removing helm temp objects and ignoring them

reverting accidental changes to old helm code
most of the things are working
2026-03-21 08:39:12 +00:00 · 2020-10-19 17:29:48 +03:00 · 2020-10-19 17:28:05 +03:00 · 2020-10-19 17:14:02 +03:00 · 2020-10-17 09:53:59 +03:00 · 2020-10-01 14:22:45 +03:00
198 changed files with 6995 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@
 *.pkcs12
 *.p12
 *.DS_Store
 *.tgz
--- a/helmfile/common/Chart.yaml
+++ b/helmfile/common/Chart.yaml
@@ -0,0 +1,6 @@
 # Chart for deploying Common templates that are used by other charts
 apiVersion: v1
 description: Common templates for inclusion in other charts
 name: common
 version: 0.1.0
--- a/helmfile/common/templates/_env.tpl
+++ b/helmfile/common/templates/_env.tpl
@@ -0,0 +1,6 @@
 {{- define "common.env" -}}
 - name: {{ .Values.env.ssc_url }}
  value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
 - name: {{ .Values.env.prov_url }}
  value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
 {{- end -}}
--- a/helmfile/common/templates/_name.tpl
+++ b/helmfile/common/templates/_name.tpl
@@ -0,0 +1,74 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "common.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- define "common.resource.name" -}}
 {{- printf "tip-%s-common" $.Release.Namespace | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "common.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "common.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "common.labels" -}}
 helm.sh/chart: {{ include "common.chart" . }}
 {{ include "common.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels
 */}}
 {{- define "common.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "common.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "common.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create -}}
    {{ default (include "common.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Expand service name.
 */}}
 {{- define "common.serviceName" -}}
 {{- default (include "common.name" .) .Values.controller.service.name }}
 {{- end -}}
--- a/helmfile/common/templates/_ports.tpl
+++ b/helmfile/common/templates/_ports.tpl
@@ -0,0 +1,24 @@
 {{/*
    This template will be used to iterate through the debug-ports and generate
    debug-ports mapping
  */}}
 {{- define "container.dev.debugport" -}}
  {{- range $index, $portid := .Values.debugPorts }}
  - name: debugport-{{ $index }}
    containerPort: {{ $portid }}
    protocol: TCP
  {{- end }}
 {{- end -}}
 {{- define "service.dev.debugport" -}}
  {{- range $index, $portid := .Values.debugPorts }}
  - port: {{ $portid }}
    targetPort: {{ $portid }}
    protocol: TCP
    name: debugport-{{ $index }}
    {{- if eq $.Values.service.type "NodePort" }}
    nodePort: {{ $portid }}
    {{- end }}   
  {{- end }}
 {{- end -}}
--- a/helmfile/common/templates/_svc.tpl
+++ b/helmfile/common/templates/_svc.tpl
@@ -0,0 +1,83 @@
 {{/*
    Resolve the Postgres service-name to apply to a chart. 
 */}}
 {{- define "postgresql.service" -}}
  {{- printf "postgres-%s-%s" .Release.Namespace .Values.postgresql.url | trunc 63 -}}
 {{- end -}}
 {{/*
 Form the Zookeeper Service. If zookeeper is installed as part of this chart, use k8s service discovery,
 else use user-provided URL
 */}}
 {{- define "zookeeper.service" }}
 {{- if .Values.zookeeper.enabled -}}
 {{- printf "%s" (include "kafka.zookeeper.fullname" .) }}
 {{- else -}}
 {{- $zookeeperService := printf "%s-%s" .Release.Name .Values.zookeeper.url }}
 {{- default $zookeeperService }}
 {{- end -}}
 {{- end -}}  
 {{/*
  Resolve the Kafka service-name to apply to a chart. 
 */}}
 {{- define "kafka.service" -}}
 {{- printf "kafka-%s-headless" .Release.Namespace | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the Cassandra service-name to apply to a chart. 
 */}}
 {{- define "cassandra.service" -}}
 {{- printf "cassandra-%s-headless" .Release.Namespace | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the MQTT service-name to apply to a chart. 
 */}}
 {{- define "mqtt.service" -}}
 {{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the integratedcloudcomponent service-name to apply to a chart. 
 */}}
 {{- define "integratedcloudcomponent.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the provisioning service-name to apply to a chart. 
 */}}
 {{- define "prov.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the ssc service-name to apply to a chart. 
 */}}
 {{- define "ssc.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the Opensync-gw service-name to apply to a chart. 
 */}}
 {{- define "opensyncgw.service" -}}
  {{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw 
 */}}
 {{- define "portal.sharedPvc.name" -}}
 {{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
 {{- end -}}
 {{/*
  Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw 
 */}}
 {{- define "filestore.dir.name" -}}
  {{- printf "%s" .Values.filestore.internal | trunc 63 -}}
 {{- end -}}
--- a/helmfile/common/values.yaml
+++ b/helmfile/common/values.yaml
@@ -0,0 +1,4 @@
 #################################################################
 # Global configuration default values that can be inherited by
 # all subcharts.
 #################################################################
--- a/helmfile/credentials/Chart.yaml
+++ b/helmfile/credentials/Chart.yaml
@@ -0,0 +1,13 @@
 # Chart for deploying Common templates that are used by other charts
 apiVersion: v1
 description: creds secrets for reuse in other charts
 name: creds
 type: application
 appVersion: 0.0.1
 version: 0.1.0
 dependencies:
 - name: common
  version: 0.1.0
  repository: file://../common
--- a/helmfile/credentials/requirements.lock
+++ b/helmfile/credentials/requirements.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T10:42:00.072252Z"
--- a/helmfile/credentials/resources/certs/cassandraservercert.csr
+++ b/helmfile/credentials/resources/certs/cassandraservercert.csr
@@ -0,0 +1,24 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIID/zCCAucCAQAwgZIxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
 DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
 HjAcBgNVBAMMFVRlc3RfU2VydmVyX0Nhc3NhbmRyYTEfMB0GCSqGSIb3DQEJARYQ
 dGVzdEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 AL6y03nvC/xCn8i8McxmQw0zL4C0CiF49oDxBCkSr/8qXec4Mz0M5M+8mQ536d58
 sseE0DPh+P4ITg05F4FSPVcpJKXZ++5y4VB5Ydyrt8mGpKtaD+96BGy9DOB5Sv2t
 VKTZFUODe3R8yWpgpVwWi6zgkhdU09fwWVM7LeKn0YwN4qc6f/o8E71dGhOjGyMB
 J8krEDxPE4v18MW6fnI85MFR1KOjXakvbptC2EhafyMZ2l7MY9ddTlHyR8I4ty8v
 yGWc5iMXlV1M8/3h20DMNRNnsdfF9asIGENTPi9LKpIjVbZVkNxtUP7p2Mi7+jp9
 Rl+3cO4aqPO867mK7cpOsd0CAwEAAaCCASUwggEhBgkqhkiG9w0BCQ4xggESMIIB
 DjAdBgNVHQ4EFgQUXfA+Ct7sBUMZPYXQzPsgYPvWTlIwDAYDVR0TAQH/BAIwADAO
 BgNVHQ8BAf8EBAMCA6gwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
 MG0GA1UdEQRmMGSCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb22CEG1haWwu
 ZXhhbXBsZS5jb22CD2Z0cC5leGFtcGxlLmNvbYIJbG9jYWxob3N0hwR/AAABhxAA
 AAAAAAAAAAAAAAAAAAABMD4GCWCGSAGG+EIBDQQxFi9PcGVuU1NMIEdlbmVyYXRl
 ZCBTZXJ2ZXIgYW5kIENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOC
 AQEAJNgWEgB/Z60deJRjIoNkkCMKfOKrHnw9y6awVo8/+VstE+roCXtdWeEm8u3f
 /vbQ50ichn2lYRE2gTfH2PZLecjDOlpQ5/LRhN87BzzFNkAIzPA6ISv14XGk5fTO
 yVj++a/wnKSpRjFFunY+nsVrKUHmP8DYfoSJuelXfo7nY7diTlj0pdxhQ4l1786g
 iauYtpaLlqLqU4qhZDTSTa03kxPlXU0hMWvoKvV5kn64y1HBcJ1uTscVYjnd2wYj
 5ZM8ODyCbrN/RceUuU3mPVIS7Firj93DHPUX3heoUxDxXQQgVpxn9jRxeOWbBzYi
 VgvEplmzT/Gptyc6vQju+EHuaQ==
 -----END CERTIFICATE REQUEST-----
--- a/helmfile/credentials/resources/certs/clientcert.csr
+++ b/helmfile/credentials/resources/certs/clientcert.csr
@@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIDaTCCAlECAQAwgYQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
 DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
 EDAOBgNVBAMMB09wZW5fQVAxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5j
 b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh1nv/bZEoNN8/z0yb
 Qi3dCCQ0Q0eHCoP05gy5KJMMO84K1HJ65M3Jk5/6WQFDScLdn4O/0xf52rxX1VFR
 GAXDm0+2bqRPt73cLtonufxgf8uA0YVGmorevj2X8cDLuSkyPvZqiHT8w9tSLolT
 y5D4AIIF4594xWCdT0wnt4skfxp4GS5YsImBM/ehbLmhssXXhPM9Q2jfEL/0UtbS
 O6rN3sjZB4ki9li3s5qx6Ki4kmQ/AF3v02lkCReOJB/mCc+Dh+l/+j/o5w+1VdFl
 N6COTZjivJ+0Cz8OCOM+zr8al1vTGDlYKpx+UstIGWJOs3XQPi/9vWPp06rfTQVD
 j3CZAgMBAAGggZ4wgZsGCSqGSIb3DQEJDjGBjTCBijAdBgNVHQ4EFgQU7K15oRUA
 LiNwGeJJaq7WtS4BncQwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwFgYD
 VR0lAQH/BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
 ZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAsqeH
 k9yGncyfdLsRHIGqtgaMssLoHBSNshcEOjDawDEKy94jN6XFicUJUgs7BOQgRZHT
 fx4RHUsKJRvmauu9FEiss712Fw8z1yXqNvj3sk7vxRdm3I78brdqTHHz8fPwpgah
 ony/oMJscjUMRsAXKEN/MV2zQ+uzkiQhiX47yTNprwn0xwlO+8mRD1f71Sz6OPXH
 47Z8Lv3IPcg9m+oY4e+e6JYC3/fQMsuplQhh+eVhfOi6FSg2SoPZP+o9Twx59But
 NkZNsE26+JbfxjChunaEGR1/Khusnc0O9+5niapGOwfp/67xWnymXfta/IWBJFv3
 Q05BhCLqy22kR9fIwg==
 -----END CERTIFICATE REQUEST-----
--- a/helmfile/credentials/resources/certs/kafkaservercert.csr
+++ b/helmfile/credentials/resources/certs/kafkaservercert.csr
@@ -0,0 +1,24 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIID9TCCAt0CAQAwgYgxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
 DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
 FDASBgNVBAMMC1Rlc3RfU2VydmVyMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
 bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0oM77mgApW3
 wdr9i+X24Swf/kYDYkB7wkilW/oi8tQVSLw261fEx/1e0+H34+vBaFtDj/lINTVi
 yQMjztigDIWNHkjU99M+/514RbZTCvlvBJOarD2cfs6vFp7T4tuo21ztEbG15x7D
 YaQKBYF0e6zzjN1bR0uWJz8+9hzrVcwtURY6r7qa+iYm5GvVLFxzVtBQxbaTNUI0
 GrIXOQHOr7omAVFeihAyrUQPK+LTE32uVKRX4agtTAdVHyshiQw/5N3tVGGufzoR
 onlsOjiKAKGfDmk6wCSQG17H0DFkEe8/H2Xr50BI/kjkKWUFiH4a22+4GbMBQP7v
 x4tVlkoEGwIDAQABoIIBJTCCASEGCSqGSIb3DQEJDjGCARIwggEOMB0GA1UdDgQW
 BBQ/nZ9a2IsHW7mOtoW/1Y1G3CCnKDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
 AwIDqDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbQYDVR0RBGYw
 ZIILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYIQbWFpbC5leGFtcGxlLmNv
 bYIPZnRwLmV4YW1wbGUuY29tgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAA
 AAAAAAEwPgYJYIZIAYb4QgENBDEWL09wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBh
 bmQgQ2xpZW50IENlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQCZbMT+zgkm
 mQnPFt2UT9sxvygaUMxmywso5E89BvgwFt7/kkoKR9zo7TnLUGJ7cCWIHXPYokd5
 na1Lomdfe5HTXO7BvNPAkhQAra25iFimAyopQjiLFEm5T79OOVkwWgzHUbhu18/e
 LJWVL2Lu+SIvFSzD0q+2x0+IkbXkAHRCs/f1jlRafQi6AH/gzgJDwpQTZKe3S6PN
 HST3czqbtpg17ZQuZ4XCxVAczDTZdC/eZ8xpglat7EZQs+6gSbX2FIFkju1CP7an
 JvbPItPfwuLSe1EpC2nKFwpd1tcdATHMzQcTdjNN0/tMu5/8M9/4QJdn+ALoWIvn
 if3dRjVJn4yr
 -----END CERTIFICATE REQUEST-----
--- a/helmfile/credentials/resources/certs/keystore_creds
+++ b/helmfile/credentials/resources/certs/keystore_creds
@@ -0,0 +1 @@
 mypassword
--- a/helmfile/credentials/resources/certs/mqttservercert.csr
+++ b/helmfile/credentials/resources/certs/mqttservercert.csr
@@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIDjzCCAncCAQAwgaoxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
 DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
 NjA0BgNVBAMMLW9wZW5zeW5jLW1xdHQtYnJva2VyLnpvbmUxLmxhYi53bGFuLnRp
 cC5idWlsZDEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCCASIwDQYJ
 KoZIhvcNAQEBBQADggEPADCCAQoCggEBALAIR+8VJAnyD/gnuCDrXcapc7peDBI0
 Tzp2dhU0X6THN3r3+TSruQGQKupbgxoF7STMXVMf1R94XWJR5J78tBvr+yI5c7P/
 iXKA3OyUh4rb3+S14fn9tEO9IXaPcdKuwhoTtVE2aTl9360B7KLpFCJTY3LP+IDn
 fOfcvnmOgE2xXz/8fRRld2BPHN2JHwAtI2lSlY1wOwjW/2AiRV/lXiHg0miXiHFd
 qKbMKinEfXWUjQlHUM5G75HQZUsBPD6PP/iEXlzt3yprlDQ0uw4x6qKpHLODBuPI
 n+emzPh8ZWJPWAZpm6y+Tk4P3rfTQ0GU8stJgajry/+JSo6movSTb30CAwEAAaCB
 njCBmwYJKoZIhvcNAQkOMYGNMIGKMB0GA1UdDgQWBBQPnNwcKpj6cfFpRCzezdaj
 e79PIzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDAWBgNVHSUBAf8EDDAK
 BggrBgEFBQcDATAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2Vy
 dmVyIENlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQAjVorFs2MvFXVzSL8x
 TNVQD0OtD5neHGLnTCktKqXh6DD4mUGWm33a2Ql7BjnwteERqz7Khu9EQEA9dj3n
 3du4xXOZk6oquxFqfNgKHXa9MRT1jto6oKQ9RFspMDfQSiUGZUW3mMF3FkHH0l67
 aGjLasbenOJwIl67gMGW/c/cHJRrI1v4fKp0TU+pgjMWzp6KUP8us+QkybodoEK5
 6e7FsEQE0HPojbOR8QcQvnwz1YWt0AZuK+DpQou8DyCzJR0x9IBDd2EpF/N4G70q
 wIFTBMRBTUQJxj1JJ0aS/lFVvvKcJU3P1dyFLRxmWT7wFQSaha6/d7tIbEEAtFn6
 esX3
 -----END CERTIFICATE REQUEST-----
--- a/helmfile/credentials/resources/certs/servercert.csr
+++ b/helmfile/credentials/resources/certs/servercert.csr
@@ -0,0 +1,24 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIEGTCCAwECAQAwgYgxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
 DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
 FDASBgNVBAMMC1Rlc3RfU2VydmVyMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
 bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcpUeC79hZlV
 lEDaKFr5WqyJ29MY1aAidv0jHQMc4oqvIBjV/77qA0c5IzANHtmjQDF/hC2zIFdo
 cQwlNZKNfK8ak4/ixVoYdvr8VUENOz0M8AzpJjJkMYXPmHQapysUsXRptZXi1tyI
 KiPsPwxrd25irUm7cghios3VQLTqt0IeKa24Zm/7xL0KIeZfWc0bc51hJw2RE2TR
 7diAGVyqZYi5QqEc8Ju94jB2YWJE2Khy/6uX13ZhxDwvY9f2nMFcYicQELC1ZHNm
 dWyuTu7wGnpjsdqriLMEDnP6Ne/WUr4ISQrfn4UCwHkLCNxsrRKig5COJt7HHzNr
 ObEZkPdb6QIDAQABoIIBSTCCAUUGCSqGSIb3DQEJDjGCATYwggEyMB0GA1UdDgQW
 BBRrmzSs74NDLOHB4kOj4XWDXDLZkDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
 AwIDqDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATCBpQYDVR0RBIGdMIGagixvcGVu
 c3luYy1yZWRpcmVjdG9yLnpvbmUxLmxhYi53bGFuLnRpcC5idWlsZIIsb3BlbnN5
 bmMtY29udHJvbGxlci56b25lMS5sYWIud2xhbi50aXAuYnVpbGSCE3RpcC13bGFu
 LXBvc3RncmVzcWyCD2Z0cC5leGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
 AAAAATAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENl
 cnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQBSzzzuMSFZurx9RJnf9kesKTEY
 LtRWwxY7Zs0D4PvTpOgJMR48D5R69N1nY2miMyH8SAFLhRTik0fOC5hoNkojITDk
 XIRSqeA1+GxGfh+4sJRXfRZkdyWVYwaHexS8wBN6rVhAEnJb/FOmmh2p+wn8SRxp
 lDzb5Hyr5bi8LoIMe7nSTs3ihpWhNz8W/v/fFsUBgnokRHF2Yy1mQoSvz2p8iDeS
 lr+55h2ANdIAgtbjXB6eVa8UY4Uhh2YxkzazJyjnMI8EBtyc3KQCJGI8oO8jIGvY
 rFfq5gBiBOSBzQ3yHzHtPB4iyzILpBOwzzn4O7rsQJdYw/15MdxfvxF0kIbS
 -----END CERTIFICATE REQUEST-----
--- a/helmfile/credentials/resources/certs/truststore_creds
+++ b/helmfile/credentials/resources/certs/truststore_creds
@@ -0,0 +1 @@
 mypassword
--- a/helmfile/credentials/resources/config/server.properties
+++ b/helmfile/credentials/resources/config/server.properties
@@ -0,0 +1,11 @@
 ssl.endpoint.identification.algorithm=
 security.protocol=SSL
 ssl.key.password=mypassword
 ssl.keystore.location=/bitnami/kafka/kafka-server.pkcs12
 ssl.keystore.password=mypassword
 ssl.keystore.type=PKCS12
 ssl.truststore.location=/bitnami/kafka/truststore.jks
 ssl.truststore.password=mypassword
 ssl.truststore.type=JKS
 bootstrap.servers=tip-wlan-kafka-headless:9093
--- a/helmfile/credentials/resources/scripts/creation-replication-user-role.sh
+++ b/helmfile/credentials/resources/scripts/creation-replication-user-role.sh
@@ -0,0 +1,10 @@
 #!/bin/bash
 # Creates user repl_user using ssl certs
 if [[ $POSTGRES_REPLICATION_MODE == "master" ]]
 then
    psql 'host=localhost port=5432 user=postgres sslmode=verify-ca sslcert=/opt/bitnami/postgresql/certs/postgresclientcert.pem sslkey=/opt/bitnami/postgresql/certs/postgresclientkey_dec.pem sslrootcert=/opt/bitnami/postgresql/certs/cacert.pem' -tc \
    "SELECT 1 FROM pg_roles WHERE rolname = '$POSTGRES_REPLICATION_USER'" | grep -q 1 \
    || psql 'host=localhost port=5432 user=postgres sslmode=verify-ca sslcert=/opt/bitnami/postgresql/certs/postgresclientcert.pem sslkey=/opt/bitnami/postgresql/certs/postgresclientkey_dec.pem sslrootcert=/opt/bitnami/postgresql/certs/cacert.pem' -c \
    "CREATE ROLE $POSTGRES_REPLICATION_USER WITH REPLICATION LOGIN ENCRYPTED PASSWORD '$POSTGRES_REPLICATION_PASSWORD';"
 fi
--- a/helmfile/credentials/templates/configs.yaml
+++ b/helmfile/credentials/templates/configs.yaml
@@ -0,0 +1,17 @@
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: tip-{{ .Release.Namespace }}-common-kafka-config
  namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: tip-{{ .Release.Namespace }}-common-postgres-scripts
  namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "resources/scripts/creation-replication-user-role.sh").AsConfig . | indent 2 }}
--- a/helmfile/credentials/templates/docker-secret.yaml
+++ b/helmfile/credentials/templates/docker-secret.yaml
@@ -0,0 +1,13 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ .Release.Namespace }}-docker-registry-key
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ include "common.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 data:
  .dockerconfigjson: {{ .Values.dockerRegistrySecret }}
 type: kubernetes.io/dockerconfigjson
--- a/helmfile/credentials/templates/secrets.yaml
+++ b/helmfile/credentials/templates/secrets.yaml
@@ -0,0 +1,109 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-cassandra-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
  truststore-password: {{ .Files.Get "resources/certs/truststore_creds" | b64enc }}
  keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
  keystore-password: {{ .Files.Get "resources/certs/keystore_creds" | b64enc }}
  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-cassandra-client-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
  cassandra_server_keystore.jks: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
  kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-kafka-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
  truststore-password: {{ .Files.Get "resources/certs/truststore_creds" | b64enc }}
  keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
  keystore-password: {{ .Files.Get "resources/certs/keystore_creds" | b64enc }}
  cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
  cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
  kafka-0.keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
  kafka.truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-kafka-client-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
  kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-postgres-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
  cert.crt: {{ .Files.Get "resources/certs/servercert.pem" | b64enc }}
  cert.key: {{ .Files.Get "resources/certs/serverkey_dec.pem" | b64enc }}
  postgresclientcert.pem: {{ .Files.Get "resources/certs/postgresclientcert.pem" | b64enc }}
  postgresclientkey_dec.pem: {{ .Files.Get "resources/certs/postgresclientkey_dec.pem" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-postgres-client-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
  client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }} 
  postgresclient.p12:  {{ .Files.Get "resources/certs/postgresclient.p12" | b64enc }}
  postgresclientcert.pem: {{ .Files.Get "resources/certs/postgresclientcert.pem" | b64enc }}
  postgresclientkey_dec.pem: {{ .Files.Get "resources/certs/postgresclientkey_dec.pem" | b64enc }}
  server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
  truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: tip-{{ .Release.Namespace }}-common-credentials
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
  cassandra_tip_user: {{ .Values.cassandra.tip_user | b64enc }}
  cassandra_tip_password: {{ .Values.cassandra.tip_password | b64enc }}
  postgresql-password: {{ .Values.db.postgresUser.password | b64enc }}
  tipuser-password: {{ .Values.db.tipUser.password | b64enc }}
  schema-repo-user: {{ .Values.schema_repo.username | b64enc }}
  schema-repo-password: {{ .Values.schema_repo.password | b64enc }}
  sslKeyPassword: {{ .Values.ssl.keyPassword | b64enc }}
  sslKeystorePassword: {{ .Values.ssl.keystorePassword | b64enc }}
  sslTruststorePassword: {{ .Values.ssl.truststorePassword | b64enc }}
  websocketSessionTokenEncKey: {{ .Values.websocketSessionTokenEncKey | b64enc }}
--- a/helmfile/credentials/values.yaml
+++ b/helmfile/credentials/values.yaml
@@ -0,0 +1,20 @@
 #################################################################
 # Credentials and secrets for reuse in other charts
 #################################################################
 creds:
  ssl:
    keyPassword: mypassword
    keystorePassword: mypassword
    truststorePassword: mypassword
  db:
    postgresUser:
      password: DUMMY_POSTGRES_PASSWORD
    tipUser:
      password: tip_password
  schema_repo:
    username: tip-read
    password: tip-read
  cassandra:
    tip_user: tip_user
    tip_password: tip_password
--- a/helmfile/helmfile-01-namespace.yaml
+++ b/helmfile/helmfile-01-namespace.yaml
@@ -0,0 +1,18 @@
 bases:
 - helmfile-environment.yaml
 - helmfile-defaults.yaml
 ---
 bases:
 - helmfile-repositories.yaml.gotmpl
 ---
 releases:
 - name: namespace-{{ .Environment.Values.global.namespace }}
  chart: incubator/raw
  namespace: default
  values:
  - resources:
    - apiVersion: v1
      kind: Namespace
      metadata:
        name: {{ .Environment.Values.global.namespace }}
--- a/helmfile/helmfile-02-stateful.yaml
+++ b/helmfile/helmfile-02-stateful.yaml
@@ -0,0 +1,226 @@
 bases:
 - helmfile-environment.yaml
 - helmfile-defaults.yaml
 ---
 releases:
 - name: postgres-{{ .Environment.Values.global.namespace }}
  namespace: {{ .Environment.Values.global.namespace }}
  chart: bitnami/postgresql
  version: 9.8.4
  condition: postgres.enabled
  labels:
    role: prerequisites
    app: postgres
  values:
  - postgresqlDatabase: tip
    image:
      tag: 11.8.0-debian-10-r58
      debug: true
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
        namespace: {{ .Environment.Values.global.monitoring.namespace }}
        additionalLabels:
          release: prometheus-operator
    postgresqlUsername: {{ .Environment.Values.postgres.user }}
    postgresqlPassword: {{ .Environment.Values.postgres.password }}
    pgHbaConfiguration: |
      hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
      hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
      hostssl postgres postgres ::/0 cert clientcert=1
      hostssl all all 0.0.0.0/0 md5 clientcert=1
    replication:
      enabled: true
      user: {{ .Environment.Values.postgres.replication.user }}
      password: {{ .Environment.Values.postgres.replication.password }}
      slaveReplicas: 1
    persistence:
      enabled: true
      storageClass: {{ .Environment.Values.storageClass }}
    volumePermissions:
      enabled: true
    livenessProbe:
      enabled: false
    readinessProbe:
      enabled: false
    tls:
      enabled: true
      certificatesSecret: tip-{{ .Environment.Values.global.namespace }}-common-postgres-certs
      certFilename: cert.crt
      certKeyFilename: cert.key
      certCAFilename: cacert.pem
    initdbScriptsConfigMap: tip-{{ .Environment.Values.global.namespace }}-common-postgres-scripts
    extraEnv:
    - name: PGSSLCERT
      value: /opt/tip-wlan/certs/postgresclientcert.pem
    - name: PGSSLKEY
      value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
    - name: PGSSLROOTCERT
      value: "/opt/tip-wlan/certs/cacert.pem"
    slave:
      extraVolumes:
  jsonPatches:
  - target:
      version: v1
      group: apps
      kind: StatefulSet
      name: postgres-{{ .Environment.Values.global.namespace }}-postgresql-master
    patch:
    - op: replace
      path: /spec/template/spec/initContainers/0/command
      value:
      - /bin/sh
      - -cx
      - |
        chown 1001:1001 /bitnami/postgresql
        mkdir -p /bitnami/postgresql/data /bitnami/postgresql/conf
        chmod 700 /bitnami/postgresql/data /bitnami/postgresql/conf
        find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R 1001:1001
        chmod -R 777 /dev/shm
        cp /tmp/certs/* /opt/bitnami/postgresql/certs/
        chown -R 1001:1001 /opt/bitnami/postgresql/certs/
        chmod 600 /opt/bitnami/postgresql/certs/cert.key
        chmod 600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem
 - name: zookeeper-{{ .Environment.Values.global.namespace }}
  namespace: {{ .Environment.Values.global.namespace }}
  chart: incubator/zookeeper
  version: 2.1.4
  condition: zookeeper.enabled
  labels:
    role: prerequisites
    app: zookeeper
  values:
  - persistence:
      enabled: true
      storageClass: {{ .Environment.Values.storageClass }}
    replicaCount: 1
 - name: kafka-{{ .Environment.Values.global.namespace }}
  namespace: {{ .Environment.Values.global.namespace }}
  chart: bitnami/kafka
  version: 11.8.7
  condition: kafka.enabled
  labels:
    role: prerequisites
    app: kafka
  values:
  - replicaCount: 1
    image:
      debug: true
    auth:
      clientProtocol: mtls
      interBrokerProtocol: plaintext
      jksSecret: tip-{{ .Environment.Values.global.namespace }}-common-kafka-certs
      jksPassword: {{ .Environment.Values.credentials.keyPassword }}
      tlsEndpointIdentificationAlgorithm: https
      jaas:
        clientUsers:
        - brokerUser
        clientPassword:
        - brokerPassword
    # existingConfigmap: tip-{{ .Environment.Values.global.namespace }}-common-kafka-config
    # allowPlaintextListener: true
    persistence:
      enabled: true
      storageClass: {{ .Environment.Values.storageClass }}
    metrics:
      serviceMonitor:
        enabled: false
        namespace: {{ .Environment.Values.global.monitoring.namespace }}
        selector:
          release: prometheus-operator
    zookeeper:
      enabled: false
    externalZookeeper:
      servers:
      - zookeeper-{{ .Environment.Values.global.namespace }}
 - name: cassandra-{{ .Environment.Values.global.namespace }}
  namespace: {{ .Environment.Values.global.namespace }}
  chart: bitnami/cassandra
  version: 6.0.1
  condition: cassandra.enabled
  labels:
    role: prerequisites
    app: cassandra
  values:
  - tlsEncryptionSecretName: tip-{{ .Environment.Values.global.namespace }}-common-cassandra-certs
  - image:
      debug: true
  - persistence:
      enabled: true
      storageClass: {{ .Environment.Values.storageClass }}
  - replicaCount: 3
  - cluster:
      name: TipWlanCluster
      seedCount: 1
      internodeEncryption: all
      clientEncryption: true
  - exporter:
      enabled: false
      serviceMonitor:
        enabled: true
        additionalLabels:
          release: prometheus-operator
  - dbUser:
      user: {{ .Environment.Values.cassandra.user }}
      password: {{ .Environment.Values.cassandra.password }}
  - resources:
      limits: {}
      requests:
        cpu: 1
        memory: 3Gi
 - name: tip-{{ .Environment.Values.global.namespace }}-credentials
  namespace: {{ .Environment.Values.global.namespace }}
  chart: credentials
  labels:
    role: prerequisites
    app: credentials
  values:
  - ssl:
      keyPassword: {{ .Environment.Values.credentials.keyPassword }}
      keystorePassword: {{ .Environment.Values.credentials.keystorePassword }}
      truststorePassword: {{ .Environment.Values.credentials.truststorePassword }}
    db:
      postgresUser:
        password: {{ .Environment.Values.postgres.password }}
      tipUser:
        password: {{ .Environment.Values.postgres.password }}
    schema_repo:
      username: {{ .Environment.Values.credentials.jFrog.user }}
      password: {{ .Environment.Values.credentials.jFrog.password }}
    cassandra:
      tip_user: {{ .Environment.Values.cassandra.user }}
      tip_password: {{ .Environment.Values.cassandra.password }}
    websocketSessionTokenEncKey: {{ .Environment.Values.credentials.websocketSessionTokenEncKey }}
    dockerRegistrySecret: {{ .Environment.Values.credentials.dockerSecret }}
 - name: tip-{{ .Environment.Values.global.namespace }}-efs-provisioner
  namespace: {{ .Environment.Values.global.namespace }}
  chart: stable/efs-provisioner
  version: 0.13.0
  condition: efs-provisioner.enabled
  labels:
    role: prerequisites
    app: efs-provisioner
  values:
  - serviceAccount:
      create: true
      name: efs-provisioner
  - provisioner:
      nameExtension: efs-provisioner
      replicaCount: 1
      strategyType: Recreate
      image:
        name: quay.io/external_storage/efs-provisioner
        tag: latest
      efsFileSystemId: fs-8a3fa867
      awsRegion: ca-central-1
      dnsName: ""
      provisionerName: shared-provisioner
      efsDnsName: fs-8a3fa867.efs.ca-central-1.amazonaws.com
      storageClass: aws-efs
--- a/helmfile/helmfile-03-cloudsdk.yaml
+++ b/helmfile/helmfile-03-cloudsdk.yaml
@@ -0,0 +1,196 @@
 bases:
 - helmfile-environment.yaml
 - helmfile-defaults.yaml
 ---
 releases:
 - name: tip-{{ .Environment.Values.global.namespace }}-opensync-gw-cloud
  namespace: {{ .Environment.Values.global.namespace }}
  chart: opensync-gw-cloud
  condition: opensync-gw-cloud.enabled
  labels:
    role: payload
    app: opensync-gw-cloud
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always
  - externalhostaddress:
      ovsdb: tip-wlan-opensync-gw-cloud
      mqtt: tip-wlan-opensync-mqtt-broker
    persistence:
      enabled: true
    filestore:
      url: "https://tip-wlan-opensync-gw-cloud:9096"
 - name: tip-{{ .Environment.Values.global.namespace }}-opensync-gw-static
  namespace: {{ .Environment.Values.global.namespace }}
  chart: opensync-gw-static
  condition: opensync-gw-static.enabled
  labels:
    role: payload
    app: opensync-gw-static
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always
 - name: tip-{{ .Environment.Values.global.namespace }}-opensync-mqtt-broker
  namespace: {{ .Environment.Values.global.namespace }}
  chart: opensync-mqtt-broker
  condition: opensync-mqtt-broker.enabled
  labels:
    role: payload
    app: opensync-mqtt-broker
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always
  - replicaCount: 1
    persistence:
      enabled: true
      storageClass: {{ .Environment.Values.storageClass }}
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-cloud-graphql-gw
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-cloud-graphql-gw
  condition: wlan-cloud-graphql-gw.enabled
  labels:
    role: payload
    app: wlan-cloud-graphql-gw
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always
  - env:
      portalsvc: graphql.{{ .Environment.Values.global.domain }}
    ingress:
      hosts:
      - host: graphql.{{ .Environment.Values.global.domain }}
        paths:
        - "/"
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-cloud-static-portal
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-cloud-static-portal
  condition: wlan-cloud-static-portal.enabled
  labels:
    role: payload
    app: wlan-cloud-static-portal
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
  - ingress:
      hosts:
      - host: portal.{{ .Environment.Values.global.domain }}
        paths:
        - "/"
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-integrated-cloud-component-service
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-integrated-cloud-component-service
  condition: wlan-integrated-cloud-component-service.enabled
  labels:
    role: payload
    app: wlan-integrated-cloud-component-service
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-port-forwarding-gateway-service
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-port-forwarding-gateway-service
  condition: wlan-port-forwarding-gateway-service.enabled
  labels:
    role: payload
    app: port-forwarding-gateway-service
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-portal-service
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-portal-service
  condition: wlan-portal-service.enabled
  labels:
    role: payload
    app: wlan-portal-service
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
  - persistence:
      enabled: true
      storageClass: {{ .Environment.Values.storageClass }}
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-prov-service
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-prov-service
  condition: wlan-prov-service.enabled
  labels:
    role: payload
    app: wlan-prov-service
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-spc-service
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-spc-service
  condition: wlan-spc-service.enabled
  labels:
    role: payload
    app: wlan-spc-service
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
 - name: tip-{{ .Environment.Values.global.namespace }}-wlan-ssc-service
  namespace: {{ .Environment.Values.global.namespace }}
  chart: wlan-ssc-service
  condition: wlan-ssc-service.enabled
  labels:
    role: payload
    app: wlan-ssc-service
  values:
  - global:
      nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
      nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
      repository: {{ .Environment.Values.global.repository }}
      isCloudDeployment: true
      pullPolicy: Always 
--- a/helmfile/helmfile-defaults.yaml
+++ b/helmfile/helmfile-defaults.yaml
@@ -0,0 +1,5 @@
 helmDefaults:
  createNamespace: false
  force: false
  verify: false
  wait: false
--- a/helmfile/helmfile-environment.yaml
+++ b/helmfile/helmfile-environment.yaml
@@ -0,0 +1,65 @@
 environments:
  default:
    values:
    - global:
        namespace: testota
        domain: lab.wlan.tip.build
        repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
        monitoring:
          namespace: monitoring
        nodePortPrefix: 311
        nodePortPrefixExt: 313
    - credentials:
        jFrog:
          user: tip-read
          password: tip-read
        websocketSessionTokenEncKey: MyToKeN0MyToKeN1
        keyPassword: mypassword
        keystorePassword: mypassword
        truststorePassword: mypassword
        dockerSecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
    # Stateful components start here
    - storageClass: gp2
    - postgres:
        enabled: true
        user: tip_user
        password: DUMMY_POSTGRES_PASSWORD
        replication:
          user: repl_user
          password: repl_password
    - zookeeper:
        enabled: true
    - kafka:
        enabled: true
    - cassandra:
        enabled: true
        user: cassandra
        password: cassandra
    - efs-provisioner:
        enabled: false
    # Wlan components start here
    - opensync-gw-cloud:
        enabled: true
    - opensync-gw-static:
        enabled: true
    - opensync-mqtt-broker:
        enabled: true
    - wlan-cloud-graphql-gw:
        enabled: true
    - wlan-cloud-static-portal:
        enabled: true
    - wlan-integrated-cloud-component-service:
        enabled: true
    - wlan-port-forwarding-gateway-service:
        enabled: true
    - wlan-portal-service:
        enabled: true
    - wlan-prov-service:
        enabled: true
    - wlan-spc-service:
        enabled: true
    - wlan-ssc-service:
        enabled: true
--- a/helmfile/helmfile-repositories.yaml.gotmpl
+++ b/helmfile/helmfile-repositories.yaml.gotmpl
@@ -0,0 +1,7 @@
 repositories:
 - name: stable
  url: https://kubernetes-charts.storage.googleapis.com
 - name: incubator
  url: https://kubernetes-charts-incubator.storage.googleapis.com
 - name: bitnami
  url: https://charts.bitnami.com/bitnami
--- a/helmfile/helmfile.yaml
+++ b/helmfile/helmfile.yaml
@@ -0,0 +1,3 @@
 helmfiles:
 - helmfile-0*
--- a/helmfile/opensync-gw-cloud/.helmignore
+++ b/helmfile/opensync-gw-cloud/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helmfile/opensync-gw-cloud/Chart.lock
+++ b/helmfile/opensync-gw-cloud/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T11:29:27.1946594Z"
--- a/helmfile/opensync-gw-cloud/Chart.yaml
+++ b/helmfile/opensync-gw-cloud/Chart.yaml
@@ -0,0 +1,12 @@
 apiVersion: v2
 name: opensync-gw-cloud
 description: WLAN Opensync Gateway Cloud Helm chart for Kubernetes
 type: application
 version: 0.1.0
 appVersion: 1.16.0
 dependencies:
 - name: common
  version: 0.1.0
  repository: file://../common
--- a/helmfile/opensync-gw-cloud/resources/config/certs/README.md
+++ b/helmfile/opensync-gw-cloud/resources/config/certs/README.md
@@ -0,0 +1,2 @@
 Contains certs needed for this service to start.
 Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/helmfile/opensync-gw-cloud/resources/config/certs/httpClientConfig.json
+++ b/helmfile/opensync-gw-cloud/resources/config/certs/httpClientConfig.json
@@ -0,0 +1,18 @@
 {
 "maxConnectionsTotal":100,
 "maxConnectionsPerRoute":10,
 "truststoreType":"JKS",
 "truststoreProvider":"SUN",
 "truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
 "truststorePass":"mypassword",
 "keystoreType":"JKS",
 "keystoreProvider":"SUN",
 "keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
 "keystorePass":"mypassword",
 "keyAlias":"clientkeyalias",
 "credentialsList":[
    {"host":"localhost","port":-1,"user":"user","password":"password"}
    ]
 }
--- a/helmfile/opensync-gw-cloud/resources/config/certs/ssl.properties
+++ b/helmfile/opensync-gw-cloud/resources/config/certs/ssl.properties
@@ -0,0 +1,13 @@
 truststorePass=mypassword
 truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
 truststoreType=JKS
 truststoreProvider=SUN
 keyAlias=1
 keystorePass=mypassword
 keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
 keystoreType=pkcs12
 keystoreProvider=SunJSSE
 sslProtocol=TLS
--- a/helmfile/opensync-gw-cloud/resources/config/logback.xml
+++ b/helmfile/opensync-gw-cloud/resources/config/logback.xml
@@ -0,0 +1,78 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- For assistance related to logback-translator or configuration  -->
 <!-- files in general, please contact the logback user mailing list -->
 <!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
 <!--                                                                -->
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
 <configuration>
  <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>
  <appender name="mqttDataFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/app/logs/mqttData.log</file>
    <append>true</append>
    <encoder>
      <pattern>%date %msg%n</pattern>
    </encoder>
    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
      <fileNamePattern>/app/logs/mqttData.%i.log.gz</fileNamePattern>
      <minIndex>1</minIndex>
      <maxIndex>3</maxIndex>
    </rollingPolicy>
    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
      <maxFileSize>20MB</maxFileSize>
    </triggeringPolicy>
  </appender>
  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/app/logs/opensyncgw.log</file>
    <append>true</append>
    <encoder>
      <pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
    </encoder>
    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
      <fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
      <minIndex>1</minIndex>
      <maxIndex>3</maxIndex>
    </rollingPolicy>
    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
      <maxFileSize>20MB</maxFileSize>
    </triggeringPolicy>
  </appender>
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
  runtime configuration, if need to override the defaults: 
  	-Dlogback.configurationFile=/path/to/logback.xml
  for log configuration debugging - use 
  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
  log levels:
 	OFF ERROR WARN INFO DEBUG TRACE  
   -->
  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
  <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
  <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
  <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
  <logger name="MQTT_DATA" level="DEBUG" additivity="false">
    <appender-ref ref="mqttDataFile"/>
  </logger>
  <root level="WARN">
    <appender-ref ref="logfile"/>
  </root>
 </configuration>
--- a/helmfile/opensync-gw-cloud/templates/NOTES.txt
+++ b/helmfile/opensync-gw-cloud/templates/NOTES.txt
@@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/helmfile/opensync-gw-cloud/templates/configmap.yaml
+++ b/helmfile/opensync-gw-cloud/templates/configmap.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- a/helmfile/opensync-gw-cloud/templates/deployment.yaml
+++ b/helmfile/opensync-gw-cloud/templates/deployment.yaml
@@ -0,0 +1,287 @@
 {{- $icc := include "integratedcloudcomponent.service" . -}}
 {{- $prov := include "prov.service" . -}}
 {{- $ssc := include "ssc.service" . -}}
 {{- $mqtt := include "mqtt.service" . -}}
 {{- $file_store_path := include "filestore.dir.name" . -}}
 {{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "common.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
    spec:
      imagePullSecrets:
        - name: "{{ .Release.Namespace }}-docker-registry-key"
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
        - name: {{ include "common.name" . }}-mqtt-readiness
          image: eclipse-mosquitto:latest
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          command:
          - sh
          - -c
          - |
            mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
            status=$(echo $?)
            echo mosquitto_pub response of the request = $status
            counter=0
            while [ $counter -lt 10 ] && [ $status -ne 0 ]
            do
              echo {{ $mqtt }} service isnt ready. Tried $counter times
              sleep 2
              counter=`expr $counter + 1`
              mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
              status=$(echo $?)
              echo mosquitto_pub response of the request = $status
            done
            if [ $status -eq 0 ]
            then
              echo {{ $mqtt }} service is ready!
            else
              echo {{ $mqtt }} service failed to respond after 20 secs
              exit 1
            fi
          volumeMounts:
          - mountPath: /certs/cacert.pem
            name: certificates
            subPath: cacert.pem
          - mountPath: /certs/clientcert.pem
            name: certificates
            subPath: clientcert.pem
          - mountPath: /certs/clientkey.pem
            name: certificates
            subPath: clientkey.pem
      {{- if .Values.global.integratedDeployment }}
        - name: {{ include "common.name" . }}-readiness-int-cloud
          image: alpine
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          command:
          - sh
          - -c
          - |
            if [ {{ $cloudeployment }} = false ]
            then            
              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
              echo "Added name-resolution for local deployments"
            fi
            apk add curl
            url=https://{{ $icc }}/ping
            counter=0
            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
            do
              echo ${url} service isnt ready. Tried $counter times
              sleep 5
              counter=`expr $counter + 1`
              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
              echo Http Response code of ping request = $status
            done
            if [ $status -eq 200 ]
            then
              echo ${url} service is ready!
            else
              echo ${url} service failed to respond after 50 secs
              exit 1
            fi 
      {{- else }}
        - name: {{ include "common.name" . }}-readiness-prov
          image: alpine
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          command:
          - sh
          - -c
          - |
            if [ {{ $cloudeployment }} = false ]
            then          
              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
              echo "Added name-resolution for local deployments"
            fi
            apk add curl
            url=https://{{ $prov }}/ping
            counter=0
            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
            do
              echo ${url} service isnt ready. Tried $counter times
              sleep 5
              counter=`expr $counter + 1`
              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
              echo Http Response code of ping request = $status
            done
            if [ $status -eq 200 ]
            then
              echo ${url} service is ready!
            else
              echo ${url} service failed to respond after 50 secs
              exit 1
            fi
        - name: {{ include "common.name" . }}-readiness-ssc
          image: alpine
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          command:
          - sh
          - -c
          - |
            if [ {{ $cloudeployment }} = false ]
            then          
              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
              echo "Added name-resolution for local deployments"
            fi
            apk add curl
            url=https://{{ $ssc }}/ping
            counter=0
            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
            do
              echo ${url} service isnt ready. Tried $counter times
              sleep 5
              counter=`expr $counter + 1`
              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
              echo Http Response code of ping request = $status
            done
            if [ $status -eq 200 ]
            then
              echo ${url} service is ready!
            else
              echo ${url} service failed to respond after 50 secs
              exit 1
            fi        
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          {{- if .Values.probes.enabled }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.port2 }}
            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.port2 }}
            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
          {{- end }}
          env:
            {{- include "common.env" . | nindent 12 }}
            - name: OVSDB_MANAGER
              value: {{ .Values.externalhostaddress.ovsdb }}
            - name: OVSDB_MANAGER_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: MQTT_SERVER_INTERNAL
              value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
            - name: MQTT_SERVER_EXTERNAL
              value: {{ .Values.externalhostaddress.mqtt }}
            {{- if .Values.global.integratedDeployment }}
            - name: INTEGRATED_SERVER
              value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
            {{- else }}
            - name: PROV_SERVER
              value: {{ .Release.Name }}-{{ .Values.prov.url }}
            - name: SSC_SERVER
              value: {{ .Release.Name }}-{{ .Values.ssc.url }}
            {{- end }}
            - name: FILE_STORE_DIRECTORY_INTERNAL
              value: {{ $file_store_path }}
            - name: FILE_STORE_URL
              value: {{ .Values.filestore.url }}
            - name: DEFAULT_LAN_NAME
              value: {{ .Values.ethernetType.lanName }}
            - name: DEFAULT_LAN_TYPE
              value: {{ .Values.ethernetType.lanType }}
            - name: DEFAULT_WAN_TYPE
              value: {{ .Values.ethernetType.wanType }}
            - name: DEFAULT_WAN_NAME
              value: {{ .Values.ethernetType.wanName }}
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
            name: certificates
            subPath: client_keystore.jks
          - mountPath: /opt/tip-wlan/certs/truststore.jks
            name: certificates
            subPath: truststore.jks
          - mountPath: /opt/tip-wlan/certs/server.pkcs12
            name: certificates
            subPath: server.pkcs12
          - mountPath: /opt/tip-wlan/certs/httpClientConfig.json
            name: certificates
            subPath: httpClientConfig.json
          - mountPath: /opt/tip-wlan/certs/ssl.properties
            name: certificates
            subPath: ssl.properties
          - mountPath: /app/opensync/logback.xml
            name: logback-config
            subPath: logback.xml
          - mountPath: {{ $file_store_path }}
            name: file-store-data
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
              protocol: TCP
            - name: {{ .Values.service.name2 }}
              containerPort: {{ .Values.service.port2 }}
              protocol: TCP
            - name: {{ .Values.service.name3 }}
              containerPort: {{ .Values.service.port3 }}
              protocol: TCP
            - name: {{ .Values.service.name4 }}
              containerPort: {{ .Values.service.port4 }}
              protocol: TCP
            {{- if .Values.debug.enabled }}
            - name: {{ .Values.service.name5 }}
              containerPort: {{ .Values.service.port5 }}
              protocol: TCP
            {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
      - name: certificates
        secret:
          secretName: {{ include "common.fullname" . }}-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
      - name: file-store-data
      {{- if .Values.persistence.enabled }}
        persistentVolumeClaim:
          claimName: {{ include "portal.sharedPvc.name" . }}
      {{- else }}
        emptyDir: {}
      {{- end }}
--- a/helmfile/opensync-gw-cloud/templates/ingress.yaml
+++ b/helmfile/opensync-gw-cloud/templates/ingress.yaml
@@ -0,0 +1,42 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/helmfile/opensync-gw-cloud/templates/secret.yaml
+++ b/helmfile/opensync-gw-cloud/templates/secret.yaml
@@ -0,0 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "common.fullname" . }}-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
--- a/helmfile/opensync-gw-cloud/templates/service.yaml
+++ b/helmfile/opensync-gw-cloud/templates/service.yaml
@@ -0,0 +1,39 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port1 }}
      targetPort: {{ .Values.service.port1 }}
      protocol: TCP
      name: {{ .Values.service.name1 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
    - port: {{ .Values.service.port2 }}
      targetPort: {{ .Values.service.port2 }}
      protocol: TCP
      name: {{ .Values.service.name2 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
    - port: {{ .Values.service.port3 }}
      targetPort: {{ .Values.service.port3 }}
      protocol: TCP
      name: {{ .Values.service.name3 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
    - port: {{ .Values.service.port4 }}
      targetPort: {{ .Values.service.port4 }}
      protocol: TCP
      name: {{ .Values.service.name4 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
    {{- if .Values.debug.enabled }}
    - port: {{ .Values.service.port5 }}
      targetPort: {{ .Values.service.port5 }}
      protocol: TCP
      name: {{ .Values.service.name5 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
    {{- end }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/helmfile/opensync-gw-cloud/templates/serviceaccount.yaml
+++ b/helmfile/opensync-gw-cloud/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "common.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/helmfile/opensync-gw-cloud/templates/tests/test-connection.yaml
+++ b/helmfile/opensync-gw-cloud/templates/tests/test-connection.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.testsEnabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "common.fullname" . }}-test-connection"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
  restartPolicy: Never
 {{- end }}
--- a/helmfile/opensync-gw-cloud/templates/transport-server-tcp.yaml
+++ b/helmfile/opensync-gw-cloud/templates/transport-server-tcp.yaml
@@ -0,0 +1,35 @@
 apiVersion: k8s.nginx.org/v1alpha1
 kind: TransportServer
 metadata:
  name: {{ include "common.name" . }}-controller
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  listener:
    name: opensync-gw-controller-port-listener
    protocol: TCP
  upstreams:
  - name: {{ include "common.name" . }}
    service: {{ include "common.fullname" . }}
    port: {{ .Values.service.port1 }}
  action:
    pass: {{ include "common.name" . }}
 ---
 apiVersion: k8s.nginx.org/v1alpha1
 kind: TransportServer
 metadata:
  name: {{ include "common.name" . }}-redirector
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  listener:
    name: opensync-gw-redirector-port-listener
    protocol: TCP
  upstreams:
  - name: {{ include "common.name" . }}
    service: {{ include "common.fullname" . }}
    port: {{ .Values.service.port2 }}
  action:
    pass: {{ include "common.name" . }}
--- a/helmfile/opensync-gw-cloud/values.yaml
+++ b/helmfile/opensync-gw-cloud/values.yaml
@@ -0,0 +1,170 @@
 # Default values for opensync-gw.
 # This is a YAML-formatted file.
 #################################################################
 # Application configuration defaults.
 #################################################################
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
  name: opensync-gateway-cloud
  tag: 0.0.1-SNAPSHOT
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 ## Liveness and Readiness probe values.
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
 probes:
  enabled: false
  livenessProbe:
    initialDelaySeconds: 5
    periodSeconds: 30
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    initialDelaySeconds: 5
    periodSeconds: 30
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
 # Enable/Disable Helm tests
 testsEnabled: false
 # Enable/Disable Remote debugging
 debug: 
  enabled: false
 service:
  type: NodePort
  port1: 6640
  nodePort1: 29
  name1: controller
  port2: 6643
  name2: redirector
  nodePort2: 30
  port3: 9096
  name3: server
  nodePort3: 27
  port4: 9097
  name4: internal
  nodePort4: 28
  port5: 5005
  name5: debug
  nodePort5: 26
 persistence:
  enabled: false
  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
 # the filestore internal: location of the folder where UI files will be stored
 # on the PV
 # the filestore url: externally reachable URL i.e.; reachable from AP, where it 
 # can download the files from. Override this value (url) to the configured
 # HTTP server in your system 
 filestore:
  internal: "/tmp/filestore"
  url: DUMMY_FILESTORE_HTTPS_URL
 integratedcloudcomponent:
  url: wlan-integrated-cloud-component-service
  port: 9091
 prov:
  url: wlan-prov-service
  port: 9092
 ssc:
  url: wlan-ssc-service
  port: 9032
 mqtt:
  url: opensync-mqtt-broker
 portal:
  url: wlan-portal-service
  sharedPvc:
    name: file-store-data
    ordinal: 0
 # These are list of external HostAddresses for ovsdb, mqtt. 
 # This is important for ovsdb and mqtt since 
 # that's what AP sees. Please make sure to override
 # them in dev override file for your respective environments.
 externalhostaddress:
  ovsdb: opensync-gw-cloud
  mqtt: opensync-mqtt-broker
 ethernetType:
  lanName: "lan"
  lanType: "bridge"
  wanType: "bridge"
  wanName: "wan"
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
 env:
  protocol: https
  ssc_url: SSC_RELEASE_URL
  prov_url: PROV_RELEASE_URL
  ssc:
    service: wlan-ssc-service
    port: 9031
  prov:
    service: wlan-prov-service
    port: 9091
--- a/helmfile/opensync-gw-static/.helmignore
+++ b/helmfile/opensync-gw-static/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helmfile/opensync-gw-static/Chart.lock
+++ b/helmfile/opensync-gw-static/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T12:15:04.8106439Z"
--- a/helmfile/opensync-gw-static/Chart.yaml
+++ b/helmfile/opensync-gw-static/Chart.yaml
@@ -0,0 +1,12 @@
 apiVersion: v2
 name: opensync-gw-static
 description: WLAN Opensync Gateway Helm chart for Kubernetes
 type: application
 version: 0.1.0
 appVersion: 1.16.0
 dependencies:
 - name: common
  version: 0.1.0
  repository: file://../common
--- a/helmfile/opensync-gw-static/resources/config/certs/README.md
+++ b/helmfile/opensync-gw-static/resources/config/certs/README.md
@@ -0,0 +1,2 @@
 Contains certs needed for this service to start.
 Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/helmfile/opensync-gw-static/resources/config/certs/httpClientConfig.json
+++ b/helmfile/opensync-gw-static/resources/config/certs/httpClientConfig.json
@@ -0,0 +1,18 @@
 {
 "maxConnectionsTotal":100,
 "maxConnectionsPerRoute":10,
 "truststoreType":"JKS",
 "truststoreProvider":"SUN",
 "truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
 "truststorePass":"mypassword",
 "keystoreType":"JKS",
 "keystoreProvider":"SUN",
 "keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
 "keystorePass":"mypassword",
 "keyAlias":"clientkeyalias",
 "credentialsList":[
    {"host":"localhost","port":-1,"user":"user","password":"password"}
    ]
 }
--- a/helmfile/opensync-gw-static/resources/config/certs/ssl.properties
+++ b/helmfile/opensync-gw-static/resources/config/certs/ssl.properties
@@ -0,0 +1,13 @@
 truststorePass=mypassword
 truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
 truststoreType=JKS
 truststoreProvider=SUN
 keyAlias=1
 keystorePass=mypassword
 keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
 keystoreType=pkcs12
 keystoreProvider=SunJSSE
 sslProtocol=TLS
--- a/helmfile/opensync-gw-static/resources/config/logback.xml
+++ b/helmfile/opensync-gw-static/resources/config/logback.xml
@@ -0,0 +1,75 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- For assistance related to logback-translator or configuration  -->
 <!-- files in general, please contact the logback user mailing list -->
 <!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
 <!--                                                                -->
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
 <configuration>
  <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>
  <!-- 
  <appender name="FILE" class="ch.qos.logback.core.FileAppender">
    <file>myApp.log</file>
    <encoder>
      <pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
    </encoder>
  </appender>
  -->
  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>/app/logs/opensyncgw.log</file>
    <append>true</append>
    <encoder>
      <pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
    </encoder>
    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
      <fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
      <minIndex>1</minIndex>
      <maxIndex>3</maxIndex>
    </rollingPolicy>
    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
      <maxFileSize>20MB</maxFileSize>
    </triggeringPolicy>
  </appender>
  <!--
  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
  runtime configuration, if need to override the defaults: 
  	-Dlogback.configurationFile=/path/to/logback.xml
  for log configuration debugging - use 
  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
  log levels:
 	OFF ERROR WARN INFO DEBUG TRACE  
   -->
  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
  <logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
  <logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
  <logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
  <logger name="MQTT_DATA" level="DEBUG"/>
  <!--   
  <logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
   -->
  <root level="WARN">
 <!--    <appender-ref ref="stdout"/>-->
    <appender-ref ref="logfile"/>
  </root>
 </configuration>
--- a/helmfile/opensync-gw-static/templates/NOTES.txt
+++ b/helmfile/opensync-gw-static/templates/NOTES.txt
@@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/helmfile/opensync-gw-static/templates/configmap.yaml
+++ b/helmfile/opensync-gw-static/templates/configmap.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "common.fullname" . }}-log-config
  namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- a/helmfile/opensync-gw-static/templates/deployment.yaml
+++ b/helmfile/opensync-gw-static/templates/deployment.yaml
@@ -0,0 +1,94 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "common.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
    spec:
      imagePullSecrets:
        - name: "{{ .Release.Namespace }}-docker-registry-key"
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          {{- if .Values.probes.enabled }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.port2 }}
            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.port2 }}
            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
          {{- end }}       
          volumeMounts:
          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
            name: certificates
            subPath: client_keystore.jks
          - mountPath: /opt/tip-wlan/certs/truststore.jks
            name: certificates
            subPath: truststore.jks
          - mountPath: /opt/tip-wlan/certs/server.pkcs12
            name: certificates
            subPath: server.pkcs12
          - mountPath: /opt/tip-wlan/certs/httpClientConfig.json
            name: certificates
            subPath: httpClientConfig.json
          - mountPath: /opt/tip-wlan/certs/ssl.properties
            name: certificates
            subPath: ssl.properties
          - mountPath: /app/opensync/logback.xml
            name: logback-config
            subPath: logback.xml
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
              protocol: TCP
            - name: {{ .Values.service.name2 }}
              containerPort: {{ .Values.service.port2 }}
              protocol: TCP
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
      - name: certificates
        secret:
          secretName: {{ include "common.fullname" . }}-certs
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
--- a/helmfile/opensync-gw-static/templates/ingress.yaml
+++ b/helmfile/opensync-gw-static/templates/ingress.yaml
@@ -0,0 +1,42 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/helmfile/opensync-gw-static/templates/secret.yaml
+++ b/helmfile/opensync-gw-static/templates/secret.yaml
@@ -0,0 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "common.fullname" . }}-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
--- a/helmfile/opensync-gw-static/templates/service.yaml
+++ b/helmfile/opensync-gw-static/templates/service.yaml
@@ -0,0 +1,20 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port1 }}
      targetPort: {{ .Values.service.port1 }}
      protocol: TCP
      name: {{ .Values.service.name1 }}
    - port: {{ .Values.service.port2 }}
      targetPort: {{ .Values.service.port2 }}
      protocol: TCP
      name: {{ .Values.service.name2 }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/helmfile/opensync-gw-static/templates/serviceaccount.yaml
+++ b/helmfile/opensync-gw-static/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "common.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/helmfile/opensync-gw-static/templates/tests/test-connection.yaml
+++ b/helmfile/opensync-gw-static/templates/tests/test-connection.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.testsEnabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "common.fullname" . }}-test-connection"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
  restartPolicy: Never
 {{- end }}
--- a/helmfile/opensync-gw-static/templates/transport-server-tcp.yaml
+++ b/helmfile/opensync-gw-static/templates/transport-server-tcp.yaml
@@ -0,0 +1,35 @@
 apiVersion: k8s.nginx.org/v1alpha1
 kind: TransportServer
 metadata:
  name: {{ include "common.name" . }}-controller
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  listener:
    name: opensync-gw-controller-port-listener
    protocol: TCP
  upstreams:
  - name: {{ include "common.name" . }}
    service: {{ include "common.fullname" . }}
    port: {{ .Values.service.port1 }}
  action:
    pass: {{ include "common.name" . }}
 ---
 apiVersion: k8s.nginx.org/v1alpha1
 kind: TransportServer
 metadata:
  name: {{ include "common.name" . }}-redirector
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  listener:
    name: opensync-gw-redirector-port-listener
    protocol: TCP
  upstreams:
  - name: {{ include "common.name" . }}
    service: {{ include "common.fullname" . }}
    port: {{ .Values.service.port2 }}
  action:
    pass: {{ include "common.name" . }}
--- a/helmfile/opensync-gw-static/values.yaml
+++ b/helmfile/opensync-gw-static/values.yaml
@@ -0,0 +1,95 @@
 # Default values for opensync-gw.
 # This is a YAML-formatted file.
 #################################################################
 # Application configuration defaults.
 #################################################################
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
  name: opensync-gateway-static
  tag: 0.0.1-SNAPSHOT
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 ## Liveness and Readiness probe values.
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
 probes:
  enabled: false
  livenessProbe:
    initialDelaySeconds: 5
    periodSeconds: 30
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    initialDelaySeconds: 5
    periodSeconds: 30
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
 # Enable/Disable Helm tests
 testsEnabled: false
 service:
  type: ClusterIP
  port1: 6640
  name1: controller
  port2: 6643
  name2: redirector
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/helmfile/opensync-mqtt-broker/.helmignore
+++ b/helmfile/opensync-mqtt-broker/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helmfile/opensync-mqtt-broker/Chart.lock
+++ b/helmfile/opensync-mqtt-broker/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T12:15:25.5035557Z"
--- a/helmfile/opensync-mqtt-broker/Chart.yaml
+++ b/helmfile/opensync-mqtt-broker/Chart.yaml
@@ -0,0 +1,12 @@
 apiVersion: v2
 name: opensync-mqtt-broker
 description: A Helm chart for Kubernetes
 type: application
 version: 0.1.0
 appVersion: 1.16.0
 dependencies:
 - name: common
  version: 0.1.0
  repository: file://../common
--- a/helmfile/opensync-mqtt-broker/resources/config/certs/README.md
+++ b/helmfile/opensync-mqtt-broker/resources/config/certs/README.md
@@ -0,0 +1,2 @@
 Contains certs needed for this service to start.
 Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
--- a/helmfile/opensync-mqtt-broker/resources/config/mosquitto.conf
+++ b/helmfile/opensync-mqtt-broker/resources/config/mosquitto.conf
@@ -0,0 +1,17 @@
 cafile /certs/cacert.pem
 certfile /certs/mqttservercert.pem
 keyfile /certs/mqttserverkey_dec.pem
 require_certificate true
 use_identity_as_username true
 allow_anonymous false
 allow_duplicate_messages true
 autosave_interval 900
 log_dest stdout
 max_queued_bytes 0
 max_queued_messages 0
 message_size_limit 0
 persistence true
 persistence_file mosquitto.db
 persistence_location /mosquitto/db/
 pid_file /mosquitto/mosquitto.pid
 port 1883
--- a/helmfile/opensync-mqtt-broker/templates/NOTES.txt
+++ b/helmfile/opensync-mqtt-broker/templates/NOTES.txt
@@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/helmfile/opensync-mqtt-broker/templates/configmap.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/configmap.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: mosquitto-config
  namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}
--- a/helmfile/opensync-mqtt-broker/templates/ingress.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/ingress.yaml
@@ -0,0 +1,42 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/helmfile/opensync-mqtt-broker/templates/secret.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/secret.yaml
@@ -0,0 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: opensync-mqtt-broker-certs
  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
--- a/helmfile/opensync-mqtt-broker/templates/service.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/service.yaml
@@ -0,0 +1,22 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port1 }}
      targetPort: {{ .Values.service.port1 }}
      protocol: TCP
      name: {{ .Values.service.name1 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
    - port: {{ .Values.service.port2 }}
      targetPort: {{ .Values.service.port2 }}
      protocol: TCP
      name: {{ .Values.service.name2 }}
      nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/helmfile/opensync-mqtt-broker/templates/serviceaccount.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "common.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/helmfile/opensync-mqtt-broker/templates/statefulset.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/statefulset.yaml
@@ -0,0 +1,168 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  serviceName: {{ include "common.fullname" . }}
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "common.selectorLabels" . | nindent 6 }}
  updateStrategy:
 {{ toYaml .Values.updateStrategy | indent 4 }}
  template:
    metadata:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
      {{- if .Values.podLabels }}
        ## Custom pod labels
        {{- range $key, $value := .Values.podLabels }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
      {{- end }}
 {{- if .Values.podAnnotations }}
      annotations:
        ## Custom pod annotations
        {{- range $key, $value := .Values.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
 {{- end }}
    spec:
      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
 {{- if .Values.schedulerName }}
      schedulerName: "{{ .Values.schedulerName }}"
 {{- end }}
 {{- if .Values.priorityClassName }}
      priorityClassName: "{{ .Values.priorityClassName }}"
 {{- end }}
      imagePullSecrets:
        - name: "{{ .Release.Namespace }}-docker-registry-key"
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
        - name: {{ include "common.name" . }}-init-dir-ownership-change
          image: alpine:3.6
          # Change ownership to `mosquitto` user for a mounted volume
          command:
          - sh
          - -c
          - |
            chown -R 1883:1883 /mosquitto/data
            chown -R 1883:1883 /mosquitto/db
          volumeMounts:
          - name: data
            mountPath: /mosquitto/data
          - name: db
            mountPath: /mosquitto/db
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.image.name }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          {{- if .Values.probes.enabled }}
          livenessProbe:
            tcpSocket:
              port: {{ .Values.service.port1 }}
            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
          readinessProbe:
            tcpSocket:
              port: {{ .Values.service.port1 }}
            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
          {{- end }}
          volumeMounts:
          - mountPath: /certs/cacert.pem
            name: opensync-mqtt-broker-truststore
            subPath: cacert.pem
          - mountPath: /certs/mqttservercert.pem
            name: opensync-mqtt-broker-truststore
            subPath: mqttservercert.pem
          - mountPath: /certs/mqttserverkey_dec.pem
            name: opensync-mqtt-broker-truststore
            subPath: mqttserverkey_dec.pem
          - mountPath: /mosquitto/config/mosquitto.conf
            name: opensync-mqtt-broker-conf
            subPath: mosquitto.conf
          - mountPath: /mosquitto/db/
            name: db
          - mountPath: /mosquitto/data/
            name: data
          ports:
            - name: {{ .Values.service.name1 }}
              containerPort: {{ .Values.service.port1 }}
              protocol: TCP
            - name: {{ .Values.service.name2 }}
              containerPort: {{ .Values.service.port2 }}
              protocol: TCP
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
      - name: opensync-mqtt-broker-truststore
        secret:
          secretName: opensync-mqtt-broker-certs
      - name: opensync-mqtt-broker-conf
        configMap:
            name: mosquitto-config
      {{- if not .Values.persistence.enabled }}
      - name: db
        emptyDir: {}
      - name: data
        emptyDir: {}
      {{- end }}
  {{- if .Values.persistence.enabled }}
  volumeClaimTemplates:
    - metadata:
        name: db
      spec:
        accessModes:
          - {{ .Values.persistence.accessMode | quote }}
        resources:
          requests:
            storage: {{ .Values.persistence.sizeDb | quote }}
      {{- if .Values.persistence.storageClass }}
        {{- if (eq "-" .Values.persistence.storageClass) }}
        storageClassName: ""
        {{- else }}
        storageClassName: "{{ .Values.persistence.storageClass }}"
        {{- end }}
      {{- end }}
    - metadata:
        name: data
      spec:
        accessModes:
          - {{ .Values.persistence.accessMode | quote }}
        resources:
          requests:
            storage: {{ .Values.persistence.sizeData | quote }}
      {{- if .Values.persistence.storageClass }}
        {{- if (eq "-" .Values.persistence.storageClass) }}
        storageClassName: ""
        {{- else }}
        storageClassName: "{{ .Values.persistence.storageClass }}"
        {{- end }}
      {{- end }}
  {{- end }}
--- a/helmfile/opensync-mqtt-broker/templates/tests/test-connection.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/tests/test-connection.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.testsEnabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "common.fullname" . }}-test-connection"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
  restartPolicy: Never
 {{- end }}
--- a/helmfile/opensync-mqtt-broker/templates/transport-server-tcp.yaml
+++ b/helmfile/opensync-mqtt-broker/templates/transport-server-tcp.yaml
@@ -0,0 +1,17 @@
 apiVersion: k8s.nginx.org/v1alpha1
 kind: TransportServer
 metadata:
  name: {{ include "common.name" . }}-mqtt
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  listener:
    name: opensync-mqtt-port-listener
    protocol: TCP
  upstreams:
  - name: {{ include "common.name" . }}
    service: {{ include "common.fullname" . }}
    port: {{ .Values.service.port1 }}
  action:
    pass: {{ include "common.name" . }}
--- a/helmfile/opensync-mqtt-broker/values.yaml
+++ b/helmfile/opensync-mqtt-broker/values.yaml
@@ -0,0 +1,129 @@
 # Default values for mqtt.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
  name: eclipse-mosquitto
  tag: latest
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 podSecurityContext: {}
  # fsGroup: 2000
 terminationGracePeriodSeconds: 1800  # Duration in seconds a mosquitto pod needs to terminate gracefully.
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 ## Liveness and Readiness probe values.
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
 probes:
  enabled: true
  livenessProbe:
    initialDelaySeconds: 30
    periodSeconds: 30
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    initialDelaySeconds: 5
    periodSeconds: 30
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
 # Enable/Disable Helm tests
 testsEnabled: false
 service:
  type: NodePort
  port1: 1883
  name1: listener
  nodePort1: 31
  port2: 9001
  name2: debug
  nodePort2: 32
 ingress:
  enabled: false
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: chart-example.local
      paths: []
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 priorityClassName: ""
 nodeSelector: {}
 tolerations: []
 affinity: {}
 persistence:
  enabled: false
  ## A manually managed Persistent Volume and Claim
  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  ## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
  ## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
  ## volumeReclaimPolicy: Retain
  ## If you want to bind to an existing PV, uncomment below with the pv name 
  ## and comment storageClass and belowannotation
  ## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
  ## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e
  ## database data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  storageClass: "-"
  accessMode: ReadWriteOnce
  ## Size of Db PVC
  sizeDb: 1Gi
  ## Size of Data PVC
  sizeData: 1Gi
 ## Use an alternate scheduler, e.g. "stork".
 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
 ##
 # schedulerName:
--- a/helmfile/wlan-cloud-graphql-gw/.helmignore
+++ b/helmfile/wlan-cloud-graphql-gw/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helmfile/wlan-cloud-graphql-gw/Chart.lock
+++ b/helmfile/wlan-cloud-graphql-gw/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T12:15:26.5973407Z"
--- a/helmfile/wlan-cloud-graphql-gw/Chart.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/Chart.yaml
@@ -0,0 +1,12 @@
 apiVersion: v2
 name: wlan-cloud-graphql-gw
 description: WLAN Cloud Apollo Server Helm Chart
 type: application
 version: 0.1.0
 appVersion: 0.0.1
 dependencies:
 - name: common
  version: 0.1.0
  repository: file://../common
--- a/helmfile/wlan-cloud-graphql-gw/templates/NOTES.txt
+++ b/helmfile/wlan-cloud-graphql-gw/templates/NOTES.txt
@@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/helmfile/wlan-cloud-graphql-gw/templates/deployment.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/templates/deployment.yaml
@@ -0,0 +1,53 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "common.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
    spec:
      imagePullSecrets:
        - name: "{{ .Release.Namespace }}-docker-registry-key"
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          env:
          - name: API
          {{- if .Values.env.localService }}
            value: {{ .Release.Name }}-{{ .Values.env.portalsvc }}
          {{- else }}
            value: {{ .Values.env.portalsvc }}
          {{- end }}
          ports:
            - name: {{ .Values.service.name }}
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/helmfile/wlan-cloud-graphql-gw/templates/ingress.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/templates/ingress.yaml
@@ -0,0 +1,42 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/helmfile/wlan-cloud-graphql-gw/templates/service.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/templates/service.yaml
@@ -0,0 +1,17 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: {{ .Values.service.port }}
      protocol: TCP
      name: {{ .Values.service.name }}
      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/helmfile/wlan-cloud-graphql-gw/templates/serviceaccount.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "common.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/helmfile/wlan-cloud-graphql-gw/templates/tests/test-connection.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/templates/tests/test-connection.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.testsEnabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "common.fullname" . }}-test-connection"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
 {{- end }}
--- a/helmfile/wlan-cloud-graphql-gw/values.yaml
+++ b/helmfile/wlan-cloud-graphql-gw/values.yaml
@@ -0,0 +1,86 @@
 # Default values for opensync-gw.
 # This is a YAML-formatted file.
 #################################################################
 # Application configuration defaults.
 #################################################################
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image: 
  name: wlan-cloud-graphql-gw
  tag: latest
  pullPolicy: IfNotPresent
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 podSecurityContext: {}
  # fsGroup: 2000
 # Enable/Disable Helm tests
 testsEnabled: false
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 # If it's a localService, we will prefix ReleaseName to portalsvc, so service
 # is reachable.
 env:
  portalsvc: wlan-portal-service:9051
  localService: false
 service:
  type: NodePort
  port: 4000
  name: graphui
  nodePort: 23
 ingress:
  enabled: true
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: wlan-ui-graphql.zone3.lab.connectus.ai
      paths: [
         /
        ]
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/helmfile/wlan-cloud-static-portal/.helmignore
+++ b/helmfile/wlan-cloud-static-portal/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helmfile/wlan-cloud-static-portal/Chart.lock
+++ b/helmfile/wlan-cloud-static-portal/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T12:15:47.5451817Z"
--- a/helmfile/wlan-cloud-static-portal/Chart.yaml
+++ b/helmfile/wlan-cloud-static-portal/Chart.yaml
@@ -0,0 +1,12 @@
 apiVersion: v2
 name: wlan-cloud-static-portal
 description: WLAN Cloud Portal Helm Chart
 type: application
 version: 0.1.0
 appVersion: 0.0.1
 dependencies:
 - name: common
  version: 0.1.0
  repository: file://../common
--- a/helmfile/wlan-cloud-static-portal/templates/NOTES.txt
+++ b/helmfile/wlan-cloud-static-portal/templates/NOTES.txt
@@ -0,0 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}
--- a/helmfile/wlan-cloud-static-portal/templates/deployment.yaml
+++ b/helmfile/wlan-cloud-static-portal/templates/deployment.yaml
@@ -0,0 +1,49 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "common.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
    spec:
      imagePullSecrets:
        - name: "{{ .Release.Namespace }}-docker-registry-key"
      serviceAccountName: {{ include "common.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.global.pullPolicy }}
          env:
          - name: API
            value: {{ .Values.env.graphql }}
          ports:
            - name: {{ .Values.service.name }}
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/helmfile/wlan-cloud-static-portal/templates/ingress.yaml
+++ b/helmfile/wlan-cloud-static-portal/templates/ingress.yaml
@@ -0,0 +1,42 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "common.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
        {{- end }}
  {{- end }}
 {{- end }}
--- a/helmfile/wlan-cloud-static-portal/templates/service.yaml
+++ b/helmfile/wlan-cloud-static-portal/templates/service.yaml
@@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "common.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: {{ .Values.service.port }}
      protocol: TCP
      name: {{ .Values.service.name }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
--- a/helmfile/wlan-cloud-static-portal/templates/serviceaccount.yaml
+++ b/helmfile/wlan-cloud-static-portal/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "common.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/helmfile/wlan-cloud-static-portal/templates/tests/test-connection.yaml
+++ b/helmfile/wlan-cloud-static-portal/templates/tests/test-connection.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.testsEnabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "common.fullname" . }}-test-connection"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
 {{- end }}
--- a/helmfile/wlan-cloud-static-portal/values.yaml
+++ b/helmfile/wlan-cloud-static-portal/values.yaml
@@ -0,0 +1,82 @@
 # Default values for opensync-gw.
 # This is a YAML-formatted file.
 #################################################################
 # Application configuration defaults.
 #################################################################
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image: 
  name: wlan-cloud-ui
  tag: latest
  pullPolicy: IfNotPresent
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
 podSecurityContext: {}
  # fsGroup: 2000
 # Enable/Disable Helm tests
 testsEnabled: false
 env:
  graphql: tip-wlan-wlan-cloud-graphql-gw:4000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 service:
  type: ClusterIP
  port: 80
  name: portal
 ingress:
  enabled: true
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: wlan-ui.zone3.lab.connectus.ai
      paths: [
         /
        ]
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/helmfile/wlan-integrated-cloud-component-service/.helmignore
+++ b/helmfile/wlan-integrated-cloud-component-service/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helmfile/wlan-integrated-cloud-component-service/Chart.lock
+++ b/helmfile/wlan-integrated-cloud-component-service/Chart.lock
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: file://../common
  version: 0.1.0
 digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
 generated: "2020-10-19T12:15:51.6442008Z"
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gleb Boushev	23e739d5c6	removing helm temp objects and ignoring them	2020-10-19 17:29:48 +03:00
Gleb Boushev	68261551c7	reverting accidental changes to old helm code	2020-10-19 17:28:05 +03:00
Gleb Boushev	80f1375f04	most of the things are working	2020-10-19 17:14:02 +03:00
Gleb Boushev	4c79d42318	intermediate commit, working on kafka	2020-10-17 09:53:59 +03:00
Gleb Boushev	8bb8dcdec8	initial commit with helmfile rework	2020-10-01 14:22:45 +03:00
		`@@ -0,0 +1,2 @@`
							`Contains certs needed for this service to start.`
							`Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution`