WIFI-990: disable hardcoded NodePort for AWS deployments

* rebased

* removed map-hash-bucket-size from nginx config map

* synced requests/limits for cassandra

* enabled alb for graphql and static

* added plain http

* added ingress + alb for tip-wlan-wlan-portal-service

* enabled http->https redirect for ingress/alb services

* enabled nlb for opensync-gw-cloud and mqtt services

* disabled nginx ingress

* refactored service annotations

* sync: works

* disabled nodePort hardcoded value for wlan-portal-service AWS deployment

* synced helm values

* sync

* fix prov service ssl creds

* enabled efs

* sync dev-amazon-tip from master

* disabled nodeport static for opensync-gw-cloud

* wlan-port-forwarding-gateway-service nodeport static

* opensync-mqttt-broker nodeport static

* removed whitespace in tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml

* renamed nodePort_static

* renamed alb_https_redirect

* added comment to nodePortStatic

* added a comment to   lb_https_redirect

Co-authored-by: Eugene Taranov <eugene@taranov.me>

README.md

@@ -94,25 +94,28 @@ Run minikube:
 
 ```minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10```
 
+Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
+
 Deploy CloudSDK chart:
 
-```helm install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
+```helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default```
 
 Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
 
-Services may be exposed to the local machine and local network with ssh, kubectl or kubefwd port forwarding, needs to be repeated for each service, please examples below:
+Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
 
 Kubefwd:
 
+kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
 Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
 
-Forward to all interfaces:
+Forward to all interfaces (useful if you need to connect from other devices in your local network):
 
 ```
 sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
 ```
 
-Kubectl forwarding:
+Kubectl port forwarding (alternative to kubefwd):
 ```
 kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
 kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &

tip-wlan/Chart.yaml

@@ -57,6 +57,9 @@ dependencies:
   - name: wlan-spc-service
     version: 0.1.0
     condition: wlan-spc-service.enabled
+  - name: wlan-port-forwarding-gateway-service
+    version: 0.1.0
+    condition: wlan-port-forwarding-gateway-service.enabled
   - name: nginx-ingress-controller
     version: 0.1.0
     condition: nginx-ingress-controller.enabled

tip-wlan/charts/cassandra/resources/config/certs/README.md

@@ -0,0 +1 @@
+Contains certs needed for this service to start. Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/cassandra/resources/config/certs/keystore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/cassandra/resources/config/certs/truststore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/cassandra/templates/secret.yaml

@@ -24,9 +24,9 @@ metadata:
 type: Opaque
 data:
   truststore: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
-  truststore-password: {{ .Files.Get "resources/config/certs/truststore_creds" | b64enc }}
+  truststore-password: {{ .Values.creds.sslTruststorePassword | b64enc }}
   keystore: {{ .Files.Get "resources/config/certs/cassandra_server_keystore.jks" | b64enc }}
-  keystore-password: {{ .Files.Get "resources/config/certs/keystore_creds" | b64enc }}
+  keystore-password: {{ .Values.creds.sslKeystorePassword | b64enc }}
 ---
 apiVersion: v1
 kind: Secret
@@ -36,4 +36,5 @@ metadata:
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
-
+  keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
+  truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}

tip-wlan/charts/cassandra/values.yaml

@@ -326,3 +326,6 @@ metrics:
   podAnnotations:
     prometheus.io/scrape: "true"
     prometheus.io/port: "8080"
+creds:
+  sslKeystorePassword: DUMMY_PASSWORD
+  sslTruststorePassword: DUMMY_PASSWORD

tip-wlan/charts/common/templates/_ports.tpl

@@ -0,0 +1,28 @@
+{{/*
+    This template will be used to iterate through the debug-ports and generate
+    debug-ports mapping
+  */}}
+
+{{- define "container.dev.debugport" -}}
+  {{- if .Values.debug.enabled }}
+  {{- range $index, $portid := .Values.debugPorts }}
+  - name: debugport-{{ $index }}
+    containerPort: {{ $portid }}
+    protocol: TCP
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{- define "service.dev.debugport" -}}
+  {{- if .Values.debug.enabled }}
+  {{- range $index, $portid := .Values.debugPorts }}
+  - port: {{ $portid }}
+    targetPort: {{ $portid }}
+    protocol: TCP
+    name: debugport-{{ $index }}
+    {{- if eq $.Values.service.type "NodePort" }}
+    nodePort: {{ $portid }}
+    {{- end }}   
+  {{- end }}
+  {{- end }}
+{{- end -}}

tip-wlan/charts/common/templates/_svc.tpl

@@ -60,6 +60,14 @@ else use user-provided URL
   {{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
 {{- end -}}
 
+{{/*
+  Resolve the Opensync-gw service-name to apply to a chart. 
+*/}}
+{{- define "opensyncgw.service" -}}
+  {{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
+{{- end -}}
+
+
 {{/*
   Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw 
 */}}

tip-wlan/charts/kafka/resources/config/admin-client.properties

@@ -1,11 +0,0 @@
-ssl.endpoint.identification.algorithm=
-security.protocol=SSL
-ssl.key.password=DUMMY_PASSWORD
-ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
-ssl.keystore.password=DUMMY_PASSWORD
-ssl.keystore.type=PKCS12
-ssl.truststore.location=/etc/kafka/secrets/truststore.jks
-ssl.truststore.password=DUMMY_PASSWORD
-ssl.truststore.type=JKS
-bootstrap.servers=tip-wlan-kafka-headless:9093
-

tip-wlan/charts/kafka/resources/config/certs/key_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/resources/config/certs/keystore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/resources/config/certs/truststore_creds

@@ -1 +0,0 @@
-DUMMY_PASSWORD

tip-wlan/charts/kafka/templates/configmap.yaml

@@ -4,4 +4,14 @@ metadata:
   name: {{ include "common.fullname" . }}-clientconfig
   namespace: {{ include "common.namespace" . }}
 data:
-{{ tpl (.Files.Glob "resources/config/admin-client.properties").AsConfig . | indent 2 }}
+  admin-client.properties: |
+    ssl.endpoint.identification.algorithm=
+    security.protocol=SSL
+    ssl.key.password={{ .Values.creds.sslKeyPassword | b64enc }}
+    ssl.keystore.location=/etc/kafka/secrets/kafka-server.pkcs12
+    ssl.keystore.password={{ .Values.creds.sslKeystorePassword | b64enc }}
+    ssl.keystore.type=PKCS12
+    ssl.truststore.location=/etc/kafka/secrets/truststore.jks
+    ssl.truststore.password={{ .Values.creds.sslTruststorePassword | b64enc }}
+    ssl.truststore.type=JKS
+    bootstrap.servers=tip-wlan-kafka-headless:9093

tip-wlan/charts/kafka/templates/secret.yaml

@@ -1,8 +1,18 @@
+---
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "common.fullname" . }}-certs
   namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ template "common.name" . }}
+    chart: {{ template "common.chart" . }}
+    release: {{ .Release.Name | quote }}
 type: Opaque
 data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
+  truststore_creds: {{ .Values.creds.sslTruststorePassword | b64enc }}
+  keystore_creds: {{ .Values.creds.sslKeystorePassword | b64enc }}
+  key_creds: {{ .Values.creds.sslKeyPassword | b64enc }}
+  truststore.jks: {{ .Files.Get "resources/config/certs/truststore.jks" | b64enc }}
+  kafka-server.pkcs12: {{ .Files.Get "resources/config/certs/kafka-server.pkcs12" | b64enc }}
+  README: {{ .Files.Get "resources/config/certs/README.md" | b64enc }}

tip-wlan/charts/kafka/values.yaml

@@ -353,3 +353,8 @@ zookeeper:
   #       labelSelector:
   #         matchLabels:
   #           release: zookeeper
+
+creds:
+  sslTruststorePassword: DUMMY_PASSWORD
+  sslKeystorePassword: DUMMY_PASSWORD
+  sslKeyPassword: DUMMY_PASSWORD

tip-wlan/charts/opensync-gw-cloud/resources/config/logback.xml

@@ -73,6 +73,7 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
+    <appender-ref ref="stdout"/>
   </root>
 
 </configuration>

tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml

@@ -4,7 +4,6 @@
 {{- $mqtt := include "mqtt.service" . -}}
 {{- $ns := include "common.namespace" . -}}
 {{- $file_store_path := include "filestore.dir.name" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -28,51 +27,50 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-      - name: wait-for-services
-        image: opsfleet/depends-on
-        args:
-        - "-service={{ .Release.Name }}-opensync-mqtt-broker"
-        - "-service={{ .Release.Name }}-wlan-prov-service"
-        - "-service={{ .Release.Name }}-wlan-ssc-service"
-        - -check_interval=5
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-opensync-mqtt-broker"
+          - "-service={{ .Release.Name }}-wlan-prov-service"
+          - "-service={{ .Release.Name }}-wlan-ssc-service"
+          - -check_interval=5
       {{- if .Values.global.integratedDeployment }}
-      - name: {{ include "common.name" . }}-readiness-int-cloud
-        image: alpine
-        imagePullPolicy: {{ .Values.global.pullPolicy }}
-        command:
-        - sh
-        - -c
-        - |
-          if [ {{ $cloudeployment }} = false ]
-          then            
-            echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-            echo "Added name-resolution for local deployments"
-          fi
-          apk add curl
-          url=https://{{ $icc }}/ping
-          counter=0
-          status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-          while [ $counter -lt 10 ] && [ $status -ne 200 ] 
-          do
-            echo ${url} service isnt ready. Tried $counter times
-            sleep 5
-            counter=`expr $counter + 1`
+        - name: {{ include "common.name" . }}-readiness-int-cloud
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            apk add curl
+            url=https://{{ $icc }}/ping
+            counter=0
             status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
-            echo Http Response code of ping request = $status
-          done
-          if [ $status -eq 200 ]
-          then
-            echo ${url} service is ready!
-          else
-            echo ${url} service failed to respond after 50 secs
-            exit 1
-          fi 
+            while [ $counter -lt 10 ] && [ $status -ne 200 ] 
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:
@@ -95,7 +93,9 @@ spec:
           env:
             {{- include "common.env" . | nindent 12 }}
             - name: OVSDB_MANAGER
-              value: {{ .Values.externalhostaddress.ovsdb }}
+              value: {{ .Values.externalhost.address.ovsdb }}
+            - name: OVSDB_EXTERNAL_PORT
+              value: "{{ .Values.externalhost.ports.ovsdb }}"
             - name: OVSDB_MANAGER_IP
               valueFrom:
                 fieldRef:
@@ -103,7 +103,9 @@ spec:
             - name: MQTT_SERVER_INTERNAL
               value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
             - name: MQTT_SERVER_EXTERNAL
-              value: {{ .Values.externalhostaddress.mqtt }}
+              value: {{ .Values.externalhost.address.mqtt }}
+            - name: MQTT_BROKER_EXTERNAL_PORT
+              value: "{{ .Values.externalhost.ports.mqtt }}"
             {{- if .Values.global.integratedDeployment }}
             - name: INTEGRATED_SERVER
               value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}

tip-wlan/charts/opensync-gw-cloud/templates/rbac.yaml

@@ -2,7 +2,7 @@
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: opensync-gw-cloud-depends-on-role
+  name: {{ include "common.fullname" . }}-depends-on
   namespace: {{ include "common.namespace" . }}
 rules:
 - apiGroups: ["batch", "apps", ""]
@@ -13,12 +13,12 @@ rules:
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: opensync-gw-cloud-depends-on-role-binding
+  name: {{ include "common.fullname" . }}-depends-on
   namespace: {{ include "common.namespace" . }}
 subjects:
 - kind: ServiceAccount
   name: {{ include "common.serviceAccountName" . }}
 roleRef:
   kind: Role
-  name: opensync-gw-cloud-depends-on-role
+  name: {{ include "common.fullname" . }}-depends-on
   apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/opensync-gw-cloud/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,28 +16,38 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
     - port: {{ .Values.service.port3 }}
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+      {{- end }}
     - port: {{ .Values.service.port4 }}
       targetPort: {{ .Values.service.port4 }}
       protocol: TCP
       name: {{ .Values.service.name4 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+      {{- end }}
     {{- if .Values.debug.enabled }}
     - port: {{ .Values.service.port5 }}
       targetPort: {{ .Values.service.port5 }}
       protocol: TCP
       name: {{ .Values.service.name5 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
+      {{- end }}
     {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-gw-cloud/values.yaml

@@ -77,6 +77,8 @@ service:
   port5: 5005
   name5: debug
   nodePort5: 26
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 persistence:
   enabled: false
@@ -113,13 +115,21 @@ portal:
       name: file-store-data
       ordinal: 0
 
- # These are list of external HostAddresses for ovsdb, mqtt. 
- # This is important for ovsdb and mqtt since 
- # that's what AP sees. Please make sure to override
- # them in dev override file for your respective environments.
-externalhostaddress:
-  ovsdb: opensync-gw-cloud
-  mqtt: opensync-mqtt-broker
+
+# These are the address and ports for the externalhost
+# This is important for ovsdb and mqtt since 
+# that's what AP sees. Please make sure to override
+# them in dev override file for your respective environments.
+# the default values below would be used if not overriden
+externalhost:
+  address:
+    ovsdb: opensync-gw-cloud
+    mqtt: opensync-mqtt-broker
+  ports:
+    ovsdb: 6640
+    mqtt: 1883
+
+
 
 ethernetType:
   lanName: "lan"

tip-wlan/charts/opensync-gw-static/resources/config/logback.xml

@@ -68,7 +68,7 @@
    -->
    
   <root level="WARN">
-<!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/opensync-gw-static/templates/deployment.yaml

@@ -24,7 +24,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           {{- if .Values.probes.enabled }}
           livenessProbe:

tip-wlan/charts/opensync-mqtt-broker/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,11 +16,15 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
+      {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/opensync-mqtt-broker/templates/statefulset.yaml

@@ -76,35 +76,13 @@ spec:
           readinessProbe:
             tcpSocket:
               port: {{ .Values.service.port1 }}
-            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}  
+            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
             timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
             failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
             periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
-          startupProbe:
-            exec:
-              command:
-              - ash
-              - -c
-              - >
-                mosquitto_pub -h 127.0.0.1 -p {{ .Values.service.port1 }} 
-                --cafile /certs/cacert.pem
-                --cert /certs/clientcert.pem
-                --key /certs/clientkey.pem
-                --insecure
-                -t "/ap/test"
-                -q 0
-                -m "CheckingMQTTAliveness"
-            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
-            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
           {{- end }}
           volumeMounts:
-          - mountPath: /certs/clientcert.pem
-            name: certificates
-            subPath: clientcert.pem
-          - mountPath: /certs/clientkey.pem
-            name: certificates
-            subPath: clientkey.pem
           - mountPath: /certs/cacert.pem
             name: opensync-mqtt-broker-truststore
             subPath: cacert.pem
@@ -149,9 +127,6 @@ spec:
       - name: opensync-mqtt-broker-conf
         configMap:
             name: mosquitto-config
-      - name: certificates
-        secret:
-          secretName: {{ .Release.Name }}-opensync-gw-cloud-certs
       {{- if not .Values.persistence.enabled }}
       - name: db
         emptyDir: {}

tip-wlan/charts/opensync-mqtt-broker/values.yaml

@@ -61,6 +61,8 @@ service:
   port2: 9001
   name2: debug
   nodePort2: 32
+  annotations: {}
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/charts/postgresql/files/pg_hba.conf

@@ -1,3 +1,4 @@
 hostssl replication repl_user 0.0.0.0/0 md5 clientcert=1
 hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
+hostssl postgres postgres ::/0 cert clientcert=1
 hostssl all all 0.0.0.0/0 md5 clientcert=1

tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml

@@ -24,7 +24,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
           - name: API

tip-wlan/charts/wlan-cloud-graphql-gw/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-graphql-gw/templates/service.yaml

@@ -12,6 +12,8 @@ spec:
       targetPort: {{ .Values.service.port }}
       protocol: TCP
       name: {{ .Values.service.name }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+      {{- end }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-cloud-graphql-gw/values.yaml

@@ -51,9 +51,11 @@ service:
   port: 4000
   name: graphui
   nodePort: 23
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: true
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml

@@ -24,7 +24,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
           - name: API

tip-wlan/charts/wlan-cloud-static-portal/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-cloud-static-portal/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

tip-wlan/charts/wlan-cloud-static-portal/values.yaml

@@ -50,6 +50,7 @@ service:
 
 ingress:
   enabled: true
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

tip-wlan/charts/wlan-integrated-cloud-component-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml

@@ -1,7 +1,6 @@
 {{- if .Values.global.integratedDeployment }}
 {{- $pg := include "postgresql.service" . -}}
 {{- $ns := include "common.namespace" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -55,15 +54,6 @@ spec:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then          
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
-              echo "151.101.128.204 security.debian.org" >> /etc/hosts
-              echo "151.101.126.133 deb.debian.org" >> /etc/hosts
-              echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-postgresql.sql from JFrog *****"
@@ -91,7 +81,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             - name: BACKEND_SERVER

tip-wlan/charts/wlan-port-forwarding-gateway-service/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

tip-wlan/charts/wlan-port-forwarding-gateway-service/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: wlan-port-forwarding-gateway-service
+description: WLAN Port Forwarding Gateway Service Helm chart for Kubernetes for debugging APs remotely
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 0.0.1

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/certs/README.md

@@ -0,0 +1,2 @@
+Contains certs needed for this service to start.
+Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/logback.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- For assistance related to logback-translator or configuration  -->
+<!-- files in general, please contact the logback user mailing list -->
+<!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
+<!--                                                                -->
+<!-- For professional support please see                            -->
+<!--    http://www.qos.ch/shop/products/professionalSupport         -->
+<!--                                                                -->
+<configuration>
+  <conversionRule conversionWord="filteredStack"
+                  converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />
+
+  <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%filteredStack%nopex</pattern>
+      <!-- See http://logback.qos.ch/manual/layouts.html for details -->
+      <!-- %ex{5} - add at the end to display only 5 levels of the exception stack trace -->
+      <!-- %nopex - add at the end to not display any of the exception stack traces -->
+      <!-- %ex{full} - add at the end to display all the levels of the exception stack trace -->
+  </encoder>
+    <!--
+  <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+    <file>myApp.log</file>
+
+    <encoder>
+      <pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
+    </encoder>
+  </appender>
+  -->
+
+  </appender>
+  <appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>/app/logs/portForwardingGateway.log</file>
+    <append>true</append>
+    <encoder>
+      <pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <fileNamePattern>/app/logs/portForwardingGateway.%i.log.gz</fileNamePattern>
+      <minIndex>1</minIndex>
+      <maxIndex>3</maxIndex>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <maxFileSize>20MB</maxFileSize>
+    </triggeringPolicy>
+  </appender>
+
+
+  <!--
+  details: http://logback.qos.ch/manual/configuration.html#auto_configuration
+
+  runtime configuration, if need to override the defaults:
+    -Dlogging.config=file:///home/ec2-user/opensync/logback.xml
+
+  for log configuration debugging - use
+  	-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
+
+  log levels:
+	OFF ERROR WARN INFO DEBUG TRACE
+   -->
+  <logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
+  <logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
+  <logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
+
+  <logger name="com.telecominfraproject" level="INFO"/>
+  <logger name="com.telecominfraproject.wlan" level="DEBUG"/>
+  <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
+
+  <root level="WARN">
+    <appender-ref ref="stdout"/>
+    <appender-ref ref="logfile"/>
+  </root>
+  
+</configuration>

tip-wlan/charts/wlan-port-forwarding-gateway-service/resources/config/run.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# local_port_range that Java process can use
+# These are then assigned to the container ports (in the deployment.yaml) which can either:
+# later be opened by the port-forwarding-gateway service as NodePorts (preferred)
+# or use kubectl port-forwarding to forward the container ports. Example:
+# kubectl port-forward pods/<port-forwarding-gw-pod> <local-machine-port>:<debugPort on the Pod>
+sysctl -w net.ipv4.ip_local_port_range="30410    30435"
+
+PROFILES=" -Dspring.profiles.include=use_ssl_with_client_cert_and_digest_auth,client_certificate_and_digest_auth,RestTemplateConfiguration_X509_client_cert_auth"
+
+LOGGING_PROPS=" -Dlogging.config=file:/app/port-forwarding-gateway/logback.xml"
+
+# SSC_URL: something like https://${SSC_SERVER_HOST}:9031
+SSC_URL=${SSC_RELEASE_URL}
+# PROV_URL: something like https://${PROV_SERVER_HOST}:9091
+PROV_URL=${PROV_RELEASE_URL}
+# PF_GATEWAY_URL: something like https://${PF_GATEWAY_SERVER_HOST}:7070
+PF_GATEWAY_URL=${PF_GATEWAY_RELEASE_URL}
+PF_GATEWAY_ENCRYPTION_KEY=${PF_GATEWAY_RELEASE_ENCRYPTION_KEY:='MyToKeN0MyToKeN1'}
+PF_GATEWAY_EXT_HOST=${PF_GATEWAY_RELEASE_EXT_HOST:=''}
+PF_GATEWAY_EXT_PORT=${PF_GATEWAY_RELEASE_EXT_PORT:='0'}
+
+
+# SSC URLs
+HOST_PROPS=" "
+HOST_PROPS+=" -Dtip.wlan.cloudEventDispatcherBaseUrl=$SSC_URL"
+HOST_PROPS+=" -Dtip.wlan.statusServiceBaseUrl=$SSC_URL"
+HOST_PROPS+=" -Dtip.wlan.routingServiceBaseUrl=$SSC_URL"
+HOST_PROPS+=" -Dtip.wlan.alarmServiceBaseUrl=$SSC_URL"
+HOST_PROPS+=" -Dtip.wlan.systemEventServiceBaseUrl=$SSC_URL"
+HOST_PROPS+=" -Dtip.wlan.clientServiceBaseUrl=$SSC_URL"
+HOST_PROPS+=" -Dtip.wlan.serviceMetricServiceBaseUrl=$SSC_URL"
+
+# PROV URLs
+HOST_PROPS+=" -Dtip.wlan.customerServiceBaseUrl=$PROV_URL"
+HOST_PROPS+=" -Dtip.wlan.portalUserServiceBaseUrl=$PROV_URL"
+HOST_PROPS+=" -Dtip.wlan.firmwareServiceBaseUrl=$PROV_URL"
+HOST_PROPS+=" -Dtip.wlan.locationServiceBaseUrl=$PROV_URL"
+HOST_PROPS+=" -Dtip.wlan.manufacturerServiceBaseUrl=$PROV_URL"
+HOST_PROPS+=" -Dtip.wlan.equipmentServiceBaseUrl=$PROV_URL"
+HOST_PROPS+=" -Dtip.wlan.profileServiceBaseUrl=$PROV_URL"
+
+# Port-Forwarder Gateway Specific
+HOST_PROPS+=" -Dtip.wlan.portForwarderGatewayBaseUrl=$PF_GATEWAY_URL"
+HOST_PROPS+=" -Dtip.wlan.websocketSessionTokenEncryptionKey=$PF_GATEWAY_ENCRYPTION_KEY"
+HOST_PROPS+=" -Dtip.wlan.externallyVisibleHostName=$PF_GATEWAY_EXT_HOST"
+HOST_PROPS+=" -Dtip.wlan.externallyVisiblePort=$PF_GATEWAY_EXT_PORT"
+
+
+REMOTE_DEBUG_PORT=5010
+REMOTE_DEBUG=" -agentlib:jdwp=transport=dt_socket,server=y,address=*:$REMOTE_DEBUG_PORT,suspend=n"
+
+export ALL_PROPS="$PROFILES $LOGGING_PROPS $HOST_PROPS $REMOTE_DEBUG"
+
+java $ALL_PROPS -jar app.jar

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-config
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml

@@ -0,0 +1,147 @@
+{{- $opensyncgw := include "opensyncgw.service" . -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "common.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "common.selectorLabels" . | nindent 8 }}
+    spec:
+      imagePullSecrets:
+        - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      serviceAccountName: {{ include "common.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: {{ include "common.name" . }}-readiness-opensync-gw
+          image: alpine
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          command:
+          - sh
+          - -c
+          - |
+            apk add curl
+            url=https://{{ $opensyncgw }}/ping
+            counter=0
+            status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+            while [ $counter -lt 30 ] && [ $status -ne 200 ]
+            do
+              echo ${url} service isnt ready. Tried $counter times
+              sleep 5
+              counter=`expr $counter + 1`
+              status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
+              echo Http Response code of ping request = $status
+            done
+            if [ $status -eq 200 ]
+            then
+              echo ${url} service is ready!
+            else
+              echo ${url} service failed to respond after 50 secs
+              exit 1
+            fi        
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
+          imagePullPolicy: {{ .Values.global.pullPolicy }}
+          env:
+            {{- include "common.env" . | nindent 12 }}
+            - name: PF_GATEWAY_RELEASE_URL
+              value: {{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.pfGateway.service }}:{{ .Values.env.pfGateway.port }}
+            - name: PF_GATEWAY_RELEASE_ENCRYPTION_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "common.fullname" . }}-creds
+                  key: websocketSessionTokenEncKey
+            - name: PF_GATEWAY_RELEASE_EXT_HOST
+              value: {{ .Values.externallyVisible.host }}
+            - name: PF_GATEWAY_RELEASE_EXT_PORT
+              value: "{{ .Values.externallyVisible.port }}"
+          {{- if .Values.probes.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.livenessProbe.scheme }}
+            initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}  
+            timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: {{ .Values.service.port2 }}
+              scheme: {{ .Values.probes.readinessProbe.scheme }}
+            initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
+            timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
+            periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
+          {{- end }}
+          volumeMounts:
+          - mountPath: /opt/tip-wlan/certs/client_keystore.jks
+            name: certificates
+            subPath: client_keystore.jks
+          - mountPath: /opt/tip-wlan/certs/truststore.jks
+            name: certificates
+            subPath: truststore.jks
+          - mountPath: /opt/tip-wlan/certs/server.pkcs12
+            name: certificates
+            subPath: server.pkcs12
+          - mountPath: /app/port-forwarding-gateway/logback.xml
+            name: configuration
+            subPath: logback.xml
+          - mountPath: /app/run.sh
+            name: configuration
+            subPath: run.sh
+          ports:
+            - name: {{ .Values.service.name1 }}
+              containerPort: {{ .Values.service.port1 }}
+              protocol: TCP
+            - name: {{ .Values.service.name2 }}
+              containerPort: {{ .Values.service.port2 }}
+              protocol: TCP
+            {{- if .Values.debug.enabled }}
+            - name: {{ .Values.service.name3 }}
+              containerPort: {{ .Values.service.port3 }}
+              protocol: TCP
+            {{- end }}
+            {{- include "container.dev.debugport" . | nindent 10 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+      - name: certificates
+        secret:
+          secretName: {{ include "common.fullname" . }}-certs
+          defaultMode: 0400
+      - name: configuration
+        configMap:
+            name: {{ include "common.fullname" . }}-config
+            defaultMode: 0755

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.fullname" . -}}
+{{- $svcPort := .Values.service.port1 -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/secret.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-certs
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-creds
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ template "common.name" . }}
+    chart: {{ template "common.chart" . }}
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+type: Opaque
+data:
+  {{- if .Values.creds.enabled }}
+  websocketSessionTokenEncKey: {{ .Values.creds.websocketSessionTokenEncKey | b64enc | quote }}
+  {{- end }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/service.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port1 }}
+      targetPort: {{ .Values.service.port1 }}
+      protocol: TCP
+      name: {{ .Values.service.name1 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort1 }}
+      {{- end }}
+    - port: {{ .Values.service.port2 }}
+      targetPort: {{ .Values.service.port2 }}
+      protocol: TCP
+      name: {{ .Values.service.name2 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
+      {{- end }}
+    {{- if .Values.debug.enabled }}
+    - port: {{ .Values.service.port3 }}
+      targetPort: {{ .Values.service.port3 }}
+      protocol: TCP
+      name: {{ .Values.service.name3 }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
+      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort3 }}
+      {{- end }}
+    {{- end }}      
+    {{- include "service.dev.debugport" . | nindent 2 }}
+  selector:
+    {{- include "common.selectorLabels" . | nindent 4 }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceAccountName" . }}
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.testsEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "common.fullname" . }}-test-connection"
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
+  restartPolicy: Never
+{{- end }}

tip-wlan/charts/wlan-port-forwarding-gateway-service/values.yaml

@@ -0,0 +1,179 @@
+# Default values for opensync-gw.
+# This is a YAML-formatted file.
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  name: wlan-port-forwarding-gateway-service
+  tag: 0.0.1-SNAPSHOT
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+# Reserving hundred nodeports (30400 - 30499) for this service (using different NodePortPrefix)
+# Expectation is we allow multiple APs to be debugged at the same time
+nodePortPrefixExt: 304
+
+## Liveness and Readiness probe values.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+probes:
+  enabled: true
+  livenessProbe:
+    initialDelaySeconds: 30
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+    scheme: HTTPS
+  readinessProbe:
+    initialDelaySeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 5
+    successThreshold: 1
+    failureThreshold: 3
+    scheme: HTTPS
+
+securityContext:
+  privileged: true
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+# Enable/Disable Helm tests
+testsEnabled: false
+
+# Enable/Disable Remote debugging
+debug: 
+  enabled: false
+
+service:
+  type: NodePort
+  port1: 7070
+  name1: server
+  nodePort1: '01'
+  port2: 7072
+  name2: secondary-port
+  nodePort2: '02'
+  port3: 5010
+  name3: debug-appl
+  nodePort3: '03'
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
+
+# The below ports are the ports that Java would choose as Local ports whenever it opens up
+# a developer session for debug.
+# These ports are therefore assigned as container ports (in the deployment.yaml), so we 
+# can reach them from inside the cluster.
+# Also, we open equivalent NodePorts on the Kubernetes cluster (see service.yaml), so a developer
+# can connect to it to debug an AP.
+# NOTE: Another way to reach these container ports without opening NodePorts was to use 
+# kubectl port forwarding. However, we dont want the developer to install kubectl.
+
+debugPorts:
+  - 30410
+  - 30411
+  - 30412
+  - 30413
+  - 30414
+  - 30415
+  - 30416
+  - 30417
+  - 30418
+  - 30419
+  - 30420
+  - 30421
+  - 30422
+  - 30423
+  - 30424
+  - 30425
+  - 30426
+  - 30427
+  - 30428
+  - 30429
+  - 30430
+  - 30431
+  - 30432
+  - 30433
+  - 30434
+  - 30435
+
+creds:
+  enabled: true
+  websocketSessionTokenEncKey: DUMMY_ENC_KEY
+
+opensyncgw:
+  url: opensync-gw-cloud
+  port: 9097
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: example.com
+      paths: [
+         /portal 
+        ]
+  tls: 
+   - secretName: portal-secret
+     hosts:
+       - example.com
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+externallyVisible:
+  host: pfg.example.org
+  port: 7070
+
+env:
+  protocol: https
+  ssc_url: SSC_RELEASE_URL
+  prov_url: PROV_RELEASE_URL
+  ssc:
+    service: wlan-ssc-service
+    port: 9031
+  prov:
+    service: wlan-prov-service
+    port: 9091
+  pfGateway:
+    service: wlan-port-forwarding-gateway-service
+    port: 7070
+
+

tip-wlan/charts/wlan-portal-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-portal-service/templates/ingress.yaml

@@ -32,6 +32,12 @@ spec:
     - host: {{ .host | quote }}
       http:
         paths:
+        {{- if $.Values.ingress.lb_https_redirect }}
+          - path: /*
+            backend:
+              serviceName: ssl-redirect
+              servicePort: use-annotation
+        {{- end }}
         {{- range .paths }}
           - path: {{ . }}
             backend:

tip-wlan/charts/wlan-portal-service/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ include "common.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -12,14 +16,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +31,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}

tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml

@@ -48,7 +48,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}

tip-wlan/charts/wlan-portal-service/values.yaml

@@ -9,6 +9,8 @@
 
 replicaCount: 1
 
+
+
 image:
   name: wlan-portal-service
   tag: 0.0.1-SNAPSHOT
@@ -72,10 +74,12 @@ service:
   nodePort2: 52
   port3: 5006
   name3: debug
-  nodePort3: 15  
+  nodePort3: 15
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false
+  lb_https_redirect: false ## if set to true, enables http->https redirect on cloud load balancer
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

tip-wlan/charts/wlan-prov-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-prov-service/templates/configmap.yaml

@@ -4,6 +4,7 @@ metadata:
   name: {{ include "common.fullname" . }}-log-config
   namespace: {{ include "common.namespace" . }}
 data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
   datasource.properties: |-
     singleDataSource.url=jdbc:postgresql://tip-wlan-postgresql:5432/prov_db
     singleDataSource.username={{ .Values.creds.postgres.singleDataSourceUsername }}
@@ -15,5 +16,4 @@ data:
     singleDataSource.sslfactory=org.postgresql.ssl.LibPQFactory
     singleDataSource.sslkey=/opt/tip-wlan/certs/postgresclient.p12
     singleDataSource.sslrootcert=/opt/tip-wlan/certs/cacert.pem
-    singleDataSource.sslkeypassword=DUMMY_PASSWORD
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+    singleDataSource.sslkeypassword={{ .Values.creds.postgres.singleDataSourceSslKeyPassword }}

tip-wlan/charts/wlan-prov-service/templates/deployment.yaml

@@ -1,6 +1,5 @@
 {{- $pg := include "postgresql.service" . -}}
 {{- $ns := include "common.namespace" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,9 +24,9 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
         - name: wait-for-services
-          image: opsfleet/depends-on
+          image: opsfleet/depends-on:latest
           args:
-          - "-service={{ $pg }}"
+          - "-service={{ .Release.Name }}-postgresql"
           - -check_interval=5
         - name: {{ include "common.name" . }}-create-db-schema
           env:
@@ -58,16 +57,7 @@ spec:
           command:
           - sh
           - -c
-          - |
-            if [ {{ $cloudeployment }} = false ]
-            then
-              echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
-              echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
-              echo "151.101.128.204 security.debian.org" >> /etc/hosts
-              echo "151.101.126.133 deb.debian.org" >> /etc/hosts
-              echo "147.75.85.69 apt.postgresql.org" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi            
+          - |      
             apt update
             apt -y install curl
             echo "***** Fetching latest cloud-sdk-schema-postgresql for DB and Tables sql from JFrog *****"
@@ -128,7 +118,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}

tip-wlan/charts/wlan-prov-service/templates/rbac.yaml

@@ -2,7 +2,7 @@
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: wlan-prov-service-depends-on-role
+  name: {{ include "common.fullname" . }}-depends-on
   namespace: {{ include "common.namespace" . }}
 rules:
 - apiGroups: ["batch", "apps", ""]
@@ -13,12 +13,12 @@ rules:
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: wlan-prov-service-depends-on-role-binding
+  name: {{ include "common.fullname" . }}-depends-on
   namespace: {{ include "common.namespace" . }}
 subjects:
 - kind: ServiceAccount
   name: {{ include "common.serviceAccountName" . }}
 roleRef:
   kind: Role
-  name: wlan-prov-service-depends-on-role
+  name: {{ include "common.fullname" . }}-depends-on
   apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-prov-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-prov-service/values.yaml

@@ -69,6 +69,10 @@ creds:
   schema_repo:
     username: DUMMY_SCHEMA_REPO_USERNAME
     password: DUMMY_SCHEMA_REPO_PASSWORD
+  postgres:
+    singleDataSourceUsername: DUMMY_POSTGRES_USER
+    singleDataSourcePassword: DUMMY_POSTGRES_PASSWORD
+    singleDataSourceSslKeyPassword: DUMMY_SSL_PASSWORD
 
 # Enable/Disable Remote debugging
 debug: 
@@ -82,6 +86,7 @@ service:
   name2: secondary-port
   port3: 5007
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/charts/wlan-spc-service/resources/config/logback.xml

@@ -74,6 +74,7 @@
 
   <root level="WARN">
     <appender-ref ref="logfile"/>
+    <appender-ref ref="stdout"/>
   </root>
   
 </configuration>

tip-wlan/charts/wlan-spc-service/templates/deployment.yaml

@@ -23,15 +23,20 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-kafka-headless"
+          - -check_interval=5
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}

tip-wlan/charts/wlan-spc-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-spc-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-spc-service/values.yaml

@@ -70,6 +70,7 @@ service:
   name2: secondary-port
   port3: 5009
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/charts/wlan-ssc-service/resources/config/logback.xml

@@ -68,7 +68,7 @@
   <logger name="com.telecominfraproject.wlan.core.server.webconfig.WebGenericConverter" level="OFF"/>
 
   <root level="WARN">
-    <!--    <appender-ref ref="stdout"/>-->
+    <appender-ref ref="stdout"/>
     <appender-ref ref="logfile"/>
   </root>
   

tip-wlan/charts/wlan-ssc-service/templates/configmap.yaml

@@ -4,30 +4,27 @@ metadata:
   name: {{ include "common.fullname" . }}-ssc-config
   namespace: {{ include "common.namespace" . }}
 data:
-  cassandra-application.conf: |-
-    # The options in this file are overrides for the default configuration.
-    # They can also be overridden by the java system properties using -Dproperty=value
-    # For more details see https://docs.datastax.com/en/developer/java-driver/4.7/manual/core/configuration/reference/
-    datastax-java-driver {
-      basic {
-        contact-points = [ "tip-wlan-cassandra-headless:9042" ]
-        load-balancing-policy.local-datacenter = datacenter1
-        session-keyspace = tip_wlan_keyspace
-      }
-
-      advanced.ssl-engine-factory {
-        class = DefaultSslEngineFactory    
-        hostname-validation = false
-        truststore-path = /opt/tip-wlan/certs/truststore.jks
-        truststore-password = {{ .Values.creds.sslTruststorePassword }}
-        keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
-        keystore-password = {{ .Values.creds.sslKeystorePassword }}
-      }
-
-      advanced.auth-provider {
-        class = PlainTextAuthProvider
-        username = {{ .Values.creds.cassandra.tip_user }}
-        password = {{ .Values.creds.cassandra.tip_password }}
-      }
-    }
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+  cassandra-application.conf: >-
+    datastax-java-driver {
+        basic {
+            contact-points = [ "tip-wlan-cassandra-headless:9042" ]
+            load-balancing-policy.local-datacenter = datacenter1
+            session-keyspace = tip_wlan_keyspace
+        }
+
+        advanced.ssl-engine-factory {
+            class = DefaultSslEngineFactory
+            hostname-validation = false
+            truststore-path = /opt/tip-wlan/certs/truststore.jks
+            truststore-password = {{ .Values.creds.sslTruststorePassword }}
+            keystore-path = /opt/tip-wlan/certs/cassandra_server_keystore.jks
+            keystore-password = {{ .Values.creds.sslKeystorePassword }}
+        }
+
+        advanced.auth-provider {
+            class = PlainTextAuthProvider
+            username = {{ .Values.creds.cassandra.tip_user }}
+            password = {{ .Values.creds.cassandra.tip_password }}
+        }
+    }

tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml

@@ -1,7 +1,6 @@
 {{- $kafka := include "kafka.service" . -}}
 {{- $cassandra := include "cassandra.service" . -}}
 {{- $ns := include "common.namespace" . -}}
-{{- $cloudeployment := .Values.global.isCloudDeployment -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -25,14 +24,12 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: {{ include "common.name" . }}-kafka-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $kafka }}.{{ $ns }}.svc.cluster.local; do echo waiting for Kafka; sleep 2; done"]
-        - name: {{ include "common.name" . }}-cassandra-readiness
-          image: busybox:1.28
-          imagePullPolicy: {{ .Values.global.pullPolicy }}
-          command: ['sh', '-c', "until nslookup {{ $cassandra }}.{{ $ns }}.svc.cluster.local; do echo waiting for Cassandra; sleep 2; done"]
+        - name: wait-for-services
+          image: opsfleet/depends-on:latest
+          args:
+          - "-service={{ .Release.Name }}-kafka-headless"
+          - "-service={{ .Release.Name }}-cassandra"
+          - -check_interval=5
         - name: {{ include "common.name" . }}-create-db-schema-cassandra
           env:
           - name: CASSANDRA_PORT_NUMBER
@@ -53,13 +50,6 @@ spec:
           - sh
           - -c
           - |
-            if [ {{ $cloudeployment }} = false ]
-            then
-              echo "91.189.88.152 security.ubuntu.com" >> /etc/hosts
-              echo "34.215.47.158 tip-tip-wlan-cloud-docker-repo.jfrog.io" >> /etc/hosts
-              echo "91.189.88.142 archive.ubuntu.com" >> /etc/hosts
-              echo "Added name-resolution for local deployments"
-            fi
             apt update
             apt -y install curl
             echo "***** Fetching cloud-sdk-schema-cassandra.cql from JFrog *****"
@@ -122,7 +112,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.global.testingEnabled }}
+          image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
+          {{- else }}
           image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
+          {{- end }}
           imagePullPolicy: {{ .Values.global.pullPolicy }}
           env:
             {{- include "common.env" . | nindent 12 }}
@@ -222,7 +216,7 @@ spec:
             - name: {{ .Values.service.name3 }}
               containerPort: {{ .Values.service.port3 }}
               protocol: TCP
-            {{- end }}              
+            {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

tip-wlan/charts/wlan-ssc-service/templates/rbac.yaml

@@ -0,0 +1,24 @@
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["batch", "apps", ""]
+  resources: ["pods", "services", "jobs"]
+  verbs: ["get", "list", "watch"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}-depends-on
+  namespace: {{ include "common.namespace" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "common.fullname" . }}-depends-on
+  apiGroup: rbac.authorization.k8s.io

tip-wlan/charts/wlan-ssc-service/templates/service.yaml

@@ -12,14 +12,14 @@ spec:
       targetPort: {{ .Values.service.port1 }}
       protocol: TCP
       name: {{ .Values.service.name1 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
       {{- end }}
     - port: {{ .Values.service.port2 }}
       targetPort: {{ .Values.service.port2 }}
       protocol: TCP
       name: {{ .Values.service.name2 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       {{- end }}
     {{- if .Values.debug.enabled }}
@@ -27,7 +27,7 @@ spec:
       targetPort: {{ .Values.service.port3 }}
       protocol: TCP
       name: {{ .Values.service.name3 }}
-      {{- if eq .Values.service.type "NodePort" }}
+      {{- if and .Values.service.nodePortStatic (eq .Values.service.type "NodePort") }}
       nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
       {{- end }}
     {{- end }}      

tip-wlan/charts/wlan-ssc-service/values.yaml

@@ -70,6 +70,7 @@ service:
   name2: secondary-port
   port3: 5008
   name3: debug
+  nodePortStatic: true ## if true, nodePort ports are statically defined effectively prohibiting multiple deployments on the same cluster; if false, nodePort ports are chosen dynamically by k8s
 
 ingress:
   enabled: false

tip-wlan/resources/environments/dev-amazon-tip.yaml

@@ -15,6 +15,7 @@ global:
   # Change to an unused port prefix range to prevent port conflicts
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
+  nodePortPrefixExt: 304
   nsPrefix: tip
   # image pull policy
   pullPolicy: Always
@@ -52,9 +53,10 @@ common:
       storageClass: aws-efs  
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: opensync-controller.demo.lab.wlan.tip.build
-    mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
+  externalhost:
+    address:
+      ovsdb: opensync-controller.demo.lab.wlan.tip.build
+      mqtt: opensync-mqtt-broker.demo.lab.wlan.tip.build
   persistence:
     enabled: false
   filestore:
@@ -115,6 +117,13 @@ wlan-spc-service:
     sslKeyPassword: mypassword
     sslKeystorePassword: mypassword
     sslTruststorePassword: mypassword
+wlan-port-forwarding-gateway-service:
+  enabled: true
+  creds:
+    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
+  externallyVisible:
+    host: api.wlan.demo.lab.wlan.tip.build
+    port: 30401
 nginx-ingress-controller:
   enabled: true
   controller:

tip-wlan/resources/environments/dev-integrated-aws-connectus.yaml

@@ -1,126 +0,0 @@
-# This is a development override file.
-# It overrides the default Tip-Wlan parent chart behaviour
-#
-# It can be tweaked, based on the need to support different
-# dev environments.
-# This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed. 
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
-  # Change to an unused port prefix range to prevent port conflicts
-  # with other instances running within the same k8s cluster
-  nodePortPrefix: 302
-  nsPrefix: tip
-  # image pull policy
-  pullPolicy: Always
-
-  repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
-  # override default mount path root directory
-  # referenced by persistent volumes and log files
-  persistence:
-
-  # flag to enable debugging - application support required
-  debugEnabled: true
-
-  # Integrated Deployment which deploys Prov Service, Portal Service and 
-  # SSC Service in a single docker image 
-  integratedDeployment: true
-
-# Annotations for namespace
-annotations: {
-    "helm.sh/resource-policy": keep
-}
-
-createReleaseNamespace: false
-
-# Docker registry secret
-dockerRegistrySecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the TIP-WLAN deployment.
-#################################################################
-opensync-gw-static:
-  enabled: false
-opensync-gw-cloud:
-  enabled: true
-  externalhostaddress:
-    ovsdb: "15.222.171.117"
-    mqtt: "3.96.17.34"
-  env:
-    protocol: https
-    ssc:
-      service: wlan-integrated-cloud-component-service
-      port: 9092
-    prov:
-      service: wlan-integrated-cloud-component-service
-      port: 9092
-opensync-mqtt-broker:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: "gp2"
-wlan-cloud-graphql-gw:
-  enabled: true
-  env:
-    portalsvc: wlan-portal-svc.zone3.lab.connectus.ai
-wlan-cloud-static-portal:
-  enabled: true
-wlan-integrated-cloud-component-service:
-  enabled: true
-  image:
-    name: wlan-integrated-cloud-component-service-persistence
-    tag: 0.0.1-SNAPSHOT
-  creds:
-    enabled: true
-    postgres:
-      password: cG9zdGdyZXMxMjM=
-    schema_repo:
-      username: tip-read
-      password: tip-read
-  integratedWithPersistence:
-    enabled: true
-nginx-ingress-controller:
-  enabled: true
-  controller:
-    config:
-      externalStatusAddress: "api.wlan.zone3.lab.connectus.ai"
-zookeeper:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: "gp2"
-kafka:
-  enabled: true
-  replicaCount: 1
-  persistence:
-    enabled: true
-    storageClass: "gp2"
-cassandra:
-  enabled: true
-  config:
-    cluster_size: 3
-    seed_size: 2
-  persistence:
-    enabled: true
-    storageClass: "glusterfs-storage"
-postgresql:
-  enabled: true
-  postgresqlPassword: cG9zdGdyZXMxMjM=
-## NOTE: If we are using glusterfs as Storage class, we don't really need 
-## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful: 
-## a. When we use HostPath as storage mechanism
-## b. If master goes down and one of the slave is promoted as master
-  replication:
-    enabled: true
-    slaveReplicas: 1
-  persistence:
-    enabled: true
-    storageClass: "glusterfs-storage"

tip-wlan/resources/environments/dev-integrated-aws-tip.yaml

@@ -48,9 +48,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: opensync-controller.tip.lab.connectus.ai
-    mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
+  externalhost:
+    address:
+      ovsdb: opensync-controller.tip.lab.connectus.ai
+      mqtt: opensync-mqtt-broker.tip.lab.connectus.ai
   env:
     protocol: https
     ssc:

tip-wlan/resources/environments/dev-integrated.yaml

@@ -30,8 +30,6 @@ global:
   # Integrated Deployment which deploys Prov Service, Portal Service and 
   # SSC Service in a single docker image 
   integratedDeployment: true
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep

tip-wlan/resources/environments/dev-local.yaml

@@ -4,7 +4,7 @@
 # It can be tweaked, based on the need to support different
 # dev environments.
 # This file expects to have a GlusterFS storage solution running
-# before "helm install" is performed. 
+# before "helm install" is performed.
 #################################################################
 # Global configuration overrides.
 #
@@ -44,9 +44,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: opensync-controller.wlan.local
-    mqtt: opensync-mqtt-broker.wlan.local
+  externalhost:
+    address:
+      ovsdb: opensync-controller.wlan.local
+      mqtt: opensync-mqtt-broker.wlan.local
   persistence:
     enabled: true
   filestore:
@@ -76,7 +77,6 @@ wlan-cloud-static-portal:
   env:
     graphql: https://wlan-ui-graphql.wlan.local
   service:
-    # type: LoadBalancer
     type: NodePort
   ingress:
     hosts:
@@ -109,6 +109,7 @@ wlan-prov-service:
     postgres:
       singleDataSourceUsername: tip_user
       singleDataSourcePassword: tip_password
+      singleDataSourceSslKeyPassword: mypassword
 wlan-ssc-service:
   enabled: true
   creds:
@@ -117,7 +118,7 @@ wlan-ssc-service:
     sslTruststorePassword: mypassword
     cassandra:
       tip_user: tip_user
-      tip_password: tip_password 
+      tip_password: tip_password
     schema_repo:
       username: tip-read
       password: tip-read
@@ -149,6 +150,10 @@ kafka:
   persistence:
     enabled: true
     storageClass: standard
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+    sslKeyPassword: mypassword
 cassandra:
   enabled: true
   image:
@@ -159,12 +164,15 @@ cassandra:
   persistence:
     enabled: true
     storageClass: standard
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
 postgresql:
   enabled: true
   postgresqlPassword: postgres
-## NOTE: If we are using glusterfs as Storage class, we don't really need 
+## NOTE: If we are using glusterfs as Storage class, we don't really need
 ## replication turned on, since the data is anyway replicated on glusterfs nodes
-## Replication is useful: 
+## Replication is useful:
 ## a. When we use HostPath as storage mechanism
 ## b. If master goes down and one of the slave is promoted as master
   replication:
@@ -176,4 +184,4 @@ postgresql:
   readinessProbe:
     initialDelaySeconds: 30
   livenessProbe:
-    initialDelaySeconds: 30
+    initialDelaySeconds: 30

tip-wlan/resources/environments/dev-no-gluster.yaml

@@ -13,6 +13,7 @@ global:
   # Change to an unused port prefix range to prevent port conflicts
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
+  nodePortPrefixExt: 304
   nsPrefix: tip
   # image pull policy
   pullPolicy: Always
@@ -25,9 +26,6 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
-
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep
@@ -45,9 +43,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: tip-wlan-opensync-gw-cloud
-    mqtt: tip-wlan-opensync-mqtt-broker
+  externalhost:
+    address:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -95,6 +94,13 @@ wlan-spc-service:
     sslKeyPassword: mypassword
     sslKeystorePassword: mypassword
     sslTruststorePassword: mypassword
+wlan-port-forwarding-gateway-service:
+  enabled: true
+  creds:
+    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
+  externallyVisible:
+    host: api.wlan.demo.lab.wlan.tip.build
+    port: 30401
 nginx-ingress-controller:
   enabled: true
   controller:

tip-wlan/resources/environments/dev.yaml

@@ -15,6 +15,7 @@ global:
   # Change to an unused port prefix range to prevent port conflicts
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
+  nodePortPrefixExt: 304
   nsPrefix: tip
   # image pull policy
   pullPolicy: Always
@@ -27,9 +28,6 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
-
 # Annotations for namespace
 annotations: {
     "helm.sh/resource-policy": keep
@@ -47,9 +45,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: true
-  externalhostaddress:
-    ovsdb: tip-wlan-opensync-gw-cloud
-    mqtt: tip-wlan-opensync-mqtt-broker
+  externalhost:
+    address:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -81,6 +80,10 @@ wlan-prov-service:
     schema_repo:
       username: tip-read
       password: tip-read
+    postgres:
+      singleDataSourceUsername: tip_user
+      singleDataSourcePassword: tip_password
+      singleDataSourceSslKeyPassword: mypassword
 wlan-ssc-service:
   enabled: true
   creds:
@@ -99,6 +102,13 @@ wlan-spc-service:
     sslKeyPassword: mypassword
     sslKeystorePassword: mypassword
     sslTruststorePassword: mypassword
+wlan-port-forwarding-gateway-service:
+  enabled: true
+  creds:
+    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
+  externallyVisible:
+    host: api.wlan.demo.lab.wlan.tip.build
+    port: 30401
 nginx-ingress-controller:
   enabled: true
   controller:
@@ -119,6 +129,10 @@ kafka:
   persistence:
     enabled: true
     storageClass: "glusterfs-storage"
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
+    sslKeyPassword: mypassword
 cassandra:
   enabled: true
   cluster:
@@ -131,6 +145,9 @@ cassandra:
   persistence:
     enabled: true
     storageClass: "glusterfs-storage"
+  creds:
+    sslKeystorePassword: mypassword
+    sslTruststorePassword: mypassword
 postgresql:
   enabled: true
   postgresqlPassword: postgres
@@ -144,4 +161,8 @@ postgresql:
     slaveReplicas: 1
   persistence:
     enabled: true
-    storageClass: "glusterfs-storage"
+    storageClass: "glusterfs-storage"
+  readinessProbe:
+    initialDelaySeconds: 30
+  livenessProbe:
+    initialDelaySeconds: 30

tip-wlan/resources/environments/disable-allcharts.yaml

@@ -17,6 +17,7 @@ global:
   # Change to an unused port prefix range to prevent port conflicts
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
+  nodePortPrefixExt: 304
   nsPrefix: tip
   # image pull policy
   pullPolicy: IfNotPresent
@@ -29,9 +30,6 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: true
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: false
-
 createReleaseNamespace: false
 
 createDockerRegistrySecret: false
@@ -43,9 +41,10 @@ opensync-gw-static:
   enabled: false
 opensync-gw-cloud:
   enabled: false
-  externalhostaddress:
-    ovsdb: tip-wlan-opensync-gw-cloud
-    mqtt: tip-wlan-opensync-mqtt-broker
+  externalhost:
+    address:
+      ovsdb: tip-wlan-opensync-gw-cloud
+      mqtt: tip-wlan-opensync-mqtt-broker
   persistence:
     enabled: true
   filestore:
@@ -95,6 +94,10 @@ wlan-spc-service:
     sslKeyPassword: mypassword
     sslKeystorePassword: mypassword
     sslTruststorePassword: mypassword
+wlan-port-forwarding-gateway-service:
+  enabled: false
+  creds:
+    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
 nginx-ingress-controller:
   enabled: false
   controller:

tip-wlan/values.yaml

@@ -12,6 +12,7 @@ global:
   # Change to an unused port prefix range to prevent port conflicts
   # with other instances running within the same k8s cluster
   nodePortPrefix: 302
+  nodePortPrefixExt: 304
   # namespace to deploy the release
   nsPrefix: tip
 
@@ -33,8 +34,10 @@ global:
   # SSC Service in a single docker image 
   integratedDeployment: false
 
-  # Is the Cluster deployed in Cloud
-  isCloudDeployment: true
+  testingEnabled: false
+
+  testingTimestamp: 
+  
   
 # Namespace related
 createReleaseNamespace: true
@@ -67,6 +70,8 @@ wlan-ssc-service:
   enabled: false
 wlan-spc-service:
   enabled: false
+wlan-port-forwarding-gateway-service:
+  enabled: false
 wlan-integrated-cloud-component-service:
   enabled: false
 nginx-ingress-controller: