Merge remote-tracking branch 'origin/main'

helm/.gitignore

@@ -0,0 +1 @@
+*.swp

helm/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: ucentralfms
+version: 0.1.0

helm/README.md

@@ -0,0 +1,94 @@
+# ucentralfms
+
+This Helm chart helps to deploy uCentralSec to the Kubernetes clusters. It is mainly used in [assembly chart](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) as uCentralSec requires other services as dependencies that are considered in that Helm chart. This chart is purposed to define deployment logic close to the application code itself and define default values that could be overriden during deployment.
+
+
+## TL;DR;
+
+```bash
+$ helm install .
+```
+
+## Introduction
+
+This chart bootstraps an ucentralfms on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+Currently this chart is not assembled in charts archives, so [helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=main
+```
+
+The command deploys ucentralfms on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the chart and their default values. If Default value is not listed in the table, please refer to the [Values](values.yaml) files for details.
+
+| Parameter | Type | Description | Default |
+|-----------|------|-------------|---------|
+| replicaCount | number | Amount of replicas to be deployed | `1` |
+| strategyType | string | Application deployment strategy | `'Recreate'` |
+| nameOverride | string | Override to be used for application deployment |  |
+| fullnameOverride | string | Override to be used for application deployment (has priority over nameOverride) |  |
+| images.ucentralfms.repository | string | Docker image repository |  |
+| images.ucentralfms.tag | string | Docker image tag | `'master'` |
+| images.ucentralfms.pullPolicy | string | Docker image pull policy | `'Always'` |
+| services.ucentralfms.type | string | uCentralSec service type | `'LoadBalancer'` |
+| services.ucentralfms.ports.restapi.servicePort | number | REST API endpoint port to be exposed on service | `16001` |
+| services.ucentralfms.ports.restapi.targetPort | number | REST API endpoint port to be targeted by service | `16001` |
+| services.ucentralfms.ports.restapi.protocol | string | REST API endpoint protocol | `'TCP'` |
+| services.ucentralfms.ports.restapiinternal.servicePort | string | Internal REST API endpoint port to be exposed on service | `17001` |
+| services.ucentralfms.ports.restapiinternal.targetPort | number | Internal REST API endpoint port to be targeted by service | `17001` |
+| services.ucentralfms.ports.restapiinternal.protocol | string | Internal REST API endpoint protocol | `'TCP'` |
+| checks.ucentralfms.liveness.httpGet.path | string | Liveness check path to be used | `'/'` |
+| checks.ucentralfms.liveness.httpGet.port | number | Liveness check port to be used (should be pointint to ALB endpoint) | `16101` |
+| checks.ucentralfms.readiness.httpGet.path | string | Readiness check path to be used | `'/'` |
+| checks.ucentralfms.readiness.httpGet.port | number | Readiness check port to be used (should be pointint to ALB endpoint) | `16101` |
+| ingresses.restapi.enabled | boolean | Defines if REST API endpoint should be exposed via Ingress controller | `False` |
+| ingresses.restapi.hosts | array | List of hosts for exposed REST API |  |
+| ingresses.restapi.paths | array | List of paths to be exposed for REST API |  |
+| volumes.ucentralfms | array | Defines list of volumes to be attached to uCentralSec |  |
+| persistence.enabled | boolean | Defines if uCentralSec requires Persistent Volume (required for permanent files storage and SQLite DB if enabled) | `True` |
+| persistence.accessModes | array | Defines PV access modes |  |
+| persistence.size | string | Defines PV size | `'10Gi'` |
+| public_env_variables | hash | Defines list of environment variables to be passed to uCentralSec | |
+| configProperties | hash | Configuration properties that should be passed to the application in `ucentralfms.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | |
+| certs | hash | Defines files (keys and certificates) that should be passed to uCentralSec (PEM format is adviced to be used) (see `volumes.ucentralfms` on where it is mounted) |  |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm install --name my-release \
+  --set replicaCount=1 \
+    .
+```
+
+The above command sets that only 1 instance of your app should be running
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+$ helm install --name my-release -f values.yaml .
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml) as a base for customization.
+
+

helm/templates/_config.tpl

@@ -0,0 +1,5 @@
+{{- define "ucentralfms.config" -}}
+{{- range $key, $value := .Values.configProperties }}
+{{ $key }} = {{ $value }}
+{{- end }}
+{{- end -}}

helm/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ucentralfms.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ucentralfms.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ucentralfms.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

helm/templates/deployment.yaml

@@ -0,0 +1,117 @@
+{{- $root := . -}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "ucentralfms.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "ucentralfms.name" . }}
+    helm.sh/chart: {{ include "ucentralfms.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.strategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "ucentralfms.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- with .Values.services.ucentralfms.labels }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include "ucentralfms.config" . | sha256sum }}
+      labels:
+        app.kubernetes.io/name: {{ include "ucentralfms.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- with .Values.services.ucentralfms.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+
+      containers:
+
+        - name: ucentralfms
+          image: "{{ .Values.images.ucentralfms.repository }}:{{ .Values.images.ucentralfms.tag }}"
+          imagePullPolicy: {{ .Values.images.ucentralfms.pullPolicy }}
+
+          env:
+            - name: KUBERNETES_DEPLOYED
+              value: "{{ now }}"
+          {{- range $key, $value := .Values.public_env_variables }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- range $key, $value := .Values.secret_env_variables }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "ucentralfms.fullname" $root }}-env
+                  key: {{ $key }}
+          {{- end }}
+
+          ports:
+          {{- range $port, $portValue := .Values.services.ucentralfms.ports }}
+            - name: {{ $port }}
+              containerPort: {{ $portValue.targetPort }}
+              protocol: {{ $portValue.protocol }}
+          {{- end }}
+
+          volumeMounts:
+          {{- range .Values.volumes.ucentralfms }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            {{- if .subPath }}
+            subPath: {{ .subPath }}
+            {{- end }}
+          {{- end }}
+
+          {{- if .Values.checks.ucentralfms.liveness }}
+          livenessProbe:
+            {{- toYaml .Values.checks.ucentralfms.liveness | nindent 12 }}
+          {{- end }}
+          {{- if .Values.checks.ucentralfms.readiness }}
+          readinessProbe:
+            {{- toYaml .Values.checks.ucentralfms.readiness | nindent 12 }}
+          {{- end }}
+
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+      securityContext:
+        fsGroup: 101
+
+      imagePullSecrets:
+      {{- range $image, $imageValue := .Values.images }}
+        {{- if $imageValue.regcred }}
+      - name: {{ include "ucentralfms.fullname" $root }}-{{ $image }}-regcred
+        {{- end }}
+      {{- end }}
+
+      volumes:
+      {{- range $container, $containerVolumes := .Values.volumes }}
+      {{- range $containerVolumes }}
+      - name: {{ .name }}
+        {{- tpl .volumeDefinition $root | nindent 8 }}
+      {{- end }}
+      {{- end }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/templates/ingress.yaml

@@ -0,0 +1,47 @@
+{{- $root := . -}}
+{{- range $ingress, $ingressValue := .Values.ingresses }}
+{{- if $ingressValue.enabled }}
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ include "ucentralfms.fullname" $root }}-{{ $ingress }}
+  labels:
+    app.kubernetes.io/name: {{ include "ucentralfms.name" $root }}
+    helm.sh/chart: {{ include "ucentralfms.chart" $root }}
+    app.kubernetes.io/instance: {{ $root.Release.Name }}
+    app.kubernetes.io/managed-by: {{ $root.Release.Service }}
+  {{- with $ingressValue.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+spec:
+
+{{- if $ingressValue.tls }}
+  tls:
+  {{- range $ingressValue.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ tpl .secretName $root }}
+  {{- end }}
+{{- end }}
+
+  rules:
+  {{- range $ingressValue.hosts }}
+  - host: {{ . | quote }}
+    http:
+      paths:
+      {{- range $ingressValue.paths }}
+        - path: {{ .path }}
+          backend:
+            serviceName: {{ include "ucentralfms.fullname" $root }}-{{ .serviceName }}
+            servicePort: {{ .servicePort }}
+      {{- end }}
+  {{- end }}
+
+{{- end }}
+
+{{- end }}

helm/templates/pvc.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.persistence.enabled }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "ucentralfms.fullname" . }}-pvc
+  labels:
+    app.kubernetes.io/name: {{ include "ucentralfms.name" . }}
+    helm.sh/chart: {{ include "ucentralfms.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- with .Values.persistence.annotations  }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+spec:
+  accessModes:
+    {{- range .Values.persistence.accessModes }}
+    - {{ . | quote }}
+    {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClassName  }}
+  storageClassName: {{ .Values.persistence.storageClassName }}
+{{- end }}
+{{- end }}

helm/templates/secret-certs.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "ucentralfms.name" . }}
+    helm.sh/chart: {{ include "ucentralfms.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "ucentralfms.fullname" . }}-certs
+kind: Secret
+type: Opaque
+data:
+  {{- range $key, $value := .Values.certs }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}

helm/templates/secret-config.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "ucentralfms.name" . }}
+    helm.sh/chart: {{ include "ucentralfms.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "ucentralfms.fullname" . }}-config
+kind: Secret
+type: Opaque
+data:
+  ucentralfms.properties: {{ include "ucentralfms.config" . | b64enc }}

helm/templates/secret-env.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "ucentralfms.name" . }}
+    helm.sh/chart: {{ include "ucentralfms.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "ucentralfms.fullname" . }}-env
+kind: Secret
+type: Opaque
+data:
+  # Secret env variables
+  {{- range $key, $value := .Values.secret_env_variables }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}
+

helm/templates/secret-regcred.yaml

@@ -0,0 +1,21 @@
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- $root := . -}}
+{{- range $image, $imageValue := .Values.images }}
+{{- if $imageValue.regcred }}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "ucentralfms.name" $root }}
+    helm.sh/chart: {{ include "ucentralfms.chart" $root }}
+    app.kubernetes.io/instance: {{ $root.Release.Name }}
+    app.kubernetes.io/managed-by: {{ $root.Release.Service }}
+  name: {{ include "ucentralfms.fullname" $root }}-{{ $image }}-regcred
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" $imageValue.regcred }}
+{{- end }}
+{{- end }}

helm/templates/service.yaml

@@ -0,0 +1,48 @@
+{{- $root := . -}}
+{{- range $service, $serviceValue := .Values.services }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "ucentralfms.fullname" $root }}-{{ $service }}
+  {{- with $serviceValue.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/name: {{ include "ucentralfms.name" $root }}
+    helm.sh/chart: {{ include "ucentralfms.chart" $root }}
+    app.kubernetes.io/instance: {{ $root.Release.Name }}
+    app.kubernetes.io/managed-by: {{ $root.Release.Service }}
+
+    {{- with $serviceValue.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+    {{- if $serviceValue.serviceMonitor }}
+
+    {{- range $selector, $selectorValue := $serviceValue.serviceMonitor.serviceSelector }}
+    {{ $selector }}: {{ tpl $selectorValue $root }}
+    {{- end }}
+    {{- end }}
+spec:
+  type: {{ $serviceValue.type }}
+  ports:
+
+  {{- range $service_service, $service_value := $serviceValue.ports }}
+    - name: {{ $service_service }}
+      targetPort: {{ $service_value.targetPort }}
+      protocol: {{ $service_value.protocol }}
+      port: {{ $service_value.servicePort }}
+      {{- if and (eq "NodePort" $serviceValue.type) $service_value.nodePort }}
+      nodePort: {{ $service_value.nodePort }}
+      {{- end }}
+  {{- end }}
+  selector:
+    app.kubernetes.io/name: {{ include "ucentralfms.name" $root }}
+    app.kubernetes.io/instance: {{ $root.Release.Name }}
+    {{- with $serviceValue.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+{{- end }}

helm/values.yaml

@@ -0,0 +1,207 @@
+# System
+replicaCount: 1
+strategyType: Recreate
+
+nameOverride: ""
+fullnameOverride: ""
+
+images:
+  ucentralfms:
+    repository: tip-tip-wlan-cloud-ucentral.jfrog.io/ucentralfms
+    tag: main
+    pullPolicy: Always
+#    regcred:
+#      registry: tip-tip-wlan-cloud-ucentral.jfrog.io
+#      username: username
+#      password: password
+
+services:
+  ucentralfms:
+    type: LoadBalancer
+    ports:
+      restapi:
+        servicePort: 16004
+        targetPort: 16004
+        protocol: TCP
+      restapiinternal:
+        servicePort: 17004
+        targetPort: 17004
+        protocol: TCP
+
+checks:
+  ucentralfms:
+    liveness:
+      httpGet:
+        path: /
+        port: 16104
+    readiness:
+      httpGet:
+        path: /
+        port: 16104
+
+ingresses:
+  restapi:
+    enabled: false
+    annotations: {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    hosts:
+    - restapi.chart-example.local
+    paths:
+    - path: /
+      serviceName: ucentralfms
+      servicePort: restapi
+
+volumes:
+  ucentralfms:
+    - name: config
+      mountPath: /ucentralfms-data/ucentralfms.properties
+      subPath: ucentralfms.properties
+      # Template below will be rendered in template
+      volumeDefinition: |
+        secret:
+          secretName: {{ include "ucentralfms.fullname" . }}-config
+    - name: certs
+      mountPath: /ucentralfms-data/certs
+      volumeDefinition: |
+        secret:
+          secretName: {{ include "ucentralfms.fullname" . }}-certs
+    # Change this if you want to use another volume type
+    - name: persist
+      mountPath: /ucentralfms-data/persist
+      volumeDefinition: |
+        persistentVolumeClaim:
+          claimName: {{ template "ucentralfms.fullname" . }}-pvc
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+persistence:
+  enabled: true
+  # storageClassName: "-"
+  accessModes:
+    - ReadWriteOnce
+  size: 10Gi
+  annotations: {}
+
+# Application
+public_env_variables:
+  UCENTRALSEC_ROOT: /ucentralfms-data
+  UCENTRALSEC_CONFIG: /ucentralfms-data
+
+secret_env_variables: {}
+
+configProperties:
+  # -> Public part
+  # REST API
+  ucentral.restapi.host.0.backlog: 100
+  ucentral.restapi.host.0.security: relaxed
+  ucentral.restapi.host.0.rootca: $UCENTRALFMS_ROOT/certs/restapi-ca.pem
+  ucentral.restapi.host.0.address: "*"
+  ucentral.restapi.host.0.port: 16004
+  ucentral.restapi.host.0.cert: $UCENTRALFMS_ROOT/certs/restapi-cert.pem
+  ucentral.restapi.host.0.key: $UCENTRALFMS_ROOT/certs/restapi-key.pem
+  ucentral.restapi.wwwassets: $UCENTRALFMS_ROOT/wwwassets
+  ucentral.internal.restapi.host.0.backlog: 100
+  ucentral.internal.restapi.host.0.security: relaxed
+  ucentral.internal.restapi.host.0.rootca: $UCENTRALFMS_ROOT/certs/restapi-ca.pem
+  ucentral.internal.restapi.host.0.address: "*"
+  ucentral.internal.restapi.host.0.port: 17004
+  ucentral.internal.restapi.host.0.cert: $UCENTRALFMS_ROOT/certs/restapi-cert.pem
+  ucentral.internal.restapi.host.0.key: $UCENTRALFMS_ROOT/certs/restapi-key.pem
+  # Firmware Microservice Specific Section
+  s3.bucketname: ucentral-ap-firmware
+  s3.region: us-east-1
+  s3.retry: 60
+  s3.bucket.uri: ucentral-ap-firmware.s3.amazonaws.com
+  firmwaredb.refresh: 1800
+  # ALB
+  alb.enable: "true"
+  alb.port: 16104
+  # Kafka
+  ucentral.kafka.enable: "false"
+  ucentral.kafka.group.id: firmware
+  ucentral.kafka.client.id: firmware1
+  ucentral.kafka.brokerlist: localhost:9092
+  ucentral.kafka.auto.commit: false
+  ucentral.kafka.queue.buffering.max.ms: 50
+  # Storage
+  storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
+  ## SQLite
+  storage.type.sqlite.db: firmware.db
+  storage.type.sqlite.idletime: 120
+  storage.type.sqlite.maxsessions: 128
+  ## PostgreSQL
+  storage.type.postgresql.maxsessions: 64
+  storage.type.postgresql.idletime: 60
+  storage.type.postgresql.host: localhost
+  storage.type.postgresql.database: ucentral
+  storage.type.postgresql.port: 5432
+  storage.type.postgresql.connectiontimeout: 60
+  ## MySQL
+  storage.type.mysql.maxsessions: 64
+  storage.type.mysql.idletime: 60
+  storage.type.mysql.host: localhost
+  storage.type.mysql.database: ucentral
+  storage.type.mysql.port: 3306
+  storage.type.mysql.connectiontimeout: 60
+  # System
+  ucentral.service.key: $UCENTRALFMS_ROOT/certs/restapi-key.pem
+  ucentral.system.data: $UCENTRALFMS_ROOT/persist
+  ucentral.system.debug: "true"
+  ucentral.system.uri.private: https://localhost:17004
+  ucentral.system.uri.public: https://localhost:16004
+  ucentral.system.uri.ui: https://localhost
+  ucentral.system.commandchannel: /tmp/app_ucentralfms
+  # Logging
+  logging.formatters.f1.class: PatternFormatter
+  logging.formatters.f1.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
+  logging.formatters.f1.times: UTC
+  logging.channels.c1.class: ConsoleChannel
+  logging.channels.c1.formatter: f1
+  logging.channels.c2.class: FileChannel
+  logging.channels.c2.path: /tmp/log_ucentralfms
+  logging.channels.c2.formatter.class: PatternFormatter
+  logging.channels.c2.formatter.pattern: "%Y-%m-%d %H:%M:%S %s: [%p] %t"
+  logging.channels.c2.rotation: "20 M"
+  logging.channels.c2.archive: timestamp
+  logging.channels.c2.purgeCount: 20
+  logging.channels.c3.class: ConsoleChannel
+  logging.channels.c3.pattern: "%s: [%p] %t"
+  logging.loggers.root.channel: c1
+  logging.loggers.root.level: debug
+
+  # -> Secret part
+  # REST API
+  ucentral.restapi.host.0.key.password: mypassword
+  ucentral.internal.restapi.host.0.key.password: mypassword
+  # Firmware Microservice Specific Section
+  s3.secret: TOFILL
+  s3.key: TOFILL
+  # Storage
+  ## PostgreSQL
+  storage.type.postgresql.username: stephb
+  storage.type.postgresql.password: snoopy99
+  ## MySQL
+  storage.type.mysql.username: stephb
+  storage.type.mysql.password: snoopy99
+
+certs:
+  # restapi-ca.pem: ""
+  # restapi-cert.pem: ""
+  # restapi-key.pem: ""