOverrides }}
{{- end }}
{{- if .Values.argsOverrides }}
args: {{ .Values.argsOverrides }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
env:
{{- $seed_size := default 1 .Values.config.seed_size | int -}}
{{- $global := . }}
- name: CASSANDRA_SEEDS
{{- if .Values.hostNetwork }}
value: {{ required "You must fill \".Values.config.seeds\" with list of Cassandra seeds when hostNetwork is set to true" .Values.config.seeds | quote }}
{{- else }}
value: "{{- range $i, $e := until $seed_size }}{{ include "common.fullname" $global }}-{{ $i }}.{{ include "common.fullname" $global }}.{{ $global.Values.global.nsPrefix }}.svc.{{ $global.Values.config.cluster_domain }}{{- if (lt ( add1 $i ) $seed_size ) }},{{- end }}{{- end }}"
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command: ["/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+${POD_IP}\""]
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
{{- if not .Values.persistence.enabled }}
lifecycle:
preStop:
exec:
command:
- bash
- -ec
- nodetool decommission
{{- end }}
ports:
- name: intra
containerPort: 7000
- name: tls
containerPort: 7001
- name: jmx
containerPort: 7199
- name: cql
containerPort: 9042
{{- if .Values.cluster.enableRPC }}
- name: thrift
containerPort: 9160
{{- end }}
{{- if .Values.resources }}
resources: {{ toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /bitnami/cassandra
{{- if .Values.tlsEncryptionSecretName }}
- name: encryption-secrets
mountPath: /bitnami/cassandra/secrets
{{- end }}
{{- if .Values.initDBConfigMap }}
- name: init-db-cm
mountPath: /docker-entrypoint-initdb.d/configmap
{{- end }}
{{- if .Values.initDBSecret }}
- name: init-db-secret
mountPath: /docker-entrypoint-initdb.d/secret
{{- end }}
{{ if .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/cassandra/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: cassandra-client-certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
name: cassandra-client-certificates
subPath: cassandraservercert.pem
- mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
name: cassandra-client-certificates
subPath: cassandraserverkey_dec.pem
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ include "cassandra.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
ports:
- name: metrics
containerPort: 8080
protocol: TCP
- name: jmx
containerPort: 5555
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
livenessProbe:
tcpSocket:
port: metrics
readinessProbe:
httpGet:
path: /metrics
port: metrics
initialDelaySeconds: 20
timeoutSeconds: 45
- name: MAX_HEAP_SIZE
value: {{ default "8192M" .Values.config.max_heap_size | quote }}
- name: HEAP_NEWSIZE
value: {{ default "200M" .Values.config.heap_new_size | quote }}
- name: CASSANDRA_ENDPOINT_SNITCH
value: {{ default "SimpleSnitch" .Values.config.endpoint_snitch | quote }}
- name: CASSANDRA_CLUSTER_NAME
value: {{ default "Cassandra" .Values.config.cluster_name | quote }}
- name: CASSANDRA_DC
value: {{ default "DC1" .Values.config.dc_name | quote }}
- name: CASSANDRA_RACK
value: {{ default "RAC1" .Values.config.rack_name | quote }}
- name: CASSANDRA_START_RPC
value: {{ default "false" .Values.config.start_rpc | quote }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- range $key, $value := .Values.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
{{- end }}
livenessProbe:
exec:
command: [ "/bin/sh", "-c", "nodetool status" ]
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
readinessProbe:
exec:
command: [ "/bin/sh", "-c", "nodetool status | grep -E \"^UN\\s+{{ .Values.readinessProbe.address }}\"" ]
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
ports:
- name: intra
containerPort: 7000
- name: tls
containerPort: 7001
- name: jmx
containerPort: 7199
- name: cql
containerPort: {{ default 9042 .Values.config.ports.cql }}
- name: thrift
containerPort: {{ default 9160 .Values.config.ports.thrift }}
{{- if .Values.config.ports.agent }}
- name: agent
containerPort: {{ .Values.config.ports.agent }}
{{- end }}
volumeMounts:
- name: data
mountPath: /var/lib/cassandra
{{- if .Values.configOverrides }}
- name: cassandra-configs
mountPath: /etc/cassandra
{{- end }}
{{- if not .Values.persistence.enabled }}
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "exec nodetool decommission"]
{{- end }}
terminationGracePeriodSeconds: {{ default 30 .Values.podSettings.terminationGracePeriodSeconds }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
- name: {{ .Values.image.pullSecrets }}
{{- end }}
{{- if or .Values.configOverrides (not .Values.persistence.enabled) }}
volumes:
- name: cassandra-client-certificates
secret:
secretName: {{ include "common.fullname" . }}-client-certs
{{- if .Values.tlsEncryptionSecretName }}
- name: encryption-secrets
secret:
secretName: {{ .Values.tlsEncryptionSecretName }}
items:
- key: keystore
path: keystore
- key: truststore
path: truststore
{{- end }}
{{- if .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ tpl .Values.existingConfiguration $ }}
{{- end }}
{{- if .Values.initDBConfigMap }}
- name: init-db-cm
configMap:
name: {{ tpl .Values.initDBConfigMap $ }}
{{- end }}
{{- if .Values.initDBSecret }}
- name: init-db-secret
configMap:
name: {{ tpl .Values.initDBSecret $ }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.configOverrides }}
- configMap:
name: cassandra
name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }}
{{- end }}
{{- if .Values.configOverrides }}
- name: cassandra-configs
emptyDir: {}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
{{- if .Values.persistence.annotations }}
annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
- metadata:
name: data
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

27
tip-wlan/charts/cassandra/templates/tests/test-cassandra-record-insert-del.yaml
View File

@@ -11,12 +11,12 @@ metadata:
spec:
containers:
- name: {{ include "common.name" . }}-test-cassandra-basic
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
image: {{ .Values.image.repo }}:{{ .Values.image.tag }}
command:
- sh
- -c
- |
cqlsh --cqlshrc /bitnami/cassandra/conf/cqlshrc.tip-wlan -e \
cqlsh {{ include "common.fullname" . }}.{{ include "common.namespace" . }}.svc.{{ .Values.config.cluster_domain }} -e \
"CREATE KEYSPACE MYDB WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; \
use MYDB; \
CREATE TABLE BOOKS (id int PRIMARY KEY, title text, year text); \
@@ -26,28 +26,5 @@ spec:
SELECT * FROM BOOKS; \
DROP TABLE BOOKS; \
DROP KEYSPACE MYDB;"
volumeMounts:
{{ if .Values.existingConfiguration }}
- name: configurations
mountPath: /bitnami/cassandra/conf
{{- end }}
- mountPath: /opt/tip-wlan/certs/cacert.pem
name: cassandra-client-certificates
subPath: cacert.pem
- mountPath: /opt/tip-wlan/certs/cassandraservercert.pem
name: cassandra-client-certificates
subPath: cassandraservercert.pem
- mountPath: /opt/tip-wlan/certs/cassandraserverkey_dec.pem
name: cassandra-client-certificates
subPath: cassandraserverkey_dec.pem
restartPolicy: Never
volumes:
{{- if .Values.existingConfiguration }}
- name: configurations
configMap:
name: {{ tpl .Values.existingConfiguration $ }}
{{- end }}
- name: cassandra-client-certificates
secret:
secretName: {{ include "common.fullname" . }}-client-certs
{{- end }}

443
tip-wlan/charts/cassandra/values.yaml
View File

@@ -1,114 +1,28 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
# global:
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami Cassandra image version
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
##
## Cassandra image version
## ref: https://hub.docker.com/r/library/cassandra/
image:
registry: docker.io
repository: bitnami/cassandra
## Bitnami Cassandra image tag
## ref: https://github.com/bitnami/bitnami-docker-cassandra#supported-tags-and-respective-dockerfile-links
##
tag: 3.11.6-debian-10-r138
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
repo: cassandra
tag: 3.11.6
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH debugging in minideb-extras-base
##
debug: false
## Specify ImagePullSecrets for Pods
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
# pullSecrets: myregistrykey
## String to partially override cassandra.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override cassandra.fullname template
##
# fullnameOverride:
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
enabled: true
image:
registry: docker.io
repository: bitnami/minideb
tag: buster
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Service parameters
##
## Specify a service type
## ref: http://kubernetes.io/docs/user-guide/services/
service:
## Service type
##
type: ClusterIP
## CQL port
##
port: 9042
## Thrift Client API port
##
thriftPort: 9160
## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
cql: ""
thriftPort: ""
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
annotations: ""
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Persist data to a persistent volume
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: false
## Persistent Volume Storage Class
## cassandra data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
@@ -116,216 +30,207 @@ persistence:
## GKE, AWS & OpenStack)
##
storageClass: "-"
## Persistent Volume Claim annotations
##
annotations:
## Persistent Volume Access Mode
##
accessModes:
- ReadWriteOnce
## Persistent Volume size
##
accessMode: ReadWriteOnce
size: 1Gi
## Cassandra pods' resource requests and limits
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## Minimum memory for development is 4GB and 2 CPU cores
## Minimum memory for production is 8GB and 4 CPU cores
## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
##
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 2
resources: {}
# requests:
# memory: 4Gi
requests: {}
# cpu: 2
# limits:
# memory: 4Gi
# cpu: 2
## Secret with keystore, keystore password, truststore, truststore password
##
tlsEncryptionSecretName: cassandra-ssl-certs
## ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart
##
existingConfiguration: cassandra-configurations-override
## Cluster parameters
##
cluster:
name: TipWlanCluster
replicaCount: 3
seedCount: 2
numTokens: 256
datacenter: DC1
rack: RAC1
enableRPC: true
endpointSnitch: SimpleSnitch
## Enable the creation of the Pod Disruption Budget
##
pdbEnabled: true
## Minimum number of cluster nodes that will be running. Needs pdbEnabled=true
##
minAvailable: 1
## Maximum number of cluster nodes that may not be running. Needs pdbEnabled=true.
##
# maxUnavailable: 1
## Encryption values. NOTE: They require tlsEncryptionSecretName
##
internodeEncryption: all
clientEncryption: true
domain: cluster.local
## Change cassandra configuration parameters below:
## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/configCassandra_yaml.html
## Recommended max heap size is 1/2 of system memory
## Recommended heap new size is 1/4 of max heap size
## ref: http://docs.datastax.com/en/cassandra/3.0/cassandra/operations/opsTuneJVM.html
config:
cluster_domain: cluster.local
cluster_name: cassandra
cluster_size: 3
seed_size: 2
num_tokens: 256
# If you want Cassandra to use this datacenter and rack name,
# you need to set endpoint_snitch to GossipingPropertyFileSnitch.
# Otherwise, these values are ignored and datacenter1 and rack1
# are used.
dc_name: DC1
rack_name: RAC1
endpoint_snitch: SimpleSnitch
max_heap_size: 2048M
heap_new_size: 512M
start_rpc: false
ports:
cql: 9042
thrift: 9160
# If a JVM Agent is in place
# agent: 61621
## JVM Settings
##
jvm:
## Extra JVM options
##
extraOpts:
## Cassandra config files overrides
configOverrides: {}
## Memory settings: These are calculated automatically
## unless specified otherwise
##
# maxHeapSize: 4G
# newHeapSize: 800M
## Cassandra docker command overrides
commandOverrides: []
## Database credentials
##
dbUser:
user: cassandra
forcePassword: false
password: cassandra
# existingSecret:
## Cassandra docker args overrides
argsOverrides: []
## ConfigMap with cql scripts. Useful for creating a keyspace
## and pre-populating data
##
# initDBConfigMap:
## Custom env variables.
## ref: https://hub.docker.com/_/cassandra/
env: {}
## Secret with cql script (with sensitive data). Useful for creating a keyspace
## and pre-populating data
##
# initDBSecret:
## Cassandra container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
## Liveness and Readiness probe values.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
livenessProbe:
enabled: true
initialDelaySeconds: 60
initialDelaySeconds: 90
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
initialDelaySeconds: 90
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
failureThreshold: 3
address: "${POD_IP}"
## Configure node selector. Edit code below for adding selector to pods
## ref: https://kubernetes.io/docs/user-guide/node-selection/
# selector:
# nodeSelector:
# cloud.google.com/gke-nodepool: pool-db
## Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Additional pod-level settings
podSettings:
# Change this to give pods more time to properly leave the cluster when not using persistent storage.
terminationGracePeriodSeconds: 30
## Pod distruption budget
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 2
podManagementPolicy: OrderedReady
updateStrategy:
type: OnDelete
## Pod Security Context
securityContext:
enabled: false
fsGroup: 999
runAsUser: 999
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Node tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## StatefulSet settings
##
statefulset:
updateStrategy: OnDelete
# rollingUpdatePartition:
rbac:
# Specifies whether RBAC resources should be created
create: true
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
# name:
## Container entrypoint and cmd (useful for using different images)
##
entrypoint: "/entrypoint.sh"
cmd: "/run.sh"
# Use host network for Cassandra pods
# You must pass seed list into config.seeds property if set to true
hostNetwork: false
## Network policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## Specifies whether a NetworkPolicy should be created
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port Redis is listening
## on. When true, Redis will accept connections from any source
## (with the correct destination port).
##
# allowExternal: true
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
testsEnabled: true
## Cassandra Prometheus exporter configuration
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
##
metrics:
## Backup cronjob configuration
## Ref: https://github.com/maorfr/cain
backup:
enabled: false
# Schedule to run jobs. Must be in cron time format
# Ref: https://crontab.guru/
schedule:
- keyspace: keyspace1
cron: "0 7 * * *"
- keyspace: keyspace2
cron: "30 7 * * *"
annotations:
# Example for authorization to AWS S3 using kube2iam
# Can also be done using environment variables
iam.amazonaws.com/role: cain
image:
registry: docker.io
pullPolicy: IfNotPresent
repository: bitnami/cassandra-exporter
tag: 2.3.4-debian-10-r119
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Cassandra Prometheus exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
repository: maorfr/cain
tag: 0.6.0
# Additional arguments for cain
# Ref: https://github.com/maorfr/cain#usage
extraArgs: []
# Add additional environment variables
env:
# Example environment variable required for AWS credentials chain
- name: AWS_REGION
value: us-east-1
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
# cpu: 100m
# memory: 128Mi
requests: {}
# cpu: 100m
# memory: 128Mi
## Metrics exporter pod Annotation and Labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
creds:
sslKeystorePassword: DUMMY_PASSWORD
sslTruststorePassword: DUMMY_PASSWORD
requests:
memory: 1Gi
cpu: 1
limits:
memory: 1Gi
cpu: 1
# Name of the secret containing the credentials of the service account used by GOOGLE_APPLICATION_CREDENTIALS, as a credentials.json file
# google:
# serviceAccountSecret:
# Destination to store the backup artifacts
# Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage, Google Cloud Storage
# Additional support can added. Visit this repository for details
# Ref: https://github.com/maorfr/skbn
destination: s3://bucket/cassandra
## Cassandra exported configuration
## ref: https://github.com/criteo/cassandra_exporter
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels: {}
# prometheus: default
image:
repo: criteord/cassandra_exporter
tag: 2.0.2
port: 5556
jvmOpts: ""
resources: {}
# limits:
# cpu: 1
# memory: 1Gi
# requests:
# cpu: 1
# memory: 1Gi

19
tip-wlan/charts/common/Chart.yaml
View File

@@ -1,11 +1,18 @@
# Chart for deploying Common templates that are used by other charts
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
description: Common templates for inclusion in other charts
name: common
version: 0.1.0
dependencies:
- name: efs-provisioner
version: 1.0.0
condition: efs-provisioner.enabled

7
tip-wlan/charts/common/charts/efs-provisioner/Chart.yaml
View File

@@ -1,7 +0,0 @@
# Chart for deploying EFS Provisioner including it's storage class
#
apiVersion: v1
description: EFS-Provisioner Chart to be used by other charts for file storage
name: efs-provisioner
version: 1.0.0

41
tip-wlan/charts/common/charts/efs-provisioner/templates/deployment.yaml
View File

@@ -1,41 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.provisioner.replicaCount }}
strategy:
type: {{ .Values.provisioner.strategyType }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "common.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.provisioner.image.name }}:{{ .Values.provisioner.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: FILE_SYSTEM_ID
value: {{ .Values.provisioner.efsFileSystemId }}
- name: AWS_REGION
value: {{ .Values.provisioner.awsRegion }}
- name: DNS_NAME
value: {{ .Values.provisioner.dnsName }}
- name: PROVISIONER_NAME
value: {{ .Values.provisioner.provisionerName }}
volumeMounts:
- name: pv-volume
mountPath: /persistentvolumes
volumes:
- name: pv-volume
nfs:
server: {{ .Values.provisioner.efsDnsName }}
path: /

103
tip-wlan/charts/common/charts/efs-provisioner/templates/rbac.yaml
View File

@@ -1,103 +0,0 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- create
- update
- patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}-{{ .Values.provisioner.nameExtension}}
namespace: {{ include "common.namespace" . }}
roleRef:
kind: Role
name: {{ include "common.name" . }}
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- "storage.k8s.io"
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- update
- patch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- create
- update
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceAccountName" . }}
namespace: {{ include "common.namespace" . }}
roleRef:
kind: ClusterRole
name: {{ include "common.name" . }}
apiGroup: rbac.authorization.k8s.io

11
tip-wlan/charts/common/charts/efs-provisioner/templates/serviceaccount.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}

6
tip-wlan/charts/common/charts/efs-provisioner/templates/storage-class.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.provisioner.storageClass }}
provisioner: {{ .Values.provisioner.provisionerName }}
allowVolumeExpansion: true

28
tip-wlan/charts/common/charts/efs-provisioner/values.yaml
View File

@@ -1,28 +0,0 @@
#################################################################
# Global configuration default values that can be inherited by
# all subcharts.
#################################################################
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: efs-provisioner
## EFS Provisioner related properties
provisioner:
nameExtension: efs-provisioner
replicaCount: 1
strategyType: Recreate
image:
name: quay.io/external_storage/efs-provisioner
tag: latest
efsFileSystemId: fs-8a3fa867
awsRegion: ca-central-1
dnsName: ""
provisionerName: shared-provisioner
efsDnsName: fs-8a3fa867.efs.ca-central-1.amazonaws.com
storageClass: aws-efs

28
tip-wlan/charts/common/templates/_env.tpl
View File

@@ -10,8 +10,32 @@
{{- end -}}
{{- define "common.env" -}}
- name: {{ .Values.env.ssc_url }}
- name: {{ .Values.env.url.alarm }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.prov_url }}
- name: {{ .Values.env.url.client }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.cloudEventDispatcher }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.customer }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.firmware }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.location }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.profile }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.serviceMetrics }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.equipment }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.manufacturer }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.portalUser }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
- name: {{ .Values.env.url.routing }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.status }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.url.systemEvent }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
{{- end -}}

24
tip-wlan/charts/common/templates/_ports.tpl
View File

@@ -1,24 +0,0 @@
{{/*
This template will be used to iterate through the debug-ports and generate
debug-ports mapping
*/}}
{{- define "container.dev.debugport" -}}
{{- range $index, $portid := .Values.debugPorts }}
- name: debugport-{{ $index }}
containerPort: {{ $portid }}
protocol: TCP
{{- end }}
{{- end -}}
{{- define "service.dev.debugport" -}}
{{- range $index, $portid := .Values.debugPorts }}
- port: {{ $portid }}
targetPort: {{ $portid }}
protocol: TCP
name: debugport-{{ $index }}
{{- if eq $.Values.service.type "NodePort" }}
nodePort: {{ $portid }}
{{- end }}
{{- end }}
{{- end -}}

43
tip-wlan/charts/common/templates/_svc.tpl
View File

@@ -18,27 +18,6 @@ else use user-provided URL
{{- end -}}
{{- end -}}
{{/*
Resolve the Kafka service-name to apply to a chart.
*/}}
{{- define "kafka.service" -}}
{{- printf "%s-%s" .Release.Name .Values.kafka.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Cassandra service-name to apply to a chart.
*/}}
{{- define "cassandra.service" -}}
{{- printf "%s-%s" .Release.Name .Values.cassandra.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the MQTT service-name to apply to a chart.
*/}}
{{- define "mqtt.service" -}}
{{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the integratedcloudcomponent service-name to apply to a chart.
*/}}
@@ -58,26 +37,4 @@ else use user-provided URL
*/}}
{{- define "ssc.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Opensync-gw service-name to apply to a chart.
*/}}
{{- define "opensyncgw.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "portal.sharedPvc.name" -}}
{{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
{{- end -}}
{{/*
Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "filestore.dir.name" -}}
{{- printf "%s" .Values.filestore.internal | trunc 63 -}}
{{- end -}}

6
tip-wlan/charts/common/values.yaml
View File

@@ -1,8 +1,4 @@
#################################################################
# Global configuration default values that can be inherited by
# all subcharts.
#################################################################
# Enabling common components
efs-provisioner:
enabled: false
#################################################################

2
tip-wlan/charts/kafka/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

17
tip-wlan/charts/kafka/templates/configmap.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-clientconfig
namespace: {{ include "common.namespace" . }}
data:
admin-client.properties: |
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
ssl.keystore.type=PKCS12
ssl.truststore.location=/etc/kafka/secrets/truststore.jks
ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
ssl.truststore.type=JKS
bootstrap.servers=tip-wlan-kafka-headless:9093

18
tip-wlan/charts/kafka/templates/secret.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
type: Opaque
data:
truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}

2
tip-wlan/charts/kafka/templates/service-brokers.yaml
View File

@@ -8,7 +8,7 @@ metadata:
spec:
ports:
- name: broker
port: {{ .Values.headless.sslPort }}
port: 9092
targetPort: kafka
selector:
{{- include "kafka.broker.matchLabels" . | nindent 4 }}

11
tip-wlan/charts/kafka/templates/service-headless.yaml
View File

@@ -12,15 +12,10 @@ metadata:
{{- end }}
spec:
ports:
# - name: broker
# port: {{ .Values.headless.port }}
# {{- if .Values.headless.targetPort }}
# targetPort: {{ .Values.headless.targetPort }}
# {{- end }}
- name: broker
port: {{ .Values.headless.sslPort }}
{{- if .Values.headless.targetSslPort }}
targetPort: {{ .Values.headless.targetSslPort }}
port: {{ .Values.headless.port }}
{{- if .Values.headless.targetPort }}
targetPort: {{ .Values.headless.targetPort }}
{{- end }}
clusterIP: None
selector:

26
tip-wlan/charts/kafka/templates/statefulset.yaml
View File

@@ -91,7 +91,7 @@ spec:
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
ports:
- containerPort: {{ .Values.headless.sslPort }}
- containerPort: 9092
name: kafka
{{- if .Values.external.enabled }}
{{- $replicas := .Values.replicas | int }}
@@ -170,24 +170,6 @@ spec:
{{- end }}
exec /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
- mountPath: /etc/kafka/secrets/key_creds
name: kafka-certificates
subPath: key_creds
- mountPath: /etc/kafka/secrets/keystore_creds
name: kafka-certificates
subPath: keystore_creds
- mountPath: /etc/kafka/secrets/truststore_creds
name: kafka-certificates
subPath: truststore_creds
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- name: datadir
mountPath: {{ .Values.persistence.mountPath | quote }}
{{- range $secret := .Values.secrets }}
@@ -207,12 +189,6 @@ spec:
{{- end }}
{{- end }}
volumes:
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
{{- if not .Values.persistence.enabled }}
- name: datadir
emptyDir: {}

38
tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml
View File

@@ -14,47 +14,17 @@ spec:
- sh
- -c
- |
# List topics:
echo "##### Listing existing topics #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
# Create the topic
echo "##### Create topic helm-test-topic-create-consume-produce #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists
echo "##### Produce the test message #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --topic helm-test-topic-create-consume-produce --create --partitions 1 --replication-factor 1 --if-not-exists && \
# Create a message
MESSAGE="`date -u`"
MESSAGE="`date -u`" && \
# Produce a test message to the topic
echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}-headless:9093 --producer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce
echo "##### Consume the test message from the topic #####"
echo "$MESSAGE" | kafka-console-producer --broker-list {{ include "common.fullname" . }}:9092 --topic helm-test-topic-create-consume-produce && \
# Consume a test message from the topic
kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9093 --consumer.config /etc/kafka/admin-client.properties --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
echo "##### Listing current topics including our new topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
kafka-console-consumer --bootstrap-server {{ include "common.fullname" . }}-headless:9092 --topic helm-test-topic-create-consume-produce --from-beginning --timeout-ms 2000 --max-messages 1 | grep "$MESSAGE"
# Delete the messages from topic
echo "##### Delete messages from our topic #####"
kafka-configs --zookeeper {{ include "zookeeper.url" . }} --alter --entity-type topics --entity-name helm-test-topic-create-consume-produce --add-config retention.ms=1000
# Mark topic for deletion
echo "##### Mark our topic for Deletion #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --delete --topic helm-test-topic-create-consume-produce
# List topics:
echo "##### Listing topics after deleting our newly created topic #####"
kafka-topics --zookeeper {{ include "zookeeper.url" . }} --list
volumeMounts:
- mountPath: /etc/kafka/admin-client.properties
name: kafka-client-config
subPath: admin-client.properties
- mountPath: /etc/kafka/secrets/truststore.jks
name: kafka-certificates
subPath: truststore.jks
- mountPath: /etc/kafka/secrets/kafka-server.pkcs12
name: kafka-certificates
subPath: kafka-server.pkcs12
restartPolicy: Never
volumes:
- name: kafka-client-config
configMap:
name: {{ include "common.fullname" . }}-clientconfig
- name: kafka-certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
{{- end }}

25
tip-wlan/charts/kafka/values.yaml
View File

@@ -135,7 +135,6 @@ headless:
# annotations:
# targetPort:
port: 9092
sslPort: 9093
## External access.
##
@@ -183,22 +182,6 @@ configurationOverrides:
# "auto.create.topics.enable": true
# "controlled.shutdown.enable": true
# "controlled.shutdown.max.retries": 100
# "ssl.secret.dir": "/opt/tip-wlan/certs"
# "ssl.keystore.filename": "kafka-server.pkcs12"
# "ssl.key.credentials": "mypassword"
# "ssl.truststore.filename": "kafka_server_keystore.jks"
# "ssl.truststore.credentials": "mypassword"
advertised.listeners: SSL://tip-wlan-kafka-headless:9093
ssl.client.auth: required
ssl.endpoint.identification.algorithm: ""
security.inter.broker.protocol: SSL
ssl.key.credentials: "key_creds"
ssl.keystore.filename: "kafka-server.pkcs12"
ssl.keystore.credentials: "keystore_creds"
ssl.keystore.type: "PKCS12"
ssl.truststore.filename: "truststore.jks"
ssl.truststore.credentials: "truststore_creds"
ssl.truststore.type: "JKS"
## Options required for external access via NodePort
## ref:
@@ -286,9 +269,6 @@ topics:
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
# - name: myNewTopicWithConfig
# partitions: 8
# replicationFactor: 3
@@ -353,8 +333,3 @@ zookeeper:
# labelSelector:
# matchLabels:
# release: zookeeper
creds:
sslTruststorePassword: DUMMY_PASSWORD
sslKeystorePassword: DUMMY_PASSWORD
sslKeyPassword: DUMMY_PASSWORD

3
tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
View File

@@ -6,5 +6,4 @@ metadata:
labels:
{{- include "common.labels" . | nindent 4 }}
data:
external-status-address: {{ .Values.controller.config.externalStatusAddress }}
client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
external-status-address: {{ .Values.controller.config.externalStatusAddress }}

4
tip-wlan/charts/nginx-ingress-controller/templates/controller-deployment.yaml
View File

@@ -56,7 +56,7 @@ spec:
containerPort: 80
- name: https
containerPort: 443
{{ if and (.Values.controller.customPorts) (not .Values.byPassNginxForTcpConnections.enabled )}}
{{ if .Values.controller.customPorts }}
{{ toYaml .Values.controller.customPorts | indent 8 }}
{{ end }}
{{- if .Values.prometheus.create }}
@@ -127,7 +127,5 @@ spec:
- -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
- -enable-custom-resources={{ .Values.controller.enableCustomResources }}
- -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
{{- if not .Values.byPassNginxForTcpConnections.enabled }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "common.name" . }}-global-configuration
{{- end}}
{{- end }}

4
tip-wlan/charts/nginx-ingress-controller/templates/controller-global-configuration.yaml
View File

@@ -1,4 +1,3 @@
{{- if not .Values.byPassNginxForTcpConnections.enabled -}}
apiVersion: k8s.nginx.org/v1alpha1
kind: GlobalConfiguration
metadata:
@@ -14,5 +13,4 @@ spec:
protocol: TCP
- name: opensync-mqtt-port-listener
port: 1883
protocol: TCP
{{- end -}}
protocol: TCP

2
tip-wlan/charts/nginx-ingress-controller/templates/controller-service.yaml
View File

@@ -27,7 +27,7 @@ spec:
{{- end }}
type: {{ .Values.controller.service.type }}
ports:
{{- if and (.Values.controller.service.customPorts) (not .Values.byPassNginxForTcpConnections.enabled )}}
{{- if .Values.controller.service.customPorts }}
{{ toYaml .Values.controller.service.customPorts | indent 2 }}
{{ end }}
{{- if .Values.controller.service.httpPort.enable }}

10
tip-wlan/charts/nginx-ingress-controller/values.yaml
View File

@@ -53,9 +53,6 @@ controller:
## External IP Address
externalStatusAddress: "192.168.56.101"
## Max message size coming from the Client
clientMaxBodySize: "20m"
## It is recommended to use your own TLS certificates and keys
defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
@@ -272,13 +269,6 @@ rbac:
## Configures RBAC.
create: true
## This property will prevent exposing TCP ports for passthrough connections
## Instead we are opening up these services as NodePorts
## We were seeing issues with AP <-- --> MQTT connecitivity when using NGINX
## as passthrough for TCP Connections
byPassNginxForTcpConnections:
enabled: true
prometheus:
## Expose NGINX or NGINX Plus metrics in the Prometheus format.
create: false

35
tip-wlan/charts/opensync-gw-cloud/resources/config/certs/httpClientConfig.json
View File

@@ -1,21 +1,18 @@
{
"maxConnectionsTotal": 100,
"maxConnectionsPerRoute": 10,
"truststoreType": "JKS",
"truststoreProvider": "SUN",
"truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass": "mypassword",
"keystoreType": "JKS",
"keystoreProvider": "SUN",
"keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass": "mypassword",
"keyAlias": "clientkeyalias",
"credentialsList": [
{
"host": "localhost",
"port": -1,
"user": "user",
"password": "password"
}
"maxConnectionsTotal":100,
"maxConnectionsPerRoute":10,
"truststoreType":"JKS",
"truststoreProvider":"SUN",
"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass":"mypassword",
"keystoreType":"JKS",
"keystoreProvider":"SUN",
"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass":"mypassword",
"keyAlias":"clientkeyalias",
"credentialsList":[
{"host":"localhost","port":-1,"user":"user","password":"password"}
]
}
}

79
tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml
View File

@@ -1,79 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<appender name="mqttDataFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/mqttData.log</file>
<append>true</append>
<encoder>
<pattern>%date %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/mqttData.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG" additivity="false">
<appender-ref ref="mqttDataFile"/>
</logger>
<root level="WARN">
<appender-ref ref="logfile"/>
<appender-ref ref="stdout"/>
</root>
</configuration>

7
tip-wlan/charts/opensync-gw-cloud/templates/configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

111
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -1,9 +1,7 @@
{{- $icc := include "integratedcloudcomponent.service" . -}}
{{- $prov := include "prov.service" . -}}
{{- $ssc := include "ssc.service" . -}}
{{- $mqtt := include "mqtt.service" . -}}
{{- $ns := include "common.namespace" . -}}
{{- $file_store_path := include "filestore.dir.name" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -27,43 +25,6 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-mqtt-readiness
image: eclipse-mosquitto:latest
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
counter=0
while [ $counter -lt 10 ] && [ $status -ne 0 ]
do
echo {{ $mqtt }} service isnt ready. Tried $counter times
sleep 2
counter=`expr $counter + 1`
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
done
if [ $status -eq 0 ]
then
echo {{ $mqtt }} service is ready!
else
echo {{ $mqtt }} service failed to respond after 20 secs
exit 1
fi
volumeMounts:
- mountPath: /certs/cacert.pem
name: certificates
subPath: cacert.pem
- mountPath: /certs/clientcert.pem
name: certificates
subPath: clientcert.pem
- mountPath: /certs/clientkey.pem
name: certificates
subPath: clientkey.pem
{{- if .Values.global.integratedDeployment }}
- name: {{ include "common.name" . }}-readiness-int-cloud
image: alpine
@@ -72,6 +33,7 @@ spec:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
apk add curl
url=https://{{ $icc }}/ping
counter=0
@@ -99,6 +61,7 @@ spec:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
apk add curl
url=https://{{ $prov }}/ping
counter=0
@@ -125,6 +88,7 @@ spec:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
apk add curl
url=https://{{ $ssc }}/ping
counter=0
@@ -149,11 +113,7 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
@@ -172,44 +132,7 @@ spec:
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
env:
{{- include "common.env" . | nindent 12 }}
- name: OVSDB_MANAGER
value: {{ .Values.externalhost.address.ovsdb }}
- name: OVSDB_EXTERNAL_PORT
value: "{{ .Values.externalhost.ports.ovsdb }}"
- name: OVSDB_MANAGER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MQTT_SERVER_INTERNAL
value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
- name: MQTT_SERVER_EXTERNAL
value: {{ .Values.externalhost.address.mqtt }}
- name: MQTT_BROKER_EXTERNAL_PORT
value: "{{ .Values.externalhost.ports.mqtt }}"
{{- if .Values.global.integratedDeployment }}
- name: INTEGRATED_SERVER
value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
{{- else }}
- name: PROV_SERVER
value: {{ .Release.Name }}-{{ .Values.prov.url }}
- name: SSC_SERVER
value: {{ .Release.Name }}-{{ .Values.ssc.url }}
{{- end }}
- name: FILE_STORE_DIRECTORY_INTERNAL
value: {{ $file_store_path }}
- name: FILE_STORE_URL
value: {{ .Values.filestore.url }}
- name: DEFAULT_LAN_NAME
value: {{ .Values.ethernetType.lanName }}
- name: DEFAULT_LAN_TYPE
value: {{ .Values.ethernetType.lanType }}
- name: DEFAULT_WAN_TYPE
value: {{ .Values.ethernetType.wanType }}
- name: DEFAULT_WAN_NAME
value: {{ .Values.ethernetType.wanName }}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
@@ -226,11 +149,6 @@ spec:
- mountPath: /opt/tip-wlan/certs/ssl.properties
name: certificates
subPath: ssl.properties
- mountPath: /app/opensync/logback.xml
name: logback-config
subPath: logback.xml
- mountPath: {{ $file_store_path }}
name: file-store-data
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -238,17 +156,6 @@ spec:
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
- name: {{ .Values.service.name4 }}
containerPort: {{ .Values.service.port4 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name5 }}
containerPort: {{ .Values.service.port5 }}
protocol: TCP
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -268,13 +175,3 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
- name: file-store-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "portal.sharedPvc.name" . }}
{{- else }}
emptyDir: {}
{{- end }}

19
tip-wlan/charts/opensync-gw-cloud/templates/service.yaml
View File

@@ -12,28 +12,9 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- port: {{ .Values.service.port4 }}
targetPort: {{ .Values.service.port4 }}
protocol: TCP
name: {{ .Values.service.name4 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port5 }}
targetPort: {{ .Values.service.port5 }}
protocol: TCP
name: {{ .Values.service.name5 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

73
tip-wlan/charts/opensync-gw-cloud/values.yaml
View File

@@ -56,41 +56,12 @@ probes:
# Enable/Disable Helm tests
testsEnabled: false
# Enable/Disable Remote debugging
debug:
enabled: false
service:
type: NodePort
type: ClusterIP
port1: 6640
nodePort1: 29
name1: controller
port2: 6643
name2: redirector
nodePort2: 30
port3: 9096
name3: server
nodePort3: 27
port4: 9097
name4: internal
nodePort4: 28
port5: 5005
name5: debug
nodePort5: 26
persistence:
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
# the filestore internal: location of the folder where UI files will be stored
# on the PV
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# can download the files from. Override this value (url) to the configured
# HTTP server in your system
filestore:
internal: "/tmp/filestore"
url: DUMMY_FILESTORE_HTTPS_URL
integratedcloudcomponent:
url: wlan-integrated-cloud-component-service
@@ -104,37 +75,6 @@ ssc:
url: wlan-ssc-service
port: 9032
mqtt:
url: opensync-mqtt-broker
portal:
url: wlan-portal-service
sharedPvc:
name: file-store-data
ordinal: 0
# These are the address and ports for the externalhost
# This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override
# them in dev override file for your respective environments.
# the default values below would be used if not overriden
externalhost:
address:
ovsdb: opensync-gw-cloud
mqtt: opensync-mqtt-broker
ports:
ovsdb: 6640
mqtt: 1883
ethernetType:
lanName: "lan"
lanType: "bridge"
wanType: "bridge"
wanName: "wan"
ingress:
enabled: false
annotations: {}
@@ -165,14 +105,3 @@ nodeSelector: {}
tolerations: []
affinity: {}
env:
protocol: https
ssc_url: SSC_RELEASE_URL
prov_url: PROV_RELEASE_URL
ssc:
service: wlan-ssc-service
port: 9031
prov:
service: wlan-prov-service
port: 9091

35
tip-wlan/charts/opensync-gw-static/resources/config/certs/httpClientConfig.json
View File

@@ -1,21 +1,18 @@
{
"maxConnectionsTotal": 100,
"maxConnectionsPerRoute": 10,
"truststoreType": "JKS",
"truststoreProvider": "SUN",
"truststoreFile": "file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass": "mypassword",
"keystoreType": "JKS",
"keystoreProvider": "SUN",
"keystoreFile": "file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass": "mypassword",
"keyAlias": "clientkeyalias",
"credentialsList": [
{
"host": "localhost",
"port": -1,
"user": "user",
"password": "password"
}
"maxConnectionsTotal":100,
"maxConnectionsPerRoute":10,
"truststoreType":"JKS",
"truststoreProvider":"SUN",
"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass":"mypassword",
"keystoreType":"JKS",
"keystoreProvider":"SUN",
"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass":"mypassword",
"keyAlias":"clientkeyalias",
"credentialsList":[
{"host":"localhost","port":-1,"user":"user","password":"password"}
]
}
}

75
tip-wlan/charts/opensync-gw-static/resources/config/logback.xml
View File

@@ -1,75 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG"/>
<!--
<logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
-->
<root level="WARN">
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

7
tip-wlan/charts/opensync-gw-static/templates/configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

10
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -24,11 +24,7 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
@@ -64,9 +60,6 @@ spec:
- mountPath: /opt/tip-wlan/certs/ssl.properties
name: certificates
subPath: ssl.properties
- mountPath: /app/opensync/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -93,6 +86,3 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config

2
tip-wlan/charts/opensync-mqtt-broker/resources/config/mosquitto.conf
View File

@@ -6,7 +6,7 @@ use_identity_as_username true
allow_anonymous false
allow_duplicate_messages true
autosave_interval 900
log_dest stdout
log_dest file /mosquitto/log/mosquitto.log
max_queued_bytes 0
max_queued_messages 0
message_size_limit 0

2
tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml
View File

@@ -12,11 +12,9 @@ spec:
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

15
tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml
View File

@@ -43,21 +43,6 @@ spec:
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-init-dir-ownership-change
image: alpine:3.6
# Change ownership to `mosquitto` user for a mounted volume
command:
- sh
- -c
- |
chown -R 1883:1883 /mosquitto/data
chown -R 1883:1883 /mosquitto/db
volumeMounts:
- name: data
mountPath: /mosquitto/data
- name: db
mountPath: /mosquitto/db
containers:
- name: {{ .Chart.Name }}
securityContext:

4
tip-wlan/charts/opensync-mqtt-broker/values.yaml
View File

@@ -54,13 +54,11 @@ probes:
testsEnabled: false
service:
type: NodePort
type: ClusterIP
port1: 1883
name1: listener
nodePort1: 31
port2: 9001
name2: debug
nodePort2: 32
ingress:
enabled: false

0
tip-wlan/charts/cassandra/.helmignore → tip-wlan/charts/postgresql/.helmignore
View File

20
tip-wlan/charts/postgresql/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: postgresql
version: 8.9.6
appVersion: 11.7.0
description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
keywords:
- postgresql
- postgres
- database
- sql
- replication
- cluster
home: https://www.postgresql.org/
icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png
sources:
- https://github.com/bitnami/bitnami-docker-postgresql
maintainers:
- name: Bitnami
email: containers@bitnami.com
engine: gotpl

580
tip-wlan/charts/postgresql/README.md Normal file
View File

@@ -0,0 +1,580 @@
# PostgreSQL
[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha)
## TL;DR;
```console
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/postgresql
```
## Introduction
This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
## Prerequisites
- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm install my-release bitnami/postgresql
```
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
The following tables lists the configurable parameters of the PostgreSQL chart and their default values.
| Parameter | Description | Default |
|-----------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|
| `global.imageRegistry` | Global Docker Image registry | `nil` |
| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` |
| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` |
| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` |
| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` |
| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` |
| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `image.registry` | PostgreSQL Image registry | `docker.io` |
| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` |
| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `image.debug` | Specify if debug values should be set | `false` |
| `nameOverride` | String to partially override common.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override common.fullname template with a string | `nil` |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` |
| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` |
| `ldap.enabled` | Enable LDAP support | `false` |
| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` |
| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` |
| `ldap.server` | IP address or name of the LDAP server. | `nil` |
| `ldap.port` | Port number on the LDAP server to connect to | `nil` |
| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` |
| `ldap.tls` | Set to `1` to use TLS encryption | `nil` |
| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` |
| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` |
| `ldap.search_attr` | Attribute to match agains the user name in the search | `nil` |
| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` |
| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` |
| `ldap.bindDN` | DN of user to bind to LDAP | `nil` |
| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` |
| `replication.enabled` | Enable replication | `false` |
| `replication.user` | Replication user | `repl_user` |
| `replication.password` | Replication user password | `repl_password` |
| `replication.slaveReplicas` | Number of slaves replicas | `1` |
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` |
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` |
| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ |
| `postgresqlUsername` | PostgreSQL admin user | `postgres` |
| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ |
| `postgresqlDatabase` | PostgreSQL database | `nil` |
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) |
| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` |
| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` |
| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` |
| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` |
| `postgresqlConfiguration` | Runtime Config Parameters | `nil` |
| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` |
| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` |
| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` |
| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` |
| `initdbScripts` | Dictionary of initdb scripts | `nil` |
| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` |
| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.port` | PostgreSQL port | `5432` |
| `service.nodePort` | Kubernetes Service nodePort | `nil` |
| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) |
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` |
| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` |
| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` |
| `persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` |
| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` |
| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` |
| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` |
| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` |
| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` |
| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` |
| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` |
| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` |
| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` |
| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` |
| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` |
| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` |
| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` |
| `master.sidecars` | Add additional containers to the pod | `[]` |
| `master.service.type` | Allows using a different service type for Master | `nil` |
| `master.service.nodePort` | Allows using a different nodePort for Master | `nil` |
| `master.service.clusterIP` | Allows using a different clusterIP for Master | `nil` |
| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` |
| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` |
| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` |
| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` |
| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` |
| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` |
| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` |
| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` |
| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` |
| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` |
| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` |
| `slave.sidecars` | Add additional containers to the pod | `[]` |
| `slave.service.type` | Allows using a different service type for Slave | `nil` |
| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` |
| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` |
| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` |
| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` |
| `serviceAcccount.name` | Name of existing service account | `nil` |
| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` |
| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
| `livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `livenessProbe.timeoutSeconds` | When the probe times out | 5 |
| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 |
| `readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `readinessProbe.timeoutSeconds` | When the probe times out | 5 |
| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.service.type` | Kubernetes Service type | `ClusterIP` |
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` |
| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` |
| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` |
| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` |
| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` |
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql |
| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` |
| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `metrics.customMetrics` | Additional custom metrics | `nil` |
| `metrics.securityContext.enabled` | Enable security context for metrics | `false` |
| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` |
| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 |
| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 |
| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 |
| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` |
| `psp.create` | Create Pod Security Policy | `false` |
| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install my-release \
--set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \
bitnami/postgresql
```
The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml bitnami/postgresql
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Production configuration and horizontal scaling
This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one.
- Enable replication:
```diff
- replication.enabled: false
+ replication.enabled: true
```
- Number of slaves replicas:
```diff
- replication.slaveReplicas: 1
+ replication.slaveReplicas: 2
```
- Set synchronous commit mode:
```diff
- replication.synchronousCommit: "off"
+ replication.synchronousCommit: "on"
```
- Number of replicas that will have synchronous replication:
```diff
- replication.numSynchronousReplicas: 0
+ replication.numSynchronousReplicas: 1
```
- Start a prometheus exporter:
```diff
- metrics.enabled: false
+ metrics.enabled: true
```
To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above.
### Customizing Master and Slave services in a replicated configuration
At the top level, there is a service object which defines the services for both master and slave. For deeper customization, there are service objects for both the master and slave types individually. This allows you to override the values in the top level service object so that the master and slave can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the master and slave to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the master.service or slave.service objects will take precedence over the top level service object.
### Change PostgreSQL version
To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0`
### postgresql.conf / pg_hba.conf files as configMap
This helm chart also supports to customize the whole configuration file.
Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server.
Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}.
In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options.
### Allow settings to be loaded from files other than the default `postgresql.conf`
If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory.
Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`.
Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option.
### Initialize a fresh instance
The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap.
Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict.
In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter.
The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
### Sidecars
If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
```yaml
# For the PostgreSQL master
master:
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
# For the PostgreSQL replicas
slave:
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
### Metrics
The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml).
The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details.
### Use of global variables
In more complex scenarios, we may have the following tree of dependencies
```
+--------------+
| |
+------------+ Chart 1 +-----------+
| | | |
| --------+------+ |
| | |
| | |
| | |
| | |
v v v
+-------+------+ +--------+------+ +--------+------+
| | | | | |
| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 |
| | | | | |
+--------------+ +---------------+ +---------------+
```
The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters:
```
postgresql.postgresqlPassword=testtest
subchart1.postgresql.postgresqlPassword=testtest
subchart2.postgresql.postgresqlPassword=testtest
postgresql.postgresqlDatabase=db1
subchart1.postgresql.postgresqlDatabase=db1
subchart2.postgresql.postgresqlDatabase=db1
```
If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows:
```
global.postgresql.postgresqlPassword=testtest
global.postgresql.postgresqlDatabase=db1
```
This way, the credentials will be available in all of the subcharts.
## Persistence
The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished.
## NetworkPolicy
To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
```console
$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 5432.
For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL.
This label will be displayed in the output of a successful install.
## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image
- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image.
- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift.
- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false
### Deploy chart using Docker Official PostgreSQL Image
From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image.
Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory.
```
image.repository=postgres
image.tag=10.6
postgresqlDataDir=/data/pgdata
persistence.mountPath=/data/
```
## Upgrade
It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart:
```bash
$ helm upgrade my-release stable/postgresql \
--set postgresqlPassword=[POSTGRESQL_PASSWORD] \
--set replication.password=[REPLICATION_PASSWORD]
```
> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes.
## 8.0.0
Prefixes the port names with their protocols to comply with Istio conventions.
If you depend on the port names in your setup, make sure to update them to reflect this change.
## 7.1.0
Adds support for LDAP configuration.
## 7.0.0
Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
This major version bump signifies this change.
## 6.5.7
In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies:
- protobuf
- protobuf-c
- json-c
- geos
- proj
## 5.0.0
In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/).
For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs:
```console
Welcome to the Bitnami postgresql container
Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
Send us your feedback at containers@bitnami.com
INFO ==> ** Starting PostgreSQL setup **
NFO ==> Validating settings in POSTGRESQL_* env vars..
INFO ==> Initializing PostgreSQL database...
INFO ==> postgresql.conf file not detected. Generating it...
INFO ==> pg_hba.conf file not detected. Generating it...
INFO ==> Deploying PostgreSQL with persisted data...
INFO ==> Configuring replication parameters
INFO ==> Loading custom scripts...
INFO ==> Enabling remote connections
INFO ==> Stopping PostgreSQL...
INFO ==> ** PostgreSQL setup finished! **
INFO ==> ** Starting PostgreSQL **
[1] FATAL: database files are incompatible with server
[1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3.
```
In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one.
### 4.0.0
This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately.
IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error
```
The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development
```
### 3.0.0
This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods.
It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride.
#### Breaking changes
- `affinty` has been renamed to `master.affinity` and `slave.affinity`.
- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`.
- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`.
### 2.0.0
In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps:
- Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running
```console
$ kubectl get svc
```
- Install (not upgrade) the new version
```console
$ helm repo update
$ helm install my-release bitnami/postgresql
```
- Connect to the new pod (you can obtain the name by running `kubectl get pods`):
```console
$ kubectl exec -it NAME bash
```
- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart:
```console
$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql
```
After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`).
This operation could take some time depending on the database size.
- Once you have the backup file, you can restore it with a command like the one below:
```console
$ psql -U postgres DATABASE_NAME < /tmp/backup.sql
```
In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt).
If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below.
```console
$ psql -U postgres
postgres=# drop database DATABASE_NAME;
postgres=# create database DATABASE_NAME;
postgres=# create user USER_NAME;
postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD';
postgres=# grant all privileges on database DATABASE_NAME to USER_NAME;
postgres=# alter database DATABASE_NAME owner to USER_NAME;
```

4
tip-wlan/charts/postgresql/ci/commonAnnotations.yaml Normal file
View File

@@ -0,0 +1,4 @@
commonAnnotations:
helm.sh/hook: "pre-install, pre-upgrade"
helm.sh/hook-weight: "-1"

2
tip-wlan/charts/postgresql/ci/shmvolume-disabled-values.yaml Normal file
View File

@@ -0,0 +1,2 @@
shmVolume:
enabled: false

1
tip-wlan/charts/postgresql/files/README.md Normal file
View File

@@ -0,0 +1 @@
Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map.

4
tip-wlan/charts/postgresql/files/conf.d/README.md Normal file
View File

@@ -0,0 +1,4 @@
If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files.
These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`.
More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file).

3
tip-wlan/charts/postgresql/files/docker-entrypoint-initdb.d/README.md Normal file
View File

@@ -0,0 +1,3 @@
You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image.
More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository.

60
tip-wlan/charts/postgresql/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,60 @@
** Please be patient while the chart is being deployed **
PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster:
{{ template "common.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection
{{- if .Values.replication.enabled }}
{{ template "common.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection
{{- end }}
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
To get the password for "postgres" run:
export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode)
{{- end }}
To get the password for "{{ template "postgresql.username" . }}" run:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode)
To connect to your database run the following command:
kubectl run {{ template "common.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
--labels="{{ template "common.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "common.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster.
{{- end }}
To connect to your database from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.fullname" . }})
{{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }}
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
{{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }}
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} &
{{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }}
{{- end }}
{{- include "postgresql.validateValues" . -}}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}

370
tip-wlan/charts/postgresql/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,370 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "postgresql.master.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}}
{{- if .Values.replication.enabled -}}
{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper PostgreSQL image name
*/}}
{{- define "postgresql.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL postgres user password
*/}}
{{- define "postgresql.postgres.password" -}}
{{- if .Values.global.postgresql.postgresqlPostgresPassword }}
{{- .Values.global.postgresql.postgresqlPostgresPassword -}}
{{- else if .Values.postgresqlPostgresPassword -}}
{{- .Values.postgresqlPostgresPassword -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL password
*/}}
{{- define "postgresql.password" -}}
{{- if .Values.global.postgresql.postgresqlPassword }}
{{- .Values.global.postgresql.postgresqlPassword -}}
{{- else if .Values.postgresqlPassword -}}
{{- .Values.postgresqlPassword -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL replication password
*/}}
{{- define "postgresql.replication.password" -}}
{{- if .Values.global.postgresql.replicationPassword }}
{{- .Values.global.postgresql.replicationPassword -}}
{{- else if .Values.replication.password -}}
{{- .Values.replication.password -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL username
*/}}
{{- define "postgresql.username" -}}
{{- if .Values.global.postgresql.postgresqlUsername }}
{{- .Values.global.postgresql.postgresqlUsername -}}
{{- else -}}
{{- .Values.postgresqlUsername -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL replication username
*/}}
{{- define "postgresql.replication.username" -}}
{{- if .Values.global.postgresql.replicationUser }}
{{- .Values.global.postgresql.replicationUser -}}
{{- else -}}
{{- .Values.replication.user -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL port
*/}}
{{- define "postgresql.port" -}}
{{- if .Values.global.postgresql.servicePort }}
{{- .Values.global.postgresql.servicePort -}}
{{- else -}}
{{- .Values.service.port -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL created database
*/}}
{{- define "postgresql.database" -}}
{{- if .Values.global.postgresql.postgresqlDatabase }}
{{- .Values.global.postgresql.postgresqlDatabase -}}
{{- else if .Values.postgresqlDatabase -}}
{{- .Values.postgresqlDatabase -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name to change the volume permissions
*/}}
{{- define "postgresql.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper PostgreSQL metrics image name
*/}}
{{- define "postgresql.metrics.image" -}}
{{- $registryName := default "docker.io" .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := default "latest" .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Get the password secret.
*/}}
{{- define "postgresql.secretName" -}}
{{- if .Values.global.postgresql.existingSecret }}
{{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}}
{{- else if .Values.existingSecret -}}
{{- printf "%s" (tpl .Values.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "common.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "postgresql.createSecret" -}}
{{- if .Values.global.postgresql.existingSecret }}
{{- else if .Values.existingSecret -}}
{{- else -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Get the configuration ConfigMap name.
*/}}
{{- define "postgresql.configurationCM" -}}
{{- if .Values.configurationConfigMap -}}
{{- printf "%s" (tpl .Values.configurationConfigMap $) -}}
{{- else -}}
{{- printf "%s-configuration" (include "common.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the extended configuration ConfigMap name.
*/}}
{{- define "postgresql.extendedConfigurationCM" -}}
{{- if .Values.extendedConfConfigMap -}}
{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}}
{{- else -}}
{{- printf "%s-extended-configuration" (include "common.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap should be mounted with PostgreSQL configuration
*/}}
{{- define "postgresql.mountConfigurationCM" -}}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Get the initialization scripts ConfigMap name.
*/}}
{{- define "postgresql.initdbScriptsCM" -}}
{{- if .Values.initdbScriptsConfigMap -}}
{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}}
{{- else -}}
{{- printf "%s-init-scripts" (include "common.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the initialization scripts Secret name.
*/}}
{{- define "postgresql.initdbScriptsSecret" -}}
{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}}
{{- end -}}
{{/*
Get the metrics ConfigMap name.
*/}}
{{- define "postgresql.metricsCM" -}}
{{- printf "%s-metrics" (include "common.fullname" .) -}}
{{- end -}}
{{/*
Get the readiness probe command
*/}}
{{- define "postgresql.readinessProbeCommand" -}}
- |
{{- if (include "postgresql.database" .) }}
exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
{{- if contains "bitnami/" .Values.image.repository }}
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
{{- end -}}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "postgresql.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "postgresql.tplValue" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "postgresql.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "postgresql.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
*/}}
{{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
postgresql: ldap.url, ldap.server
You cannot set both `ldap.url` and `ldap.server` at the same time.
Please provide a unique way to configure LDAP.
More info at https://www.postgresql.org/docs/current/auth-ldap.html
{{- end -}}
{{- end -}}
{{/*
Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
*/}}
{{- define "postgresql.validateValues.psp" -}}
{{- if and .Values.psp.create (not .Values.rbac.create) }}
postgresql: psp.create, rbac.create
RBAC should be enabled if PSP is enabled in order for PSP to work.
More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podsecuritypolicy.
*/}}
{{- define "podsecuritypolicy.apiVersion" -}}
{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "policy/v1beta1" -}}
{{- end -}}
{{- end -}}

30
tip-wlan/charts/postgresql/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.fullname" . }}-configuration
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if (.Files.Glob "files/postgresql.conf") }}
{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }}
{{- else if .Values.postgresqlConfiguration }}
postgresql.conf: |
{{- range $key, $value := default dict .Values.postgresqlConfiguration }}
{{ $key | snakecase }}={{ $value }}
{{- end }}
{{- end }}
{{- if (.Files.Glob "files/pg_hba.conf") }}
{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }}
{{- else if .Values.pgHbaConfiguration }}
pg_hba.conf: |
{{ .Values.pgHbaConfiguration | indent 4 }}
{{- end }}
{{ end }}

25
tip-wlan/charts/postgresql/templates/extended-config-configmap.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.fullname" . }}-extended-configuration
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- with .Files.Glob "files/conf.d/*.conf" }}
{{ .AsConfig | indent 2 }}
{{- end }}
{{ with .Values.postgresqlExtendedConf }}
override.conf: |
{{- range $key, $value := . }}
{{ $key | snakecase }}={{ $value }}
{{- end }}
{{- end }}
{{- end }}

28
tip-wlan/charts/postgresql/templates/initialization-configmap.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.fullname" . }}-init-scripts
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }}
binaryData:
{{- range $path, $bytes := . }}
{{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
{{- end }}
{{- end }}
data:
{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }}
{{ .AsConfig | indent 2 }}
{{- end }}
{{- with .Values.initdbScripts }}
{{ toYaml . | indent 2 }}
{{- end }}
{{- end }}

27
tip-wlan/charts/postgresql/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if (include "postgresql.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }}
{{- end }}
postgresql-password: {{ include "postgresql.password" . | b64enc | quote }}
{{- if .Values.replication.enabled }}
postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }}
{{- end }}
{{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}}
postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }}
{{- end }}
{{- end -}}

306
tip-wlan/charts/postgresql/templates/statefulset-slaves.yaml Normal file
View File

@@ -0,0 +1,306 @@
{{- if .Values.replication.enabled }}
apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: "{{ template "common.fullname" . }}-slave"
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.slave.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- with .Values.slave.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
serviceName: {{ template "common.fullname" . }}-headless
replicas: {{ .Values.replication.slaveReplicas }}
selector:
matchLabels:
app: {{ template "common.name" . }}
release: {{ .Release.Name | quote }}
role: slave
template:
metadata:
name: {{ template "common.fullname" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
role: slave
{{- with .Values.slave.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.slave.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
- name: {{ .Values.image.pullSecrets }}
{{- end }}
{{- if .Values.slave.nodeSelector }}
nodeSelector:
{{ toYaml .Values.slave.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.slave.affinity }}
affinity:
{{ toYaml .Values.slave.affinity | indent 8 }}
{{- end }}
{{- if .Values.slave.tolerations }}
tolerations:
{{ toYaml .Values.slave.tolerations | indent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ default (include "common.fullname" . ) .Values.serviceAccount.name}}
{{- end }}
{{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
initContainers:
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
command:
- /bin/sh
- -cx
- |
{{- if .Values.persistence.enabled }}
mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
xargs chown -R `id -u`:`id -G | cut -d " " -f2`
{{- else }}
xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
{{- end }}
{{- end }}
{{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
chmod -R 777 /dev/shm
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext:
{{- else }}
securityContext:
runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
{{- end }}
volumeMounts:
{{ if .Values.persistence.enabled }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
mountPath: /dev/shm
{{- end }}
{{- end }}
{{- if .Values.slave.extraInitContainers }}
{{ tpl .Values.slave.extraInitContainers . | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.slave.priorityClassName }}
priorityClassName: {{ .Values.slave.priorityClassName }}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}
image: {{ template "postgresql.image" . }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: POSTGRESQL_VOLUME_DIR
value: "{{ .Values.persistence.mountPath }}"
- name: POSTGRESQL_PORT_NUMBER
value: "{{ template "postgresql.port" . }}"
{{- if .Values.persistence.mountPath }}
- name: PGDATA
value: {{ .Values.postgresqlDataDir | quote }}
{{- end }}
- name: POSTGRES_REPLICATION_MODE
value: "slave"
- name: POSTGRES_REPLICATION_USER
value: {{ include "postgresql.replication.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_REPLICATION_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
{{- else }}
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-replication-password
{{- end }}
- name: POSTGRES_CLUSTER_APP_NAME
value: {{ .Values.replication.applicationName }}
- name: POSTGRES_MASTER_HOST
value: {{ template "common.fullname" . }}
- name: POSTGRES_MASTER_PORT_NUMBER
value: {{ include "postgresql.port" . | quote }}
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
{{- else }}
- name: POSTGRES_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-postgres-password
{{- end }}
{{- end }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
ports:
- name: tcp-postgresql
containerPort: {{ template "postgresql.port" . }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- /bin/sh
- -c
{{- if (include "postgresql.database" .) }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- -e
{{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
mountPath: /dev/shm
{{- end }}
{{- if .Values.persistence.enabled }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{ end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
mountPath: /bitnami/postgresql/conf/conf.d/
{{- end }}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
{{- if .Values.slave.extraVolumeMounts }}
{{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.slave.sidecars }}
{{- include "postgresql.tplValue" ( dict "value" .Values.slave.sidecars "context" $ ) | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.usePasswordFile }}
- name: postgresql-password
secret:
secretName: {{ template "postgresql.secretName" . }}
{{- end }}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
- name: postgresql-config
configMap:
name: {{ template "postgresql.configurationCM" . }}
{{- end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
configMap:
name: {{ template "postgresql.extendedConfigurationCM" . }}
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 1Gi
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- if .Values.slave.extraVolumes }}
{{- toYaml .Values.slave.extraVolumes | nindent 8 }}
{{- end }}
updateStrategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "Recreate" .Values.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
{{- with .Values.persistence.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "postgresql.storageClass" . }}
{{- end }}
{{- end }}

461
tip-wlan/charts/postgresql/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,461 @@
apiVersion: {{ template "postgresql.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "postgresql.master.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.master.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- with .Values.slave.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
serviceName: {{ template "common.fullname" . }}-headless
replicas: 1
updateStrategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "Recreate" .Values.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
selector:
matchLabels:
app: {{ template "common.name" . }}
release: {{ .Release.Name | quote }}
role: master
template:
metadata:
name: {{ template "common.fullname" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
role: master
{{- with .Values.master.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
- name: {{ .Values.image.pullSecrets }}
{{- end }}
{{- if .Values.master.nodeSelector }}
nodeSelector: {{- toYaml .Values.master.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.master.affinity }}
affinity: {{- toYaml .Values.master.affinity | nindent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations: {{- toYaml .Values.master.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ default (include "common.fullname" . ) .Values.serviceAccount.name }}
{{- end }}
{{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
initContainers:
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
command:
- /bin/sh
- -cx
- |
{{- if .Values.persistence.enabled }}
mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
xargs chown -R `id -u`:`id -G | cut -d " " -f2`
{{- else }}
xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
{{- end }}
{{- end }}
{{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
chmod -R 777 /dev/shm
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext:
{{- else }}
securityContext:
runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
{{- end }}
volumeMounts:
{{- if .Values.persistence.enabled }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
mountPath: /dev/shm
{{- end }}
{{- end }}
{{- if .Values.master.extraInitContainers }}
{{- tpl .Values.master.extraInitContainers . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName }}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}
image: {{ template "postgresql.image" . }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: POSTGRESQL_PORT_NUMBER
value: "{{ template "postgresql.port" . }}"
- name: POSTGRESQL_VOLUME_DIR
value: "{{ .Values.persistence.mountPath }}"
{{- if .Values.postgresqlInitdbArgs }}
- name: POSTGRES_INITDB_ARGS
value: {{ .Values.postgresqlInitdbArgs | quote }}
{{- end }}
{{- if .Values.postgresqlInitdbWalDir }}
- name: POSTGRES_INITDB_WALDIR
value: {{ .Values.postgresqlInitdbWalDir | quote }}
{{- end }}
{{- if .Values.initdbUser }}
- name: POSTGRESQL_INITSCRIPTS_USERNAME
value: {{ .Values.initdbUser }}
{{- end }}
{{- if .Values.initdbPassword }}
- name: POSTGRESQL_INITSCRIPTS_PASSWORD
value: {{ .Values.initdbPassword }}
{{- end }}
{{- if .Values.persistence.mountPath }}
- name: PGDATA
value: {{ .Values.postgresqlDataDir | quote }}
{{- end }}
{{- if .Values.replication.enabled }}
- name: POSTGRES_REPLICATION_MODE
value: "master"
- name: POSTGRES_REPLICATION_USER
value: {{ include "postgresql.replication.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_REPLICATION_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
{{- else }}
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-replication-password
{{- end }}
{{- if not (eq .Values.replication.synchronousCommit "off")}}
- name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
value: {{ .Values.replication.synchronousCommit | quote }}
- name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
value: {{ .Values.replication.numSynchronousReplicas | quote }}
{{- end }}
- name: POSTGRES_CLUSTER_APP_NAME
value: {{ .Values.replication.applicationName }}
{{- end }}
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
{{- else }}
- name: POSTGRES_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-postgres-password
{{- end }}
{{- end }}
- name: POSTGRES_USER
value: {{ include "postgresql.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
{{- if (include "postgresql.database" .) }}
- name: POSTGRES_DB
value: {{ (include "postgresql.database" .) | quote }}
{{- end }}
{{- if .Values.extraEnv }}
{{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
{{- end }}
- name: POSTGRESQL_ENABLE_LDAP
value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }}
{{- if .Values.ldap.enabled }}
- name: POSTGRESQL_LDAP_SERVER
value: {{ .Values.ldap.server }}
- name: POSTGRESQL_LDAP_PORT
value: {{ .Values.ldap.port | quote }}
- name: POSTGRESQL_LDAP_SCHEME
value: {{ .Values.ldap.scheme }}
{{- if .Values.ldap.tls }}
- name: POSTGRESQL_LDAP_TLS
value: "1"
{{- end}}
- name: POSTGRESQL_LDAP_PREFIX
value: {{ .Values.ldap.prefix | quote }}
- name: POSTGRESQL_LDAP_SUFFIX
value: {{ .Values.ldap.suffix | quote}}
- name: POSTGRESQL_LDAP_BASE_DN
value: {{ .Values.ldap.baseDN }}
- name: POSTGRESQL_LDAP_BIND_DN
value: {{ .Values.ldap.bindDN }}
{{- if (not (empty .Values.ldap.bind_password)) }}
- name: POSTGRESQL_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-ldap-password
{{- end}}
- name: POSTGRESQL_LDAP_SEARCH_ATTR
value: {{ .Values.ldap.search_attr }}
- name: POSTGRESQL_LDAP_SEARCH_FILTER
value: {{ .Values.ldap.search_filter }}
- name: POSTGRESQL_LDAP_URL
value: {{ .Values.ldap.url }}
{{- end}}
{{- if .Values.extraEnvVarsCM }}
envFrom:
- configMapRef:
name: {{ tpl .Values.extraEnvVarsCM . }}
{{- end }}
ports:
- name: tcp-postgresql
containerPort: {{ template "postgresql.port" . }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- /bin/sh
- -c
{{- if (include "postgresql.database" .) }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- -e
{{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
{{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/
{{- end }}
{{- if .Values.initdbScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/secret
{{- end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
mountPath: /bitnami/postgresql/conf/conf.d/
{{- end }}
{{- if .Values.usePasswordFile }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
mountPath: /dev/shm
{{- end }}
{{- if .Values.persistence.enabled }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
{{- if .Values.master.extraVolumeMounts }}
{{- toYaml .Values.master.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.master.sidecars }}
{{- include "postgresql.tplValue" ( dict "value" .Values.master.sidecars "context" $ ) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "postgresql.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.metrics.securityContext.runAsUser }}
{{- end }}
env:
{{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }}
- name: DATA_SOURCE_URI
value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }}
{{- if .Values.usePasswordFile }}
- name: DATA_SOURCE_PASS_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: DATA_SOURCE_PASS
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
- name: DATA_SOURCE_USER
value: {{ template "postgresql.username" . }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /
port: http-metrics
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /
port: http-metrics
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.metrics.customMetrics }}
- name: custom-metrics
mountPath: /conf
readOnly: true
args: ["--extend.query-path", "/conf/custom-metrics.yaml"]
{{- end }}
ports:
- name: http-metrics
containerPort: 9187
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- end }}
volumes:
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
- name: postgresql-config
configMap:
name: {{ template "postgresql.configurationCM" . }}
{{- end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
configMap:
name: {{ template "postgresql.extendedConfigurationCM" . }}
{{- end }}
{{- if .Values.usePasswordFile }}
- name: postgresql-password
secret:
secretName: {{ template "postgresql.secretName" . }}
{{- end }}
{{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "postgresql.initdbScriptsCM" . }}
{{- end }}
{{- if .Values.initdbScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "postgresql.initdbScriptsSecret" . }}
{{- end }}
{{- if .Values.master.extraVolumes }}
{{- toYaml .Values.master.extraVolumes | nindent 8 }}
{{- end }}
{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
- name: custom-metrics
configMap:
name: {{ template "postgresql.metricsCM" . }}
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 1Gi
{{- end }}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
{{- with .Values.persistence.existingClaim }}
claimName: {{ tpl . $ }}
{{- end }}
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: data
{{- with .Values.persistence.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "postgresql.storageClass" . }}
{{- end }}

23
tip-wlan/charts/postgresql/templates/svc-headless.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.fullname" . }}-headless
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-postgresql
port: {{ template "postgresql.port" . }}
targetPort: tcp-postgresql
selector:
app: {{ template "common.name" . }}
release: {{ .Release.Name | quote }}

47
tip-wlan/charts/postgresql/templates/svc-read.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.replication.enabled }}
{{- $serviceAnnotations := coalesce .Values.slave.service.annotations .Values.service.annotations -}}
{{- $serviceType := coalesce .Values.slave.service.type .Values.service.type -}}
{{- $serviceLoadBalancerIP := coalesce .Values.slave.service.loadBalancerIP .Values.service.loadBalancerIP -}}
{{- $serviceLoadBalancerSourceRanges := coalesce .Values.slave.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}}
{{- $serviceClusterIP := coalesce .Values.slave.service.clusterIP .Values.service.clusterIP -}}
{{- $serviceNodePort := coalesce .Values.slave.service.nodePort .Values.service.nodePort -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.fullname" . }}-read
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if $serviceAnnotations }}
{{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ $serviceType }}
{{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }}
loadBalancerIP: {{ $serviceLoadBalancerIP }}
{{- end }}
{{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }}
{{- end }}
{{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }}
clusterIP: {{ $serviceClusterIP }}
{{- end }}
ports:
- name: tcp-postgresql
port: {{ template "postgresql.port" . }}
targetPort: tcp-postgresql
{{- if $serviceNodePort }}
nodePort: {{ $serviceNodePort }}
{{- end }}
selector:
app: {{ template "common.name" . }}
release: {{ .Release.Name | quote }}
role: slave
{{- end }}

45
tip-wlan/charts/postgresql/templates/svc.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- $serviceAnnotations := coalesce .Values.master.service.annotations .Values.service.annotations -}}
{{- $serviceType := coalesce .Values.master.service.type .Values.service.type -}}
{{- $serviceLoadBalancerIP := coalesce .Values.master.service.loadBalancerIP .Values.service.loadBalancerIP -}}
{{- $serviceLoadBalancerSourceRanges := coalesce .Values.master.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}}
{{- $serviceClusterIP := coalesce .Values.master.service.clusterIP .Values.service.clusterIP -}}
{{- $serviceNodePort := coalesce .Values.master.service.nodePort .Values.service.nodePort -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if $serviceAnnotations }}
{{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ $serviceType }}
{{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }}
loadBalancerIP: {{ $serviceLoadBalancerIP }}
{{- end }}
{{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- include "postgresql.tplValue" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }}
{{- end }}
{{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }}
clusterIP: {{ $serviceClusterIP }}
{{- end }}
ports:
- name: tcp-postgresql
port: {{ template "postgresql.port" . }}
targetPort: tcp-postgresql
{{- if $serviceNodePort }}
nodePort: {{ $serviceNodePort }}
{{- end }}
selector:
app: {{ template "common.name" . }}
release: {{ .Release.Name | quote }}
role: master

51
tip-wlan/charts/postgresql/templates/tests/test-postgres-record-insert-del.yaml Normal file
View File

@@ -0,0 +1,51 @@
{{- if .Values.testsEnabled -}}
# NOTE: For the test to work, make sure that the cluster-size remains the same
# if you are doing helm-del and then helm-install with existing pvc.
apiVersion: v1
kind: Pod
metadata:
name: {{ include "common.fullname" . }}-test-insertion-deletion
namespace: {{ include "common.namespace" . }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: {{ include "common.name" . }}-test-postgres-basic
image: {{ template "postgresql.image" . }}
env:
- name: POSTGRES_USER
value: {{ include "postgresql.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
command:
- sh
- -c
- |
PGPASSWORD=$POSTGRES_PASSWORD psql -h {{ include "common.fullname" . }} -U $POSTGRES_USER << EOF
\l ;
DROP DATABASE IF EXISTS TEST;
CREATE DATABASE TEST;
\c test ;
CREATE TABLE IF NOT EXISTS TEST_TABLE (id int, name text);
\d ;
SELECT id,name FROM TEST_TABLE;
INSERT INTO TEST_TABLE VALUES (1, 'Test-user'), (2, 'User-2');
SELECT id,name FROM TEST_TABLE;
DELETE FROM TEST_TABLE where id=2;
SELECT id,name FROM TEST_TABLE;
DROP TABLE TEST_TABLE;
\c postgres;
DROP DATABASE test;
\l ;
\q
EOF
restartPolicy: Never
{{- end }}

103
tip-wlan/charts/postgresql/values.schema.json Normal file
View File

@@ -0,0 +1,103 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"postgresqlUsername": {
"type": "string",
"title": "Admin user",
"form": true
},
"postgresqlPassword": {
"type": "string",
"title": "Password",
"form": true
},
"persistence": {
"type": "object",
"properties": {
"size": {
"type": "string",
"title": "Persistent Volume Size",
"form": true,
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi"
}
}
},
"resources": {
"type": "object",
"title": "Required Resources",
"description": "Configure resource requests",
"form": true,
"properties": {
"requests": {
"type": "object",
"properties": {
"memory": {
"type": "string",
"form": true,
"render": "slider",
"title": "Memory Request",
"sliderMin": 10,
"sliderMax": 2048,
"sliderUnit": "Mi"
},
"cpu": {
"type": "string",
"form": true,
"render": "slider",
"title": "CPU Request",
"sliderMin": 10,
"sliderMax": 2000,
"sliderUnit": "m"
}
}
}
}
},
"replication": {
"type": "object",
"form": true,
"title": "Replication Details",
"properties": {
"enabled": {
"type": "boolean",
"title": "Enable Replication",
"form": true
},
"slaveReplicas": {
"type": "integer",
"title": "Slave Replicas",
"form": true,
"hidden": {
"condition": false,
"value": "replication.enabled"
}
}
}
},
"volumePermissions": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"form": true,
"title": "Enable Init Containers",
"description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup"
}
}
},
"metrics": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"title": "Configure metrics exporter",
"form": true
}
}
}
}
}

571
tip-wlan/charts/postgresql/values.yaml Normal file
View File

@@ -0,0 +1,571 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
global:
postgresql: {}
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
##
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.7.0-debian-10-r99
# repository: postgres
# tag: 10.6
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH and NAMI debugging in minideb
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## String to partially override common.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override common.fullname template
##
# fullnameOverride:
##
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
enabled: false
image:
registry: docker.io
repository: bitnami/minideb
tag: buster
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container Security Context
## Note: the chown of the data folder is done to securityContext.runAsUser
## and not the below volumePermissions.securityContext.runAsUser
## When runAsUser is set to special value "auto", init container will try to chwon the
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
##
securityContext:
runAsUser: 0
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Pod Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
enabled: false
## Name of an already existing service account. Setting this value disables the automatic service account creation.
# name:
## Pod Security Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
psp:
create: false
## Creates role for ServiceAccount
## Required for PSP
rbac:
create: false
replication:
enabled: false
user: repl_user
password: repl_password
slaveReplicas: 1
## Set synchronous commit mode: on, off, remote_apply, remote_write and local
## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
synchronousCommit: "off"
## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
## NOTE: It cannot be > slaveReplicas
numSynchronousReplicas: 0
## Replication Cluster application name. Useful for defining multiple replication policies
applicationName: my_application
## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`)
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!)
# postgresqlPostgresPassword:
## PostgreSQL user (has superuser privileges if username is `postgres`)
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
postgresqlUsername: postgres
## PostgreSQL password
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
##
postgresqlPassword: DUMMY_POSTGRES_PASSWORD
## PostgreSQL password using existing secret
## existingSecret: secret
## Mount PostgreSQL secret as a file instead of passing environment variable
# usePasswordFile: false
## Create a database
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
##
# postgresqlDatabase:
## PostgreSQL data dir
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
postgresqlDataDir: /bitnami/postgresql/data
# postgresqlDataDir: /data/pgdata
## An array to add extra environment variables
## For example:
## extraEnv:
## - name: FOO
## value: "bar"
##
# extraEnv:
extraEnv: []
## Name of a ConfigMap containing extra env vars
##
# extraEnvVarsCM:
## Specify extra initdb args
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
# postgresqlInitdbArgs:
## Specify a custom location for the PostgreSQL transaction log
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
# postgresqlInitdbWalDir:
## PostgreSQL configuration
## Specify runtime configuration parameters as a dict, using camelCase, e.g.
## {"sharedBuffers": "500MB"}
## Alternatively, you can put your postgresql.conf under the files/ directory
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
##
# postgresqlConfiguration:
## PostgreSQL extended configuration
## As above, but _appended_ to the main configuration
## Alternatively, you can put your *.conf under the files/conf.d/ directory
## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
##
# postgresqlExtendedConf:
## PostgreSQL client authentication configuration
## Specify content for pg_hba.conf
## Default: do not create pg_hba.conf
## Alternatively, you can put your pg_hba.conf under the files/ directory
pgHbaConfiguration: |-
local all all trust
host all all localhost trust
host all all 0.0.0.0/0 trust
host all all ::/0 trust
# host mydatabase mysuser 192.168.0.0/24 md5
## ConfigMap with PostgreSQL configuration
## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration
# configurationConfigMap:
## ConfigMap with PostgreSQL extended configuration
# extendedConfConfigMap:
## initdb scripts
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
##
# initdbScripts:
# my_init_script.sh: |
# #!/bin/sh
# echo "Do something."
## ConfigMap with scripts to be run at first boot
## NOTE: This will override initdbScripts
# initdbScriptsConfigMap:
## Secret with scripts to be run at first boot (in case it contains sensitive information)
## NOTE: This can work along initdbScripts or initdbScriptsConfigMap
# initdbScriptsSecret:
## Specify the PostgreSQL username and password to execute the initdb scripts
# initdbUser:
# initdbPassword:
## Optional duration in seconds the pod needs to terminate gracefully.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
# terminationGracePeriodSeconds: 30
## Enable/disable the chart's tests. Useful if using this chart as a dependency of
## another chart and you don't want these tests running when trying to develop and
## test your own chart.
testsEnabled: true
## LDAP configuration
##
ldap:
enabled: false
url: ""
server: ""
port: ""
prefix: ""
suffix: ""
baseDN: ""
bindDN: ""
bind_password:
search_attr: ""
search_filter: ""
scheme: ""
tls: false
## PostgreSQL service configuration
service:
## PosgresSQL service type
type: ClusterIP
# clusterIP: None
port: 5432
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. Evaluated as a template.
##
annotations: {}
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Load Balancer sources. Evaluated as a template.
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
# loadBalancerSourceRanges:
# - 10.10.10.0/24
## Start master and slave(s) pod(s) without limitations on shm memory.
## By default docker and containerd (and possibly other container runtimes)
## limit `/dev/shm` to `64M` (see e.g. the
## [docker issue](https://github.com/docker-library/postgres/issues/416) and the
## [containerd issue](https://github.com/containerd/containerd/issues/3654),
## which could be not enough if PostgreSQL uses parallel workers heavily.
##
shmVolume:
## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove
## this limitation.
##
enabled: true
## Set to `true` to `chmod 777 /dev/shm` on a initContainer.
## This option is ingored if `volumePermissions.enabled` is `false`
##
chmod:
enabled: true
## PostgreSQL data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
persistence:
enabled: false
## A manually managed Persistent Volume and Claim
## If defined, PVC must be created manually before volume will be bound
## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart
##
# existingClaim:
## The path the volume will be mounted at, useful when using different
## PostgreSQL images.
##
mountPath: /bitnami/postgresql
# mountPath: /data/
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
storageClass: "-"
accessModes:
- ReadWriteOnce
size: 1Gi
annotations: {}
## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategy:
type: RollingUpdate
##
## PostgreSQL Master parameters
##
master:
## Node, affinity, tolerations, and priorityclass settings for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
nodeSelector: {}
affinity: {}
tolerations: []
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}
priorityClassName: ""
## Extra init containers
## Example
##
## extraInitContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
extraInitContainers: []
## Additional PostgreSQL Master Volume mounts
##
extraVolumeMounts: []
## Additional PostgreSQL Master Volumes
##
extraVolumes: []
## Add sidecars to the pod
##
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
sidecars: []
## Override the service configuration for master
##
service: {}
# type:
# nodePort:
# clusterIP:
##
## PostgreSQL Slave parameters
##
slave:
## Node, affinity, tolerations, and priorityclass settings for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption
nodeSelector: {}
affinity: {}
tolerations: []
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}
priorityClassName: ""
extraInitContainers: |
# - name: do-something
# image: busybox
# command: ['do', 'something']
## Additional PostgreSQL Slave Volume mounts
##
extraVolumeMounts: []
## Additional PostgreSQL Slave Volumes
##
extraVolumes: []
## Add sidecars to the pod
##
## For example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
sidecars: []
## Override the service configuration for slave
##
service: {}
# type:
# nodePort:
# clusterIP:
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 256Mi
cpu: 250m
## Add annotations to all the deployed resources
##
commonAnnotiations: {}
networkPolicy:
## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port PostgreSQL is listening
## on. When true, PostgreSQL will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
## and that match other criteria, the ones that have the good label, can reach the DB.
## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this
## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
##
## Example:
## explicitNamespacesSelector:
## matchLabels:
## role: frontend
## matchExpressions:
## - {key: role, operator: In, values: [frontend]}
explicitNamespacesSelector: {}
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure metrics exporter
##
metrics:
enabled: false
# resources: {}
service:
type: ClusterIP
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
loadBalancerIP:
serviceMonitor:
enabled: false
additionalLabels: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
## Custom PrometheusRule to be defined
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
prometheusRule:
enabled: false
additionalLabels: {}
namespace: ""
## These are just examples rules, please adapt them to your needs.
## Make sure to constraint the rules to the current postgresql service.
## rules:
## - alert: HugeReplicationLag
## expr: pg_replication_lag{service="{{ template "postgresql.fullname" . }}-metrics"} / 3600 > 1
## for: 1m
## labels:
## severity: critical
## annotations:
## description: replication for {{ template "postgresql.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s).
## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s).
rules: []
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.8.0-debian-10-r106
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Define additional custom metrics
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
# customMetrics:
# pg_database:
# query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
# metrics:
# - name:
# usage: "LABEL"
# description: "Name of the database"
# - size_bytes:
# usage: "GAUGE"
# description: "Size of the database in bytes"
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: false
runAsUser: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
## Configure extra options for liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml
View File

@@ -24,11 +24,7 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: API

8
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -24,15 +24,11 @@ spec:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: API
value: {{ .Values.env.graphql }}
- name: GRAPHQL_URL
value: {{ .Release.Name }}-{{ .Values.env.graphql }}
ports:
- name: {{ .Values.service.name }}
containerPort: {{ .Values.service.port }}

2
tip-wlan/charts/wlan-cloud-static-portal/values.yaml
View File

@@ -33,7 +33,7 @@ podSecurityContext: {}
testsEnabled: false
env:
graphql: tip-wlan-wlan-cloud-graphql-gw:4000
graphql: wlan-cloud-graphql-gw:4000
securityContext: {}
# capabilities:

75
tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml
View File

@@ -1,75 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-DD HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
<!-- See http://logback.qos.ch/manual/layouts.html for details -->
<!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
<!-- %nopex - add at the end to not display any of the exception stack traces -->
<!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
</encoder>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/intcloudcompservice.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/intcloudcompservice.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogging.config=file:///home/ec2-user/opensync/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

7
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

24
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -23,7 +23,6 @@ spec:
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.integratedWithPersistence.enabled }}
initContainers:
- name: {{ include "common.name" . }}-readiness
image: busybox:1.28
@@ -49,15 +48,20 @@ spec:
name: {{ include "common.fullname" . }}-creds
key: schema-repo-password
image: postgres:latest
imagePullPolicy: {{ .Values.global.pullPolicy }}
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "34.214.79.168 tip.jfrog.io" >> /etc/hosts
echo "151.101.128.204 security.debian.org" >> /etc/hosts
echo "151.101.126.133 deb.debian.org" >> /etc/hosts
echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
apt update
apt -y install curl
echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
exit
@@ -76,20 +80,12 @@ spec:
name: dshm
- mountPath: /bitnami/postgresql
name: data
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: BACKEND_SERVER
value: {{ .Release.Name }}-{{ .Chart.Name }}
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
@@ -122,9 +118,6 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/intcloudcomp/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
@@ -151,9 +144,6 @@ spec:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
- name: data
emptyDir: {}
- name: dshm

3
tip-wlan/charts/wlan-integrated-cloud-component-service/values.yaml
View File

@@ -78,9 +78,6 @@ service:
postgresql:
url: postgresql-headless
integratedWithPersistence:
enabled: false
ingress:
enabled: false
annotations: {}

23
tip-wlan/charts/wlan-port-forwarding-gateway-service/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

21
tip-wlan/charts/wlan-port-forwarding-gateway-service/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: wlan-port-forwarding-gateway-service
description: WLAN Port Forwarding Gateway Service Helm chart for Kubernetes for debugging APs remotely
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 0.0.1

2
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md
View File

@@ -1,2 +0,0 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

75
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml
View File

@@ -1,75 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
<!-- See http://logback.qos.ch/manual/layouts.html for details -->
<!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
<!-- %nopex - add at the end to not display any of the exception stack traces -->
<!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
</encoder>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/portForwardingGateway.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/portForwardingGateway.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogging.config=file:///home/ec2-user/opensync/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
<root level="WARN">
<appender-ref ref="stdout"/>
<appender-ref ref="logfile"/>
</root>
</configuration>

56
tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/run.sh
View File

@@ -1,56 +0,0 @@
#!/bin/bash
# local_port_range that Java process can use
# These are then assigned to the container ports (in the deployment.yaml) which can either:
# later be opened by the port-forwarding-gateway service as NodePorts (preferred)
# or use kubectl port-forwarding to forward the container ports. Example:
# kubectl port-forward pods/<port-forwarding-gw-pod> <local-machine-port>:<debugPort on the Pod>
sysctl -w net.ipv4.ip_local_port_range="30410 30435"
PROFILES=" -Dspring.profiles.include=use_ssl_with_client_cert_and_digest_auth,client_certificate_and_digest_auth,RestTemplateConfiguration_X509_client_cert_auth"
LOGGING_PROPS=" -Dlogging.config=file:/app/port-forwarding-gateway/logback.xml"
# SSC_URL: something like https://${SSC_SERVER_HOST}:9031
SSC_URL=${SSC_RELEASE_URL}
# PROV_URL: something like https://${PROV_SERVER_HOST}:9091
PROV_URL=${PROV_RELEASE_URL}
# PF_GATEWAY_URL: something like https://${PF_GATEWAY_SERVER_HOST}:7070
PF_GATEWAY_URL=${PF_GATEWAY_RELEASE_URL}
PF_GATEWAY_ENCRYPTION_KEY=${PF_GATEWAY_RELEASE_ENCRYPTION_KEY:='MyToKeN0MyToKeN1'}
PF_GATEWAY_EXT_HOST=${PF_GATEWAY_RELEASE_EXT_HOST:=''}
PF_GATEWAY_EXT_PORT=${PF_GATEWAY_RELEASE_EXT_PORT:='0'}
# SSC URLs
HOST_PROPS=" "
HOST_PROPS+=" -Dtip.wlan.cloudEventDispatcherBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.statusServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.routingServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.alarmServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.systemEventServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.clientServiceBaseUrl=$SSC_URL"
HOST_PROPS+=" -Dtip.wlan.serviceMetricServiceBaseUrl=$SSC_URL"
# PROV URLs
HOST_PROPS+=" -Dtip.wlan.customerServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.portalUserServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.firmwareServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.locationServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.manufacturerServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.equipmentServiceBaseUrl=$PROV_URL"
HOST_PROPS+=" -Dtip.wlan.profileServiceBaseUrl=$PROV_URL"
# Port-Forwarder Gateway Specific
HOST_PROPS+=" -Dtip.wlan.portForwarderGatewayBaseUrl=$PF_GATEWAY_URL"
HOST_PROPS+=" -Dtip.wlan.websocketSessionTokenEncryptionKey=$PF_GATEWAY_ENCRYPTION_KEY"
HOST_PROPS+=" -Dtip.wlan.externallyVisibleHostName=$PF_GATEWAY_EXT_HOST"
HOST_PROPS+=" -Dtip.wlan.externallyVisiblePort=$PF_GATEWAY_EXT_PORT"
REMOTE_DEBUG_PORT=5010
REMOTE_DEBUG=" -agentlib:jdwp=transport=dt_socket,server=y,address=*:$REMOTE_DEBUG_PORT,suspend=n"
export ALL_PROPS="$PROFILES $LOGGING_PROPS $HOST_PROPS $REMOTE_DEBUG"
java $ALL_PROPS -jar app.jar

21
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/NOTES.txt
View File

@@ -1,21 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

7
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

147
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
View File

@@ -1,147 +0,0 @@
{{- $opensyncgw := include "opensyncgw.service" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-readiness-opensync-gw
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
apk add curl
url=https://{{ $opensyncgw }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 30 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
{{- include "common.env" . | nindent 12 }}
- name: PF_GATEWAY_RELEASE_URL
value: {{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.pfGateway.service }}:{{ .Values.env.pfGateway.port }}
- name: PF_GATEWAY_RELEASE_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: {{ include "common.fullname" . }}-creds
key: websocketSessionTokenEncKey
- name: PF_GATEWAY_RELEASE_EXT_HOST
value: {{ .Values.externallyVisible.host }}
- name: PF_GATEWAY_RELEASE_EXT_PORT
value: "{{ .Values.externallyVisible.port }}"
{{- if .Values.probes.enabled }}
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
httpGet:
path: /ping
port: {{ .Values.service.port2 }}
scheme: {{ .Values.probes.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
subPath: client_keystore.jks
- mountPath: /opt/tip-wlan/certs/truststore.jks
name: certificates
subPath: truststore.jks
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /app/port-forwarding-gateway/logback.xml
name: configuration
subPath: logback.xml
- mountPath: /app/run.sh
name: configuration
subPath: run.sh
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
{{- end }}
{{- include "container.dev.debugport" . | nindent 10 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
defaultMode: 0400
- name: configuration
configMap:
name: {{ include "common.fullname" . }}-config
defaultMode: 0755

42
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port1 -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

24
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-creds
namespace: {{ include "common.namespace" . }}
labels:
app: {{ template "common.name" . }}
chart: {{ template "common.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- if .Values.creds.enabled }}
websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
{{- end }}

36
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port1 }}
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
{{- end }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
{{- end }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
{{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
{{- end }}
{{- end }}
{{- include "service.dev.debugport" . | nindent 2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

13
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/serviceaccount.yaml
View File

@@ -1,13 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ include "common.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More