WIFI-990: disable hardcoded NodePort for AWS deployments

* rebased

* removed map-hash-bucket-size from nginx config map

* synced requests/limits for cassandra

* enabled alb for graphql and static

* added plain http

* added ingress + alb for tip-wlan-wlan-portal-service

* enabled http->https redirect for ingress/alb services

* enabled nlb for opensync-gw-cloud and mqtt services

* disabled nginx ingress

* refactored service annotations

* sync: works

* disabled nodePort hardcoded value for wlan-portal-service AWS deployment

* synced helm values

* sync

* fix prov service ssl creds

* enabled efs

* sync dev-amazon-tip from master

* disabled nodeport static for opensync-gw-cloud

* wlan-port-forwarding-gateway-service nodeport static

* opensync-mqttt-broker nodeport static

* removed whitespace in tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

* renamed nodePort_static

* renamed alb_https_redirect

* added comment to nodePortStatic

* added a comment to   lb_https_redirect

Co-authored-by: Eugene Taranov <eugene@taranov.me>

README.md

@@ -45,3 +45,132 @@ This repository contains helm charts for various deployment types of the tip wla
  - Run the following command under tip-wlan-helm directory _after_ the components are running:
  	- helm test <RELEASE_NAME> -n default
 	(For more details add --debug flag to the above command) 
+
+
+# Local environment
+
+In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
+
+```
+mqtt-server.cnf:
+
+-commonName_default   = opensync-mqtt-broker.zone1.lab.wlan.tip.build
++commonName_default   = opensync-mqtt-broker.wlan.local
+
+
+openssl-server.cnf:
+-DNS.1  = opensync-redirector.zone1.lab.wlan.tip.build
+-DNS.2  = opensync-controller.zone1.lab.wlan.tip.build
++DNS.1  = opensync-redirector.wlan.local
++DNS.2  = opensync-controller.wlan.local
+ DNS.3  = tip-wlan-postgresql
+-DNS.4  = ftp.example.com
+```
+
+In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
+
+Optionally, in order to speedup first and subsequent runs, you may cache some images:
+
+```
+minikube cache add zookeeper:3.5.5
+minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
+minikube cache add postgres:latest
+minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
+minikube cache add eclipse-mosquitto:latest
+minikube cache add opsfleet/depends-on
+```
+
+These images may occasionally need to be updated with these commands:
+
+```
+minikube cache reload ## reload images from the upstream
+eval $( minikube docker-env )
+for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
+	minikube cache add $img;
+done
+```
+
+Run minikube:
+
+```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
+
+Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
+
+Deploy CloudSDK chart:
+
+```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
+
+Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
+
+Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
+
+Kubefwd:
+
+kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
+Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
+
+Forward to all interfaces (useful if you need to connect from other devices in your local network):
+
+```
+sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
+```
+
+Kubectl port forwarding (alternative to kubefwd):
+```
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
+kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
+```
+
+Add certificate to the trust store.
+
+Firefox:
+
+1. Open settings, `Privacy and security`, `View certificates`.
+
+2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
+Repeat the step for `https://wlan-ui-graphql.wlan.local`
+
+
+Chrome and other browsers using system certificate store:
+
+1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
+
+```
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
+NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
+TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
+6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
+TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
+9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
+nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
+nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
+ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
+OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
+va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
+1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
+qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
+3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
+VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
+b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
+bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
+KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
+pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
+u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
+Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
+fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
+kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
+yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
+tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
+6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
+xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
+-----END CERTIFICATE-----
+
+```
+
+2. Double click on it, enter the system admin password, if prompted.

tip-wlan/charts/cassandra/resources/config/certs/README.md

@@ -0,0 +1 @@
+Contains certs needed for this service to start. Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/cassandra/resources/config/certs/keystore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/cassandra/resources/config/certs/truststore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/cassandra/templates/secret.yaml

@@ -24,9 +24,9 @@ metadata:
 type: Opaque
 data:
   truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
-  truststore-password: {{ .Files.Get "resources/config/certs/truststore_creds" | b64enc }}
+  truststore-password: {{ .Values.creds.sslTruststorePassword | b64enc }}
   keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
-  keystore-password: {{ .Files.Get "resources/config/certs/keystore_creds" | b64enc }}
+  keystore-password: {{ .Values.creds.sslKeystorePassword | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
@@ -36,4 +36,5 @@ metadata:
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-
+  keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
+  truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}

tip-wlan/charts/cassandra/values.yaml

@@ -326,3 +326,6 @@ metrics:
   podAnnotations:
     prometheus.io/scrape: "true"
     prometheus.io/port: "8080"
+creds:
+  sslKeystorePassword: DUMMY_PASSWORD
+  sslTruststorePassword: DUMMY_PASSWORD

tip-wlan/charts/common/templates/_ports.tpl

@@ -4,14 +4,17 @@
   */}}
 
 {{- define "container.dev.debugport" -}}
+  {{- if .Values.debug.enabled }}
   {{- range $index, $portid := .Values.debugPorts }}
   - name: debugport-{{ $index }}
     containerPort: {{ $portid }}
     protocol: TCP
   {{- end }}
+  {{- end }}
 {{- end -}}
 
 {{- define "service.dev.debugport" -}}
+  {{- if .Values.debug.enabled }}
   {{- range $index, $portid := .Values.debugPorts }}
   - port: {{ $portid }}
     targetPort: {{ $portid }}
@@ -21,4 +24,5 @@
     nodePort: {{ $portid }}
     {{- end }}   
   {{- end }}
+  {{- end }}
 {{- end -}}

tip-wlan/charts/kafka/resources/config/admin-client.properties

@@ -1,11 +0,0 @@
-ssl.endpoint.identification.algorithm=
-security.protocol=SSL
-ssl.key.password=DUMMY_PASSWORD
-ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
-ssl.keystore.password=DUMMY_PASSWORD
-ssl.keystore.type=PKCS12
-ssl.truststore.location=/etc/kafka/secrets/truststore.jks
-ssl.truststore.password=DUMMY_PASSWORD
-ssl.truststore.type=JKS
-bootstrap.servers=tip-wlan-kafka-headless:9093
-

tip-wlan/charts/kafka/resources/config/certs/key_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/resources/config/certs/keystore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/resources/config/certs/truststore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/templates/configmap.yaml

@@ -4,4 +4,14 @@ metadata:
   name: {{ include "common.fullname" . }}-clientconfig
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/admin-client.properties").AsConfig . | indent 2 }}
+  admin-client.properties: |
+    ssl.endpoint.identification.algorithm=
+    security.protocol=SSL
+    ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
+    ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
+    ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
+    ssl.keystore.type=PKCS12
+    ssl.truststore.location=/etc/kafka/secrets/truststore.jks
+    ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
+    ssl.truststore.type=JKS
+    bootstrap.servers=tip-wlan-kafka-headless:9093

tip-wlan/charts/kafka/templates/secret.yaml

@@ -1,8 +1,18 @@
+---
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ template "common.name" . }}
+    chart: {{ template "common.chart" . }}
+    release: {{ .Release.Name | quote }}
 type: Opaque
 data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
+  truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
+  keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
+  key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
+  truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
+  kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
+  README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}

tip-wlan/charts/kafka/values.yaml

@@ -353,3 +353,8 @@ zookeeper:
   #       labelSelector:
   #         matchLabels:
   #           release: zookeeper
+
+creds:
+  sslTruststorePassword: DUMMY_PASSWORD
+  sslKeystorePassword: DUMMY_PASSWORD
+  sslKeyPassword: DUMMY_PASSWORD

tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml

@@ -73,6 +73,7 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
+    <appender-ref ref="stdout"/>
   </root>
 
 </configuration>

tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml

@@ -4,7 +4,6 @@
 {{- $mqtt := include "mqtt.service" . -}}
 {{- $ns := include "common.namespace" . -}}
 {{- $file_store_path := include "filestore.dir.name" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -28,43 +27,13 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-mqtt-readiness
-          image: eclipse-mosquitto:latest
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
-            status=$(echo $?)
-            echo mosquitto_pub response of the request = $status
-            counter=0
-            while [ $counter -lt 10 ] && [ $status -ne 0 ]
-            do
-              echo {{ $mqtt }} service isnt ready. Tried $counter times
-              sleep 2
-              counter=`expr $counter + 1`
-              mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
-              status=$(echo $?)
-              echo mosquitto_pub response of the request = $status
-            done
-            if [ $status -eq 0 ]
-            then
-              echo {{ $mqtt }} service is ready!
-            else
-              echo {{ $mqtt }} service failed to respond after 20 secs
-              exit 1
-            fi
-          volumeMounts:
-          - mountPath: /certs/cacert.pem
-            name: certificates
-            subPath: cacert.pem
-          - mountPath: /certs/clientcert.pem
-            name: certificates
-            subPath: clientcert.pem
-          - mountPath: /certs/clientkey.pem
-            name: certificates
-            subPath: clientkey.pem
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-opensync-mqtt-broker"
+          - "-service={{ .Release.Name }}-wlan-prov-service"
+          - "-service={{ .Release.Name }}-wlan-ssc-service"
+          - -check_interval=5
       {{- if .Values.global.integratedDeployment }}
         - name: {{ include "common.name" . }}-readiness-int-cloud
           image: alpine
@@ -73,11 +42,6 @@ spec:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then            
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apk add curl
             url=https://{{ $icc }}/ping
             counter=0
@@ -96,70 +60,7 @@ spec:
             else
               echo ${url} service failed to respond after 50 secs
               exit 1
-            fi 
-      {{- else }}
-        - name: {{ include "common.name" . }}-readiness-prov
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
             fi
-            apk add curl
-            url=https://{{ $prov }}/ping
-            counter=0
-            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-            do
-              echo ${url} service isnt ready. Tried $counter times
-              sleep 5
-              counter=`expr $counter + 1`
-              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-              echo Http Response code of ping request = $status
-            done
-            if [ $status -eq 200 ]
-            then
-              echo ${url} service is ready!
-            else
-              echo ${url} service failed to respond after 50 secs
-              exit 1
-            fi
-        - name: {{ include "common.name" . }}-readiness-ssc
-          image: alpine
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
-            apk add curl
-            url=https://{{ $ssc }}/ping
-            counter=0
-            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-            do
-              echo ${url} service isnt ready. Tried $counter times
-              sleep 5
-              counter=`expr $counter + 1`
-              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-              echo Http Response code of ping request = $status
-            done
-            if [ $status -eq 200 ]
-            then
-              echo ${url} service is ready!
-            else
-              echo ${url} service failed to respond after 50 secs
-              exit 1
-            fi        
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
@@ -192,7 +93,9 @@ spec:
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: OVSDB_MANAGER
-              value: {{ .Values.externalhostaddress.ovsdb }}
+              value: {{ .Values.externalhost.address.ovsdb }}
+            - name: OVSDB_EXTERNAL_PORT
+              value: "{{ .Values.externalhost.ports.ovsdb }}"
             - name: OVSDB_MANAGER_IP
               valueFrom:
                 fieldRef:
@@ -200,7 +103,9 @@ spec:
             - name: MQTT_SERVER_INTERNAL
               value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
             - name: MQTT_SERVER_EXTERNAL
-              value: {{ .Values.externalhostaddress.mqtt }}
+              value: {{ .Values.externalhost.address.mqtt }}
+            - name: MQTT_BROKER_EXTERNAL_PORT
+              value: "{{ .Values.externalhost.ports.mqtt }}"
             {{- if .Values.global.integratedDeployment }}
             - name: INTEGRATED_SERVER
               value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}

tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/opensync-gw-cloud/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,28 +16,38 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
     - port: {{ .Values.service.port3 }}
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+      {{- end }}
     - port: {{ .Values.service.port4 }}
       targetPort: {{ .Values.service.port4 }}
       protocol: TCP
       name: {{ .Values.service.name4 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+      {{- end }}
     {{- if .Values.debug.enabled }}
     - port: {{ .Values.service.port5 }}
       targetPort: {{ .Values.service.port5 }}
       protocol: TCP
       name: {{ .Values.service.name5 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
+      {{- end }}
     {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -77,6 +77,8 @@ service:
   port5: 5005
   name5: debug
   nodePort5: 26
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 persistence:
   enabled: false
@@ -113,13 +115,21 @@ portal:
       name: file-store-data
       ordinal: 0
 
- # These are list of external HostAddresses for ovsdb, mqtt. 
- # This is important for ovsdb and mqtt since 
- # that's what AP sees. Please make sure to override
- # them in dev override file for your respective environments.
-externalhostaddress:
-  ovsdb: opensync-gw-cloud
-  mqtt: opensync-mqtt-broker
+
+# These are the address and ports for the externalhost
+# This is important for ovsdb and mqtt since 
+# that's what AP sees. Please make sure to override
+# them in dev override file for your respective environments.
+# the default values below would be used if not overriden
+externalhost:
+  address:
+    ovsdb: opensync-gw-cloud
+    mqtt: opensync-mqtt-broker
+  ports:
+    ovsdb: 6640
+    mqtt: 1883
+
+
 
 ethernetType:
   lanName: "lan"

tip-wlan/charts/opensync-gw-static/resources/config/logback.xml

@@ -68,7 +68,7 @@
    -->
    
   <root level="WARN">
-<!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,11 +16,15 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-mqtt-broker/values.yaml

@@ -61,6 +61,8 @@ service:
   port2: 9001
   name2: debug
   nodePort2: 32
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml

@@ -12,6 +12,8 @@ spec:
       targetPort: {{ .Values.service.port }}
       protocol: TCP
       name: {{ .Values.service.name }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml

@@ -51,9 +51,11 @@ service:
   port: 4000
   name: graphui
   nodePort: 23
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: true
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-static-portal/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

tip-wlan/charts/wlan-cloud-static-portal/values.yaml

@@ -50,6 +50,7 @@ service:
 
 ingress:
   enabled: true
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml

@@ -1,7 +1,6 @@
 {{- if .Values.global.integratedDeployment }}
 {{- $pg := include "postgresql.service" . -}}
 {{- $ns := include "common.namespace" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -55,15 +54,6 @@ spec:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
-              echo "151.101.128.204 security.debian.org" >> /etc/hosts
-              echo "151.101.126.133 deb.debian.org" >> /etc/hosts
-              echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml

@@ -1,4 +1,3 @@
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 {{- $opensyncgw := include "opensyncgw.service" . -}}
 apiVersion: apps/v1
 kind: Deployment
@@ -30,11 +29,6 @@ spec:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apk add curl
             url=https://{{ $opensyncgw }}/ping
             counter=0

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml

@@ -78,6 +78,7 @@ service:
   port3: 5010
   name3: debug-appl
   nodePort3: '03'
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 # The below ports are the ports that Java would choose as Local ports whenever it opens up
 # a developer session for debug.

tip-wlan/charts/wlan-portal-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-portal-service/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-portal-service/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,14 +16,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +31,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}

tip-wlan/charts/wlan-portal-service/values.yaml

@@ -74,10 +74,12 @@ service:
   nodePort2: 52
   port3: 5006
   name3: debug
-  nodePort3: 15  
+  nodePort3: 15
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

tip-wlan/charts/wlan-prov-service/resources/config/datasource.properties

@@ -1,11 +0,0 @@
-singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
-singleDataSource.username=DUMMY_POSTGRES_TIP_USER
-singleDataSource.password=DUMMY_POSTGRES_TIP_PASSWORD
-singleDataSource.driverClass=org.postgresql.Driver
-singleDataSource.ssl=true
-singleDataSource.sslmode=verify-ca
-singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
-singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
-singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
-singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
-singleDataSource.sslkeypassword=DUMMY_SSL_KEY_PASSWORD

tip-wlan/charts/wlan-prov-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-prov-service/templates/configmap.yaml

@@ -5,3 +5,15 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+  datasource.properties: |-
+    singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
+    singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
+    singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
+    singleDataSource.driverClass=org.postgresql.Driver
+    singleDataSource.ssl=true
+    singleDataSource.sslmode=verify-ca
+    singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
+    singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
+    singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
+    singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
+    singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}

tip-wlan/charts/wlan-prov-service/templates/deployment.yaml

@@ -1,6 +1,5 @@
 {{- $pg := include "postgresql.service" . -}}
 {{- $ns := include "common.namespace" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,10 +23,11 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-postgresql"
+          - -check_interval=5
         - name: {{ include "common.name" . }}-create-db-schema
           env:
           - name: POSTGRESQL_PORT_NUMBER
@@ -57,16 +57,7 @@ spec:
           command:
           - sh
           - -c
-          - |
-            if [ {{ $cloudeployment }} = false ]
-            then
-              echo "151.101.2.133 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "52.35.62.28 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
-              echo "151.101.192.204 security.debian.org" >> /etc/hosts
-              echo "199.232.38.133 deb.debian.org" >> /etc/hosts
-              echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi            
+          - |      
             apt update
             apt -y install curl
             echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"

tip-wlan/charts/wlan-prov-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-prov-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-prov-service/values.yaml

@@ -69,6 +69,10 @@ creds:
   schema_repo:
     username: DUMMY_SCHEMA_REPO_USERNAME
     password: DUMMY_SCHEMA_REPO_PASSWORD
+  postgres:
+    singleDataSourceUsername: DUMMY_POSTGRES_USER
+    singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
+    singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
 
 # Enable/Disable Remote debugging
 debug: 
@@ -82,6 +86,7 @@ service:
   name2: secondary-port
   port3: 5007
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/charts/wlan-spc-service/resources/config/logback.xml

@@ -74,6 +74,7 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
+    <appender-ref ref="stdout"/>
   </root>
   
 </configuration>

tip-wlan/charts/wlan-spc-service/templates/deployment.yaml

@@ -23,10 +23,11 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-kafka-headless"
+          - -check_interval=5
       containers:
         - name: {{ .Chart.Name }}
           securityContext:

tip-wlan/charts/wlan-spc-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-spc-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-spc-service/values.yaml

@@ -70,6 +70,7 @@ service:
   name2: secondary-port
   port3: 5009
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/charts/wlan-ssc-service/resources/config/cassandra-application.conf

@@ -1,27 +0,0 @@
-# The options in this file are overrides for the default configuration.
-# They can also be overridden by the java system properties using -Dproperty=value
-#
-# For more details see https://docs.datastax.com/en/developer/java-driver/4.7/manual/core/configuration/reference/
-#
-datastax-java-driver {
-    basic {
-        contact-points = [ "tip-wlan-cassandra-headless:9042" ]
-        load-balancing-policy.local-datacenter = datacenter1
-        session-keyspace = tip_wlan_keyspace
-    }
-  
-    advanced.ssl-engine-factory {
-        class = DefaultSslEngineFactory    
-        hostname-validation = false
-        truststore-path = /opt/tip-wlan/certs/truststore.jks
-        truststore-password = DUMMY_PASSWORD
-        keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
-        keystore-password = DUMMY_PASSWORD
-    }
-    
-    advanced.auth-provider {
-        class = PlainTextAuthProvider
-        username = DUMMY_TIP_USER
-        password = DUMMY_TIP_PASSWORD
-    }
-}

tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml

@@ -5,3 +5,26 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+  cassandra-application.conf: >-
+    datastax-java-driver {
+        basic {
+            contact-points = [ "tip-wlan-cassandra-headless:9042" ]
+            load-balancing-policy.local-datacenter = datacenter1
+            session-keyspace = tip_wlan_keyspace
+        }
+
+        advanced.ssl-engine-factory {
+            class = DefaultSslEngineFactory
+            hostname-validation = false
+            truststore-path = /opt/tip-wlan/certs/truststore.jks
+            truststore-password = {{ .Values.creds.sslTruststorePassword }}
+            keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
+            keystore-password = {{ .Values.creds.sslKeystorePassword }}
+        }
+
+        advanced.auth-provider {
+            class = PlainTextAuthProvider
+            username = {{ .Values.creds.cassandra.tip_user }}
+            password = {{ .Values.creds.cassandra.tip_password }}
+        }
+    }

tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml

@@ -1,7 +1,6 @@
 {{- $kafka := include "kafka.service" . -}}
 {{- $cassandra := include "cassandra.service" . -}}
 {{- $ns := include "common.namespace" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,14 +24,12 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-kafka-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
-        - name: {{ include "common.name" . }}-cassandra-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $cassandra }}.{{ $ns }}.svc.cluster.local; do echo waiting for Cassandra; sleep 2; done"]
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-kafka-headless"
+          - "-service={{ .Release.Name }}-cassandra"
+          - -check_interval=5
         - name: {{ include "common.name" . }}-create-db-schema-cassandra
           env:
           - name: CASSANDRA_PORT_NUMBER
@@ -53,13 +50,6 @@ spec:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then
-              echo "52.35.62.28 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
-              echo "91.189.88.152 security.ubuntu.com" >> /etc/hosts
-              echo "91.189.88.142 archive.ubuntu.com" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
@@ -226,7 +216,7 @@ spec:
             - name: {{ .Values.service.name3 }}
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
-            {{- end }}              
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

tip-wlan/charts/wlan-ssc-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-ssc-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-ssc-service/values.yaml

@@ -70,6 +70,7 @@ service:
   name2: secondary-port
   port3: 5008
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/resources/environments/dev-amazon-tip.yaml

@@ -53,9 +53,10 @@ common:
       storageClass: aws-efs  
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: opensync-controller.demo.lab.wlan.tip.build
-    mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
+  externalhost:
+    address:
+      ovsdb: opensync-controller.demo.lab.wlan.tip.build
+      mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
   persistence:
     enabled: false
   filestore:

tip-wlan/resources/environments/dev-integrated-aws-connectus.yaml

@@ -1,131 +0,0 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed. 
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-  nsPrefix: tip
-  # image pull policy
-  pullPolicy: Always
-
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-  # Integrated Deployment which deploys Prov Service, Portal Service and 
-  # SSC Service in a single docker image 
-  integratedDeployment: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
-opensync-gw-static:
-  enabled: false
-opensync-gw-cloud:
-  enabled: true
-  externalhostaddress:
-    ovsdb: "15.222.171.117"
-    mqtt: "3.96.17.34"
-  env:
-    protocol: https
-    ssc:
-      service: wlan-integrated-cloud-component-service
-      port: 9092
-    prov:
-      service: wlan-integrated-cloud-component-service
-      port: 9092
-opensync-mqtt-broker:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: "gp2"
-wlan-port-forwarding-gateway-service:
-  enabled: true
-  externallyVisible:
-    host: api.wlan.zone3.lab.connectus.ai
-    port: 30401
-wlan-cloud-graphql-gw:
-  enabled: true
-  env:
-    portalsvc: wlan-portal-svc.zone3.lab.connectus.ai
-wlan-cloud-static-portal:
-  enabled: true
-wlan-integrated-cloud-component-service:
-  enabled: true
-  image:
-    name: wlan-integrated-cloud-component-service-persistence
-    tag: 0.0.1-SNAPSHOT
-  creds:
-    enabled: true
-    postgres:
-      password: cG9zdGdyZXMxMjM=
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  integratedWithPersistence:
-    enabled: true
-nginx-ingress-controller:
-  enabled: true
-  controller:
-    config:
-      externalStatusAddress: "api.wlan.zone3.lab.connectus.ai"
-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: "gp2"
-kafka:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: "gp2"
-cassandra:
-  enabled: true
-  config:
-    cluster_size: 3
-    seed_size: 2
-  persistence:
-    enabled: true
-    storageClass: "glusterfs-storage"
-postgresql:
-  enabled: true
-  postgresqlPassword: cG9zdGdyZXMxMjM=
-## NOTE: If we are using glusterfs as Storage class, we don't really need 
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful: 
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
-  persistence:
-    enabled: true
-    storageClass: "glusterfs-storage"

tip-wlan/resources/environments/dev-integrated-aws-tip.yaml

@@ -48,9 +48,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: opensync-controller.tip.lab.connectus.ai
-    mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
+  externalhost:
+    address:
+      ovsdb: opensync-controller.tip.lab.connectus.ai
+      mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
   env:
     protocol: https
     ssc:

tip-wlan/resources/environments/dev-integrated.yaml

@@ -30,8 +30,6 @@ global:
   # Integrated Deployment which deploys Prov Service, Portal Service and 
   # SSC Service in a single docker image 
   integratedDeployment: true
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep

tip-wlan/resources/environments/dev-local.yaml

@@ -0,0 +1,187 @@
+# This is a development override file.
+# It overrides the default Tip-Wlan parent chart behaviour
+#
+# It can be tweaked, based on the need to support different
+# dev environments.
+# This file expects to have a GlusterFS storage solution running
+# before "helm install" is performed.
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+  # Change to an unused port prefix range to prevent port conflicts
+  # with other instances running within the same k8s cluster
+  nodePortPrefix: 302
+  nsPrefix: tip
+  # image pull policy
+  pullPolicy: Always
+
+  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
+  # override default mount path root directory
+  # referenced by persistent volumes and log files
+  persistence:
+
+  # flag to enable debugging - application support required
+  debugEnabled: true
+
+# Annotations for namespace
+annotations: {
+    "helm.sh/resource-policy": keep
+}
+
+# createReleaseNamespace: false
+
+# Docker registry secret
+dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the TIP-WLAN deployment.
+#################################################################
+opensync-gw-static:
+  enabled: false
+opensync-gw-cloud:
+  enabled: true
+  externalhost:
+    address:
+      ovsdb: opensync-controller.wlan.local
+      mqtt: opensync-mqtt-broker.wlan.local
+  persistence:
+    enabled: true
+  filestore:
+    url: "https://wlan-filestore.wlan.local"
+opensync-mqtt-broker:
+  enabled: true
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: standard
+wlan-cloud-graphql-gw:
+  enabled: true
+  env:
+    portalsvc: tip-wlan-wlan-portal-service:9051
+  ingress:
+    hosts:
+      - host: wlan-ui-graphql.wlan.local
+        paths: [
+           /
+          ]
+    tls:
+    - hosts:
+      - wlan-ui-graphql.wlan.local
+      secretName: nginx-ingress-controller-default-server-secret
+wlan-cloud-static-portal:
+  enabled: true
+  env:
+    graphql: https://wlan-ui-graphql.wlan.local
+  service:
+    type: NodePort
+  ingress:
+    hosts:
+      - host: wlan-ui.wlan.local
+        paths: [
+           /
+          ]
+    tls:
+    - hosts:
+      - wlan-ui.wlan.local
+      secretName: nginx-ingress-controller-default-server-secret
+wlan-portal-service:
+  enabled: true
+  persistence:
+    enabled: true
+    storageClass: standard
+    filestoreSize: 1Gi
+wlan-prov-service:
+  enabled: true
+  creds:
+    enabled: true
+    db:
+      postgresUser:
+        password: postgres
+      tipUser:
+        password: tip_password
+    schema_repo:
+      username: tip-read
+      password: tip-read
+    postgres:
+      singleDataSourceUsername: tip_user
+      singleDataSourcePassword: tip_password
+      singleDataSourceSslKeyPassword: mypassword
+wlan-ssc-service:
+  enabled: true
+  creds:
+    sslKeyPassword: mypassword
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+    cassandra:
+      tip_user: tip_user
+      tip_password: tip_password
+    schema_repo:
+      username: tip-read
+      password: tip-read
+wlan-spc-service:
+  enabled: true
+  creds:
+    sslKeyPassword: mypassword
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+nginx-ingress-controller:
+  enabled: true
+  controller:
+    service:
+      type: LoadBalancer
+    config:
+      externalStatusAddress: "api.wlan.local"
+    defaultTLS:
+      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
+zookeeper:
+  enabled: true
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: standard
+kafka:
+  enabled: true
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: standard
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+    sslKeyPassword: mypassword
+cassandra:
+  enabled: true
+  image:
+    debug: true
+  cluster:
+    replicaCount: 1
+    seedCount: 1
+  persistence:
+    enabled: true
+    storageClass: standard
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+postgresql:
+  enabled: true
+  postgresqlPassword: postgres
+## NOTE: If we are using glusterfs as Storage class, we don't really need
+## replication turned on, since the data is anyway replicated on glusterfs nodes
+## Replication is useful:
+## a. When we use HostPath as storage mechanism
+## b. If master goes down and one of the slave is promoted as master
+  replication:
+    enabled: true
+    slaveReplicas: 1
+  persistence:
+    enabled: true
+    storageClass: standard
+  readinessProbe:
+    initialDelaySeconds: 30
+  livenessProbe:
+    initialDelaySeconds: 30

tip-wlan/resources/environments/dev-no-gluster.yaml

@@ -26,9 +26,6 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
-
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep
@@ -46,9 +43,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: tip-wlan-opensync-gw-cloud
-    mqtt: tip-wlan-opensync-mqtt-broker
+  externalhost:
+    address:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:

tip-wlan/resources/environments/dev.yaml

@@ -28,9 +28,6 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
-
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep
@@ -48,9 +45,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: tip-wlan-opensync-gw-cloud
-    mqtt: tip-wlan-opensync-mqtt-broker
+  externalhost:
+    address:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -82,6 +80,10 @@ wlan-prov-service:
     schema_repo:
       username: tip-read
       password: tip-read
+    postgres:
+      singleDataSourceUsername: tip_user
+      singleDataSourcePassword: tip_password
+      singleDataSourceSslKeyPassword: mypassword
 wlan-ssc-service:
   enabled: true
   creds:
@@ -127,6 +129,10 @@ kafka:
   persistence:
     enabled: true
     storageClass: "glusterfs-storage"
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+    sslKeyPassword: mypassword
 cassandra:
   enabled: true
   cluster:
@@ -139,6 +145,9 @@ cassandra:
   persistence:
     enabled: true
     storageClass: "glusterfs-storage"
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
 postgresql:
   enabled: true
   postgresqlPassword: postgres
@@ -152,4 +161,8 @@ postgresql:
     slaveReplicas: 1
   persistence:
     enabled: true
-    storageClass: "glusterfs-storage"
+    storageClass: "glusterfs-storage"
+  readinessProbe:
+    initialDelaySeconds: 30
+  livenessProbe:
+    initialDelaySeconds: 30

tip-wlan/resources/environments/disable-allcharts.yaml

@@ -30,9 +30,6 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
-
 createReleaseNamespace: false
 
 createDockerRegistrySecret: false
@@ -44,9 +41,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: false
-  externalhostaddress:
-    ovsdb: tip-wlan-opensync-gw-cloud
-    mqtt: tip-wlan-opensync-mqtt-broker
+  externalhost:
+    address:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:

tip-wlan/values.yaml

@@ -34,9 +34,6 @@ global:
   # SSC Service in a single docker image 
   integratedDeployment: false
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: true
-
   testingEnabled: false
 
   testingTimestamp: