Added NGINX support for portal-svc

.github/workflows/helm-validation.yml

@@ -45,8 +45,7 @@ jobs:
           helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
 
           echo "Kube-score test"
-          # will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
-          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score - || true
+          helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
       - name: Test glusterfs
         working-directory: glusterfs/kube-templates
         run: |
@@ -54,5 +53,4 @@ jobs:
           /tmp/k8s-validators/kubeval *.yaml
 
           echo "Kube-score test"
-          # will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
-          /tmp/k8s-validators/kube-score score *.yaml || true
+          /tmp/k8s-validators/kube-score score *.yaml

.github/workflows/testing.yml

@@ -1,101 +0,0 @@
-name: CloudSDK deployment and testing
-
-env:
-  PR_NUMBER: ${{ github.event.number }}
-  AWS_EKS_NAME: tip-wlan-main
-  AWS_DEFAULT_OUTPUT: json
-  AWS_DEFAULT_REGION: us-east-2
-  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
-on:
-  pull_request:
-     branches: [ master ]
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout required repos
-      uses: actions/checkout@v2
-      with:
-        path: wlan-pki-cert-scripts
-        repository: Telecominfraproject/wlan-pki-cert-scripts
-    - name: Checkout Cloud SDK repo
-      uses: actions/checkout@v2
-      with:
-        path: wlan-cloud-helm
-        repository: Telecominfraproject/wlan-cloud-helm
-    - name: Checkout helm values repo
-      uses: actions/checkout@v2
-      with:
-        path: Toolsmith
-        repository: Telecominfraproject/Toolsmith
-        token: ${{ secrets.PAT_TOKEN }}
-
-    - name: Generate Helm values file
-      run: |
-        ./Toolsmith/helm-values/aws-cicd-pr-deployment.yaml.sh ${{ env.PR_NUMBER }} > pr-deployment.yaml
-
-    - name: Generate certs
-      working-directory: wlan-pki-cert-scripts
-      run: |
-        ./generate_all.sh
-        ./copy-certs-to-helm.sh ../wlan-cloud-helm
-
-    - name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
-      run: |
-        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
-
-    - name: Deploy Cloud SDK
-      run: |
-        # using a timeout of 20 minutes as the EKS nodes may need to be scaled which takes some time
-        helm upgrade --install tip-wlan-pr-${{ env.PR_NUMBER }} wlan-cloud-helm/tip-wlan -f pr-deployment.yaml --namespace default --wait --timeout 20m
-
-  test:
-    runs-on: ubuntu-latest
-    needs: [ deploy ]
-    steps:
-    - name: Execute tests
-      run: |
-        echo Running tests...
-        # this is needed to make until work
-        set +e
-
-        urls="https://wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build/graphql"
-        for url in $urls; do
-          max_retry=300
-          counter=0
-          until curl --silent $url > /dev/null
-          do
-             sleep 1
-             [[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
-             echo "#$counter: $url not reachable. trying again..."
-             ((counter++))
-          done
-          echo Successfully reached URL $url
-        done
-
-        echo Tests were successful
-
-  cleanup:
-    runs-on: ubuntu-latest
-    needs: [ deploy, test ]
-    if: ${{ always() }}
-    steps:
-    - name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
-      run: |
-        aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
-
-    - name: Delete Cloud SDK Helm release
-      run: |
-        helm delete tip-wlan-pr-${{ env.PR_NUMBER }} --namespace default || true
-
-    - name: Delete namespace
-      run: |
-        kubectl delete ns tip-pr-${{ env.PR_NUMBER }} --wait=true --ignore-not-found true

README.md

@@ -45,132 +45,3 @@ This repository contains helm charts for various deployment types of the tip wla
  - Run the following command under tip-wlan-helm directory _after_ the components are running:
  	- helm test <RELEASE_NAME> -n default
 	(For more details add --debug flag to the above command) 
-
-
-# Local environment
-
-In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
-
-```
-mqtt-server.cnf:
-
--commonName_default   = opensync-mqtt-broker.zone1.lab.wlan.tip.build
-+commonName_default   = opensync-mqtt-broker.wlan.local
-
-
-openssl-server.cnf:
--DNS.1  = opensync-redirector.zone1.lab.wlan.tip.build
--DNS.2  = opensync-controller.zone1.lab.wlan.tip.build
-+DNS.1  = opensync-redirector.wlan.local
-+DNS.2  = opensync-controller.wlan.local
- DNS.3  = tip-wlan-postgresql
--DNS.4  = ftp.example.com
-```
-
-In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
-
-Optionally, in order to speedup first and subsequent runs, you may cache some images:
-
-```
-minikube cache add zookeeper:3.5.5
-minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
-minikube cache add postgres:latest
-minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
-minikube cache add eclipse-mosquitto:latest
-minikube cache add opsfleet/depends-on
-```
-
-These images may occasionally need to be updated with these commands:
-
-```
-minikube cache reload ## reload images from the upstream
-eval $( minikube docker-env )
-for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
-	minikube cache add $img;
-done
-```
-
-Run minikube:
-
-```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
-
-Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
-
-Deploy CloudSDK chart:
-
-```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
-
-Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
-
-Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
-
-Kubefwd:
-
-kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
-Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
-
-Forward to all interfaces (useful if you need to connect from other devices in your local network):
-
-```
-sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
-```
-
-Kubectl port forwarding (alternative to kubefwd):
-```
-kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
-kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
-kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
-kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
-kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
-```
-
-Add certificate to the trust store.
-
-Firefox:
-
-1. Open settings, `Privacy and security`, `View certificates`.
-
-2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
-Repeat the step for `https://wlan-ui-graphql.wlan.local`
-
-
-Chrome and other browsers using system certificate store:
-
-1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
-
-```
------BEGIN CERTIFICATE-----
-MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
-BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
-NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
-TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
-6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
-TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
-9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
-nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
-nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
-ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
-OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
-va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
-1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
-qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
-3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
-VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
-b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
-bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
-KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
-pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
-u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
-Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
-fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
-kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
-yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
-tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
-6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
-xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
------END CERTIFICATE-----
-
-```
-
-2. Double click on it, enter the system admin password, if prompted.

tip-wlan/charts/cassandra/resources/config/certs/README.md

@@ -1 +0,0 @@
-Contains certs needed for this service to start. Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/cassandra/resources/config/certs/keystore_creds

@@ -0,0 +1 @@
+mypassword

tip-wlan/charts/cassandra/resources/config/certs/truststore_creds

@@ -0,0 +1 @@
+mypassword

tip-wlan/charts/cassandra/resources/config/cqlshrc.tip-wlan

@@ -72,7 +72,7 @@ color = on
 [connection]
 
 ;; The host to connect to
-hostname = {{ include "cassandra.service" . }}
+hostname = tip-wlan-cassandra-headless
 
 ;; The port to connect to (9042 is the native protocol default)
 port = 9042

tip-wlan/charts/cassandra/templates/configmap.yaml

@@ -5,5 +5,3 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-  cqlshrc.tip-wlan: |
-  {{ tpl (.Files.Get "files/cqlshrc.tip-wlan") . | nindent 4 }}

tip-wlan/charts/cassandra/templates/headless-svc.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "cassandra.service" . }}
+  name: {{ include "common.fullname" . }}-headless
   namespace: {{ include "common.namespace" . }}
   labels: {{- include "common.labels" . | nindent 4 }}
   annotations: {{ include "cassandra.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}

tip-wlan/charts/cassandra/templates/secret.yaml

@@ -24,9 +24,9 @@ metadata:
 type: Opaque
 data:
   truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
-  truststore-password: {{ .Values.creds.sslTruststorePassword | b64enc }}
+  truststore-password: {{ .Files.Get "resources/config/certs/truststore_creds" | b64enc }}
   keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
-  keystore-password: {{ .Values.creds.sslKeystorePassword | b64enc }}
+  keystore-password: {{ .Files.Get "resources/config/certs/keystore_creds" | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
@@ -36,5 +36,4 @@ metadata:
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-  keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
-  truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
+

tip-wlan/charts/cassandra/templates/tests/test-cassandra-record-insert-del.yaml

@@ -12,7 +12,6 @@ spec:
   containers:
   - name: {{ include "common.name" . }}-test-cassandra-basic
     image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
-    imagePullPolicy: {{ .Values.image.pullPolicy | default .Values.global.pullPolicy }} 
     command:
     - sh
     - -c

tip-wlan/charts/cassandra/values.yaml

@@ -22,7 +22,7 @@ image:
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
   ## Optionally specify an array of imagePullSecrets.
   ## Secrets must be manually created in the namespace.
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@@ -134,12 +134,16 @@ persistence:
 ## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
 ##
 resources:
-  limits:
-     cpu: "1"
-     memory: 8Gi
-  requests:
-     cpu: 500m
-     memory: 3Gi
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits: {}
+  #   cpu: 2
+  #   memory: 4Gi
+  requests: {}
+  #   cpu: 2
+  #   memory: 4Gi
 
 ## Secret with keystore, keystore password, truststore, truststore password
 ##
@@ -293,7 +297,7 @@ metrics:
   enabled: false
   image:
     registry: docker.io
-    pullPolicy: Always
+    pullPolicy: IfNotPresent
     repository: bitnami/cassandra-exporter
     tag: 2.3.4-debian-10-r119
     ## Optionally specify an array of imagePullSecrets.
@@ -322,9 +326,3 @@ metrics:
   podAnnotations:
     prometheus.io/scrape: "true"
     prometheus.io/port: "8080"
-creds:
-  sslKeystorePassword: DUMMY_PASSWORD
-  sslTruststorePassword: DUMMY_PASSWORD
-
-cassandra:
-  url: cassandra-headless

tip-wlan/charts/common/templates/_ports.tpl

@@ -1,43 +0,0 @@
-{{/*
-    This template will be used to iterate through the access point debug ports and generate
-    access point debug ports mapping
-  */}}
-
-{{- define "apDebugPortsStart" -}}
-{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
-{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
-{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
-{{- printf "%d%d" $portPrefix $start -}}
-{{- end -}}
-
-
-{{- define "apDebugPortsEnd" -}}
-{{- $portPrefix := $.Values.global.nodePortPrefixExt | default $.Values.nodePortPrefixExt | int -}}
-{{- $start := $.Values.accessPointDebugPortRange.start | int -}}
-{{- $end := (add $.Values.accessPointDebugPortRange.start $.Values.accessPointDebugPortRange.length) | int -}}
-{{- printf "%d%d" $portPrefix $end -}}
-{{- end -}}
-
-
-
-{{- define "container.dev.apDebugPorts" -}}
-{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
-  {{- range $index, $port := $accessPointDebugPorts }}
-  - name: apdebugport-{{ $index }}
-    containerPort: {{ $port }}
-    protocol: TCP
-  {{- end }}
-{{- end -}}
-
-{{- define "service.dev.apDebugPorts" -}}
-{{- $accessPointDebugPorts := untilStep (include "apDebugPortsStart" . | atoi) (include "apDebugPortsEnd" . | atoi) 1 -}}
-  {{- range $index, $port := $accessPointDebugPorts }}
-  - port: {{ $port }}
-    targetPort: {{ $port }}
-    protocol: TCP
-    name: apdebugport-{{ $index }}
-    {{- if eq $.Values.service.type "NodePort" }}
-    nodePort: {{ $port }}
-    {{- end }}   
-  {{- end }}
-{{- end -}}

tip-wlan/charts/kafka/resources/config/admin-client.properties

@@ -0,0 +1,11 @@
+ssl.endpoint.identification.algorithm=
+security.protocol=SSL
+ssl.key.password=mypassword
+ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
+ssl.keystore.password=mypassword
+ssl.keystore.type=PKCS12
+ssl.truststore.location=/etc/kafka/secrets/truststore.jks
+ssl.truststore.password=mypassword
+ssl.truststore.type=JKS
+bootstrap.servers=tip-wlan-kafka-headless:9093
+

tip-wlan/charts/kafka/resources/config/certs/key_creds

@@ -0,0 +1 @@
+mypassword

tip-wlan/charts/kafka/resources/config/certs/keystore_creds

@@ -0,0 +1 @@
+mypassword

tip-wlan/charts/kafka/resources/config/certs/truststore_creds

@@ -0,0 +1 @@
+mypassword

tip-wlan/charts/kafka/templates/configmap.yaml

@@ -4,14 +4,4 @@ metadata:
   name: {{ include "common.fullname" . }}-clientconfig
   namespace: {{ include "common.namespace" . }}
 data:
-  admin-client.properties: |
-    ssl.endpoint.identification.algorithm=
-    security.protocol=SSL
-    ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
-    ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
-    ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
-    ssl.keystore.type=PKCS12
-    ssl.truststore.location=/etc/kafka/secrets/truststore.jks
-    ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
-    ssl.truststore.type=JKS
-    bootstrap.servers={{ include "kafka.service" . }}:9093
+{{ tpl (.Files.Glob "resources/config/admin-client.properties").AsConfig . | indent 2 }}

tip-wlan/charts/kafka/templates/job-config.yaml

@@ -23,7 +23,6 @@ spec:
       containers:
         - name: {{ include "common.fullname" . }}-config
           image: "{{ .Values.image }}:{{ .Values.imageTag }}"
-          imagePullPolicy: {{ .Values.imagePullPolicy | default .Values.global.pullPolicy }}
           command: ["/usr/local/script/runtimeConfig.sh"]
           volumeMounts:
             - name: config-volume

tip-wlan/charts/kafka/templates/secret.yaml

@@ -1,18 +1,8 @@
----
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ template "common.name" . }}
-    chart: {{ template "common.chart" . }}
-    release: {{ .Release.Name | quote }}
 type: Opaque
 data:
-  truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
-  keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
-  key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
-  truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
-  kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
-  README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}
+{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

tip-wlan/charts/kafka/templates/service-headless.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "kafka.service" . }}
+  name: {{ include "common.fullname" . }}-headless
   namespace: {{ include "common.namespace" . }}
   labels:
   {{- include "kafka.broker.labels" . | nindent 4 }}

tip-wlan/charts/kafka/templates/statefulset.yaml

@@ -1,6 +1,5 @@
 {{- $advertisedListenersOverride := first (pluck "advertised.listeners" .Values.configurationOverrides) }}
 {{- $zk := include "zookeeper.service" . -}}
-{{- $kafka := include "kafka.service" . -}}
 {{- $ns := include "common.namespace" . -}}
 apiVersion: apps/v1
 kind: StatefulSet
@@ -13,7 +12,7 @@ spec:
   selector:
     matchLabels:
     {{- include "kafka.broker.matchLabels" . | nindent 6 }}
-  serviceName: {{ $kafka }}
+  serviceName: {{ include "common.fullname" . }}-headless
   podManagementPolicy: {{ .Values.podManagementPolicy }}
   updateStrategy:
 {{ toYaml .Values.updateStrategy | indent 4 }}
@@ -120,8 +119,6 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        - name: KAFKA_ADVERTISED_LISTENERS
-          value: "SSL://{{ $kafka }}:9093"
         - name: KAFKA_HEAP_OPTS
           value: {{ .Values.kafkaHeapOptions }}
         - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
@@ -167,9 +164,9 @@ spec:
           export LOAD_BALANCER_IP=$(echo '{{ .Values.external.loadBalancerIP }}' | tr -d '[]' | cut -d ' ' -f "$(($KAFKA_BROKER_ID + 1))") && \
           {{- end }}
           {{- if eq .Values.external.type "NodePort" }}
-          export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092,SSL://{{ $kafka }}:9093{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
+          export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_IP}:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
           {{- else }}
-          export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092,SSL://{{ $kafka }}:9093{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
+          export KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://${POD_NAME}.{{ include "common.fullname" . }}-headless.${POD_NAMESPACE}.svc.cluster.local:9092{{ if kindIs "string" $advertisedListenersOverride }}{{ printf ",%s" $advertisedListenersOverride }}{{ end }} && \
           {{- end }}
           exec /etc/confluent/docker/run
         volumeMounts:

tip-wlan/charts/kafka/templates/tests/test-topic-create-produce-consume.yaml

@@ -10,7 +10,6 @@ spec:
   containers:
   - name: {{ include "common.name" . }}-test-consume
     image: {{ .Values.image }}:{{ .Values.imageTag }}
-    imagePullPolicy: {{ .Values.imagePullPolicy | default .Values.global.pullPolicy }} 
     command:
     - sh
     - -c

tip-wlan/charts/kafka/values.yaml

@@ -15,17 +15,17 @@ imageTag: "5.0.1"  # Confluent image for Kafka 2.0.0
 
 ## Specify a imagePullPolicy
 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-imagePullPolicy: "Always"
+imagePullPolicy: "IfNotPresent"
 
 ## Configure resource requests and limits
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources:
-  limits:
-    cpu: 500m
-    memory: 2Gi
-  requests:
-    cpu: 50m
-    memory: 1Gi
+resources: {}
+  # limits:
+  #   cpu: 200m
+  #   memory: 1536Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 1024Mi
 kafkaHeapOptions: "-Xmx1G -Xms1G"
 
 ## Optional Container Security context
@@ -188,7 +188,7 @@ configurationOverrides:
   # "ssl.key.credentials": "mypassword"
   # "ssl.truststore.filename": "kafka_server_keystore.jks"
   # "ssl.truststore.credentials": "mypassword"
-  # advertised.listeners: SSL://tip-wlan-kafka-headless:9093
+  advertised.listeners: SSL://tip-wlan-kafka-headless:9093
   ssl.client.auth: required
   ssl.endpoint.identification.algorithm: ""
   security.inter.broker.protocol: SSL
@@ -322,13 +322,7 @@ zookeeper:
 
   ## Configure Zookeeper resource requests and limits
   ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  resources:
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 700Mi
+  resources: ~
 
   ## Environmental variables to set in Zookeeper
   env:
@@ -359,11 +353,3 @@ zookeeper:
   #       labelSelector:
   #         matchLabels:
   #           release: zookeeper
-
-creds:
-  sslTruststorePassword: DUMMY_PASSWORD
-  sslKeystorePassword: DUMMY_PASSWORD
-  sslKeyPassword: DUMMY_PASSWORD
-
-kafka:
-  url: kafka-headless

tip-wlan/charts/nginx-ingress-controller/values.yaml

@@ -40,7 +40,7 @@ controller:
     tag: "1.7.0"
 
     ## The pull policy for the Ingress controller image.
-    pullPolicy: Always
+    pullPolicy: IfNotPresent
 
   config:
     ## The name of the ConfigMap used by the Ingress controller.
@@ -92,13 +92,13 @@ controller:
   terminationGracePeriodSeconds: 30
 
   ## The resources of the Ingress controller pods.
-  resources:
-    limits:
-      cpu: 500m
-      memory: 200Mi
-    requests:
-      cpu: 50m
-      memory: 140Mi
+  resources: {}
+    # limits:
+    #   cpu: 100m
+    #   memory: 64Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 64Mi
 
   ## The tolerations of the Ingress controller pods.
   tolerations: []

tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml

@@ -73,7 +73,6 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
-    <appender-ref ref="stdout"/>
   </root>
 
 </configuration>

tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml

@@ -4,6 +4,7 @@
 {{- $mqtt := include "mqtt.service" . -}}
 {{- $ns := include "common.namespace" . -}}
 {{- $file_store_path := include "filestore.dir.name" . -}}
+{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -27,26 +28,93 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: wait-for-services
-          image: opsfleet/depends-on:latest
-          args:
-          - "-service={{ .Release.Name }}-opensync-mqtt-broker"
-          - "-service={{ .Release.Name }}-wlan-prov-service"
-          - "-service={{ .Release.Name }}-wlan-ssc-service"
-          - -check_interval=5
-      {{- if .Values.global.integratedDeployment }}
-        - name: {{ include "common.name" . }}-readiness-int-cloud
-          image: alpine
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+        - name: {{ include "common.name" . }}-mqtt-readiness
+          image: eclipse-mosquitto:latest
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           command:
           - sh
           - -c
           - |
+            mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
+            status=$(echo $?)
+            echo mosquitto_pub response of the request = $status
+            counter=0
+            while [ $counter -lt 10 ] && [ $status -ne 0 ]
+            do
+              echo {{ $mqtt }} service isnt ready. Tried $counter times
+              sleep 2
+              counter=`expr $counter + 1`
+              mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
+              status=$(echo $?)
+              echo mosquitto_pub response of the request = $status
+            done
+            if [ $status -eq 0 ]
+            then
+              echo {{ $mqtt }} service is ready!
+            else
+              echo {{ $mqtt }} service failed to respond after 20 secs
+              exit 1
+            fi
+          volumeMounts:
+          - mountPath: /certs/cacert.pem
+            name: certificates
+            subPath: cacert.pem
+          - mountPath: /certs/clientcert.pem
+            name: certificates
+            subPath: clientcert.pem
+          - mountPath: /certs/clientkey.pem
+            name: certificates
+            subPath: clientkey.pem
+      {{- if .Values.global.integratedDeployment }}
+        - name: {{ include "common.name" . }}-readiness-int-cloud
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            if [ {{ $cloudeployment }} = false ]
+            then            
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
             apk add curl
             url=https://{{ $icc }}/ping
             counter=0
             status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            while [ $counter -lt 10 ] && [ $status -ne 200 ]
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi 
+      {{- else }}
+        - name: {{ include "common.name" . }}-readiness-prov
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            if [ {{ $cloudeployment }} = false ]
+            then          
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
+            apk add curl
+            url=https://{{ $prov }}/ping
+            counter=0
+            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
             do
               echo ${url} service isnt ready. Tried $counter times
               sleep 5
@@ -61,22 +129,49 @@ spec:
               echo ${url} service failed to respond after 50 secs
               exit 1
             fi
+        - name: {{ include "common.name" . }}-readiness-ssc
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            if [ {{ $cloudeployment }} = false ]
+            then          
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
+            apk add curl
+            url=https://{{ $ssc }}/ping
+            counter=0
+            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi        
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.service.port2 }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -93,9 +188,7 @@ spec:
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: OVSDB_MANAGER
-              value: {{ .Values.externalhost.address.ovsdb }}
-            - name: OVSDB_EXTERNAL_PORT
-              value: "{{ .Values.externalhost.ports.ovsdb }}"
+              value: {{ .Values.externalhostaddress.ovsdb }}
             - name: OVSDB_MANAGER_IP
               valueFrom:
                 fieldRef:
@@ -103,9 +196,7 @@ spec:
             - name: MQTT_SERVER_INTERNAL
               value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
             - name: MQTT_SERVER_EXTERNAL
-              value: {{ .Values.externalhost.address.mqtt }}
-            - name: MQTT_BROKER_EXTERNAL_PORT
-              value: "{{ .Values.externalhost.ports.mqtt }}"
+              value: {{ .Values.externalhostaddress.mqtt }}
             {{- if .Values.global.integratedDeployment }}
             - name: INTEGRATED_SERVER
               value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
@@ -127,22 +218,6 @@ spec:
               value: {{ .Values.ethernetType.wanType }}
             - name: DEFAULT_WAN_NAME
               value: {{ .Values.ethernetType.wanName }}
-            - name: tip_wlan_ovsdb_listener_threadPoolSize
-              value: "{{ .Values.scalability.tip_wlan_ovsdb_listener_threadPoolSize }}"
-            - name: tip_wlan_AsyncExecutor_CorePoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
-            - name: tip_wlan_AsyncExecutor_MaxPoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
-            - name: tip_wlan_AsyncExecutor_QueueCapacity
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
-            - name: tip_wlan_maxHttpThreads
-              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
-            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
           volumeMounts:
           - mountPath: /opt/tip-wlan/certs/client_keystore.jks
             name: certificates

tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml

@@ -1,24 +0,0 @@
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-rules:
-- apiGroups: ["batch", "apps", ""]
-  resources: ["pods", "services", "jobs"]
-  verbs: ["get", "list", "watch"]
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "common.serviceAccountName" . }}
-roleRef:
-  kind: Role
-  name: {{ include "common.fullname" . }}-depends-on
-  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/opensync-gw-cloud/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,38 +12,28 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
-      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      {{- end }}
     - port: {{ .Values.service.port3 }}
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
-      {{- end }}
     - port: {{ .Values.service.port4 }}
       targetPort: {{ .Values.service.port4 }}
       protocol: TCP
       name: {{ .Values.service.name4 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
-      {{- end }}
     {{- if .Values.debug.enabled }}
     - port: {{ .Values.service.port5 }}
       targetPort: {{ .Values.service.port5 }}
       protocol: TCP
       name: {{ .Values.service.name5 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
-      {{- end }}
     {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -57,7 +57,7 @@ probes:
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug:
+debug: 
   enabled: false
 
 service:
@@ -77,8 +77,6 @@ service:
   port5: 5005
   name5: debug
   nodePort5: 26
-  annotations: {}
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 persistence:
   enabled: false
@@ -87,9 +85,9 @@ persistence:
 
 # the filestore internal: location of the folder where UI files will be stored
 # on the PV
-# the filestore url: externally reachable URL i.e.; reachable from AP, where it
+# the filestore url: externally reachable URL i.e.; reachable from AP, where it 
 # can download the files from. Override this value (url) to the configured
-# HTTP server in your system
+# HTTP server in your system 
 filestore:
   internal: "/tmp/filestore"
   url: DUMMY_FILESTORE_HTTPS_URL
@@ -115,21 +113,13 @@ portal:
       name: file-store-data
       ordinal: 0
 
-
-# These are the address and ports for the externalhost
-# This is important for ovsdb and mqtt since
-# that's what AP sees. Please make sure to override
-# them in dev override file for your respective environments.
-# the default values below would be used if not overriden
-externalhost:
-  address:
-    ovsdb: opensync-gw-cloud
-    mqtt: opensync-mqtt-broker
-  ports:
-    ovsdb: 6640
-    mqtt: 1883
-
-
+ # These are list of external HostAddresses for ovsdb, mqtt. 
+ # This is important for ovsdb and mqtt since 
+ # that's what AP sees. Please make sure to override
+ # them in dev override file for your respective environments.
+externalhostaddress:
+  ovsdb: opensync-gw-cloud
+  mqtt: opensync-mqtt-broker
 
 ethernetType:
   lanName: "lan"
@@ -137,22 +127,6 @@ ethernetType:
   wanType: "bridge"
   wanName: "wan"
 
-scalability:
-  #how many concurrent connections single instance of OpenSyncGateway can accept
-  tip_wlan_ovsdb_listener_threadPoolSize: 50
-  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-  tip_wlan_AsyncExecutor_CorePoolSize: 10
-  tip_wlan_AsyncExecutor_MaxPoolSize: 50
-  tip_wlan_AsyncExecutor_QueueCapacity: 50
-  #max total number of persistent connections in the http client pool
-  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-  #max number of persistent connections in the http client pool per destination
-  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-  #max number of concurrent REST API calls a single instance of this service can process
-  tip_wlan_maxHttpThreads:  100
-  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-  JVM_MEM_OPTIONS: " "
-
 ingress:
   enabled: false
   annotations: {}
@@ -166,13 +140,17 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 750Mi
-  requests:
-    cpu: 50m
-    memory: 500Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 

tip-wlan/charts/opensync-gw-static/resources/config/logback.xml

@@ -68,7 +68,7 @@
    -->
    
   <root level="WARN">
-    <appender-ref ref="stdout"/>
+<!--    <appender-ref ref="stdout"/>-->
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/opensync-gw-static/templates/deployment.yaml

@@ -24,12 +24,8 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:

tip-wlan/charts/opensync-mqtt-broker/resources/config/mosquitto.conf

@@ -7,17 +7,6 @@ allow_anonymous false
 allow_duplicate_messages true
 autosave_interval 900
 log_dest file /mosquitto/log/mosquitto.log
-log_timestamp true
-log_timestamp_format %Y-%m-%dT%H:%M:%S
-log_type error
-log_type warning
-log_type notice
-log_type information
-# log_type debug
-# log_type websockets
-# log_type subscribe
-# log_type all
-connection_messages true
 max_queued_bytes 0
 max_queued_messages 0
 message_size_limit 0

tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,15 +12,11 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
-      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
-      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml

@@ -45,8 +45,7 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: {{ include "common.name" . }}-init-dir-ownership-change
-          image: {{ .Values.alpine.image }} 
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          image: alpine:3.6
           # Change ownership to `mosquitto` user for a mounted volume
           command:
           - sh
@@ -64,7 +63,7 @@ spec:
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.image.name }}:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
             tcpSocket:

tip-wlan/charts/opensync-mqtt-broker/values.yaml

@@ -6,10 +6,7 @@ replicaCount: 1
 
 image:
   name: eclipse-mosquitto
-  tag: 2.0.3
-
-alpine:
-  image: alpine:3.6
+  tag: latest
 
 nameOverride: ""
 fullnameOverride: ""
@@ -64,8 +61,6 @@ service:
   port2: 9001
   name2: debug
   nodePort2: 32
-  annotations: {}
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false
@@ -80,13 +75,17 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 128Mi
-  requests:
-    cpu: 50m
-    memory: 128Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 priorityClassName: ""
 

tip-wlan/charts/postgresql/files/pg_hba.conf

@@ -1,4 +1,3 @@
 hostssl replication repl_user 0.0.0.0/0 md5 clientcert=1
 hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
-hostssl postgres postgres ::/0 cert clientcert=1
 hostssl all all 0.0.0.0/0 md5 clientcert=1

tip-wlan/charts/postgresql/templates/tests/test-postgres-record-insert-del.yaml

@@ -12,7 +12,6 @@ spec:
   containers:
   - name: {{ include "common.name" . }}-test-postgres-basic
     image: {{ template "postgresql.image" . }}
-    imagePullPolicy: {{ .Values.image.pullPolicy | default .Values.global.pullPolicy }} 
     env:
       - name: POSTGRES_USER
         value: {{ include "postgresql.username" . | quote }}

tip-wlan/charts/postgresql/values.yaml

@@ -22,7 +22,7 @@ image:
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
   ## Optionally specify an array of imagePullSecrets.
   ## Secrets must be manually created in the namespace.
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
@@ -437,12 +437,9 @@ slave:
 ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
 ##
 resources:
-  limits:
-    memory: 500Mi
-    cpu: 50m
   requests:
-    memory: 128Mi
-    cpu: 50m
+    memory: 256Mi
+    cpu: 250m
 
 ## Add annotations to all the deployed resources
 ##

tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml

@@ -24,11 +24,7 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
           - name: API

tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml

@@ -24,9 +24,7 @@ spec:
       {{- range .hosts }}
         - {{ . | quote }}
       {{- end }}
-      {{- if .secretName }}
       secretName: {{ .secretName }}
-      {{- end }}
   {{- end }}
 {{- end }}
   rules:
@@ -34,12 +32,6 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
-        {{- if $.Values.ingress.lb_https_redirect }}
-          - path: /*
-            backend:
-              serviceName: ssl-redirect
-              servicePort: use-annotation
-        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml

@@ -12,8 +12,6 @@ spec:
       targetPort: {{ .Values.service.port }}
       protocol: TCP
       name: {{ .Values.service.name }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml

@@ -51,11 +51,9 @@ service:
   port: 4000
   name: graphui
   nodePort: 23
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: true
-  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
@@ -69,13 +67,17 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 128Mi
-  requests:
-    cpu: 50m
-    memory: 128Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 

tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml

@@ -24,12 +24,8 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
           - name: API
             value: {{ .Values.env.graphql }}

tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml

@@ -24,9 +24,7 @@ spec:
       {{- range .hosts }}
         - {{ . | quote }}
       {{- end }}
-      {{- if .secretName }}
       secretName: {{ .secretName }}
-      {{- end }}
   {{- end }}
 {{- end }}
   rules:
@@ -34,12 +32,6 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
-        {{- if $.Values.ingress.lb_https_redirect }}
-          - path: /*
-            backend:
-              serviceName: ssl-redirect
-              servicePort: use-annotation
-        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-static-portal/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

tip-wlan/charts/wlan-cloud-static-portal/values.yaml

@@ -50,7 +50,6 @@ service:
 
 ingress:
   enabled: true
-  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
@@ -64,13 +63,17 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 128Mi
-  requests:
-    cpu: 50m
-    memory: 128Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 

tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <appender-ref ref="stdout"/>
+    <!--    <appender-ref ref="stdout"/>-->
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml

@@ -1,6 +1,7 @@
 {{- if .Values.global.integratedDeployment }}
 {{- $pg := include "postgresql.service" . -}}
 {{- $ns := include "common.namespace" . -}}
+{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -27,7 +28,7 @@ spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness
           image: busybox:1.28
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
         - name: {{ include "common.name" . }}-create-db-schema
           env:
@@ -49,17 +50,26 @@ spec:
                 name: {{ include "common.fullname" . }}-creds
                 key: schema-repo-password
           image: postgres:latest
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: IfNotPresent
           command:
           - sh
           - -c
           - |
+            if [ {{ $cloudeployment }} = false ]
+            then          
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
+              echo "151.101.128.204 security.debian.org" >> /etc/hosts
+              echo "151.101.126.133 deb.debian.org" >> /etc/hosts
+              echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
             curl -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql.sql"
             echo "***** Now executing cloud-sdk-schema-postgresql.sql and creating/updating schema on Postgres instance *****"
-            PGPASSWORD=$POSTGRES_PASSWORD psql -h {{- include "postgresql.service" . -}} -U postgres -f cloud-sdk-schema-postgresql.sql
+            PGPASSWORD=$POSTGRES_PASSWORD psql -h tip-wlan-postgresql-headless -U postgres -f cloud-sdk-schema-postgresql.sql
             exit
           ports:
           - containerPort: 5432
@@ -67,7 +77,7 @@ spec:
             protocol: TCP
           resources:
             requests:
-              cpu: 50m
+              cpu: 250m
               memory: 256Mi
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
@@ -81,12 +91,8 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             - name: BACKEND_SERVER
               value: {{ .Release.Name }}-{{ .Chart.Name }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/files/run.sh

@@ -1,56 +0,0 @@
-#!/bin/bash
-
-# local_port_range that Java process can use
-# These are then assigned to the container ports (in the deployment.yaml) which can either:
-# later be opened by the port-forwarding-gateway service as NodePorts (preferred)
-# or use kubectl port-forwarding to forward the container ports. Example:
-# kubectl port-forward pods/<port-forwarding-gw-pod> <local-machine-port>:<debugPort on the Pod>
-sysctl -w net.ipv4.ip_local_port_range="{{ include "apDebugPortsStart" . }} {{ sub (include "apDebugPortsEnd" . | atoi) 1 }}"
-
-PROFILES=" -Dspring.profiles.include=use_ssl_with_client_cert_and_digest_auth,client_certificate_and_digest_auth,RestTemplateConfiguration_X509_client_cert_auth"
-
-LOGGING_PROPS=" -Dlogging.config=file:/app/port-forwarding-gateway/logback.xml"
-
-# SSC_URL: something like https://${SSC_SERVER_HOST}:9031
-SSC_URL=${SSC_RELEASE_URL}
-# PROV_URL: something like https://${PROV_SERVER_HOST}:9091
-PROV_URL=${PROV_RELEASE_URL}
-# PF_GATEWAY_URL: something like https://${PF_GATEWAY_SERVER_HOST}:7070
-PF_GATEWAY_URL=${PF_GATEWAY_RELEASE_URL}
-PF_GATEWAY_ENCRYPTION_KEY=${PF_GATEWAY_RELEASE_ENCRYPTION_KEY:='MyToKeN0MyToKeN1'}
-PF_GATEWAY_EXT_HOST=${PF_GATEWAY_RELEASE_EXT_HOST:=''}
-PF_GATEWAY_EXT_PORT=${PF_GATEWAY_RELEASE_EXT_PORT:='0'}
-
-
-# SSC URLs
-HOST_PROPS=" "
-HOST_PROPS+=" -Dtip.wlan.cloudEventDispatcherBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.statusServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.routingServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.alarmServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.systemEventServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.clientServiceBaseUrl=$SSC_URL"
-HOST_PROPS+=" -Dtip.wlan.serviceMetricServiceBaseUrl=$SSC_URL"
-
-# PROV URLs
-HOST_PROPS+=" -Dtip.wlan.customerServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.portalUserServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.firmwareServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.locationServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.manufacturerServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.equipmentServiceBaseUrl=$PROV_URL"
-HOST_PROPS+=" -Dtip.wlan.profileServiceBaseUrl=$PROV_URL"
-
-# Port-Forwarder Gateway Specific
-HOST_PROPS+=" -Dtip.wlan.portForwarderGatewayBaseUrl=$PF_GATEWAY_URL"
-HOST_PROPS+=" -Dtip.wlan.websocketSessionTokenEncryptionKey=$PF_GATEWAY_ENCRYPTION_KEY"
-HOST_PROPS+=" -Dtip.wlan.externallyVisibleHostName=$PF_GATEWAY_EXT_HOST"
-HOST_PROPS+=" -Dtip.wlan.externallyVisiblePort=$PF_GATEWAY_EXT_PORT"
-
-
-REMOTE_DEBUG_PORT=5010
-REMOTE_DEBUG=" -agentlib:jdwp=transport=dt_socket,server=y,address=*:$REMOTE_DEBUG_PORT,suspend=n"
-
-export ALL_PROPS="$PROFILES $LOGGING_PROPS $HOST_PROPS $REMOTE_DEBUG"
-
-java $ALL_PROPS -jar app.jar

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <appender-ref ref="stdout"/>
+    <!--    <appender-ref ref="stdout"/>-->
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml

@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "common.fullname" . }}-config
+  name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "files/*").AsConfig . | nindent 2 }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 {{- $opensyncgw := include "opensyncgw.service" . -}}
 apiVersion: apps/v1
 kind: Deployment
@@ -24,11 +25,16 @@ spec:
       initContainers:
         - name: {{ include "common.name" . }}-readiness-opensync-gw
           image: alpine
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           command:
           - sh
           - -c
           - |
+            if [ {{ $cloudeployment }} = false ]
+            then          
+              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
             apk add curl
             url=https://{{ $opensyncgw }}/ping
             counter=0
@@ -52,12 +58,8 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: PF_GATEWAY_RELEASE_URL
@@ -67,10 +69,6 @@ spec:
                 secretKeyRef:
                   name: {{ include "common.fullname" . }}-creds
                   key: websocketSessionTokenEncKey
-            - name: PF_GATEWAY_RELEASE_EXT_HOST
-              value: {{ .Values.externallyVisible.host }}
-            - name: PF_GATEWAY_RELEASE_EXT_PORT
-              value: "{{ .Values.externallyVisible.port }}"
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
@@ -104,24 +102,15 @@ spec:
             name: certificates
             subPath: server.pkcs12
           - mountPath: /app/port-forwarding-gateway/logback.xml
-            name: configuration
+            name: logback-config
             subPath: logback.xml
-          - mountPath: /app/run.sh
-            name: configuration
-            subPath: run.sh
           ports:
             - name: {{ .Values.service.name1 }}
               containerPort: {{ .Values.service.port1 }}
               protocol: TCP
             - name: {{ .Values.service.name2 }}
               containerPort: {{ .Values.service.port2 }}
-              protocol: TCP
-            {{- if .Values.debug.enabled }}
-            - name: {{ .Values.service.name3 }}
-              containerPort: {{ .Values.service.port3 }}
-              protocol: TCP
-            {{- end }}
-            {{- include "container.dev.apDebugPorts" . | nindent 10 }}
+              protocol: TCP         
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -141,7 +130,6 @@ spec:
         secret:
           secretName: {{ include "common.fullname" . }}-certs
           defaultMode: 0400
-      - name: configuration
+      - name: logback-config
         configMap:
-            name: {{ include "common.fullname" . }}-config
-            defaultMode: 0755
+            name: {{ include "common.fullname" . }}-log-config

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml

@@ -12,25 +12,15 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
-      {{- end }}
-    {{- if .Values.debug.enabled }}
-    - port: {{ .Values.service.port3 }}
-      targetPort: {{ .Values.service.port3 }}
-      protocol: TCP
-      name: {{ .Values.service.name3 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
-      {{- end }}
-    {{- end }}      
-    {{- include "service.dev.apDebugPorts" . | nindent 2 }}
+      {{- end }}   
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml

@@ -51,8 +51,7 @@ probes:
     failureThreshold: 3
     scheme: HTTPS
 
-securityContext:
-  privileged: true
+securityContext: {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -75,25 +74,6 @@ service:
   port2: 7072
   name2: secondary-port
   nodePort2: '02'
-  port3: 5010
-  name3: debug-appl
-  nodePort3: '03'
-  nodePortStatic: true ## if true, nodePort ports are calculated by Helm based on the given start index and length; if false, nodePort ports are chosen dynamically by k8s
-
-# The below range will be combined with the nodePortPrefixExt to create a list of ports.
-# e.g. nodePortPrefixExt = 304, accessPointDebugPortRange.start = 10, accessPointDebugPortRange.length = 2, resulting ports = 30410, 30411
-# These ports are the ports that Java would choose as Local ports whenever it opens up
-# a developer session for debug.
-# These ports are therefore assigned as container ports (in the deployment.yaml), so we 
-# can reach them from inside the cluster.
-# Also, we open equivalent NodePorts on the Kubernetes cluster (see service.yaml), so a developer
-# can connect to it to debug an AP.
-# NOTE: Another way to reach these container ports without opening NodePorts was to use 
-# kubectl port forwarding. However, we dont want the developer to install kubectl.
-
-accessPointDebugPortRange:
-  start: 10
-  length: 26
 
 creds:
   enabled: true
@@ -118,13 +98,17 @@ ingress:
      hosts:
        - example.com
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 350Mi
-  requests:
-    cpu: 50m
-    memory: 280Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 
@@ -132,10 +116,6 @@ tolerations: []
 
 affinity: {}
 
-externallyVisible:
-  host: pfg.example.org
-  port: 7070
-
 env:
   protocol: https
   ssc_url: SSC_RELEASE_URL
@@ -149,5 +129,3 @@ env:
   pfGateway:
     service: wlan-port-forwarding-gateway-service
     port: 7070
-
-

tip-wlan/charts/wlan-portal-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <appender-ref ref="stdout"/>
+    <!--    <appender-ref ref="stdout"/>-->
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-portal-service/templates/ingress.yaml

@@ -32,12 +32,6 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
-        {{- if $.Values.ingress.lb_https_redirect }}
-          - path: /*
-            backend:
-              serviceName: ssl-redirect
-              servicePort: use-annotation
-        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-portal-service/templates/service.yaml

@@ -5,10 +5,6 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -16,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -31,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}

tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml

@@ -13,7 +13,7 @@ spec:
     matchLabels:
       {{- include "common.selectorLabels" . | nindent 6 }}
   updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
+{{ toYaml .Values.updateStrategy | indent 4 }}      
   template:
     metadata:
       labels:
@@ -30,7 +30,7 @@ spec:
         {{- range $key, $value := .Values.podAnnotations }}
         {{ $key }}: {{ $value | quote }}
         {{- end }}
-{{- end }}
+{{- end }}        
     spec:
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
 {{- if .Values.schedulerName }}
@@ -38,7 +38,7 @@ spec:
 {{- end }}
 {{- if .Values.priorityClassName }}
       priorityClassName: "{{ .Values.priorityClassName }}"
-{{- end }}
+{{- end }}    
       imagePullSecrets:
         - name: "{{ include "common.namespace" . }}-docker-registry-key"
       serviceAccountName: {{ include "common.serviceAccountName" . }}
@@ -48,37 +48,19 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: FILE_STORE_DIRECTORY_INTERNAL
               value: {{ $file_store_path }}
-            - name: tip_wlan_AsyncExecutor_CorePoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
-            - name: tip_wlan_AsyncExecutor_MaxPoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
-            - name: tip_wlan_AsyncExecutor_QueueCapacity
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
-            - name: tip_wlan_maxHttpThreads
-              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
-            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port1 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -164,4 +146,4 @@ spec:
         storageClassName: "{{ .Values.persistence.storageClass }}"
         {{- end }}
       {{- end }}
-  {{- end }}
+  {{- end }}

tip-wlan/charts/wlan-portal-service/values.yaml

@@ -9,8 +9,6 @@
 
 replicaCount: 1
 
-
-
 image:
   name: wlan-portal-service
   tag: 0.0.1-SNAPSHOT
@@ -61,7 +59,7 @@ securityContext: {}
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug:
+debug: 
   enabled: false
 
 service:
@@ -74,46 +72,34 @@ service:
   nodePort2: 52
   port3: 5006
   name3: debug
-  nodePort3: 15
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
-
-scalability:
-  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-  tip_wlan_AsyncExecutor_CorePoolSize: 10
-  tip_wlan_AsyncExecutor_MaxPoolSize: 50
-  tip_wlan_AsyncExecutor_QueueCapacity: 50
-  #max total number of persistent connections in the http client pool
-  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-  #max number of persistent connections in the http client pool per destination
-  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-  #max number of concurrent REST API calls a single instance of this service can process
-  tip_wlan_maxHttpThreads:  100
-  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-  JVM_MEM_OPTIONS: " "
+  nodePort3: 15  
 
 ingress:
-  enabled: false
-  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
+  enabled: true
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
-    - host: wlan-portal-service.zone3.lab.connectus.ai
+    - host: wlan-portal-svc-nginx.zone3.lab.connectus.ai
       paths: [
-         /portal
+         /
         ]
-  tls:
-   - secretName: portal-secret
-     hosts:
-       - wlan-portal-service.zone3.lab.connectus.ai
+  tls: [] 
+  # - secretName: portal-secret
+  #   hosts:
+  #     - wlan-portal-service.zone3.lab.connectus.ai
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 450Mi
-  requests:
-    cpu: 50m
-    memory: 420Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 persistence:
   enabled: false

tip-wlan/charts/wlan-prov-service/resources/config/datasource.properties

@@ -0,0 +1,11 @@
+singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
+singleDataSource.username=tip_user
+singleDataSource.password=tip_password
+singleDataSource.driverClass=org.postgresql.Driver
+singleDataSource.ssl=true
+singleDataSource.sslmode=verify-ca
+singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
+singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
+singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
+singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
+singleDataSource.sslkeypassword=mypassword

tip-wlan/charts/wlan-prov-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <appender-ref ref="stdout"/>
+    <!--    <appender-ref ref="stdout"/>-->
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-prov-service/templates/configmap.yaml

@@ -5,15 +5,3 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-  datasource.properties: |-
-    singleDataSource.url=jdbc:postgresql://{{- include "postgresql.service" . -}}:5432/prov_db
-    singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
-    singleDataSource.password={{ .Values.creds.postgres.singleDataSourcePassword }}
-    singleDataSource.driverClass=org.postgresql.Driver
-    singleDataSource.ssl=true
-    singleDataSource.sslmode=verify-ca
-    singleDataSource.sslcert=/opt/tip-wlan/certs/postgresclientcert.pem
-    singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
-    singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
-    singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
-    singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}

tip-wlan/charts/wlan-prov-service/templates/deployment.yaml

@@ -1,5 +1,6 @@
 {{- $pg := include "postgresql.service" . -}}
 {{- $ns := include "common.namespace" . -}}
+{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -23,11 +24,10 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: wait-for-services
-          image: opsfleet/depends-on:latest
-          args:
-          - "-service={{ .Release.Name }}-postgresql"
-          - -check_interval=5
+        - name: {{ include "common.name" . }}-readiness
+          image: busybox:1.28
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command: ['sh', '-c', "until nslookup {{ $pg }}.{{ $ns }}.svc.cluster.local; do echo waiting for POSTGRES; sleep 2; done"]
         - name: {{ include "common.name" . }}-create-db-schema
           env:
           - name: POSTGRESQL_PORT_NUMBER
@@ -52,19 +52,28 @@ spec:
               secretKeyRef:
                 name: {{ include "common.fullname" . }}-creds
                 key: schema-repo-password
-          image: {{ .Values.postgresql.image }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          image: postgres:latest
+          imagePullPolicy: IfNotPresent
           command:
           - sh
           - -c
           - |
+            if [ {{ $cloudeployment }} = false ]
+            then
+              echo "151.101.2.133 dl-cdn.alpinelinux.org" >> /etc/hosts
+              echo "52.35.62.28 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
+              echo "151.101.192.204 security.debian.org" >> /etc/hosts
+              echo "199.232.38.133 deb.debian.org" >> /etc/hosts
+              echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi            
             apt update
             apt -y install curl
             echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
             curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-db-user.sql"
             curl --insecure -u$SCHEMA_REPO_USER:$SCHEMA_REPO_PASSWORD -O "https://tip-tip-wlan-cloud-docker-repo.jfrog.io/artifactory/tip-wlan-cloud-schemas/0.0.1-SNAPSHOT/sql/cloud-sdk-schema-postgresql-tables.sql"
             echo "***** Now executing cloud-sdk-schema-postgresql-db-user.sql on host {{ $pg }} and creating db prov_db and user tip_user using User Postgres. This uses full client-cert authentication *****"
-            ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt
+            ### Observed that PSQL was unable to resolve the Postgres-service host because the postgres service wasnt 
             ### really ready when running Postgres in Master-Slave config... hence the below retry-logic
             psql 'host={{ $pg }} port=5432 user=postgres sslmode=verify-ca sslcert=/opt/tip-wlan/certs/postgresclientcert.pem sslkey=/opt/tip-wlan/certs/postgresclientkey_dec.pem sslrootcert=/opt/tip-wlan/certs/cacert.pem' -f cloud-sdk-schema-postgresql-db-user.sql
             status=$(echo $?)
@@ -96,7 +105,7 @@ spec:
             protocol: TCP
           resources:
             requests:
-              cpu: 50m
+              cpu: 250m
               memory: 256Mi
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
@@ -118,43 +127,17 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
-            - name: tip_wlan_AsyncExecutor_CorePoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
-            - name: tip_wlan_AsyncExecutor_MaxPoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
-            - name: tip_wlan_AsyncExecutor_QueueCapacity
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
-            - name: tip_wlan_maxHttpThreads
-              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
-            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
-            - name: singleDataSource_maxTotalConnections
-              value: "{{ .Values.scalability.singleDataSource_maxTotalConnections }}"
-            - name: singleDataSource_maxIdleConnections
-              value: "{{ .Values.scalability.singleDataSource_maxIdleConnections }}"
-            - name: singleDataSource_maxPreparedStatements
-              value: "{{ .Values.scalability.singleDataSource_maxPreparedStatements }}"
-            - name: singleDataSource_maxIdlePreparedStatements
-              value: "{{ .Values.scalability.singleDataSource_maxIdlePreparedStatements }}"
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port2 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -206,7 +189,7 @@ spec:
             - name: {{ .Values.service.name3 }}
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
-            {{- end }}
+            {{- end }}              
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
@@ -232,4 +215,4 @@ spec:
       - name: data
         emptyDir: {}
       - name: dshm
-        emptyDir: {}
+        emptyDir: {}

tip-wlan/charts/wlan-prov-service/templates/rbac.yaml

@@ -1,24 +0,0 @@
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-rules:
-- apiGroups: ["batch", "apps", ""]
-  resources: ["pods", "services", "jobs"]
-  verbs: ["get", "list", "watch"]
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "common.serviceAccountName" . }}
-roleRef:
-  kind: Role
-  name: {{ include "common.fullname" . }}-depends-on
-  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-prov-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-prov-service/values.yaml

@@ -65,17 +65,13 @@ creds:
       password: DUMMY_POSTGRES_PASSWORD
     tipUser:
       password: DUMMY_TIPUSER_PASSWORD
-
+    
   schema_repo:
     username: DUMMY_SCHEMA_REPO_USERNAME
     password: DUMMY_SCHEMA_REPO_PASSWORD
-  postgres:
-    singleDataSourceUsername: DUMMY_POSTGRES_USER
-    singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
-    singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
 
 # Enable/Disable Remote debugging
-debug:
+debug: 
   enabled: false
 
 service:
@@ -86,29 +82,6 @@ service:
   name2: secondary-port
   port3: 5007
   name3: debug
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
-
-scalability:
-  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-  tip_wlan_AsyncExecutor_CorePoolSize: 10
-  tip_wlan_AsyncExecutor_MaxPoolSize: 50
-  tip_wlan_AsyncExecutor_QueueCapacity: 50
-  #max total number of persistent connections in the http client pool
-  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-  #max number of persistent connections in the http client pool per destination
-  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-  #max number of concurrent REST API calls a single instance of this service can process
-  tip_wlan_maxHttpThreads:  100
-  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-  JVM_MEM_OPTIONS: " "
-  #max number of connections to PostgreSQL database
-  singleDataSource_maxTotalConnections: 8
-  #max number of idle connections to PostgreSQL database
-  singleDataSource_maxIdleConnections: 8
-  #max number of cached prepared statements used in PostgreSQL database
-  singleDataSource_maxPreparedStatements: 200
-  #max number of cached idle prepared statements used in PostgreSQL database
-  singleDataSource_maxIdlePreparedStatements: 200
 
 ingress:
   enabled: false
@@ -118,20 +91,24 @@ ingress:
   hosts:
     - host: example.com
       paths: [
-         /portal
+         /portal 
         ]
-  tls:
+  tls: 
    - secretName: portal-secret
      hosts:
        - example.com
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 320Mi
-  requests:
-    cpu: 50m
-    memory: 300Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 
@@ -139,9 +116,8 @@ tolerations: []
 
 affinity: {}
 
-postgresql:
+postgresql: 
   url: postgresql
-  image: postgres:latest
 
 env:
   protocol: https

tip-wlan/charts/wlan-spc-service/resources/config/logback.xml

@@ -74,7 +74,6 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
-    <appender-ref ref="stdout"/>
   </root>
   
 </configuration>

tip-wlan/charts/wlan-spc-service/templates/deployment.yaml

@@ -23,21 +23,16 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: wait-for-services
-          image: opsfleet/depends-on:latest
-          args:
-          - "-service={{ .Release.Name }}-kafka-headless"
-          - -check_interval=5
+        - name: {{ include "common.name" . }}-readiness
+          image: busybox:1.28
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: tip.wlan.kafka.bootstrapServers
@@ -69,28 +64,13 @@ spec:
               value: SSL
             - name: tip.wlan.kafka.sslEndpointIdentificationAlgorithm
               value: ''
-            - name: tip_wlan_AsyncExecutor_CorePoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
-            - name: tip_wlan_AsyncExecutor_MaxPoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
-            - name: tip_wlan_AsyncExecutor_QueueCapacity
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
-            - name: tip_wlan_maxHttpThreads
-              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
-            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
-
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port2 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}

tip-wlan/charts/wlan-spc-service/templates/rbac.yaml

@@ -1,24 +0,0 @@
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-rules:
-- apiGroups: ["batch", "apps", ""]
-  resources: ["pods", "services", "jobs"]
-  verbs: ["get", "list", "watch"]
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "common.serviceAccountName" . }}
-roleRef:
-  kind: Role
-  name: {{ include "common.fullname" . }}-depends-on
-  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-spc-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-spc-service/values.yaml

@@ -59,7 +59,7 @@ securityContext: {}
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug:
+debug: 
   enabled: false
 
 service:
@@ -70,21 +70,6 @@ service:
   name2: secondary-port
   port3: 5009
   name3: debug
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
-
-scalability:
-  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-  tip_wlan_AsyncExecutor_CorePoolSize: 10
-  tip_wlan_AsyncExecutor_MaxPoolSize: 50
-  tip_wlan_AsyncExecutor_QueueCapacity: 50
-  #max total number of persistent connections in the http client pool
-  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-  #max number of persistent connections in the http client pool per destination
-  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-  #max number of concurrent REST API calls a single instance of this service can process
-  tip_wlan_maxHttpThreads:  100
-  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-  JVM_MEM_OPTIONS: " "
 
 ingress:
   enabled: false
@@ -94,20 +79,24 @@ ingress:
   hosts:
     - host: example.com
       paths: [
-         /portal
+         /portal 
         ]
-  tls:
+  tls: 
    - secretName: portal-secret
      hosts:
        - example.com
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 370Mi
-  requests:
-    cpu: 50m
-    memory: 350Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 
@@ -121,7 +110,7 @@ creds:
   sslKeystorePassword: DUMMY_PASSWORD
   sslTruststorePassword: DUMMY_PASSWORD
 
-kafka:
+kafka: 
   url: kafka-headless
 
 env:

tip-wlan/charts/wlan-ssc-service/resources/config/cassandra-application.conf

@@ -0,0 +1,27 @@
+# The options in this file are overrides for the default configuration.
+# They can also be overridden by the java system properties using -Dproperty=value
+#
+# For more details see https://docs.datastax.com/en/developer/java-driver/4.7/manual/core/configuration/reference/
+#
+datastax-java-driver {
+    basic {
+        contact-points = [ "tip-wlan-cassandra-headless:9042" ]
+        load-balancing-policy.local-datacenter = datacenter1
+        session-keyspace = tip_wlan_keyspace
+    }
+  
+    advanced.ssl-engine-factory {
+        class = DefaultSslEngineFactory    
+        hostname-validation = false
+        truststore-path = /opt/tip-wlan/certs/truststore.jks
+        truststore-password = mypassword
+        keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
+        keystore-password = mypassword
+    }
+    
+    advanced.auth-provider {
+        class = PlainTextAuthProvider
+        username = tip_user
+        password = tip_password
+    }
+}

tip-wlan/charts/wlan-ssc-service/resources/config/cqlshrc.tip-wlan

@@ -67,10 +67,12 @@ color = on
 ;; A version of CQL to use (this should almost never be set)
 ; version = 3.2.1
 
+
+
 [connection]
 
 ;; The host to connect to
-hostname = {{ include "cassandra.service" . }}
+hostname = tip-wlan-cassandra-headless
 
 ;; The port to connect to (9042 is the native protocol default)
 port = 9042

tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <appender-ref ref="stdout"/>
+    <!--    <appender-ref ref="stdout"/>-->
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml

@@ -5,29 +5,3 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-  cassandra-application.conf: >-
-    datastax-java-driver {
-        basic {
-            contact-points = [ "{{ include "cassandra.service" . }}:9042" ]
-            load-balancing-policy.local-datacenter = datacenter1
-            session-keyspace = tip_wlan_keyspace
-        }
-
-        advanced.ssl-engine-factory {
-            class = DefaultSslEngineFactory
-            hostname-validation = false
-            truststore-path = /opt/tip-wlan/certs/truststore.jks
-            truststore-password = {{ .Values.creds.sslTruststorePassword }}
-            keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
-            keystore-password = {{ .Values.creds.sslKeystorePassword }}
-        }
-
-        advanced.auth-provider {
-            class = PlainTextAuthProvider
-            username = {{ .Values.creds.cassandra.tip_user }}
-            password = {{ .Values.creds.cassandra.tip_password }}
-        }
-    }
-
-  cqlshrc.tip-wlan: |
-  {{ tpl (.Files.Get "files/cqlshrc.tip-wlan") . | nindent 4 }}

tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml

@@ -1,6 +1,7 @@
 {{- $kafka := include "kafka.service" . -}}
 {{- $cassandra := include "cassandra.service" . -}}
 {{- $ns := include "common.namespace" . -}}
+{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -24,12 +25,14 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: wait-for-services
-          image: opsfleet/depends-on:latest
-          args:
-          - "-service={{ .Release.Name }}-kafka-headless"
-          - "-service={{ .Release.Name }}-cassandra"
-          - -check_interval=5
+        - name: {{ include "common.name" . }}-kafka-readiness
+          image: busybox:1.28
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
+        - name: {{ include "common.name" . }}-cassandra-readiness
+          image: busybox:1.28
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command: ['sh', '-c', "until nslookup {{ $cassandra }}.{{ $ns }}.svc.cluster.local; do echo waiting for Cassandra; sleep 2; done"]
         - name: {{ include "common.name" . }}-create-db-schema-cassandra
           env:
           - name: CASSANDRA_PORT_NUMBER
@@ -44,12 +47,19 @@ spec:
               secretKeyRef:
                 name: {{ include "common.fullname" . }}-creds
                 key: schema-repo-password
-          image: {{ .Values.cassandra.image }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          image: cassandra:3.11.6
+          imagePullPolicy: IfNotPresent
           command:
           - sh
           - -c
           - |
+            if [ {{ $cloudeployment }} = false ]
+            then
+              echo "52.35.62.28 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
+              echo "91.189.88.152 security.ubuntu.com" >> /etc/hosts
+              echo "91.189.88.142 archive.ubuntu.com" >> /etc/hosts
+              echo "Added name-resolution for local deployments"
+            fi
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
@@ -91,7 +101,7 @@ spec:
             protocol: TCP
           resources:
             requests:
-              cpu: 50m
+              cpu: 250m
               memory: 256Mi
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
@@ -107,17 +117,13 @@ spec:
             subPath: cassandraserverkey_dec.pem
           - mountPath: /opt/tip-wlan/certs/cacert.pem
             name: certificates
-            subPath: cacert.pem
+            subPath: cacert.pem          
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- if .Values.global.testingEnabled }}
-          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
-          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: tip.wlan.kafka.bootstrapServers
@@ -161,28 +167,13 @@ spec:
                   key: cassandra_tip_user
             - name: CASSANDRA_HOST
               value: {{ $cassandra }}:{{ .Values.cassandra.port }}
-            - name: tip_wlan_AsyncExecutor_CorePoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_CorePoolSize }}"
-            - name: tip_wlan_AsyncExecutor_MaxPoolSize
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_MaxPoolSize }}"
-            - name: tip_wlan_AsyncExecutor_QueueCapacity
-              value: "{{ .Values.scalability.tip_wlan_AsyncExecutor_QueueCapacity }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsTotal
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsTotal }}"
-            - name: tip_wlan_httpClientConfig_maxConnectionsPerRoute
-              value: "{{ .Values.scalability.tip_wlan_httpClientConfig_maxConnectionsPerRoute }}"
-            - name: tip_wlan_maxHttpThreads
-              value: "{{ .Values.scalability.tip_wlan_maxHttpThreads }}"
-            - name: JVM_MEM_OPTIONS
-              value: "{{ .Values.scalability.JVM_MEM_OPTIONS }}"
-
           {{- if .Values.probes.enabled }}
           livenessProbe:
             httpGet:
               path: /ping
               port: {{ .Values.service.port2 }}
               scheme: {{ .Values.probes.livenessProbe.scheme }}
-            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
             timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
@@ -231,7 +222,7 @@ spec:
             - name: {{ .Values.service.name3 }}
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
-            {{- end }}
+            {{- end }}              
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

tip-wlan/charts/wlan-ssc-service/templates/rbac.yaml

@@ -1,24 +0,0 @@
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-rules:
-- apiGroups: ["batch", "apps", ""]
-  resources: ["pods", "services", "jobs"]
-  verbs: ["get", "list", "watch"]
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "common.fullname" . }}-depends-on
-  namespace: {{ include "common.namespace" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "common.serviceAccountName" . }}
-roleRef:
-  kind: Role
-  name: {{ include "common.fullname" . }}-depends-on
-  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-ssc-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      {{- if eq .Values.service.type "NodePort" }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-ssc-service/values.yaml

@@ -59,7 +59,7 @@ securityContext: {}
 testsEnabled: false
 
 # Enable/Disable Remote debugging
-debug:
+debug: 
   enabled: false
 
 service:
@@ -70,21 +70,6 @@ service:
   name2: secondary-port
   port3: 5008
   name3: debug
-  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
-
-scalability:
-  #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-  tip_wlan_AsyncExecutor_CorePoolSize: 10
-  tip_wlan_AsyncExecutor_MaxPoolSize: 50
-  tip_wlan_AsyncExecutor_QueueCapacity: 50
-  #max total number of persistent connections in the http client pool
-  tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-  #max number of persistent connections in the http client pool per destination
-  tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-  #max number of concurrent REST API calls a single instance of this service can process
-  tip_wlan_maxHttpThreads:  100
-  #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-  JVM_MEM_OPTIONS: " "
 
 ingress:
   enabled: false
@@ -94,20 +79,24 @@ ingress:
   hosts:
     - host: example.com
       paths: [
-         /portal
+         /portal 
         ]
-  tls:
+  tls: 
    - secretName: portal-secret
      hosts:
        - example.com
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 420Mi
-  requests:
-    cpu: 50m
-    memory: 400Mi
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}
 
@@ -127,13 +116,12 @@ creds:
     username: DUMMY_SCHEMA_REPO_USERNAME
     password: DUMMY_SCHEMA_REPO_PASSWORD
 
-kafka:
+kafka: 
   url: kafka-headless
 
 cassandra:
   url: cassandra-headless
   port: 9042
-  image: cassandra:3.11.6
 
 env:
   protocol: https

tip-wlan/charts/zookeeper/templates/statefulset.yaml

@@ -50,7 +50,7 @@ spec:
       containers:
         - name: zookeeper
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy | default .Values.global.pullPolicy }} 
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- with .Values.command }}
           command: {{ range . }}
              - {{ . | quote }}

tip-wlan/charts/zookeeper/values.yaml

@@ -18,7 +18,7 @@ updateStrategy:
 image:
   repository: zookeeper     # Container image repository for zookeeper container.
   tag: 3.5.5                # Container image tag for zookeeper container.
-  pullPolicy: Always        # Image pull criteria for zookeeper container.
+  pullPolicy: IfNotPresent  # Image pull criteria for zookeeper container.
 
 service:
   type: ClusterIP  # Exposes zookeeper on a cluster-internal IP.
@@ -49,13 +49,17 @@ ports:
     containerPort: 2888  # Port number for zookeeper container server port.
     protocol: TCP  # Protocol for zookeeper container server port.
 
-resources:
-  limits:
-    cpu: 500m
-    memory: 1Gi
-  requests:
-    cpu: 50m
-    memory: 700Mi
+resources: {}  # Optionally specify how much CPU and memory (RAM) each zookeeper container needs.
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
 
 priorityClassName: ""
 

tip-wlan/example-values/local-multi-namespace/README.md

@@ -1,10 +0,0 @@
-# Helm values for deploying two Cloud SDK instances into separate namespaces
-
-## Usage
-
-```bash
-helm install tip-wlan-1 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml
-helm install tip-wlan-2 tip-wlan -f tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml
-```
-
-This will create a Cloud SDK instance in each of the namespaces _tip-1_ and _tip-2_.

tip-wlan/example-values/local-multi-namespace/ns-tip-1.yaml

@@ -1,270 +0,0 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed.
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-  nsPrefix: tip-1
-  # image pull policy
-  pullPolicy: Always
-
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-# createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
-opensync-gw-static:
-  enabled: false
-opensync-gw-cloud:
-  enabled: true
-  externalhost:
-    address:
-      ovsdb: opensync-controller.wlan.local
-      mqtt: opensync-mqtt-broker.wlan.local
-  persistence:
-    enabled: true
-  filestore:
-    url: "https://wlan-filestore.wlan.local"
-  scalability:
-    #how many concurrent connections single instance of OpenSyncGateway can accept
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-opensync-mqtt-broker:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-wlan-cloud-graphql-gw:
-  enabled: true
-  env:
-    portalsvc: tip-wlan-1-wlan-portal-service:9051
-  ingress:
-    hosts:
-      - host: wlan-ui-graphql-1.wlan.local
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui-graphql-1.wlan.local
-wlan-cloud-static-portal:
-  enabled: true
-  env:
-    graphql: https://wlan-ui-graphql-1.wlan.local
-  service:
-    type: NodePort
-  ingress:
-    hosts:
-      - host: wlan-ui-1.wlan.local
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui-1.wlan.local
-wlan-portal-service:
-  enabled: true
-  persistence:
-    enabled: true
-    storageClass: standard
-    filestoreSize: 1Gi
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-prov-service:
-  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    #max number of connections to PostgreSQL database
-    singleDataSource_maxTotalConnections: 8
-    #max number of idle connections to PostgreSQL database
-    singleDataSource_maxIdleConnections: 8
-    #max number of cached prepared statements used in PostgreSQL database
-    singleDataSource_maxPreparedStatements: 200
-    #max number of cached idle prepared statements used in PostgreSQL database
-    singleDataSource_maxIdlePreparedStatements: 200
-
-wlan-ssc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-spc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    
-nginx-ingress-controller:
-  enabled: true
-  controller:
-    service:
-      type: LoadBalancer
-    config:
-      externalStatusAddress: "api.wlan.local"
-    defaultTLS:
-      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
-    wildcardTLS:
-    # self signed wildcard cert for *.wlan.local
-      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
-
-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-kafka:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
-cassandra:
-  enabled: true
-  image:
-    debug: true
-  cluster:
-    replicaCount: 1
-    seedCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-postgresql:
-  enabled: true
-  postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful:
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30

tip-wlan/example-values/local-multi-namespace/ns-tip-2.yaml

@@ -1,258 +0,0 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed.
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 304
-  nsPrefix: tip-2
-  # image pull policy
-  pullPolicy: Always
-
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-# createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
-opensync-gw-static:
-  enabled: false
-opensync-gw-cloud:
-  enabled: true
-  externalhost:
-    address:
-      ovsdb: opensync-controller.wlan.local
-      mqtt: opensync-mqtt-broker.wlan.local
-  persistence:
-    enabled: true
-  filestore:
-    url: "https://wlan-filestore.wlan.local"
-  scalability:
-    #how many concurrent connections single instance of OpenSyncGateway can accept
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-opensync-mqtt-broker:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-wlan-cloud-graphql-gw:
-  enabled: true
-  env:
-    portalsvc: tip-wlan-2-wlan-portal-service:9051
-  ingress:
-    hosts:
-      - host: wlan-ui-graphql-2.wlan.local
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui-graphql-2.wlan.local
-wlan-cloud-static-portal:
-  enabled: true
-  env:
-    graphql: https://wlan-ui-graphql-2.wlan.local
-  service:
-    type: NodePort
-  ingress:
-    hosts:
-      - host: wlan-ui-2.wlan.local
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui-2.wlan.local
-wlan-portal-service:
-  enabled: true
-  persistence:
-    enabled: true
-    storageClass: standard
-    filestoreSize: 1Gi
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-prov-service:
-  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    #max number of connections to PostgreSQL database
-    singleDataSource_maxTotalConnections: 8
-    #max number of idle connections to PostgreSQL database
-    singleDataSource_maxIdleConnections: 8
-    #max number of cached prepared statements used in PostgreSQL database
-    singleDataSource_maxPreparedStatements: 200
-    #max number of cached idle prepared statements used in PostgreSQL database
-    singleDataSource_maxIdlePreparedStatements: 200
-
-wlan-ssc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-spc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    
-nginx-ingress-controller:
-  enabled: false
-
-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-kafka:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
-cassandra:
-  enabled: true
-  image:
-    debug: true
-  cluster:
-    replicaCount: 1
-    seedCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-postgresql:
-  enabled: true
-  postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful:
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30

tip-wlan/resources/environments/dev-amazon-tip.yaml

@@ -53,10 +53,9 @@ common:
       storageClass: aws-efs  
 opensync-gw-cloud:
   enabled: true
-  externalhost:
-    address:
-      ovsdb: opensync-controller.demo.lab.wlan.tip.build
-      mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
+  externalhostaddress:
+    ovsdb: opensync-controller.demo.lab.wlan.tip.build
+    mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
   persistence:
     enabled: false
   filestore:
@@ -121,9 +120,6 @@ wlan-port-forwarding-gateway-service:
   enabled: true
   creds:
     websocketSessionTokenEncKey: MyToKeN0MyToKeN1
-  externallyVisible:
-    host: api.wlan.demo.lab.wlan.tip.build
-    port: 30401
 nginx-ingress-controller:
   enabled: true
   controller:

tip-wlan/resources/environments/dev-integrated-aws-connectus.yaml

@@ -0,0 +1,126 @@
+# This is a development override file.
+# It overrides the default Tip-Wlan parent chart behaviour
+#
+# It can be tweaked, based on the need to support different
+# dev environments.
+# This file expects to have a GlusterFS storage solution running
+# before "helm install" is performed. 
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+  # Change to an unused port prefix range to prevent port conflicts
+  # with other instances running within the same k8s cluster
+  nodePortPrefix: 302
+  nsPrefix: tip
+  # image pull policy
+  pullPolicy: Always
+
+  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
+  # override default mount path root directory
+  # referenced by persistent volumes and log files
+  persistence:
+
+  # flag to enable debugging - application support required
+  debugEnabled: true
+
+  # Integrated Deployment which deploys Prov Service, Portal Service and 
+  # SSC Service in a single docker image 
+  integratedDeployment: true
+
+# Annotations for namespace
+annotations: {
+    "helm.sh/resource-policy": keep
+}
+
+createReleaseNamespace: false
+
+# Docker registry secret
+dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the TIP-WLAN deployment.
+#################################################################
+opensync-gw-static:
+  enabled: false
+opensync-gw-cloud:
+  enabled: true
+  externalhostaddress:
+    ovsdb: "15.222.171.117"
+    mqtt: "3.96.17.34"
+  env:
+    protocol: https
+    ssc:
+      service: wlan-integrated-cloud-component-service
+      port: 9092
+    prov:
+      service: wlan-integrated-cloud-component-service
+      port: 9092
+opensync-mqtt-broker:
+  enabled: true
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: "gp2"
+wlan-cloud-graphql-gw:
+  enabled: true
+  env:
+    portalsvc: wlan-portal-svc.zone3.lab.connectus.ai
+wlan-cloud-static-portal:
+  enabled: true
+wlan-integrated-cloud-component-service:
+  enabled: true
+  image:
+    name: wlan-integrated-cloud-component-service-persistence
+    tag: 0.0.1-SNAPSHOT
+  creds:
+    enabled: true
+    postgres:
+      password: cG9zdGdyZXMxMjM=
+    schema_repo:
+      username: tip-read
+      password: tip-read
+  integratedWithPersistence:
+    enabled: true
+nginx-ingress-controller:
+  enabled: true
+  controller:
+    config:
+      externalStatusAddress: "api.wlan.zone3.lab.connectus.ai"
+zookeeper:
+  enabled: true
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: "gp2"
+kafka:
+  enabled: true
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: "gp2"
+cassandra:
+  enabled: true
+  config:
+    cluster_size: 3
+    seed_size: 2
+  persistence:
+    enabled: true
+    storageClass: "glusterfs-storage"
+postgresql:
+  enabled: true
+  postgresqlPassword: cG9zdGdyZXMxMjM=
+## NOTE: If we are using glusterfs as Storage class, we don't really need 
+## replication turned on, since the data is anyway replicated on glusterfs nodes
+## Replication is useful: 
+## a. When we use HostPath as storage mechanism
+## b. If master goes down and one of the slave is promoted as master
+  replication:
+    enabled: true
+    slaveReplicas: 1
+  persistence:
+    enabled: true
+    storageClass: "glusterfs-storage"

tip-wlan/resources/environments/dev-integrated-aws-tip.yaml

@@ -48,10 +48,9 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhost:
-    address:
-      ovsdb: opensync-controller.tip.lab.connectus.ai
-      mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
+  externalhostaddress:
+    ovsdb: opensync-controller.tip.lab.connectus.ai
+    mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
   env:
     protocol: https
     ssc:

tip-wlan/resources/environments/dev-integrated.yaml

@@ -30,6 +30,8 @@ global:
   # Integrated Deployment which deploys Prov Service, Portal Service and 
   # SSC Service in a single docker image 
   integratedDeployment: true
+  # Is the Cluster deployed in Cloud
+  isCloudDeployment: false
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep

tip-wlan/resources/environments/dev-local.yaml

@@ -1,270 +0,0 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed.
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-  nsPrefix: tip
-  # image pull policy
-  pullPolicy: Always
-
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-# createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
-opensync-gw-static:
-  enabled: false
-opensync-gw-cloud:
-  enabled: true
-  externalhost:
-    address:
-      ovsdb: opensync-controller.wlan.local
-      mqtt: opensync-mqtt-broker.wlan.local
-  persistence:
-    enabled: true
-  filestore:
-    url: "https://wlan-filestore.wlan.local"
-  scalability:
-    #how many concurrent connections single instance of OpenSyncGateway can accept
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-opensync-mqtt-broker:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-wlan-cloud-graphql-gw:
-  enabled: true
-  env:
-    portalsvc: tip-wlan-wlan-portal-service:9051
-  ingress:
-    hosts:
-      - host: wlan-ui-graphql.wlan.local
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui-graphql.wlan.local
-wlan-cloud-static-portal:
-  enabled: true
-  env:
-    graphql: https://wlan-ui-graphql.wlan.local
-  service:
-    type: NodePort
-  ingress:
-    hosts:
-      - host: wlan-ui.wlan.local
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui.wlan.local
-wlan-portal-service:
-  enabled: true
-  persistence:
-    enabled: true
-    storageClass: standard
-    filestoreSize: 1Gi
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-prov-service:
-  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    #max number of connections to PostgreSQL database
-    singleDataSource_maxTotalConnections: 8
-    #max number of idle connections to PostgreSQL database
-    singleDataSource_maxIdleConnections: 8
-    #max number of cached prepared statements used in PostgreSQL database
-    singleDataSource_maxPreparedStatements: 200
-    #max number of cached idle prepared statements used in PostgreSQL database
-    singleDataSource_maxIdlePreparedStatements: 200
-
-wlan-ssc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-spc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    
-nginx-ingress-controller:
-  enabled: true
-  controller:
-    service:
-      type: LoadBalancer
-    config:
-      externalStatusAddress: "api.wlan.local"
-    defaultTLS:
-      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
-    wildcardTLS:
-    # self signed wildcard cert for *.wlan.local
-      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
-
-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-kafka:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
-cassandra:
-  enabled: true
-  image:
-    debug: true
-  cluster:
-    replicaCount: 1
-    seedCount: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-postgresql:
-  enabled: true
-  postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful:
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
-  persistence:
-    enabled: true
-    storageClass: standard
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30

tip-wlan/resources/environments/dev-microk8s.yaml

@@ -1,285 +0,0 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed.
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-  nsPrefix: tip
-  # image pull policy
-  pullPolicy: Always
-
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-# createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
-opensync-gw-static:
-  enabled: false
-opensync-gw-cloud:
-  enabled: true
-  externalhost:
-    address:
-      ovsdb: opensync-controller.wlan.local
-      mqtt: opensync-mqtt-broker.wlan.local
-  persistence:
-    enabled: true
-  filestore:
-    url: "https://wlan-filestore.wlan.local"
-  service:
-    type: LoadBalancer
-    annotations:
-      metallb.universe.tf/allow-shared-ip: default
-  scalability:
-    #how many concurrent connections single instance of OpenSyncGateway can accept
-    tip_wlan_ovsdb_listener_threadPoolSize: 50
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  100
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-opensync-mqtt-broker:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: microk8s-hostpath
-  service:
-    type: LoadBalancer
-    annotations:
-      metallb.universe.tf/allow-shared-ip: default
-wlan-cloud-graphql-gw:
-  enabled: true
-  env:
-    portalsvc: tip-wlan-wlan-portal-service:9051
-  ingress:
-    hosts:
-      - host: wlan-ui-graphql.home.lan
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui-graphql.wlan.local
-#      secretName: nginx-ingress-controller-default-server-secret
-wlan-cloud-static-portal:
-  enabled: true
-  env:
-    graphql: https://wlan-ui-graphql.wlan.local
-  service:
-    type: NodePort
-  ingress:
-    hosts:
-      - host: wlan-ui.home.lan
-        paths: [
-           /
-          ]
-    tls:
-    - hosts:
-      - wlan-ui.wlan.local
-wlan-portal-service:
-  enabled: true
-  persistence:
-    enabled: true
-    storageClass: microk8s-hostpath
-    filestoreSize: 1Gi
-  service:
-    type: LoadBalancer
-    annotations:
-      metallb.universe.tf/allow-shared-ip: default
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 20
-    tip_wlan_AsyncExecutor_MaxPoolSize: 150
-    tip_wlan_AsyncExecutor_QueueCapacity: 150
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 150
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 50
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  250
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-prov-service:
-  enabled: true
-  creds:
-    enabled: true
-    db:
-      postgresUser:
-        password: postgres
-      tipUser:
-        password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 75
-    tip_wlan_AsyncExecutor_QueueCapacity: 75
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 20
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  250
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    #max number of connections to PostgreSQL database
-    singleDataSource_maxTotalConnections: 8
-    #max number of idle connections to PostgreSQL database
-    singleDataSource_maxIdleConnections: 8
-    #max number of cached prepared statements used in PostgreSQL database
-    singleDataSource_maxPreparedStatements: 200
-    #max number of cached idle prepared statements used in PostgreSQL database
-    singleDataSource_maxIdlePreparedStatements: 200
-
-wlan-ssc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    cassandra:
-      tip_user: tip_user
-      tip_password: tip_password
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 100
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  250
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-
-wlan-spc-service:
-  enabled: true
-  creds:
-    sslKeyPassword: mypassword
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-  scalability:
-    #asynchronous task executor - monitor metrics and adjust if tasks start being rejected
-    tip_wlan_AsyncExecutor_CorePoolSize: 10
-    tip_wlan_AsyncExecutor_MaxPoolSize: 50
-    tip_wlan_AsyncExecutor_QueueCapacity: 50
-    #max total number of persistent connections in the http client pool
-    tip_wlan_httpClientConfig_maxConnectionsTotal: 250
-    #max number of persistent connections in the http client pool per destination
-    tip_wlan_httpClientConfig_maxConnectionsPerRoute: 10
-    #max number of concurrent REST API calls a single instance of this service can process
-    tip_wlan_maxHttpThreads:  250
-    #memory tuning parameters for the JVM - max size, initialsize, garbage collection tuning options, etc.
-    JVM_MEM_OPTIONS: " "
-    
-nginx-ingress-controller:
-  enabled: true
-  controller:
-    service:
-      type: LoadBalancer
-      annotations:
-        metallb.universe.tf/allow-shared-ip: default
-    config:
-      externalStatusAddress: "api.wlan.local"
-    defaultTLS:
-      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXakNDQTBLZ0F3SUJBZ0lVUU5hUC9zcHZSSHRCVEFLd1lSTndieFJmRkFzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0hURWJNQmtHQTFVRUF3d1NkMnhoYmkxMWFTNTNiR0Z1TG14dlkyRnNNQjRYRFRJd01EZ3lOekl3TWpZMQpObG9YRFRNd01EZ3lOVEl3TWpZMU5sb3dIVEViTUJrR0ExVUVBd3dTZDJ4aGJpMTFhUzUzYkdGdUxteHZZMkZzCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBd1JhZ2lEV3pDTllCdFd3QmNLK2YKVGtrUW1NdCtRQWdUallyMEtTOERQSkNKZjZLa1BmWkhDdTN3NEx2cnh6WTlObWllaDJYVTgzNGFtZEp4SXVDdwo2SWJObzZ6c2tqc3lmb084d0ZEbWxMVldMZWc1SDlHOWRvZW0rV1RlS1BhRUhpM29xdXpOZ3Q2d0xzM212dk9BClR2aVRJb2M4OEVMams0ZFNSMlQ0ZGhoMHFLQ0NqK0hkWEJBNlYvOWJpcnUralYrL2t4RVF1TDJ6TTM5RHZWZDgKOWtzMzV6TVZVemUzNmxENElDT25sN2hnYVROQmk0NU85c2RMRDBZYVVtamlGd1FsdEpVZG1QS3BhQWRidmpVTwpuc3VwbkRZam0rVW0rOWFFcHFNNHRlMjNlZkM4TjhqMXVrZXh6SnJFMkdlRi9XQi9ZMUxGSUcyd2pxVm5zUGNzCm5GRjRZZDlFQlJSbmUxRVplWEJ1M0ZFTEZ5NmxDT0hJMTQ2b0JjYy9JYjYxN3JkVEtYcXh0di8yTkw2L1RxRmsKbnMvRUVqdmU2a1FZemxCWndXSFdwWndRZmczbW82TmFvRlpwVGFnOThNeXU1clpvT29mVGN4WEg2cExtNVB4MQpPQXpnTG5hOU8rMkZtQTRGanJnSGNNWTFOSXp5blpMK0RIOGZpYnQxRi92MkYyTUErUjl2bzg0dlI1Uk9HTmRECnZhMkFwZXZrTGNqUWcvTHdzWHYwZ1RvcFEvWEl6ZWpoNmJkVWtPcktTd0p6VDJDOS9lOUdRbjBncHBWOExCdUsKMXpRSG9ST0xuQTQxTUNGdlFMUUhvK1h0OEtHdytVYmFseTZoT3hCWkY1MUwvQmJxamtESDlBRUZhSkxwdGlFeQpxbjFFNXYrM3doZ0ZTNUlaVDhJVzV1VUNBd0VBQWFPQmtUQ0JqakFkQmdOVkhRNEVGZ1FVeTJiQVV5TlBYSFM5CjNWVFNEK3dvTjd0M3E4RXdId1lEVlIwakJCZ3dGb0FVeTJiQVV5TlBYSFM5M1ZUU0Qrd29ON3QzcThFd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QTdCZ05WSFJFRU5EQXlnaHAzYkdGdUxYVnBMV2R5WVhCb2NXd3VkMnhoYmk1cwpiMk5oYklJT1lYQnBMbmRzWVc0dWJHOWpZV3lIQk1Db0FBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBS0grCmJxSmVlMTFuMzRTWWdCRHZnb1o4bEpMUVJ3c0ZucUV4Y1NyL3BsWjdHVklHRkg1L1EyS3lvOVZ5RWlUUHdySXMKS3NFckMxZXZINnh0MVVSZk16cDA1elZRMExZTTUra3NhbVJEYWdBZzNNMWNtN29LT2Rtcy9kcXpQZTJnWmZHSgpwVmR0VlcxQ0hyTDBSTFRSOTNoN2tnU2lCbFNFSVlNb2VLZk41SDlBYXZKNEtyeXlnUXM2M2trR1E1TTllc0FwCnU2YkIzMDd6eWZ6Z1MzdG1Rc1UwMXJnSmZoRUhRL1krQWs5d0R1T2d2bWZ4MFRXZ0FPR2JLcTZUdThNS1lkZWoKSWU3clYxRzVVdjdLZmdvelZYNzZnMktkblRWQmZzcFNLbzN6eXJaa2NrekFwdlV1OUllZkhkVG9lNEpNRVUweQpmazdsRVUvZXh6Qnl5TnhwKzZoZHUvWklnM3hiMXlBMW9WWThORWQxckwxekFWaVBlMzUxU0VORUtlSnBSYW5DCmtDTDNSQUZrYnhRN0loYWNqb3g4YmVsUitnbW84Y3lGWnBqOVhhb1BsU0ZTY2R3ejU3M0NUMGg5N3Y3NkE3c3cKeUMrQ2lTcDg1Z1dFVjV2Z0JpdE5KN1I5b25qQmRzdUgybGdFdE1EM0pOT3M4Y0NTUmloWXhyaXdaU3FoVDdvLwp0Y0lsY0o4NFc1bTZYNnpISjNHbXR1S0czUVBOT21zMC9WVm9EVHA5cWRwTCtFazE3dUIyQTQxTnB4ejNVUytsCjZ5SytwZFFRajdBTHpLdVJmT3lnODBYYk53MnY0U25wSTVxYlhGQlJ1bTUyZjg2c1BlbUZxMUtjdU5XZTRFVkMKeERHM2VLbHUrZGxsVXRLeC9QTjZ5ZmxiVDV4Y0dnY2Rtcnd6UmFXUwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRREJGcUNJTmJNSTFnRzEKYkFGd3I1OU9TUkNZeTM1QUNCT05pdlFwTHdNOGtJbC9vcVE5OWtjSzdmRGd1K3ZITmowMmFKNkhaZFR6ZmhxWgowbkVpNExEb2hzMmpyT3lTT3pKK2c3ekFVT2FVdFZZdDZEa2YwYjEyaDZiNVpONG85b1FlTGVpcTdNMkMzckF1CnplYSs4NEJPK0pNaWh6endRdU9UaDFKSFpQaDJHSFNvb0lLUDRkMWNFRHBYLzF1S3U3Nk5YNytURVJDNHZiTXoKZjBPOVYzejJTemZuTXhWVE43ZnFVUGdnSTZlWHVHQnBNMEdMams3Mngwc1BSaHBTYU9JWEJDVzBsUjJZOHFsbwpCMXUrTlE2ZXk2bWNOaU9iNVNiNzFvU21vemkxN2JkNThMdzN5UFc2UjdITW1zVFlaNFg5WUg5alVzVWdiYkNPCnBXZXc5eXljVVhoaDMwUUZGR2Q3VVJsNWNHN2NVUXNYTHFVSTRjalhqcWdGeHo4aHZyWHV0MU1wZXJHMi8vWTAKdnI5T29XU2V6OFFTTzk3cVJCak9VRm5CWWRhbG5CQitEZWFqbzFxZ1ZtbE5xRDN3eks3bXRtZzZoOU56RmNmcQprdWJrL0hVNERPQXVkcjA3N1lXWURnV091QWR3eGpVMGpQS2RrdjRNZngrSnUzVVgrL1lYWXdENUgyK2p6aTlICmxFNFkxME85cllDbDYrUXR5TkNEOHZDeGUvU0JPaWxEOWNqTjZPSHB0MVNRNnNwTEFuTlBZTDM5NzBaQ2ZTQ20KbFh3c0c0clhOQWVoRTR1Y0RqVXdJVzlBdEFlajVlM3dvYkQ1UnRxWExxRTdFRmtYblV2OEZ1cU9RTWYwQVFWbwprdW0ySVRLcWZVVG0vN2ZDR0FWTGtobFB3aGJtNVFJREFRQUJBb0lDQUMyR2hEc1pUaWtiTERQMlR6Q2VkOVVoCmJRUlpsbDdLaUxHcXZYNm9VdjhJcFNLdTJrS3h1blpkTzVvQk5NbzNnNTg4YzRSQkFrQ1d6dmJObzFjeDJ3UTQKSkd3ZTdYaGM5TDdYbUwxUFZjNWlJdnVYOFVBTFY3eUdwMXZONklPSC9BYVJsSFlZZHl3UURVSTcwZGZiMmJqRQo2d3dORHRVbk1Ea3NncjNLbExwamNiNEFla2dxWE9MRUFMMld1Nkt1T1hOankrdUU3b2hnVWN3bWlYWXZGb3VMCm1KYXVlS3l5U202NHdJZnpZQ1JwbUhHMVlCTGpic0xJb20zcmZYRkl3V1hqMkhBSGFIOFRWOVhyUmpwR2tEZm8KbFFqN3l0R0s2ZkllMWcva0ZBN3hDWDE2d1NYMS85bjM1WGYwVmMwZ08zdE9NVHJkM1JTVVNEaVp6eVR1WWxuZwpETEdmYXZjRS82QXJ5cTlWZ3hyUXdXbnZhd0hIcWxBWUtxVHpJYkRJS0Y3SjRYTE9FckFtRE50T1I2Lzc1WjJ3CnVPQlFYT0N3NFM1dWxWdzhIZUM0NGlFTmxJYU5lNDNWTkZUTGtRM3lCeW96VVlYWTN2eEJXMWpURFpFOTB5YTUKZzk4cmFiYWhIS0lockpGYzNXYTE0RWhicUE2TVVLSXRRTkk4K1N1Rk1KV3R4VW1iM1cxK2dHbXJvTmo1TU9kYQpzdjV5OThTYS93UUc4dGc0cmdNQ0xpQVNHL3hudDB3RURrNXFDVUUxRzRSdkdOeUYxU09zNk82c1BTOTg4Umd4CnJuamQvWWZoME5xVnhHcHFGNnhpQVgvZXkyU0NGUWNybEtmNnhGREF4YjI4RTdaNnRQSUZCTWxpQ1IrbzdYR3MKZDNvUWVuMThCalM1NjdtR2ZmNkJBb0lCQVFEanFFcHZqOVhJVVB3bk1RZitRY3R0R1pXZEp2bFZSa1BSMW9maApSVWI2UHdFRkEwdVQyM011ZmFvNGI4bWIrM2Vra1BkYTZmbWJqUGFUckQrbk5YNGxyRE5oYytvcVY4aFVEQnA0CmpVcEg3OXorTVNUZVVQclpnS3VMeEdqaDJiK0FWYVZjZTI2STVYUXVoUnR6ZHFYZDlIeSs4YXpYRTltbHlPQ00KMUpEK2VHZWxhaVJMbEZBbVRDNDNoNlV5T0Q5SmZOSW1oWDQ2WDJRRlFsbGc1cWxVdWQ4Ukx3eFViZTJoYzhTWQp4VnVvYVZSSUdBSmhqRkd3ZVhnRjdzc0tQNXBZMHRkTlNvSGsxeHRnUmVJTlllZFU1cmtpKzloZTN0cStqWUdJCmxVcVVzYzNzN3c4cUk1UXk5NGdmcUI5Lzd4K3BFdGEvak9leE4yL1pGOFJGSXVucEFvSUJBUURaSUpUaUUxKzkKc2xnQ0NGVllLR3Z5aE5odkppck94enlOUWU3YjIvZmxQNzVHd0pTTWpZZTdoTmhGK3JrZHRJcXF5dWxyeGF3YgpPbWliU0FCSG5kT20ycDRMdDhaK20vQXZaRUgzVklLdWkwY0xVbTlKRXNsWURVcFIrdG5BemloNzdrS2FlVzlnCk1wdlpiUzZGdXE2ZlBZQUJyK3dXeU1IazR0UnRNZ3duUFRtSzZQTW85b3FIUURTSVJjL3N0N2hBTUwwMDdtNlEKOTJkRXRqNTNtSTBURTRISVhtY3hZbjV5NGVJLy85aEFMb2xFa0ZHWDU0SmNMdWpDWWkwQ3RIU0xDcnNmQkJwZgpDS2NaMk5sWFNiYVREU1prZWhnQWFWTlM2OVp1K1o2eGFvNmZZMjVxSnNmeXlaUkNjSzJYY0FoUDV2QWNUbWhQClNKUFJZc1dSNXZ1ZEFvSUJBRmtRRXFiWWg1TkprNHdsazNIMS9ZYWVGcmtYY1QzYU1sZ2FiS2hGdVFIWHVpZGkKNWFOZm5BMFpIb25idWV6ckVTQnhra09mKzRYT1BQMEN5eGc0UmpTb3pLVVlld2k3dE9Ta280cDhCQTVtbVhkYwpkSWNBK1ZJMEUyaW5tenlZT21JVG41Q3h2VW1UTXNPc1VWUDNtK1pjYXAwczRTaDNYSk9PSmNNU3VmTEQyaENOCm1NdDBwM0tFSlNTV1RadDdBODlWSk1YclBibktiYy9jNkNpUHRMa3Z5a1BudXhRZ3VYR0xYK05BZXA1RkxyTFIKcWNUTjUzdDUyZW5BUlBDcWQxQytrM3BxWnF6SE5xK1FSMkppNWVTQ0t2V3p2eTlHVWg5d0xyZm5aL2tLSW56SgovWTNIdzRlNDdTa3RWYjF3S0Z1MXdndklMVEJZZHNwZ2tPbFhRbGtDZ2dFQUtKYVJuazFXMldRc1ZYenZUMEtICkkxZTRDZGNOcTRmTkJ1N3JVc2drNkFMcGM5cHVLblFPaW54RDNaa0gzOGl2SDB3OUpEdFlkK0tNU1hMRk1wNEwKUWFhZVlyeGc2NndFMHljZnViZGZrbmRRdVlvWWFZV01nOXhBSjJFSU1hV1lKY3FkUXJrdW04SDZKa1BsclhQLwpUcDgxZlp0QU8rWWRjTWNDUk1OVlNFU0dyRFB0dUp1VnU4REIwVE9Uc2NHS1BOMmZrUFI5VUxZZTVOWllpUXpJCldtZU1IRU9oY0xiandsLzlaazlTUW5Vd2pkT1luUmZXNDVxVlFqa09CdkpxMHM4WHVhMlBySEkyb250SjdhcEcKNmVoTVkvMzYzS0RUeGExMmNWcFNVd0lEVlVKR0VxdmJOc1I5NVltZ3VhMWtzR01RUVlwYXIyOTJ5bTUzVmxYaQpkUUtDQVFCTUFYS0RaNVZobHBRR1VlUk1FNVhqVm1KOE1WdlZTUzV3NzBGOC9CS0ZnZFBJNnR2Nkx5UGh3OTRPCmxZVldoOXJmdUpmbWllK1ZJSWhaeSthUVNpVVhGQUtTdjZFTWJ1bXdjN1pUNEkyYitDTXQxUEhaTEZtUEN0OXAKOEorUDdoaDlRYWRBYzZqZEdSa0NMNkpMU3VoeWhMbW90SG9IS0ZJazdhNENNZGl2QnB3SVdxMWVScHd0aWRrNwpIdytrdlJ5YW5DMUJVU1dYNGxJcW1LanAyR1B2UDVVdVV2RUlPNitqaWFyWTJDTUNKb3BtcVJ2WWQzNGtSVkF1CjZueFl4a05neEFQSnVWN2tkZVVzQXg5Q1FZcFQ1blFmendtdlVGa0FraHJoTmw5dUJRUDhMdkZORFQ0cWU0bFcKUWw0cXRFZFNiZDVxVWVVdkgzOG5JMmpTVDVMawotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
-    wildcardTLS:
-    # self signed wildcard cert for *.wlan.local
-      cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-      key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
-
-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: microk8s-hostpath
-kafka:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: microk8s-hostpath
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
-cassandra:
-  enabled: true
-  image:
-    debug: true
-  cluster:
-    replicaCount: 1
-    seedCount: 1
-  persistence:
-    enabled: true
-    storageClass: microk8s-hostpath
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-postgresql:
-  enabled: true
-  postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful:
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
-  persistence:
-    enabled: true
-    storageClass: microk8s-hostpath
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30

tip-wlan/resources/environments/dev-no-gluster.yaml

@@ -26,6 +26,9 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
+  # Is the Cluster deployed in Cloud
+  isCloudDeployment: false
+
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep
@@ -43,10 +46,9 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhost:
-    address:
-      ovsdb: tip-wlan-opensync-gw-cloud
-      mqtt: tip-wlan-opensync-mqtt-broker
+  externalhostaddress:
+    ovsdb: tip-wlan-opensync-gw-cloud
+    mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -98,9 +100,6 @@ wlan-port-forwarding-gateway-service:
   enabled: true
   creds:
     websocketSessionTokenEncKey: MyToKeN0MyToKeN1
-  externallyVisible:
-    host: api.wlan.demo.lab.wlan.tip.build
-    port: 30401
 nginx-ingress-controller:
   enabled: true
   controller:

tip-wlan/resources/environments/dev.yaml

@@ -28,6 +28,9 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
+  # Is the Cluster deployed in Cloud
+  isCloudDeployment: false
+
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep
@@ -45,10 +48,9 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhost:
-    address:
-      ovsdb: tip-wlan-opensync-gw-cloud
-      mqtt: tip-wlan-opensync-mqtt-broker
+  externalhostaddress:
+    ovsdb: tip-wlan-opensync-gw-cloud
+    mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -80,10 +82,6 @@ wlan-prov-service:
     schema_repo:
       username: tip-read
       password: tip-read
-    postgres:
-      singleDataSourceUsername: tip_user
-      singleDataSourcePassword: tip_password
-      singleDataSourceSslKeyPassword: mypassword
 wlan-ssc-service:
   enabled: true
   creds:
@@ -106,9 +104,6 @@ wlan-port-forwarding-gateway-service:
   enabled: true
   creds:
     websocketSessionTokenEncKey: MyToKeN0MyToKeN1
-  externallyVisible:
-    host: api.wlan.demo.lab.wlan.tip.build
-    port: 30401
 nginx-ingress-controller:
   enabled: true
   controller:
@@ -129,10 +124,6 @@ kafka:
   persistence:
     enabled: true
     storageClass: "glusterfs-storage"
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
-    sslKeyPassword: mypassword
 cassandra:
   enabled: true
   cluster:
@@ -145,9 +136,6 @@ cassandra:
   persistence:
     enabled: true
     storageClass: "glusterfs-storage"
-  creds:
-    sslKeystorePassword: mypassword
-    sslTruststorePassword: mypassword
 postgresql:
   enabled: true
   postgresqlPassword: postgres
@@ -161,8 +149,4 @@ postgresql:
     slaveReplicas: 1
   persistence:
     enabled: true
-    storageClass: "glusterfs-storage"
-  readinessProbe:
-    initialDelaySeconds: 30
-  livenessProbe:
-    initialDelaySeconds: 30
+    storageClass: "glusterfs-storage"

tip-wlan/resources/environments/disable-allcharts.yaml

@@ -30,6 +30,9 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
+  # Is the Cluster deployed in Cloud
+  isCloudDeployment: false
+
 createReleaseNamespace: false
 
 createDockerRegistrySecret: false
@@ -41,10 +44,9 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: false
-  externalhost:
-    address:
-      ovsdb: tip-wlan-opensync-gw-cloud
-      mqtt: tip-wlan-opensync-mqtt-broker
+  externalhostaddress:
+    ovsdb: tip-wlan-opensync-gw-cloud
+    mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -95,7 +97,7 @@ wlan-spc-service:
     sslKeystorePassword: mypassword
     sslTruststorePassword: mypassword
 wlan-port-forwarding-gateway-service:
-  enabled: false
+  enabled: true
   creds:
     websocketSessionTokenEncKey: MyToKeN0MyToKeN1
 nginx-ingress-controller:

tip-wlan/values.yaml

@@ -34,10 +34,8 @@ global:
   # SSC Service in a single docker image 
   integratedDeployment: false
 
-  testingEnabled: false
-
-  testingTimestamp: 
-  
+  # Is the Cluster deployed in Cloud
+  isCloudDeployment: true
   
 # Namespace related
 createReleaseNamespace: true