Telecominfraproject/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2026-03-20 22:39:08 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: Telecominfraproject:release/v1.0.1
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4
..
compare: Telecominfraproject:feature/helmfile
Branches Tags
Telecominfraproject:master Telecominfraproject:WIFI-3471 Telecominfraproject:NETEXP-3471 Telecominfraproject:release/v1.1.x Telecominfraproject:release/v1.2 Telecominfraproject:feature/example-values-update Telecominfraproject:WIFI-2654-fix-capabilites-check Telecominfraproject:fix-capabilites-check Telecominfraproject:WIFI-2434 Telecominfraproject:WIFI-2026 Telecominfraproject:release/v1.0.1 Telecominfraproject:release/v1.0.0 Telecominfraproject:1.0.0-artifacts Telecominfraproject:WIFI-1812-Revert Telecominfraproject:WIFI-1812 Telecominfraproject:WIFI-1669 Telecominfraproject:WIFI-1610 Telecominfraproject:WIFI-1172-JMX-to-prometheus-poc Telecominfraproject:wifi-1357-allow-to-disable-internal-mtls-comm Telecominfraproject:feature/thirdparties-fixes Telecominfraproject:feature/thirdparties Telecominfraproject:changelog-v0.4-bump Telecominfraproject:microk8s-patch-1 Telecominfraproject:feature/update-kafka Telecominfraproject:WIFI-990-disable-hardcoded-ports Telecominfraproject:feature/update-cassandra Telecominfraproject:feature/update-postgres Telecominfraproject:metallb-test Telecominfraproject:minikube Telecominfraproject:minikube-working Telecominfraproject:feature/helmfile Telecominfraproject:NGINX-Testing Telecominfraproject:TOOLS-23--fix-validation Telecominfraproject:TOOLS-23-static-analysis
Telecominfraproject:v1.0.1 Telecominfraproject:v1.0.0 Telecominfraproject:v0.4

5 Commits
release/v1 ... feature/he

Author SHA1 Message Date
Gleb Boushev
23e739d5c6 removing helm temp objects and ignoring them 2020-10-19 17:29:48 +03:00
Gleb Boushev
68261551c7 reverting accidental changes to old helm code 2020-10-19 17:28:05 +03:00
Gleb Boushev
80f1375f04 most of the things are working 2020-10-19 17:14:02 +03:00
Gleb Boushev
4c79d42318 intermediate commit, working on kafka 2020-10-17 09:53:59 +03:00
Gleb Boushev
8bb8dcdec8 initial commit with helmfile rework 2020-10-01 14:22:45 +03:00
381 changed files with 14683 additions and 2957 deletions
Expand all files Collapse all files

37
.github/workflows/enforce-jira-issue-key.yml vendored
View File

@@ -1,37 +0,0 @@
name: Ensure Jira issue is linked
on:
pull_request:
types: [opened, edited, reopened, synchronize]
jobs:
check_for_issue_key:
runs-on: ubuntu-latest
steps:
- name: Log into Jira
uses: atlassian/gajira-login@v2.0.0
env:
JIRA_BASE_URL: ${{ secrets.TIP_JIRA_URL }}
JIRA_USER_EMAIL: ${{ secrets.TIP_JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.TIP_JIRA_API_TOKEN }}
- name: Find issue key in PR title
id: issue_key_pr_title
continue-on-error: true
uses: atlassian/gajira-find-issue-key@v2.0.2
with:
string: ${{ github.event.pull_request.title }}
from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
- name: Find issue key in branch name
continue-on-error: true
id: issue_key_branch_name
uses: atlassian/gajira-find-issue-key@v2.0.2
with:
string: ${{ github.event.pull_request.head.ref }}
from: "" # required workaround for bug https://github.com/atlassian/gajira-find-issue-key/issues/24
- name: Check if issue key was found
run: |
if [[ -z "${{ steps.issue_key_pr_title.outputs.issue }}" && -z "${{ steps.issue_key_branch_name.outputs.issue }}" ]]; then
echo "Jira issue key could not be found!"
exit 1
fi

60
.github/workflows/helm-build.yml vendored
View File

@@ -3,60 +3,28 @@ name: Helm CI - TIP WLAN Cloud Master
on:
push:
branches: [ master ]
tags: [ "v*" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ssh-key: ${{ secrets.GH_AUTOMATION_KEY }}
submodules: true
- name: Login to TIP Docker registry
uses: azure/docker-login@v1
with:
login-server: tip-tip-wlan-cloud-docker-repo.jfrog.io
username: build-pipeline
password: ${{ secrets.DOCKER_REPO_PASSWORD }}
- name: Login to TIP Helm chart registry
run: helm repo add tip-wlan-cloud-helm-virtual-repo https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-virtual-repo --username build-pipeline --password ${{ secrets.HELM_REPO_PASSWORD }}
- name: Build tip-wlan chart file
run: |
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
PACKAGE_OPTS="--version ${GITHUB_REF#refs/tags/v}"
else
PACKAGE_OPTS=""
fi
helm package $PACKAGE_OPTS -u tip-wlan
- name: Store chart as artifact
uses: actions/upload-artifact@v2
with:
name: helm-chart
path: tip-wlan-*.tgz
run: tar -czf tip-wlan.tgz tip-wlan
- name: Upload tip-wlan chart to the TIP helm registry
run: curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan.tgz"
- name: Verify that chart was uploaded successfully
run: |
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-${GITHUB_REF#refs/tags/v}.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-${GITHUB_REF#refs/tags/v}.tgz"
else
curl -ubuild-pipeline:${{ secrets.HELM_REPO_PASSWORD }} -T tip-wlan-*.tgz "https://tip.jfrog.io/artifactory/tip-wlan-cloud-helm-repo/tip-wlan-master.tgz"
fi
release:
runs-on: ubuntu-latest
needs: [ build ]
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v2
- name: setup Python
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: install keepachangelog
run: pip install keepachangelog
- name: create release description
continue-on-error: true
run: python .github/workflows/prepare-release-description.py ${GITHUB_REF#refs/tags/v} > RELEASE.md
- name: download Helm chart artifact
uses: actions/download-artifact@v2
with:
name: helm-chart
- name: create release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: tip-wlan-*.tgz
body_path: RELEASE.md
prerelease: ${{ contains(github.ref, 'rc') }}
helm repo update
helm search repo tip

6
.github/workflows/helm-validation.yml vendored
View File

@@ -45,8 +45,7 @@ jobs:
helm template -f values-test.yaml . | /tmp/k8s-validators/kubeval --ignore-missing-schemas
echo "Kube-score test"
# will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score - || true
helm template -f values-test.yaml . | /tmp/k8s-validators/kube-score score -
- name: Test glusterfs
working-directory: glusterfs/kube-templates
run: |
@@ -54,5 +53,4 @@ jobs:
/tmp/k8s-validators/kubeval *.yaml
echo "Kube-score test"
# will be fixed and enabled again in https://telecominfraproject.atlassian.net/browse/WIFI-1258
/tmp/k8s-validators/kube-score score *.yaml || true
/tmp/k8s-validators/kube-score score *.yaml

98
.github/workflows/nightly-scenario-test.yml vendored
View File

@@ -1,98 +0,0 @@
name: Nightly testing of all supported deployment scenarios
on:
workflow_dispatch:
schedule:
- cron: '15 0 * * *'
defaults:
run:
shell: bash
jobs:
microk8s:
runs-on: ubuntu-latest
steps:
- name: Checkout PKI scripts repo
uses: actions/checkout@v2
with:
path: wlan-pki-cert-scripts
repository: Telecominfraproject/wlan-pki-cert-scripts
- name: Checkout Cloud SDK repo
uses: actions/checkout@v2
with:
path: wlan-cloud-helm
repository: Telecominfraproject/wlan-cloud-helm
- name: Generate and copy certs
working-directory: wlan-pki-cert-scripts
run: |
./generate_all.sh
./copy-certs-to-helm.sh ../wlan-cloud-helm
- name: Determine public IP address
id: ip
uses: haythem/public-ip@v1.2
- uses: balchua/microk8s-actions@v0.2.1
with:
channel: 'latest/stable'
addons: '["dns", "helm3", "storage", "metallb:${{ steps.ip.outputs.ipv4 }}-${{ steps.ip.outputs.ipv4 }}"]'
- name: Deploy Cloud SDK
working-directory: wlan-cloud-helm
run: |
helm dependency update tip-wlan
# Github runners only have 2 CPU cores and 7GB of RAM. Thus we need to disable some of our resource requests
helm upgrade --install tip-wlan tip-wlan -f tip-wlan/example-values/microk8s-basic/values.yaml --create-namespace --namespace tip --set cassandra.resources=null --wait --timeout 10m
- name: Show pod state on deployment failure
if: failure()
run: |
kubectl get pods -n tip
kubectl describe pods -n tip
- name: Set custom DNS entries
run: |
sudo sh -c "echo -n \"\n${{ steps.ip.outputs.ipv4 }} wlan-ui.wlan.local wlan-ui-graphql.wlan.local\" >> /etc/hosts"
- name: Test HTTP endpoints
run: |
# this is needed to make until work
set +e
urls="https://wlan-ui.wlan.local https://wlan-ui-graphql.wlan.local/graphql"
for url in $urls; do
max_retry=300
counter=0
until curl --silent --insecure $url > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $url not reachable. trying again..."
((counter++))
done
echo Successfully reached URL $url
done
- name: Test MQTT and OpenSync endpoints
working-directory: wlan-cloud-helm/tip-wlan/resources/certs
run: |
# this is needed to make until work
set +e
endpoints="${{ steps.ip.outputs.ipv4 }}:1883 ${{ steps.ip.outputs.ipv4 }}:6640 ${{ steps.ip.outputs.ipv4 }}:6643"
for endpoint in $endpoints; do
max_retry=300
counter=0
until echo Q | openssl s_client -connect $endpoint -CAfile cacert.pem -cert clientcert.pem -key clientkey.pem > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$endpoint not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $endpoint not reachable. trying again..."
((counter++))
done
echo Successfully reached endpoint $endpoint
done

24
.github/workflows/prepare-release-description.py vendored
View File

@@ -1,24 +0,0 @@
import sys
import keepachangelog
CATEGORIES = ['added', 'changed', 'deprecated', 'removed', 'fixed', 'security']
version = sys.argv[1]
try:
changes = keepachangelog.to_dict("CHANGELOG.md")[version]
except KeyError:
print(f'No changelog entry for version {version}', file=sys.stderr)
exit(1)
print('## Changelog')
for category in CATEGORIES:
entries = changes.get(category, [])
if entries:
print(f'### {category.capitalize()}')
for entry in entries:
print(f'- {entry}')

103
.github/workflows/testing.yml vendored
View File

@@ -1,103 +0,0 @@
name: CloudSDK deployment and testing
env:
PR_NUMBER: ${{ github.event.number }}
HELM_RELEASE_PREFIX: tip-wlan
AWS_EKS_NAME: tip-wlan-main
AWS_DEFAULT_OUTPUT: json
AWS_DEFAULT_REGION: us-east-2
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
on:
pull_request:
branches: [ master ]
defaults:
run:
shell: bash
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout required repos
uses: actions/checkout@v2
with:
path: wlan-pki-cert-scripts
repository: Telecominfraproject/wlan-pki-cert-scripts
- name: Checkout Cloud SDK repo
uses: actions/checkout@v2
with:
path: wlan-cloud-helm
repository: Telecominfraproject/wlan-cloud-helm
- name: Checkout helm values repo
uses: actions/checkout@v2
with:
path: Toolsmith
repository: Telecominfraproject/Toolsmith
token: ${{ secrets.PAT_TOKEN }}
- name: Generate Helm values file
run: |
./Toolsmith/helm-values/aws-cicd-testing-pr-deployment.yaml.sh ${{ env.PR_NUMBER }} > pr-deployment.yaml
- name: Generate certs
working-directory: wlan-pki-cert-scripts
run: |
./generate_all.sh
./copy-certs-to-helm.sh ../wlan-cloud-helm
- name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
run: |
aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Deploy Cloud SDK
run: |
helm dependency update wlan-cloud-helm/${{ env.HELM_RELEASE_PREFIX }}
# using a timeout of 20 minutes as the EKS nodes may need to be scaled which takes some time
helm upgrade --install ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} wlan-cloud-helm/tip-wlan -f pr-deployment.yaml --create-namespace --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait --timeout 20m
test:
runs-on: ubuntu-latest
needs: [ deploy ]
steps:
- name: Execute tests
run: |
echo Running tests...
# this is needed to make until work
set +e
urls="https://wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build/graphql"
for url in $urls; do
max_retry=300
counter=0
until curl --silent $url > /dev/null
do
sleep 1
[[ counter -eq $max_retry ]] && echo "$url not reachable after $counter tries...giving up" && exit 1
echo "#$counter: $url not reachable. trying again..."
((counter++))
done
echo Successfully reached URL $url
done
echo Tests were successful
cleanup:
runs-on: ubuntu-latest
needs: [ deploy, test ]
if: ${{ always() }}
steps:
- name: Get kubeconfig for EKS ${{ env.AWS_EKS_NAME }}
run: |
aws eks update-kubeconfig --name ${{ env.AWS_EKS_NAME }}
- name: Delete Cloud SDK Helm release
run: |
helm delete ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} || true
- name: Delete namespace
run: |
kubectl delete namespace ${{ env.HELM_RELEASE_PREFIX }}-pr-${{ env.PR_NUMBER }} --wait=true --ignore-not-found true

10
.gitignore vendored
View File

@@ -2,16 +2,6 @@
*.jks
*.pkcs12
*.p12
*.csr
*.cnf
*.key
*.DS_Store
# local development
*.lock
*.local_dev
*.zip
*.tgz
stern*
helmfile

47
CHANGELOG.md
View File

@@ -1,47 +0,0 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.0.1] - 2021-04-12
### Changed
- bump cloud controller version to 1.0.1
### Fixed
- correct SQL and CQL schema URLs
## [1.0.0] - 2021-04-01
### Added
- replaced cassandra, postgres and kafka with upstream charts [#49](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/49)
- centralized secrets to the parent chart [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
### Changed
- improved kafka setup templating [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- improved values.yaml [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- improved default values and added yaml anchors [#54](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/54)
### Removed
- removed hardcoded docker secret in favor of variables [#53](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/53)
- various outdated sections in values.yaml and environment files
- various secrets in subcharts as they are now part of the parent chart
- references to vendor specific values [#40](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/40)
### Fixed
- make SSC service able to reconnect to Cassandra [#70](https://github.com/Telecominfraproject/wlan-cloud-helm/pull/70)
## [0.4.0] - 2021-01-28
### Added
- initial changelog entry. This is the first versioned release. Next releases will include a detailed overview of all the major changes introduced since the last version.
- [changes since first commit](https://github.com/Telecominfraproject/wlan-cloud-helm/compare/f7c67645736e3dac498e2caec8c267f04d08b7bc...v0.4)

196
README.md
View File

@@ -1,68 +1,16 @@
# wlan-cloud-helm
This repository contains helm charts for various deployment types of the tip wlan cloud services.
# IMPORTANT - Cloud Controller Helm charts v0.4 to v1.x migration procedure
We've introduced breaking changes to how Cloud Controller database charts are managed.
If you want to preserve your data when moving from v0.4 to v1.x of the Cloud Controller Helm charts, follow the steps outlined below.
If you can re-install your Cloud Controller and don't care to loose your data, you can skip the steps and just install the upstream charts version with no changes to the default installation procedure.
## Prerequisites
1. Checkout latest wlan-cloud-helm repository
2. Have your certificates for existing installation
3. Helm 3.2+
## Procedure
All of the commands should be run under tip-wlan-helm directory.
1. Delete your current Helm release. The following commands will remove the pods, however, the PVC (your databases data) **won't be deleted**:
```
helm list -n default (to look up the name of the release)
helm uninstall -n default tip-wlan (tip-wlan is usually the name of the release)
```
2. Replace `REPLACEME` with your storage class name in the `tip-wlan/resources/environments/migration.yaml` file. You can check the available storageclasses with the `kubectl get storageclass` command.
3. Update your values file that you used for deploying the original release with the values from `migration.yaml` to preserve existing cassandra\postgres data (or skip that step and use the second upgrade command mentioned in #7)
4. If you want to preserve the PKI certificates from the original Helm installation, copy them to a new location using the command below (or checkout the latest wlan-pki-cert-script repo and use `copy-certs-to-helm.sh %path_to_new_helm_code%` to generate new self-signed keys):
```
find . -regextype posix-extended -regex '.+(jks|pem|key|pkcs12|p12)$' -exec cp "{}" tip-wlan/resources/certs/ \;
```
5. Remove the old charts from the helm directory, so that the upgrade command can successfully pull new chart depedencies:
```
rm -rf tip-wlan/charts/cassandra tip-wlan/charts/kafka tip-wlan/charts/postgresql
```
6. Pull 3rd party subcharts:
```
helm dependency update tip-wlan
```
7. Perform Helm upgrade:
```
helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/your_values_with_fixes.yaml
```
Alternatively, you can run the upgrade command as follows (the order of the -f arguments is important!):
```
helm upgrade --install tip-wlan tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/original_values.yaml -f tip-wlan/resources/environments/migration.yaml
```
As a precaution you can also run `helm template` with the same arguments as the upgrade command and examine the output before actually installing the chart
# Deploying the wlan-cloud deployment
Run the following command under tip-wlan-helm directory:
```
helm dependency update tip-wlan
helm upgrade --install <RELEASE_NAME> tip-wlan/ --namespace tip --create-namespace -f tip-wlan/resources/environments/dev.yaml
```
More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
- Run the following command under tip-wlan-helm directory:
- helm install <RELEASE_NAME> tip-wlan/ -n default -f tip-wlan/resources/environments/dev.yaml
More details can be found here: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution
# Deleting the wlan-cloud deployment:
Run the following command:
```
helm del tip-wlan -n tip (replace the namespace with your namespace)
```
- Run the following command:
- helm del tip-wlan -n default
(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)
To get rid of them (PVC/PV/Endpoints), you can use the following script (expects that you are in the `tip` namespace or add `-n tip` to the below set of commands):
@@ -97,133 +45,3 @@ helm del tip-wlan -n tip (replace the namespace with your namespace)
- Run the following command under tip-wlan-helm directory _after_ the components are running:
- helm test <RELEASE_NAME> -n default
(For more details add --debug flag to the above command)
# Local environment
In `wlan-pki-cert-scripts` repository edit the following files and add/replace strings as specified below:
```
mqtt-server.cnf:
-commonName_default = opensync-mqtt-broker.zone1.lab.wlan.tip.build
+commonName_default = opensync-mqtt-broker.wlan.local
openssl-server.cnf:
-DNS.1 = opensync-redirector.zone1.lab.wlan.tip.build
-DNS.2 = opensync-controller.zone1.lab.wlan.tip.build
+DNS.1 = opensync-redirector.wlan.local
+DNS.2 = opensync-controller.wlan.local
DNS.3 = tip-wlan-postgresql
-DNS.4 = ftp.example.com
```
In `wlan-pki-cert-scripts` repository run `./generate_all.sh` to generate CA and certificates, then run `./copy-certs-to-helm.sh <local path to wlan-cloud-helm repo>` in order to copy certificates to helm charts.
Optionally, in order to speedup first and subsequent runs, you may cache some images:
```
minikube cache add zookeeper:3.5.5
minikube cache add bitnami/postgresql:11.8.0-debian-10-r58
minikube cache add postgres:latest
minikube cache add gcr.io/k8s-minikube/storage-provisioner:v3
minikube cache add eclipse-mosquitto:latest
minikube cache add opsfleet/depends-on
```
These images may occasionally need to be updated with these commands:
```
minikube cache reload ## reload images from the upstream
eval $( minikube docker-env )
for img in $( docker images --format '{{.Repository}}:{{.Tag}}' | egrep 'busybox|alpine|confluentinc/cp-kafka|zookeeper|k8s.gcr.io/pause|nginx/nginx-ingress|bitnami/cassandra|bitnami/postgresql|postgres|bitnami/minideb' ); do
minikube cache add $img;
done
```
Run minikube:
```
minikube start --memory=10g --cpus=4 --driver=virtualbox --extra-config=kubelet.serialize-image-pulls=false --extra-config=kubelet.image-pull-progress-deadline=3m0s --docker-opt=max-concurrent-downloads=10
```
Please note that you may choose another driver (parallels, vmwarefusion, hyperkit, vmware, docker, podman) which might be more suitable for your setup. Omitting this option enables auto discovery of available drivers.
Deploy Cloud Controller chart:
```
helm upgrade --install tip-wlan tip-wlan -f tip-wlan/resources/environments/dev-local.yaml -n default
```
Wait a few minutes, when all pods are in `Running` state, obtain web ui link with `minikube service tip-wlan-wlan-cloud-static-portal -n tip --url`, open in the browser. Importing or trusting certificate might be needed.
Services may be exposed to the local machine or local network with ssh, kubectl or kubefwd with port forwarding, please examples below.
Kubefwd:
kubefwd is used to forward Kubernetes services to a local workstation, easing the development of applications that communicate with other services. It is for development purposes only. For production/staging environments services need to be exposed via load balancers.
Download latest release from https://github.com/eugenetaranov/kubefwd/releases and run the binary.
Forward to all interfaces (useful if you need to connect from other devices in your local network):
```
sudo kubefwd services --namespace tip -l "app.kubernetes.io/name in (nginx-ingress-controller,wlan-portal-service,opensync-gw-cloud,opensync-mqtt-broker)" --allinterfaces --extrahosts wlan-ui-graphql.wlan.local,wlan-ui.wlan.local
```
Kubectl port forwarding (alternative to kubefwd):
```
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app=tip-wlan-nginx-ingress-controller -o jsonpath='{.items[0].metadata.name}') 443:443 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=wlan-portal-service -o jsonpath='{.items[0].metadata.name}') 9051:9051 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6643:6643 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-gw-cloud -o jsonpath='{.items[0].metadata.name}') 6640:6640 &
kubectl -n tip port-forward --address 0.0.0.0 $(kubectl -n tip get pods -l app.kubernetes.io/name=opensync-mqtt-broker -o jsonpath='{.items[0].metadata.name}') 1883:1883 &
```
Add certificate to the trust store.
Firefox:
1. Open settings, `Privacy and security`, `View certificates`.
2. Click on `Add Exception...`, enter `https://wlan-ui.wlan.local` into Location field, click on `Get certificate`, check `Permanently store this exception` and click on `Confirm Security Exception`.
Repeat the step for `https://wlan-ui-graphql.wlan.local`
Chrome and other browsers using system certificate store:
1. Save certificate below into the file `wlan-ui-graphql.wlan.local.crt` (it is the one defined at tip-wlan/resources/environments/dev-local.yaml:143):
```
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgIUQNaP/spvRHtBTAKwYRNwbxRfFAswDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2FsMB4XDTIwMDgyNzIwMjY1
NloXDTMwMDgyNTIwMjY1NlowHTEbMBkGA1UEAwwSd2xhbi11aS53bGFuLmxvY2Fs
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwRagiDWzCNYBtWwBcK+f
TkkQmMt+QAgTjYr0KS8DPJCJf6KkPfZHCu3w4LvrxzY9Nmieh2XU834amdJxIuCw
6IbNo6zskjsyfoO8wFDmlLVWLeg5H9G9doem+WTeKPaEHi3oquzNgt6wLs3mvvOA
TviTIoc88ELjk4dSR2T4dhh0qKCCj+HdXBA6V/9biru+jV+/kxEQuL2zM39DvVd8
9ks35zMVUze36lD4ICOnl7hgaTNBi45O9sdLD0YaUmjiFwQltJUdmPKpaAdbvjUO
nsupnDYjm+Um+9aEpqM4te23efC8N8j1ukexzJrE2GeF/WB/Y1LFIG2wjqVnsPcs
nFF4Yd9EBRRne1EZeXBu3FELFy6lCOHI146oBcc/Ib617rdTKXqxtv/2NL6/TqFk
ns/EEjve6kQYzlBZwWHWpZwQfg3mo6NaoFZpTag98Myu5rZoOofTcxXH6pLm5Px1
OAzgLna9O+2FmA4FjrgHcMY1NIzynZL+DH8fibt1F/v2F2MA+R9vo84vR5ROGNdD
va2ApevkLcjQg/LwsXv0gTopQ/XIzejh6bdUkOrKSwJzT2C9/e9GQn0gppV8LBuK
1zQHoROLnA41MCFvQLQHo+Xt8KGw+Ubaly6hOxBZF51L/BbqjkDH9AEFaJLptiEy
qn1E5v+3whgFS5IZT8IW5uUCAwEAAaOBkTCBjjAdBgNVHQ4EFgQUy2bAUyNPXHS9
3VTSD+woN7t3q8EwHwYDVR0jBBgwFoAUy2bAUyNPXHS93VTSD+woN7t3q8EwDwYD
VR0TAQH/BAUwAwEB/zA7BgNVHREENDAyghp3bGFuLXVpLWdyYXBocWwud2xhbi5s
b2NhbIIOYXBpLndsYW4ubG9jYWyHBMCoAAEwDQYJKoZIhvcNAQELBQADggIBAKH+
bqJee11n34SYgBDvgoZ8lJLQRwsFnqExcSr/plZ7GVIGFH5/Q2Kyo9VyEiTPwrIs
KsErC1evH6xt1URfMzp05zVQ0LYM5+ksamRDagAg3M1cm7oKOdms/dqzPe2gZfGJ
pVdtVW1CHrL0RLTR93h7kgSiBlSEIYMoeKfN5H9AavJ4KryygQs63kkGQ5M9esAp
u6bB307zyfzgS3tmQsU01rgJfhEHQ/Y+Ak9wDuOgvmfx0TWgAOGbKq6Tu8MKYdej
Ie7rV1G5Uv7KfgozVX76g2KdnTVBfspSKo3zyrZkckzApvUu9IefHdToe4JMEU0y
fk7lEU/exzByyNxp+6hdu/ZIg3xb1yA1oVY8NEd1rL1zAViPe351SENEKeJpRanC
kCL3RAFkbxQ7Ihacjox8belR+gmo8cyFZpj9XaoPlSFScdwz573CT0h97v76A7sw
yC+CiSp85gWEV5vgBitNJ7R9onjBdsuH2lgEtMD3JNOs8cCSRihYxriwZSqhT7o/
tcIlcJ84W5m6X6zHJ3GmtuKG3QPNOms0/VVoDTp9qdpL+Ek17uB2A41Npxz3US+l
6yK+pdQQj7ALzKuRfOyg80XbNw2v4SnpI5qbXFBRum52f86sPemFq1KcuNWe4EVC
xDG3eKlu+dllUtKx/PN6yflbT5xcGgcdmrwzRaWS
-----END CERTIFICATE-----
```
2. Double click on it, enter the system admin password, if prompted.

1
glusterfs/README.md
View File

@@ -28,6 +28,7 @@ For other issues faced during deployment, see here:
- If namespace is passed, we will create (if it does not exist) and use that namespace for glusterFS resources.
- If namespace is NOT passed, we will create (if it does not exist) namespace='gluster-ns' and use it for glusterFS resources.
- Deletion:
./gk-deploy --admin-key <ADMIN_KEY> --user-key <USER_KEY> --abort -v -n <GLUSTER_NAMESPACE>
- Note:

1
glusterfs/gk-deploy
View File

@@ -990,6 +990,7 @@ parameters:
output ""
fi
if [[ ${DEPLOY_OBJECT} -eq 1 ]] && [[ "${OBJ_ACCOUNT}" != "" ]] && [[ "${OBJ_USER}" != "" ]] && [[ "${OBJ_PASSWORD}" != "" ]] && [[ ${EXISTS_OBJECT} -eq 0 ]]; then
if [[ "${OBJ_STORAGE_CLASS}" == "glusterfs-for-s3" ]]; then
eval_output "${CLI} create secret generic heketi-${NAMESPACE}-admin-secret --from-literal=key=${ADMIN_KEY} --type=kubernetes.io/glusterfs"

6
helmfile/common/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
# Chart for deploying Common templates that are used by other charts
apiVersion: v1
description: Common templates for inclusion in other charts
name: common
version: 0.1.0

6
helmfile/common/templates/_env.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{- define "common.env" -}}
- name: {{ .Values.env.ssc_url }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.ssc.service }}:{{ .Values.env.ssc.port}}"
- name: {{ .Values.env.prov_url }}
value: "{{ .Values.env.protocol }}://{{ .Release.Name }}-{{ .Values.env.prov.service }}:{{ .Values.env.prov.port}}"
{{- end -}}

74
helmfile/common/templates/_name.tpl Normal file
View File

@@ -0,0 +1,74 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "common.resource.name" -}}
{{- printf "tip-%s-common" $.Release.Namespace | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "common.labels" -}}
helm.sh/chart: {{ include "common.chart" . }}
{{ include "common.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "common.selectorLabels" -}}
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "common.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Expand service name.
*/}}
{{- define "common.serviceName" -}}
{{- default (include "common.name" .) .Values.controller.service.name }}
{{- end -}}

24
helmfile/common/templates/_ports.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{/*
This template will be used to iterate through the debug-ports and generate
debug-ports mapping
*/}}
{{- define "container.dev.debugport" -}}
{{- range $index, $portid := .Values.debugPorts }}
- name: debugport-{{ $index }}
containerPort: {{ $portid }}
protocol: TCP
{{- end }}
{{- end -}}
{{- define "service.dev.debugport" -}}
{{- range $index, $portid := .Values.debugPorts }}
- port: {{ $portid }}
targetPort: {{ $portid }}
protocol: TCP
name: debugport-{{ $index }}
{{- if eq $.Values.service.type "NodePort" }}
nodePort: {{ $portid }}
{{- end }}
{{- end }}
{{- end -}}

83
helmfile/common/templates/_svc.tpl Normal file
View File

@@ -0,0 +1,83 @@
{{/*
Resolve the Postgres service-name to apply to a chart.
*/}}
{{- define "postgresql.service" -}}
{{- printf "postgres-%s-%s" .Release.Namespace .Values.postgresql.url | trunc 63 -}}
{{- end -}}
{{/*
Form the Zookeeper Service. If zookeeper is installed as part of this chart, use k8s service discovery,
else use user-provided URL
*/}}
{{- define "zookeeper.service" }}
{{- if .Values.zookeeper.enabled -}}
{{- printf "%s" (include "kafka.zookeeper.fullname" .) }}
{{- else -}}
{{- $zookeeperService := printf "%s-%s" .Release.Name .Values.zookeeper.url }}
{{- default $zookeeperService }}
{{- end -}}
{{- end -}}
{{/*
Resolve the Kafka service-name to apply to a chart.
*/}}
{{- define "kafka.service" -}}
{{- printf "kafka-%s-headless" .Release.Namespace | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Cassandra service-name to apply to a chart.
*/}}
{{- define "cassandra.service" -}}
{{- printf "cassandra-%s-headless" .Release.Namespace | trunc 63 -}}
{{- end -}}
{{/*
Resolve the MQTT service-name to apply to a chart.
*/}}
{{- define "mqtt.service" -}}
{{- printf "%s-%s" .Release.Name .Values.mqtt.url | trunc 63 -}}
{{- end -}}
{{/*
Resolve the integratedcloudcomponent service-name to apply to a chart.
*/}}
{{- define "integratedcloudcomponent.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.integratedcloudcomponent.url .Values.integratedcloudcomponent.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the provisioning service-name to apply to a chart.
*/}}
{{- define "prov.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.prov.url .Values.prov.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the ssc service-name to apply to a chart.
*/}}
{{- define "ssc.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.ssc.url .Values.ssc.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the Opensync-gw service-name to apply to a chart.
*/}}
{{- define "opensyncgw.service" -}}
{{- printf "%s-%s:%.f" .Release.Name .Values.opensyncgw.url .Values.opensyncgw.port | trunc 63 -}}
{{- end -}}
{{/*
Resolve the pvc name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "portal.sharedPvc.name" -}}
{{- printf "%s-%s-%s-%.f" .Values.portal.sharedPvc.name .Release.Name .Values.portal.url .Values.portal.sharedPvc.ordinal | trunc 63 -}}
{{- end -}}
{{/*
Resolve the filestore-directory name that's would mounted to 2 charts - Portal and Opensync-gw
*/}}
{{- define "filestore.dir.name" -}}
{{- printf "%s" .Values.filestore.internal | trunc 63 -}}
{{- end -}}

4
helmfile/common/values.yaml Normal file
View File

@@ -0,0 +1,4 @@
#################################################################
# Global configuration default values that can be inherited by
# all subcharts.
#################################################################

13
helmfile/credentials/Chart.yaml Normal file
View File

@@ -0,0 +1,13 @@
# Chart for deploying Common templates that are used by other charts
apiVersion: v1
description: creds secrets for reuse in other charts
name: creds
type: application
appVersion: 0.0.1
version: 0.1.0
dependencies:
- name: common
version: 0.1.0
repository: file://../common

6
helmfile/credentials/requirements.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2020-10-19T10:42:00.072252Z"

24
helmfile/credentials/resources/certs/cassandraservercert.csr Normal file
View File

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE REQUEST-----
MIID/zCCAucCAQAwgZIxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
HjAcBgNVBAMMFVRlc3RfU2VydmVyX0Nhc3NhbmRyYTEfMB0GCSqGSIb3DQEJARYQ
dGVzdEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AL6y03nvC/xCn8i8McxmQw0zL4C0CiF49oDxBCkSr/8qXec4Mz0M5M+8mQ536d58
sseE0DPh+P4ITg05F4FSPVcpJKXZ++5y4VB5Ydyrt8mGpKtaD+96BGy9DOB5Sv2t
VKTZFUODe3R8yWpgpVwWi6zgkhdU09fwWVM7LeKn0YwN4qc6f/o8E71dGhOjGyMB
J8krEDxPE4v18MW6fnI85MFR1KOjXakvbptC2EhafyMZ2l7MY9ddTlHyR8I4ty8v
yGWc5iMXlV1M8/3h20DMNRNnsdfF9asIGENTPi9LKpIjVbZVkNxtUP7p2Mi7+jp9
Rl+3cO4aqPO867mK7cpOsd0CAwEAAaCCASUwggEhBgkqhkiG9w0BCQ4xggESMIIB
DjAdBgNVHQ4EFgQUXfA+Ct7sBUMZPYXQzPsgYPvWTlIwDAYDVR0TAQH/BAIwADAO
BgNVHQ8BAf8EBAMCA6gwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MG0GA1UdEQRmMGSCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb22CEG1haWwu
ZXhhbXBsZS5jb22CD2Z0cC5leGFtcGxlLmNvbYIJbG9jYWxob3N0hwR/AAABhxAA
AAAAAAAAAAAAAAAAAAABMD4GCWCGSAGG+EIBDQQxFi9PcGVuU1NMIEdlbmVyYXRl
ZCBTZXJ2ZXIgYW5kIENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOC
AQEAJNgWEgB/Z60deJRjIoNkkCMKfOKrHnw9y6awVo8/+VstE+roCXtdWeEm8u3f
/vbQ50ichn2lYRE2gTfH2PZLecjDOlpQ5/LRhN87BzzFNkAIzPA6ISv14XGk5fTO
yVj++a/wnKSpRjFFunY+nsVrKUHmP8DYfoSJuelXfo7nY7diTlj0pdxhQ4l1786g
iauYtpaLlqLqU4qhZDTSTa03kxPlXU0hMWvoKvV5kn64y1HBcJ1uTscVYjnd2wYj
5ZM8ODyCbrN/RceUuU3mPVIS7Firj93DHPUX3heoUxDxXQQgVpxn9jRxeOWbBzYi
VgvEplmzT/Gptyc6vQju+EHuaQ==
-----END CERTIFICATE REQUEST-----

21
helmfile/credentials/resources/certs/clientcert.csr Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDaTCCAlECAQAwgYQxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
EDAOBgNVBAMMB09wZW5fQVAxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh1nv/bZEoNN8/z0yb
Qi3dCCQ0Q0eHCoP05gy5KJMMO84K1HJ65M3Jk5/6WQFDScLdn4O/0xf52rxX1VFR
GAXDm0+2bqRPt73cLtonufxgf8uA0YVGmorevj2X8cDLuSkyPvZqiHT8w9tSLolT
y5D4AIIF4594xWCdT0wnt4skfxp4GS5YsImBM/ehbLmhssXXhPM9Q2jfEL/0UtbS
O6rN3sjZB4ki9li3s5qx6Ki4kmQ/AF3v02lkCReOJB/mCc+Dh+l/+j/o5w+1VdFl
N6COTZjivJ+0Cz8OCOM+zr8al1vTGDlYKpx+UstIGWJOs3XQPi/9vWPp06rfTQVD
j3CZAgMBAAGggZ4wgZsGCSqGSIb3DQEJDjGBjTCBijAdBgNVHQ4EFgQU7K15oRUA
LiNwGeJJaq7WtS4BncQwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwFgYD
VR0lAQH/BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
ZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAsqeH
k9yGncyfdLsRHIGqtgaMssLoHBSNshcEOjDawDEKy94jN6XFicUJUgs7BOQgRZHT
fx4RHUsKJRvmauu9FEiss712Fw8z1yXqNvj3sk7vxRdm3I78brdqTHHz8fPwpgah
ony/oMJscjUMRsAXKEN/MV2zQ+uzkiQhiX47yTNprwn0xwlO+8mRD1f71Sz6OPXH
47Z8Lv3IPcg9m+oY4e+e6JYC3/fQMsuplQhh+eVhfOi6FSg2SoPZP+o9Twx59But
NkZNsE26+JbfxjChunaEGR1/Khusnc0O9+5niapGOwfp/67xWnymXfta/IWBJFv3
Q05BhCLqy22kR9fIwg==
-----END CERTIFICATE REQUEST-----

24
helmfile/credentials/resources/certs/kafkaservercert.csr Normal file
View File

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE REQUEST-----
MIID9TCCAt0CAQAwgYgxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
FDASBgNVBAMMC1Rlc3RfU2VydmVyMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0oM77mgApW3
wdr9i+X24Swf/kYDYkB7wkilW/oi8tQVSLw261fEx/1e0+H34+vBaFtDj/lINTVi
yQMjztigDIWNHkjU99M+/514RbZTCvlvBJOarD2cfs6vFp7T4tuo21ztEbG15x7D
YaQKBYF0e6zzjN1bR0uWJz8+9hzrVcwtURY6r7qa+iYm5GvVLFxzVtBQxbaTNUI0
GrIXOQHOr7omAVFeihAyrUQPK+LTE32uVKRX4agtTAdVHyshiQw/5N3tVGGufzoR
onlsOjiKAKGfDmk6wCSQG17H0DFkEe8/H2Xr50BI/kjkKWUFiH4a22+4GbMBQP7v
x4tVlkoEGwIDAQABoIIBJTCCASEGCSqGSIb3DQEJDjGCARIwggEOMB0GA1UdDgQW
BBQ/nZ9a2IsHW7mOtoW/1Y1G3CCnKDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIDqDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbQYDVR0RBGYw
ZIILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYIQbWFpbC5leGFtcGxlLmNv
bYIPZnRwLmV4YW1wbGUuY29tgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAA
AAAAAAEwPgYJYIZIAYb4QgENBDEWL09wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBh
bmQgQ2xpZW50IENlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQCZbMT+zgkm
mQnPFt2UT9sxvygaUMxmywso5E89BvgwFt7/kkoKR9zo7TnLUGJ7cCWIHXPYokd5
na1Lomdfe5HTXO7BvNPAkhQAra25iFimAyopQjiLFEm5T79OOVkwWgzHUbhu18/e
LJWVL2Lu+SIvFSzD0q+2x0+IkbXkAHRCs/f1jlRafQi6AH/gzgJDwpQTZKe3S6PN
HST3czqbtpg17ZQuZ4XCxVAczDTZdC/eZ8xpglat7EZQs+6gSbX2FIFkju1CP7an
JvbPItPfwuLSe1EpC2nKFwpd1tcdATHMzQcTdjNN0/tMu5/8M9/4QJdn+ALoWIvn
if3dRjVJn4yr
-----END CERTIFICATE REQUEST-----

1
helmfile/credentials/resources/certs/keystore_creds Normal file
View File

@@ -0,0 +1 @@
mypassword

22
helmfile/credentials/resources/certs/mqttservercert.csr Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDjzCCAncCAQAwgaoxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
NjA0BgNVBAMMLW9wZW5zeW5jLW1xdHQtYnJva2VyLnpvbmUxLmxhYi53bGFuLnRp
cC5idWlsZDEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALAIR+8VJAnyD/gnuCDrXcapc7peDBI0
Tzp2dhU0X6THN3r3+TSruQGQKupbgxoF7STMXVMf1R94XWJR5J78tBvr+yI5c7P/
iXKA3OyUh4rb3+S14fn9tEO9IXaPcdKuwhoTtVE2aTl9360B7KLpFCJTY3LP+IDn
fOfcvnmOgE2xXz/8fRRld2BPHN2JHwAtI2lSlY1wOwjW/2AiRV/lXiHg0miXiHFd
qKbMKinEfXWUjQlHUM5G75HQZUsBPD6PP/iEXlzt3yprlDQ0uw4x6qKpHLODBuPI
n+emzPh8ZWJPWAZpm6y+Tk4P3rfTQ0GU8stJgajry/+JSo6movSTb30CAwEAAaCB
njCBmwYJKoZIhvcNAQkOMYGNMIGKMB0GA1UdDgQWBBQPnNwcKpj6cfFpRCzezdaj
e79PIzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIDqDAWBgNVHSUBAf8EDDAK
BggrBgEFBQcDATAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2Vy
dmVyIENlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQAjVorFs2MvFXVzSL8x
TNVQD0OtD5neHGLnTCktKqXh6DD4mUGWm33a2Ql7BjnwteERqz7Khu9EQEA9dj3n
3du4xXOZk6oquxFqfNgKHXa9MRT1jto6oKQ9RFspMDfQSiUGZUW3mMF3FkHH0l67
aGjLasbenOJwIl67gMGW/c/cHJRrI1v4fKp0TU+pgjMWzp6KUP8us+QkybodoEK5
6e7FsEQE0HPojbOR8QcQvnwz1YWt0AZuK+DpQou8DyCzJR0x9IBDd2EpF/N4G70q
wIFTBMRBTUQJxj1JJ0aS/lFVvvKcJU3P1dyFLRxmWT7wFQSaha6/d7tIbEEAtFn6
esX3
-----END CERTIFICATE REQUEST-----

24
helmfile/credentials/resources/certs/servercert.csr Normal file
View File

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIEGTCCAwECAQAwgYgxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
DQYDVQQHDAZPdHRhd2ExHzAdBgNVBAoMFkNvbm5lY3RVcyBUZWNobm9sb2dpZXMx
FDASBgNVBAMMC1Rlc3RfU2VydmVyMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcpUeC79hZlV
lEDaKFr5WqyJ29MY1aAidv0jHQMc4oqvIBjV/77qA0c5IzANHtmjQDF/hC2zIFdo
cQwlNZKNfK8ak4/ixVoYdvr8VUENOz0M8AzpJjJkMYXPmHQapysUsXRptZXi1tyI
KiPsPwxrd25irUm7cghios3VQLTqt0IeKa24Zm/7xL0KIeZfWc0bc51hJw2RE2TR
7diAGVyqZYi5QqEc8Ju94jB2YWJE2Khy/6uX13ZhxDwvY9f2nMFcYicQELC1ZHNm
dWyuTu7wGnpjsdqriLMEDnP6Ne/WUr4ISQrfn4UCwHkLCNxsrRKig5COJt7HHzNr
ObEZkPdb6QIDAQABoIIBSTCCAUUGCSqGSIb3DQEJDjGCATYwggEyMB0GA1UdDgQW
BBRrmzSs74NDLOHB4kOj4XWDXDLZkDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIDqDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATCBpQYDVR0RBIGdMIGagixvcGVu
c3luYy1yZWRpcmVjdG9yLnpvbmUxLmxhYi53bGFuLnRpcC5idWlsZIIsb3BlbnN5
bmMtY29udHJvbGxlci56b25lMS5sYWIud2xhbi50aXAuYnVpbGSCE3RpcC13bGFu
LXBvc3RncmVzcWyCD2Z0cC5leGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
AAAAATAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENl
cnRpZmljYXRlMA0GCSqGSIb3DQEBCwUAA4IBAQBSzzzuMSFZurx9RJnf9kesKTEY
LtRWwxY7Zs0D4PvTpOgJMR48D5R69N1nY2miMyH8SAFLhRTik0fOC5hoNkojITDk
XIRSqeA1+GxGfh+4sJRXfRZkdyWVYwaHexS8wBN6rVhAEnJb/FOmmh2p+wn8SRxp
lDzb5Hyr5bi8LoIMe7nSTs3ihpWhNz8W/v/fFsUBgnokRHF2Yy1mQoSvz2p8iDeS
lr+55h2ANdIAgtbjXB6eVa8UY4Uhh2YxkzazJyjnMI8EBtyc3KQCJGI8oO8jIGvY
rFfq5gBiBOSBzQ3yHzHtPB4iyzILpBOwzzn4O7rsQJdYw/15MdxfvxF0kIbS
-----END CERTIFICATE REQUEST-----

1
helmfile/credentials/resources/certs/truststore_creds Normal file
View File

@@ -0,0 +1 @@
mypassword

11
helmfile/credentials/resources/config/server.properties Normal file
View File

@@ -0,0 +1,11 @@
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.key.password=mypassword
ssl.keystore.location=/bitnami/kafka/kafka-server.pkcs12
ssl.keystore.password=mypassword
ssl.keystore.type=PKCS12
ssl.truststore.location=/bitnami/kafka/truststore.jks
ssl.truststore.password=mypassword
ssl.truststore.type=JKS
bootstrap.servers=tip-wlan-kafka-headless:9093

0
tip-wlan/resources/scripts/creation-replication-user-role.sh → helmfile/credentials/resources/scripts/creation-replication-user-role.sh
View File

17
helmfile/credentials/templates/configs.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tip-{{ .Release.Namespace }}-common-kafka-config
namespace: {{ .Release.Namespace }}
data:
{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tip-{{ .Release.Namespace }}-common-postgres-scripts
namespace: {{ .Release.Namespace }}
data:
{{ tpl (.Files.Glob "resources/scripts/creation-replication-user-role.sh").AsConfig . | indent 2 }}

13
helmfile/credentials/templates/docker-secret.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Namespace }}-docker-registry-key
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
.dockerconfigjson: {{ .Values.dockerRegistrySecret }}
type: kubernetes.io/dockerconfigjson

109
helmfile/credentials/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,109 @@
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-cassandra-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
truststore-password: {{ .Files.Get "resources/certs/truststore_creds" | b64enc }}
keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ .Files.Get "resources/certs/keystore_creds" | b64enc }}
cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-cassandra-client-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
cassandra_server_keystore.jks: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-kafka-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
truststore: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
truststore-password: {{ .Files.Get "resources/certs/truststore_creds" | b64enc }}
keystore: {{ .Files.Get "resources/certs/cassandra_server_keystore.jks" | b64enc }}
keystore-password: {{ .Files.Get "resources/certs/keystore_creds" | b64enc }}
cassandraservercert.pem: {{ .Files.Get "resources/certs/cassandraservercert.pem" | b64enc }}
cassandraserverkey_dec.pem: {{ .Files.Get "resources/certs/cassandraserverkey_dec.pem" | b64enc }}
kafka-0.keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
kafka.truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-kafka-client-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
kafka-server.pkcs12: {{ .Files.Get "resources/certs/kafka-server.pkcs12" | b64enc }}
truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-postgres-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
cert.crt: {{ .Files.Get "resources/certs/servercert.pem" | b64enc }}
cert.key: {{ .Files.Get "resources/certs/serverkey_dec.pem" | b64enc }}
postgresclientcert.pem: {{ .Files.Get "resources/certs/postgresclientcert.pem" | b64enc }}
postgresclientkey_dec.pem: {{ .Files.Get "resources/certs/postgresclientkey_dec.pem" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-postgres-client-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cacert.pem: {{ .Files.Get "resources/certs/cacert.pem" | b64enc }}
client_keystore.jks: {{ .Files.Get "resources/certs/client_keystore.jks" | b64enc }}
postgresclient.p12: {{ .Files.Get "resources/certs/postgresclient.p12" | b64enc }}
postgresclientcert.pem: {{ .Files.Get "resources/certs/postgresclientcert.pem" | b64enc }}
postgresclientkey_dec.pem: {{ .Files.Get "resources/certs/postgresclientkey_dec.pem" | b64enc }}
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
truststore.jks: {{ .Files.Get "resources/certs/truststore.jks" | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: tip-{{ .Release.Namespace }}-common-credentials
namespace: {{ .Release.Namespace }}
type: Opaque
data:
cassandra_tip_user: {{ .Values.cassandra.tip_user | b64enc }}
cassandra_tip_password: {{ .Values.cassandra.tip_password | b64enc }}
postgresql-password: {{ .Values.db.postgresUser.password | b64enc }}
tipuser-password: {{ .Values.db.tipUser.password | b64enc }}
schema-repo-user: {{ .Values.schema_repo.username | b64enc }}
schema-repo-password: {{ .Values.schema_repo.password | b64enc }}
sslKeyPassword: {{ .Values.ssl.keyPassword | b64enc }}
sslKeystorePassword: {{ .Values.ssl.keystorePassword | b64enc }}
sslTruststorePassword: {{ .Values.ssl.truststorePassword | b64enc }}
websocketSessionTokenEncKey: {{ .Values.websocketSessionTokenEncKey | b64enc }}

20
helmfile/credentials/values.yaml Normal file
View File

@@ -0,0 +1,20 @@
#################################################################
# Credentials and secrets for reuse in other charts
#################################################################
creds:
ssl:
keyPassword: mypassword
keystorePassword: mypassword
truststorePassword: mypassword
db:
postgresUser:
password: DUMMY_POSTGRES_PASSWORD
tipUser:
password: tip_password
schema_repo:
username: tip-read
password: tip-read
cassandra:
tip_user: tip_user
tip_password: tip_password

18
helmfile/helmfile-01-namespace.yaml Normal file
View File

@@ -0,0 +1,18 @@
bases:
- helmfile-environment.yaml
- helmfile-defaults.yaml
---
bases:
- helmfile-repositories.yaml.gotmpl
---
releases:
- name: namespace-{{ .Environment.Values.global.namespace }}
chart: incubator/raw
namespace: default
values:
- resources:
- apiVersion: v1
kind: Namespace
metadata:
name: {{ .Environment.Values.global.namespace }}

226
helmfile/helmfile-02-stateful.yaml Normal file
View File

@@ -0,0 +1,226 @@
bases:
- helmfile-environment.yaml
- helmfile-defaults.yaml
---
releases:
- name: postgres-{{ .Environment.Values.global.namespace }}
namespace: {{ .Environment.Values.global.namespace }}
chart: bitnami/postgresql
version: 9.8.4
condition: postgres.enabled
labels:
role: prerequisites
app: postgres
values:
- postgresqlDatabase: tip
image:
tag: 11.8.0-debian-10-r58
debug: true
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: {{ .Environment.Values.global.monitoring.namespace }}
additionalLabels:
release: prometheus-operator
postgresqlUsername: {{ .Environment.Values.postgres.user }}
postgresqlPassword: {{ .Environment.Values.postgres.password }}
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: {{ .Environment.Values.postgres.replication.user }}
password: {{ .Environment.Values.postgres.replication.password }}
slaveReplicas: 1
persistence:
enabled: true
storageClass: {{ .Environment.Values.storageClass }}
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-{{ .Environment.Values.global.namespace }}-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-{{ .Environment.Values.global.namespace }}-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: "/opt/tip-wlan/certs/cacert.pem"
slave:
extraVolumes:
jsonPatches:
- target:
version: v1
group: apps
kind: StatefulSet
name: postgres-{{ .Environment.Values.global.namespace }}-postgresql-master
patch:
- op: replace
path: /spec/template/spec/initContainers/0/command
value:
- /bin/sh
- -cx
- |
chown 1001:1001 /bitnami/postgresql
mkdir -p /bitnami/postgresql/data /bitnami/postgresql/conf
chmod 700 /bitnami/postgresql/data /bitnami/postgresql/conf
find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R 1001:1001
chmod -R 777 /dev/shm
cp /tmp/certs/* /opt/bitnami/postgresql/certs/
chown -R 1001:1001 /opt/bitnami/postgresql/certs/
chmod 600 /opt/bitnami/postgresql/certs/cert.key
chmod 600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem
- name: zookeeper-{{ .Environment.Values.global.namespace }}
namespace: {{ .Environment.Values.global.namespace }}
chart: incubator/zookeeper
version: 2.1.4
condition: zookeeper.enabled
labels:
role: prerequisites
app: zookeeper
values:
- persistence:
enabled: true
storageClass: {{ .Environment.Values.storageClass }}
replicaCount: 1
- name: kafka-{{ .Environment.Values.global.namespace }}
namespace: {{ .Environment.Values.global.namespace }}
chart: bitnami/kafka
version: 11.8.7
condition: kafka.enabled
labels:
role: prerequisites
app: kafka
values:
- replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: plaintext
jksSecret: tip-{{ .Environment.Values.global.namespace }}-common-kafka-certs
jksPassword: {{ .Environment.Values.credentials.keyPassword }}
tlsEndpointIdentificationAlgorithm: https
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
# existingConfigmap: tip-{{ .Environment.Values.global.namespace }}-common-kafka-config
# allowPlaintextListener: true
persistence:
enabled: true
storageClass: {{ .Environment.Values.storageClass }}
metrics:
serviceMonitor:
enabled: false
namespace: {{ .Environment.Values.global.monitoring.namespace }}
selector:
release: prometheus-operator
zookeeper:
enabled: false
externalZookeeper:
servers:
- zookeeper-{{ .Environment.Values.global.namespace }}
- name: cassandra-{{ .Environment.Values.global.namespace }}
namespace: {{ .Environment.Values.global.namespace }}
chart: bitnami/cassandra
version: 6.0.1
condition: cassandra.enabled
labels:
role: prerequisites
app: cassandra
values:
- tlsEncryptionSecretName: tip-{{ .Environment.Values.global.namespace }}-common-cassandra-certs
- image:
debug: true
- persistence:
enabled: true
storageClass: {{ .Environment.Values.storageClass }}
- replicaCount: 3
- cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
- exporter:
enabled: false
serviceMonitor:
enabled: true
additionalLabels:
release: prometheus-operator
- dbUser:
user: {{ .Environment.Values.cassandra.user }}
password: {{ .Environment.Values.cassandra.password }}
- resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
- name: tip-{{ .Environment.Values.global.namespace }}-credentials
namespace: {{ .Environment.Values.global.namespace }}
chart: credentials
labels:
role: prerequisites
app: credentials
values:
- ssl:
keyPassword: {{ .Environment.Values.credentials.keyPassword }}
keystorePassword: {{ .Environment.Values.credentials.keystorePassword }}
truststorePassword: {{ .Environment.Values.credentials.truststorePassword }}
db:
postgresUser:
password: {{ .Environment.Values.postgres.password }}
tipUser:
password: {{ .Environment.Values.postgres.password }}
schema_repo:
username: {{ .Environment.Values.credentials.jFrog.user }}
password: {{ .Environment.Values.credentials.jFrog.password }}
cassandra:
tip_user: {{ .Environment.Values.cassandra.user }}
tip_password: {{ .Environment.Values.cassandra.password }}
websocketSessionTokenEncKey: {{ .Environment.Values.credentials.websocketSessionTokenEncKey }}
dockerRegistrySecret: {{ .Environment.Values.credentials.dockerSecret }}
- name: tip-{{ .Environment.Values.global.namespace }}-efs-provisioner
namespace: {{ .Environment.Values.global.namespace }}
chart: stable/efs-provisioner
version: 0.13.0
condition: efs-provisioner.enabled
labels:
role: prerequisites
app: efs-provisioner
values:
- serviceAccount:
create: true
name: efs-provisioner
- provisioner:
nameExtension: efs-provisioner
replicaCount: 1
strategyType: Recreate
image:
name: quay.io/external_storage/efs-provisioner
tag: latest
efsFileSystemId: fs-8a3fa867
awsRegion: ca-central-1
dnsName: ""
provisionerName: shared-provisioner
efsDnsName: fs-8a3fa867.efs.ca-central-1.amazonaws.com
storageClass: aws-efs

196
helmfile/helmfile-03-cloudsdk.yaml Normal file
View File

@@ -0,0 +1,196 @@
bases:
- helmfile-environment.yaml
- helmfile-defaults.yaml
---
releases:
- name: tip-{{ .Environment.Values.global.namespace }}-opensync-gw-cloud
namespace: {{ .Environment.Values.global.namespace }}
chart: opensync-gw-cloud
condition: opensync-gw-cloud.enabled
labels:
role: payload
app: opensync-gw-cloud
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- externalhostaddress:
ovsdb: tip-wlan-opensync-gw-cloud
mqtt: tip-wlan-opensync-mqtt-broker
persistence:
enabled: true
filestore:
url: "https://tip-wlan-opensync-gw-cloud:9096"
- name: tip-{{ .Environment.Values.global.namespace }}-opensync-gw-static
namespace: {{ .Environment.Values.global.namespace }}
chart: opensync-gw-static
condition: opensync-gw-static.enabled
labels:
role: payload
app: opensync-gw-static
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- name: tip-{{ .Environment.Values.global.namespace }}-opensync-mqtt-broker
namespace: {{ .Environment.Values.global.namespace }}
chart: opensync-mqtt-broker
condition: opensync-mqtt-broker.enabled
labels:
role: payload
app: opensync-mqtt-broker
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- replicaCount: 1
persistence:
enabled: true
storageClass: {{ .Environment.Values.storageClass }}
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-cloud-graphql-gw
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-cloud-graphql-gw
condition: wlan-cloud-graphql-gw.enabled
labels:
role: payload
app: wlan-cloud-graphql-gw
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- env:
portalsvc: graphql.{{ .Environment.Values.global.domain }}
ingress:
hosts:
- host: graphql.{{ .Environment.Values.global.domain }}
paths:
- "/"
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-cloud-static-portal
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-cloud-static-portal
condition: wlan-cloud-static-portal.enabled
labels:
role: payload
app: wlan-cloud-static-portal
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- ingress:
hosts:
- host: portal.{{ .Environment.Values.global.domain }}
paths:
- "/"
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-integrated-cloud-component-service
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-integrated-cloud-component-service
condition: wlan-integrated-cloud-component-service.enabled
labels:
role: payload
app: wlan-integrated-cloud-component-service
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-port-forwarding-gateway-service
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-port-forwarding-gateway-service
condition: wlan-port-forwarding-gateway-service.enabled
labels:
role: payload
app: port-forwarding-gateway-service
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-portal-service
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-portal-service
condition: wlan-portal-service.enabled
labels:
role: payload
app: wlan-portal-service
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- persistence:
enabled: true
storageClass: {{ .Environment.Values.storageClass }}
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-prov-service
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-prov-service
condition: wlan-prov-service.enabled
labels:
role: payload
app: wlan-prov-service
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-spc-service
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-spc-service
condition: wlan-spc-service.enabled
labels:
role: payload
app: wlan-spc-service
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always
- name: tip-{{ .Environment.Values.global.namespace }}-wlan-ssc-service
namespace: {{ .Environment.Values.global.namespace }}
chart: wlan-ssc-service
condition: wlan-ssc-service.enabled
labels:
role: payload
app: wlan-ssc-service
values:
- global:
nodePortPrefixExt: {{ .Environment.Values.global.nodePortPrefixExt }}
nodePortPrefix: {{ .Environment.Values.global.nodePortPrefix }}
repository: {{ .Environment.Values.global.repository }}
isCloudDeployment: true
pullPolicy: Always

5
helmfile/helmfile-defaults.yaml Normal file
View File

@@ -0,0 +1,5 @@
helmDefaults:
createNamespace: false
force: false
verify: false
wait: false

65
helmfile/helmfile-environment.yaml Normal file
View File

@@ -0,0 +1,65 @@
environments:
default:
values:
- global:
namespace: testota
domain: lab.wlan.tip.build
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
monitoring:
namespace: monitoring
nodePortPrefix: 311
nodePortPrefixExt: 313
- credentials:
jFrog:
user: tip-read
password: tip-read
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
keyPassword: mypassword
keystorePassword: mypassword
truststorePassword: mypassword
dockerSecret: ewoJImF1dGhzIjogewoJCSJ0aXAtdGlwLXdsYW4tY2xvdWQtZG9ja2VyLXJlcG8uamZyb2cuaW8iOiB7CgkJCSJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
# Stateful components start here
- storageClass: gp2
- postgres:
enabled: true
user: tip_user
password: DUMMY_POSTGRES_PASSWORD
replication:
user: repl_user
password: repl_password
- zookeeper:
enabled: true
- kafka:
enabled: true
- cassandra:
enabled: true
user: cassandra
password: cassandra
- efs-provisioner:
enabled: false
# Wlan components start here
- opensync-gw-cloud:
enabled: true
- opensync-gw-static:
enabled: true
- opensync-mqtt-broker:
enabled: true
- wlan-cloud-graphql-gw:
enabled: true
- wlan-cloud-static-portal:
enabled: true
- wlan-integrated-cloud-component-service:
enabled: true
- wlan-port-forwarding-gateway-service:
enabled: true
- wlan-portal-service:
enabled: true
- wlan-prov-service:
enabled: true
- wlan-spc-service:
enabled: true
- wlan-ssc-service:
enabled: true

7
helmfile/helmfile-repositories.yaml.gotmpl Normal file
View File

@@ -0,0 +1,7 @@
repositories:
- name: stable
url: https://kubernetes-charts.storage.googleapis.com
- name: incubator
url: https://kubernetes-charts-incubator.storage.googleapis.com
- name: bitnami
url: https://charts.bitnami.com/bitnami

3
helmfile/helmfile.yaml Normal file
View File

@@ -0,0 +1,3 @@
helmfiles:
- helmfile-0*

23
helmfile/opensync-gw-cloud/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helmfile/opensync-gw-cloud/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2020-10-19T11:29:27.1946594Z"

12
helmfile/opensync-gw-cloud/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v2
name: opensync-gw-cloud
description: WLAN Opensync Gateway Cloud Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: 1.16.0
dependencies:
- name: common
version: 0.1.0
repository: file://../common

2
tip-wlan/resources/certs/README.md → helmfile/opensync-gw-cloud/resources/config/certs/README.md
View File

@@ -1,2 +1,2 @@
Contains certs needed for cloud controller to work
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

18
helmfile/opensync-gw-cloud/resources/config/certs/httpClientConfig.json Normal file
View File

@@ -0,0 +1,18 @@
{
"maxConnectionsTotal":100,
"maxConnectionsPerRoute":10,
"truststoreType":"JKS",
"truststoreProvider":"SUN",
"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass":"mypassword",
"keystoreType":"JKS",
"keystoreProvider":"SUN",
"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass":"mypassword",
"keyAlias":"clientkeyalias",
"credentialsList":[
{"host":"localhost","port":-1,"user":"user","password":"password"}
]
}

5
tip-wlan/resources/certs/ssl.properties → helmfile/opensync-gw-cloud/resources/config/certs/ssl.properties
View File

@@ -1,12 +1,13 @@
truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
truststorePass=mypassword
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
keystorePass=mypassword
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS

78
helmfile/opensync-gw-cloud/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<appender name="mqttDataFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/mqttData.log</file>
<append>true</append>
<encoder>
<pattern>%date %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/mqttData.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG" additivity="false">
<appender-ref ref="mqttDataFile"/>
</logger>
<root level="WARN">
<appender-ref ref="logfile"/>
</root>
</configuration>

21
helmfile/opensync-gw-cloud/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

7
helmfile/opensync-gw-cloud/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ .Release.Namespace }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

287
helmfile/opensync-gw-cloud/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,287 @@
{{- $icc := include "integratedcloudcomponent.service" . -}}
{{- $prov := include "prov.service" . -}}
{{- $ssc := include "ssc.service" . -}}
{{- $mqtt := include "mqtt.service" . -}}
{{- $file_store_path := include "filestore.dir.name" . -}}
{{- $cloudeployment := .Values.global.isCloudDeployment -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
imagePullSecrets:
- name: "{{ .Release.Namespace }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-mqtt-readiness
image: eclipse-mosquitto:latest
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
counter=0
while [ $counter -lt 10 ] && [ $status -ne 0 ]
do
echo {{ $mqtt }} service isnt ready. Tried $counter times
sleep 2
counter=`expr $counter + 1`
mosquitto_pub -h {{ $mqtt }} -p 1883 --cafile /certs/cacert.pem --cert /certs/clientcert.pem --key /certs/clientkey.pem --insecure -t "/ap/test" -q 0 -m "CheckingMQTTAliveness"
status=$(echo $?)
echo mosquitto_pub response of the request = $status
done
if [ $status -eq 0 ]
then
echo {{ $mqtt }} service is ready!
else
echo {{ $mqtt }} service failed to respond after 20 secs
exit 1
fi
volumeMounts:
- mountPath: /certs/cacert.pem
name: certificates
subPath: cacert.pem
- mountPath: /certs/clientcert.pem
name: certificates
subPath: clientcert.pem
- mountPath: /certs/clientkey.pem
name: certificates
subPath: clientkey.pem
{{- if .Values.global.integratedDeployment }}
- name: {{ include "common.name" . }}-readiness-int-cloud
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $icc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- else }}
- name: {{ include "common.name" . }}-readiness-prov
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $prov }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
- name: {{ include "common.name" . }}-readiness-ssc
image: alpine
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
- sh
- -c
- |
if [ {{ $cloudeployment }} = false ]
then
echo "151.101.112.249 dl-cdn.alpinelinux.org" >> /etc/hosts
echo "Added name-resolution for local deployments"
fi
apk add curl
url=https://{{ $ssc }}/ping
counter=0
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
while [ $counter -lt 10 ] && [ $status -ne 200 ]
do
echo ${url} service isnt ready. Tried $counter times
sleep 5
counter=`expr $counter + 1`
status=$(curl --insecure --head --location --connect-timeout 5 --write-out %{http_code} --silent --output /dev/null ${url});
echo Http Response code of ping request = $status
done
if [ $status -eq 200 ]
then
echo ${url} service is ready!
else
echo ${url} service failed to respond after 50 secs
exit 1
fi
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
env:
{{- include "common.env" . | nindent 12 }}
- name: OVSDB_MANAGER
value: {{ .Values.externalhostaddress.ovsdb }}
- name: OVSDB_MANAGER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MQTT_SERVER_INTERNAL
value: {{ .Release.Name }}-{{ .Values.mqtt.url }}
- name: MQTT_SERVER_EXTERNAL
value: {{ .Values.externalhostaddress.mqtt }}
{{- if .Values.global.integratedDeployment }}
- name: INTEGRATED_SERVER
value: {{ .Release.Name }}-{{ .Values.integratedcloudcomponent.url }}
{{- else }}
- name: PROV_SERVER
value: {{ .Release.Name }}-{{ .Values.prov.url }}
- name: SSC_SERVER
value: {{ .Release.Name }}-{{ .Values.ssc.url }}
{{- end }}
- name: FILE_STORE_DIRECTORY_INTERNAL
value: {{ $file_store_path }}
- name: FILE_STORE_URL
value: {{ .Values.filestore.url }}
- name: DEFAULT_LAN_NAME
value: {{ .Values.ethernetType.lanName }}
- name: DEFAULT_LAN_TYPE
value: {{ .Values.ethernetType.lanType }}
- name: DEFAULT_WAN_TYPE
value: {{ .Values.ethernetType.wanType }}
- name: DEFAULT_WAN_NAME
value: {{ .Values.ethernetType.wanName }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
subPath: client_keystore.jks
- mountPath: /opt/tip-wlan/certs/truststore.jks
name: certificates
subPath: truststore.jks
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /opt/tip-wlan/certs/httpClientConfig.json
name: certificates
subPath: httpClientConfig.json
- mountPath: /opt/tip-wlan/certs/ssl.properties
name: certificates
subPath: ssl.properties
- mountPath: /app/opensync/logback.xml
name: logback-config
subPath: logback.xml
- mountPath: {{ $file_store_path }}
name: file-store-data
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
- name: {{ .Values.service.name3 }}
containerPort: {{ .Values.service.port3 }}
protocol: TCP
- name: {{ .Values.service.name4 }}
containerPort: {{ .Values.service.port4 }}
protocol: TCP
{{- if .Values.debug.enabled }}
- name: {{ .Values.service.name5 }}
containerPort: {{ .Values.service.port5 }}
protocol: TCP
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config
- name: file-store-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "portal.sharedPvc.name" . }}
{{- else }}
emptyDir: {}
{{- end }}

42
helmfile/opensync-gw-cloud/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

8
helmfile/opensync-gw-cloud/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

39
helmfile/opensync-gw-cloud/templates/service.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port1 }}
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- port: {{ .Values.service.port3 }}
targetPort: {{ .Values.service.port3 }}
protocol: TCP
name: {{ .Values.service.name3 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- port: {{ .Values.service.port4 }}
targetPort: {{ .Values.service.port4 }}
protocol: TCP
name: {{ .Values.service.name4 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{- if .Values.debug.enabled }}
- port: {{ .Values.service.port5 }}
targetPort: {{ .Values.service.port5 }}
protocol: TCP
name: {{ .Values.service.name5 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort5 }}
{{- end }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

13
helmfile/opensync-gw-cloud/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

18
helmfile/opensync-gw-cloud/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.testsEnabled -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "common.fullname" . }}-test-connection"
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never
{{- end }}

35
helmfile/opensync-gw-cloud/templates/transport-server-tcp.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: k8s.nginx.org/v1alpha1
kind: TransportServer
metadata:
name: {{ include "common.name" . }}-controller
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
listener:
name: opensync-gw-controller-port-listener
protocol: TCP
upstreams:
- name: {{ include "common.name" . }}
service: {{ include "common.fullname" . }}
port: {{ .Values.service.port1 }}
action:
pass: {{ include "common.name" . }}
---
apiVersion: k8s.nginx.org/v1alpha1
kind: TransportServer
metadata:
name: {{ include "common.name" . }}-redirector
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
listener:
name: opensync-gw-redirector-port-listener
protocol: TCP
upstreams:
- name: {{ include "common.name" . }}
service: {{ include "common.fullname" . }}
port: {{ .Values.service.port2 }}
action:
pass: {{ include "common.name" . }}

170
helmfile/opensync-gw-cloud/values.yaml Normal file
View File

@@ -0,0 +1,170 @@
# Default values for opensync-gw.
# This is a YAML-formatted file.
#################################################################
# Application configuration defaults.
#################################################################
# Declare variables to be passed into your templates.
replicaCount: 1
image:
name: opensync-gateway-cloud
tag: 0.0.1-SNAPSHOT
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## Liveness and Readiness probe values.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
probes:
enabled: false
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
# Enable/Disable Helm tests
testsEnabled: false
# Enable/Disable Remote debugging
debug:
enabled: false
service:
type: NodePort
port1: 6640
nodePort1: 29
name1: controller
port2: 6643
name2: redirector
nodePort2: 30
port3: 9096
name3: server
nodePort3: 27
port4: 9097
name4: internal
nodePort4: 28
port5: 5005
name5: debug
nodePort5: 26
persistence:
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
# the filestore internal: location of the folder where UI files will be stored
# on the PV
# the filestore url: externally reachable URL i.e.; reachable from AP, where it
# can download the files from. Override this value (url) to the configured
# HTTP server in your system
filestore:
internal: "/tmp/filestore"
url: DUMMY_FILESTORE_HTTPS_URL
integratedcloudcomponent:
url: wlan-integrated-cloud-component-service
port: 9091
prov:
url: wlan-prov-service
port: 9092
ssc:
url: wlan-ssc-service
port: 9032
mqtt:
url: opensync-mqtt-broker
portal:
url: wlan-portal-service
sharedPvc:
name: file-store-data
ordinal: 0
# These are list of external HostAddresses for ovsdb, mqtt.
# This is important for ovsdb and mqtt since
# that's what AP sees. Please make sure to override
# them in dev override file for your respective environments.
externalhostaddress:
ovsdb: opensync-gw-cloud
mqtt: opensync-mqtt-broker
ethernetType:
lanName: "lan"
lanType: "bridge"
wanType: "bridge"
wanName: "wan"
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
env:
protocol: https
ssc_url: SSC_RELEASE_URL
prov_url: PROV_RELEASE_URL
ssc:
service: wlan-ssc-service
port: 9031
prov:
service: wlan-prov-service
port: 9091

23
helmfile/opensync-gw-static/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helmfile/opensync-gw-static/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2020-10-19T12:15:04.8106439Z"

12
helmfile/opensync-gw-static/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v2
name: opensync-gw-static
description: WLAN Opensync Gateway Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: 1.16.0
dependencies:
- name: common
version: 0.1.0
repository: file://../common

2
helmfile/opensync-gw-static/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

18
helmfile/opensync-gw-static/resources/config/certs/httpClientConfig.json Normal file
View File

@@ -0,0 +1,18 @@
{
"maxConnectionsTotal":100,
"maxConnectionsPerRoute":10,
"truststoreType":"JKS",
"truststoreProvider":"SUN",
"truststoreFile":"file:/opt/tip-wlan/certs/truststore.jks",
"truststorePass":"mypassword",
"keystoreType":"JKS",
"keystoreProvider":"SUN",
"keystoreFile":"file:/opt/tip-wlan/certs/client_keystore.jks",
"keystorePass":"mypassword",
"keyAlias":"clientkeyalias",
"credentialsList":[
{"host":"localhost","port":-1,"user":"user","password":"password"}
]
}

13
helmfile/opensync-gw-static/resources/config/certs/ssl.properties Normal file
View File

@@ -0,0 +1,13 @@
truststorePass=mypassword
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass=mypassword
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS

75
helmfile/opensync-gw-static/resources/config/logback.xml Normal file
View File

@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- For assistance related to logback-translator or configuration -->
<!-- files in general, please contact the logback user mailing list -->
<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
<!-- -->
<!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- -->
<configuration>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!--
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>myApp.log</file>
<encoder>
<pattern>%date %level [%thread] %logger{10} [%file:%line] %msg%n</pattern>
</encoder>
</appender>
-->
<appender name="logfile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/app/logs/opensyncgw.log</file>
<append>true</append>
<encoder>
<pattern>%date %level [%thread] %logger{36} [%file:%line] %msg%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<fileNamePattern>/app/logs/opensyncgw.%i.log.gz</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>3</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<maxFileSize>20MB</maxFileSize>
</triggeringPolicy>
</appender>
<!--
details: http://logback.qos.ch/manual/configuration.html#auto_configuration
runtime configuration, if need to override the defaults:
-Dlogback.configurationFile=/path/to/logback.xml
for log configuration debugging - use
-Dlogback.statusListenerClass=ch.qos.logback.core.status.OnConsoleStatusListener
log levels:
OFF ERROR WARN INFO DEBUG TRACE
-->
<logger name="org.apache.catalina.startup.DigesterFactory" level="ERROR"/>
<logger name="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" level="INFO"/>
<logger name="org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer" level="INFO"/>
<logger name="com.telecominfraproject.wlan" level="DEBUG"/>
<logger name="com.netflix.servo.tag.aws.AwsInjectableTag" level="OFF"/>
<logger name="com.vmware.ovsdb.service.OvsdbConnectionInfo" level="OFF"/>
<logger name="com.vmware.ovsdb.netty.OvsdbConnectionHandler" level="ERROR"/>
<logger name="MQTT_DATA" level="DEBUG"/>
<!--
<logger name="org.springframework.security.web.authentication.preauth" level="DEBUG"/>
-->
<root level="WARN">
<!-- <appender-ref ref="stdout"/>-->
<appender-ref ref="logfile"/>
</root>
</configuration>

21
helmfile/opensync-gw-static/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

7
helmfile/opensync-gw-static/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log-config
namespace: {{ .Release.Namespace }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}

94
helmfile/opensync-gw-static/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,94 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
imagePullSecrets:
- name: "{{ .Release.Namespace }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.port2 }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
volumeMounts:
- mountPath: /opt/tip-wlan/certs/client_keystore.jks
name: certificates
subPath: client_keystore.jks
- mountPath: /opt/tip-wlan/certs/truststore.jks
name: certificates
subPath: truststore.jks
- mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates
subPath: server.pkcs12
- mountPath: /opt/tip-wlan/certs/httpClientConfig.json
name: certificates
subPath: httpClientConfig.json
- mountPath: /opt/tip-wlan/certs/ssl.properties
name: certificates
subPath: ssl.properties
- mountPath: /app/opensync/logback.xml
name: logback-config
subPath: logback.xml
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: certificates
secret:
secretName: {{ include "common.fullname" . }}-certs
- name: logback-config
configMap:
name: {{ include "common.fullname" . }}-log-config

42
helmfile/opensync-gw-static/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

8
helmfile/opensync-gw-static/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

20
helmfile/opensync-gw-static/templates/service.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port1 }}
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

13
helmfile/opensync-gw-static/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

18
helmfile/opensync-gw-static/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.testsEnabled -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "common.fullname" . }}-test-connection"
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never
{{- end }}

35
helmfile/opensync-gw-static/templates/transport-server-tcp.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: k8s.nginx.org/v1alpha1
kind: TransportServer
metadata:
name: {{ include "common.name" . }}-controller
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
listener:
name: opensync-gw-controller-port-listener
protocol: TCP
upstreams:
- name: {{ include "common.name" . }}
service: {{ include "common.fullname" . }}
port: {{ .Values.service.port1 }}
action:
pass: {{ include "common.name" . }}
---
apiVersion: k8s.nginx.org/v1alpha1
kind: TransportServer
metadata:
name: {{ include "common.name" . }}-redirector
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
listener:
name: opensync-gw-redirector-port-listener
protocol: TCP
upstreams:
- name: {{ include "common.name" . }}
service: {{ include "common.fullname" . }}
port: {{ .Values.service.port2 }}
action:
pass: {{ include "common.name" . }}

95
helmfile/opensync-gw-static/values.yaml Normal file
View File

@@ -0,0 +1,95 @@
# Default values for opensync-gw.
# This is a YAML-formatted file.
#################################################################
# Application configuration defaults.
#################################################################
# Declare variables to be passed into your templates.
replicaCount: 1
image:
name: opensync-gateway-static
tag: 0.0.1-SNAPSHOT
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## Liveness and Readiness probe values.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
probes:
enabled: false
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
# Enable/Disable Helm tests
testsEnabled: false
service:
type: ClusterIP
port1: 6640
name1: controller
port2: 6643
name2: redirector
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

23
helmfile/opensync-mqtt-broker/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helmfile/opensync-mqtt-broker/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2020-10-19T12:15:25.5035557Z"

12
helmfile/opensync-mqtt-broker/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v2
name: opensync-mqtt-broker
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: 1.16.0
dependencies:
- name: common
version: 0.1.0
repository: file://../common

2
helmfile/opensync-mqtt-broker/resources/config/certs/README.md Normal file
View File

@@ -0,0 +1,2 @@
Contains certs needed for this service to start.
Please refer to page: https://telecominfraproject.atlassian.net/wiki/spaces/WIFI/pages/262176803/Pre-requisites+before+deploying+Tip-Wlan+solution

17
helmfile/opensync-mqtt-broker/resources/config/mosquitto.conf Normal file
View File

@@ -0,0 +1,17 @@
cafile /certs/cacert.pem
certfile /certs/mqttservercert.pem
keyfile /certs/mqttserverkey_dec.pem
require_certificate true
use_identity_as_username true
allow_anonymous false
allow_duplicate_messages true
autosave_interval 900
log_dest stdout
max_queued_bytes 0
max_queued_messages 0
message_size_limit 0
persistence true
persistence_file mosquitto.db
persistence_location /mosquitto/db/
pid_file /mosquitto/mosquitto.pid
port 1883

21
helmfile/opensync-mqtt-broker/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

7
helmfile/opensync-mqtt-broker/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquitto-config
namespace: {{ .Release.Namespace }}
data:
{{ tpl (.Files.Glob "resources/config/mosquitto.conf").AsConfig . | indent 2 }}

42
helmfile/opensync-mqtt-broker/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

8
helmfile/opensync-mqtt-broker/templates/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: opensync-mqtt-broker-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}

22
helmfile/opensync-mqtt-broker/templates/service.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port1 }}
targetPort: {{ .Values.service.port1 }}
protocol: TCP
name: {{ .Values.service.name1 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- port: {{ .Values.service.port2 }}
targetPort: {{ .Values.service.port2 }}
protocol: TCP
name: {{ .Values.service.name2 }}
nodePort: {{ .Values.global.nodePortPrefix }}{{ .Values.service.nodePort2 }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

13
helmfile/opensync-mqtt-broker/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

168
helmfile/opensync-mqtt-broker/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,168 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
serviceName: {{ include "common.fullname" . }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
updateStrategy:
{{ toYaml .Values.updateStrategy | indent 4 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
## Custom pod labels
{{- range $key, $value := .Values.podLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
## Custom pod annotations
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
imagePullSecrets:
- name: "{{ .Release.Namespace }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ include "common.name" . }}-init-dir-ownership-change
image: alpine:3.6
# Change ownership to `mosquitto` user for a mounted volume
command:
- sh
- -c
- |
chown -R 1883:1883 /mosquitto/data
chown -R 1883:1883 /mosquitto/db
volumeMounts:
- name: data
mountPath: /mosquitto/data
- name: db
mountPath: /mosquitto/db
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
initialDelaySeconds: {{ .Values.probes.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.livenessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.livenessProbe.successThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.port1 }}
initialDelaySeconds: {{ .Values.probes.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probes.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readinessProbe.failureThreshold }}
periodSeconds: {{ .Values.probes.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.probes.readinessProbe.successThreshold }}
{{- end }}
volumeMounts:
- mountPath: /certs/cacert.pem
name: opensync-mqtt-broker-truststore
subPath: cacert.pem
- mountPath: /certs/mqttservercert.pem
name: opensync-mqtt-broker-truststore
subPath: mqttservercert.pem
- mountPath: /certs/mqttserverkey_dec.pem
name: opensync-mqtt-broker-truststore
subPath: mqttserverkey_dec.pem
- mountPath: /mosquitto/config/mosquitto.conf
name: opensync-mqtt-broker-conf
subPath: mosquitto.conf
- mountPath: /mosquitto/db/
name: db
- mountPath: /mosquitto/data/
name: data
ports:
- name: {{ .Values.service.name1 }}
containerPort: {{ .Values.service.port1 }}
protocol: TCP
- name: {{ .Values.service.name2 }}
containerPort: {{ .Values.service.port2 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: opensync-mqtt-broker-truststore
secret:
secretName: opensync-mqtt-broker-certs
- name: opensync-mqtt-broker-conf
configMap:
name: mosquitto-config
{{- if not .Values.persistence.enabled }}
- name: db
emptyDir: {}
- name: data
emptyDir: {}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: db
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.sizeDb | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
- metadata:
name: data
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.sizeData | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

18
helmfile/opensync-mqtt-broker/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.testsEnabled -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "common.fullname" . }}-test-connection"
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port1 }}']
restartPolicy: Never
{{- end }}

17
helmfile/opensync-mqtt-broker/templates/transport-server-tcp.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: k8s.nginx.org/v1alpha1
kind: TransportServer
metadata:
name: {{ include "common.name" . }}-mqtt
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
listener:
name: opensync-mqtt-port-listener
protocol: TCP
upstreams:
- name: {{ include "common.name" . }}
service: {{ include "common.fullname" . }}
port: {{ .Values.service.port1 }}
action:
pass: {{ include "common.name" . }}

129
helmfile/opensync-mqtt-broker/values.yaml Normal file
View File

@@ -0,0 +1,129 @@
# Default values for mqtt.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
name: eclipse-mosquitto
tag: latest
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
terminationGracePeriodSeconds: 1800 # Duration in seconds a mosquitto pod needs to terminate gracefully.
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## Liveness and Readiness probe values.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
probes:
enabled: true
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
# Enable/Disable Helm tests
testsEnabled: false
service:
type: NodePort
port1: 1883
name1: listener
nodePort1: 31
port2: 9001
name2: debug
nodePort2: 32
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
priorityClassName: ""
nodeSelector: {}
tolerations: []
affinity: {}
persistence:
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
## existingClaimData: opensync-wifi-controller-opensync-mqtt-broker-data
## existingClaimDb: opensync-wifi-controller-opensync-mqtt-broker-db
## volumeReclaimPolicy: Retain
## If you want to bind to an existing PV, uncomment below with the pv name
## and comment storageClass and belowannotation
## volumeNameDb: pvc-dc52b290-ae86-4cb3-aad0-f2c806a23114
## volumeNameData: pvc-735baedf-323b-47bc-9383-952e6bc5ce3e
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "-"
accessMode: ReadWriteOnce
## Size of Db PVC
sizeDb: 1Gi
## Size of Data PVC
sizeData: 1Gi
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:

23
helmfile/wlan-cloud-graphql-gw/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helmfile/wlan-cloud-graphql-gw/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2020-10-19T12:15:26.5973407Z"

12
helmfile/wlan-cloud-graphql-gw/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v2
name: wlan-cloud-graphql-gw
description: WLAN Cloud Apollo Server Helm Chart
type: application
version: 0.1.0
appVersion: 0.0.1
dependencies:
- name: common
version: 0.1.0
repository: file://../common

21
helmfile/wlan-cloud-graphql-gw/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
{{- end }}

53
helmfile/wlan-cloud-graphql-gw/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "common.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "common.selectorLabels" . | nindent 8 }}
spec:
imagePullSecrets:
- name: "{{ .Release.Namespace }}-docker-registry-key"
serviceAccountName: {{ include "common.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:
- name: API
{{- if .Values.env.localService }}
value: {{ .Release.Name }}-{{ .Values.env.portalsvc }}
{{- else }}
value: {{ .Values.env.portalsvc }}
{{- end }}
ports:
- name: {{ .Values.service.name }}
containerPort: {{ .Values.service.port }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

42
helmfile/wlan-cloud-graphql-gw/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "common.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

17
helmfile/wlan-cloud-graphql-gw/templates/service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
protocol: TCP
name: {{ .Values.service.name }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
selector:
{{- include "common.selectorLabels" . | nindent 4 }}

13
helmfile/wlan-cloud-graphql-gw/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

18
helmfile/wlan-cloud-graphql-gw/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.testsEnabled -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "common.fullname" . }}-test-connection"
namespace: {{ .Release.Namespace }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
{{- end }}

86
helmfile/wlan-cloud-graphql-gw/values.yaml Normal file
View File

@@ -0,0 +1,86 @@
# Default values for opensync-gw.
# This is a YAML-formatted file.
#################################################################
# Application configuration defaults.
#################################################################
# Declare variables to be passed into your templates.
replicaCount: 1
image:
name: wlan-cloud-graphql-gw
tag: latest
pullPolicy: IfNotPresent
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
# Enable/Disable Helm tests
testsEnabled: false
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# If it's a localService, we will prefix ReleaseName to portalsvc, so service
# is reachable.
env:
portalsvc: wlan-portal-service:9051
localService: false
service:
type: NodePort
port: 4000
name: graphui
nodePort: 23
ingress:
enabled: true
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: wlan-ui-graphql.zone3.lab.connectus.ai
paths: [
/
]
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

23
helmfile/wlan-cloud-static-portal/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helmfile/wlan-cloud-static-portal/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2020-10-19T12:15:47.5451817Z"

Some files were not shown because too many files have changed in this diff Show More