# System replicaCount: 1 strategyType: Recreate revisionHistoryLimit: 2 nameOverride: "" fullnameOverride: "" images: owgw: repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owgw tag: master pullPolicy: Always # regcred: # registry: tip-tip-wlan-cloud-ucentral.jfrog.io # username: username # password: password dockerize: repository: tip-tip-wlan-cloud-ucentral.jfrog.io/dockerize tag: 0.16.0 pullPolicy: IfNotPresent services: owgw: type: ClusterIP ports: websocket: servicePort: 15002 targetPort: 15002 protocol: TCP restapi: servicePort: 16002 targetPort: 16002 protocol: TCP restapiinternal: servicePort: 17002 targetPort: 17002 protocol: TCP fileuploader: servicePort: 16003 targetPort: 16003 protocol: TCP rttys: servicePort: 5912 targetPort: 5912 protocol: TCP rttys-view: servicePort: 5913 targetPort: 5913 radius: type: ClusterIP ports: acc: servicePort: 1813 targetPort: 1813 protocol: UDP auth: servicePort: 1812 targetPort: 1812 protocol: UDP coa: servicePort: 3799 targetPort: 3799 protocol: UDP checks: owgw: liveness: httpGet: path: / port: 16102 readiness: exec: command: - /readiness_check ingresses: restapi: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - restapi.chart-example.local paths: - path: / pathType: ImplementationSpecific serviceName: owgw servicePort: restapi fileuploader: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - fileuploader.chart-example.local paths: - path: / pathType: ImplementationSpecific serviceName: owgw servicePort: fileuploader volumes: owgw: - name: config mountPath: /owgw-data/owgw.properties subPath: owgw.properties # Template below will be rendered in template volumeDefinition: | secret: secretName: {{ include "owgw.fullname" . }}-config - name: certs mountPath: /owgw-data/certs volumeDefinition: | secret: secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owgw.fullname" . }}-certs{{ end }} - name: certs-cas mountPath: /owgw-data/certs/cas volumeDefinition: | secret: secretName: {{ include "owgw.fullname" . }}-certs-cas # Change this if you want to use another volume type - name: persist mountPath: /owgw-data/persist volumeDefinition: | persistentVolumeClaim: claimName: {{ template "owgw.fullname" . }}-pvc resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # requests: # cpu: 100m # memory: 128Mi # limits: # cpu: 100m # memory: 128Mi securityContext: fsGroup: 1000 # Usage of unsafe sysctls requires multiple things: # - allow these unsafe sysctls on kubelet level (by adding --allowed-unsafe-sysctls flag) # - enabling addition of PodSecurityContext setting podSecurityPolicy.enabled to "true" below # - uncommenting parameters below #sysctls: #- name: net.ipv4.tcp_keepalive_intvl # value: "5" #- name: net.ipv4.tcp_keepalive_probes # value: "2" #- name: net.ipv4.tcp_keepalive_time # value: "45" nodeSelector: {} tolerations: [] affinity: {} podAnnotations: {} podSecurityPolicy: enabled: false persistence: enabled: true # storageClassName: "-" accessModes: - ReadWriteOnce size: 10Gi annotations: {} # Application public_env_variables: OWGW_ROOT: /owgw-data OWGW_CONFIG: /owgw-data # Environment variables required for the readiness checks using script FLAGS: "-s --connect-timeout 3" # NOTE in order for readiness check to use system info you need to set READINESS_METHOD to "systeminfo" and set OWSEC to the OWSEC's REST API endpoint #READINESS_METHOD: systeminfo #OWSEC: gw-qa01.cicd.lab.wlan.tip.build:16001 secret_env_variables: # NOTE in order for readiness check to use system info method you need to override these values to the real OWSEC credentials OWSEC_USERNAME: tip@ucentral.com OWSEC_PASSWORD: openwifi configProperties: # -> Public part # Websocket ucentral.websocket.host.0.backlog: 500 ucentral.websocket.host.0.rootca: $OWGW_ROOT/certs/root.pem ucentral.websocket.host.0.issuer: $OWGW_ROOT/certs/issuer.pem ucentral.websocket.host.0.cert: $OWGW_ROOT/certs/websocket-cert.pem ucentral.websocket.host.0.key: $OWGW_ROOT/certs/websocket-key.pem ucentral.websocket.host.0.clientcas: $OWGW_ROOT/certs/clientcas.pem ucentral.websocket.host.0.cas: $OWGW_ROOT/certs/cas ucentral.websocket.host.0.address: "*" ucentral.websocket.host.0.port: 15002 ucentral.websocket.host.0.security: strict ucentral.websocket.maxreactors: 20 # REST API openwifi.restapi.host.0.backlog: 100 openwifi.restapi.host.0.security: relaxed openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-ca.pem openwifi.restapi.host.0.address: "*" openwifi.restapi.host.0.port: 16002 openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-cert.pem openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-key.pem openwifi.internal.restapi.host.0.backlog: 100 openwifi.internal.restapi.host.0.security: relaxed openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-ca.pem openwifi.internal.restapi.host.0.address: "*" openwifi.internal.restapi.host.0.port: 17002 openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-cert.pem openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-key.pem # File uploader openwifi.fileuploader.host.0.backlog: 100 openwifi.fileuploader.host.0.rootca: $OWGW_ROOT/certs/restapi-ca.pem openwifi.fileuploader.host.0.security: relaxed openwifi.fileuploader.host.0.address: "*" openwifi.fileuploader.host.0.name: localhost openwifi.fileuploader.host.0.port: 16003 openwifi.fileuploader.host.0.cert: $OWGW_ROOT/certs/restapi-cert.pem openwifi.fileuploader.host.0.key: $OWGW_ROOT/certs/restapi-key.pem openwifi.fileuploader.path: $OWGW_ROOT/uploads openwifi.fileuploader.maxsize: 10000 # Auto provisioning openwifi.autoprovisioning: "true" openwifi.devicetypes.0: AP:linksys_ea8300,edgecore_eap101,linksys_e8450-ubi openwifi.devicetypes.1: SWITCH:edgecore_ecs4100-12ph openwifi.devicetypes.2: IOT:esp32 openwifi.certificates.allowmismatch: "false" oui.download.uri: https://standards-oui.ieee.org/oui/oui.txt firmware.autoupdate.policy.default: auto iptocountry.provider: ipinfo # Callback openwifi.callback.enable: "false" openwifi.callback.0.local: localhost:16001 openwifi.callback.0.remote: localhost:15055 openwifi.callback.0.topics: owfws # rtty rtty.internal: "true" rtty.enabled: "true" rtty.server: localhost rtty.port: 5912 rtty.timeout: 60 rtty.viewport: 5913 rtty.assets: $OWGW_ROOT/rtty_ui # RADIUS proxy radius.proxy.enable: "true" radius.proxy.accounting.port: 1813 radius.proxy.authentication.port: 1812 radius.proxy.coa.port: 3799 # ALB alb.enable: "true" alb.port: 16102 # Kafka openwifi.kafka.enable: "false" openwifi.kafka.group.id: gateway openwifi.kafka.client.id: gateway1 openwifi.kafka.brokerlist: localhost:9092 openwifi.kafka.auto.commit: false openwifi.kafka.queue.buffering.max.ms: 50 openwifi.kafka.ssl.ca.location: "" openwifi.kafka.ssl.certificate.location: "" openwifi.kafka.ssl.key.location: "" openwifi.kafka.ssl.key.password: "" # Storage storage.type: sqlite # (sqlite|postgresql|mysql|odbc) ## SQLite storage.type.sqlite.db: devices.db storage.type.sqlite.idletime: 120 storage.type.sqlite.maxsessions: 128 ## PostgreSQL storage.type.postgresql.maxsessions: 64 storage.type.postgresql.idletime: 60 storage.type.postgresql.host: localhost storage.type.postgresql.database: owgw storage.type.postgresql.port: 5432 storage.type.postgresql.connectiontimeout: 60 ## MySQL storage.type.mysql.maxsessions: 64 storage.type.mysql.idletime: 60 storage.type.mysql.host: localhost storage.type.mysql.database: owgw storage.type.mysql.port: 3306 storage.type.mysql.connectiontimeout: 60 # System openwifi.service.key: $OWGW_ROOT/certs/restapi-key.pem openwifi.system.data: $OWGW_ROOT/persist openwifi.system.debug: "true" openwifi.system.uri.private: https://localhost:17002 openwifi.system.uri.public: https://localhost:16002 openwifi.system.uri.ui: https://localhost openwifi.system.commandchannel: /tmp/app_owgw # Logging logging.type: console logging.path: $OWGW_ROOT/logs logging.level: debug # Archiving archiver.enabled: "true" archiver.schedule: 03:00 archiver.db.0.name: healthchecks archiver.db.0.keep: 7 archiver.db.1.name: statistics archiver.db.1.keep: 7 archiver.db.2.name: devicelogs archiver.db.2.keep: 7 archiver.db.3.name: commandlist archiver.db.3.keep: 7 # -> Secret part # Websocket ucentral.websocket.host.0.key.password: mypassword # REST API openwifi.restapi.host.0.key.password: mypassword openwifi.internal.restapi.host.0.key.password: mypassword # File uploader openwifi.fileuploader.host.0.key.password: mypassword # Callback openwifi.callback.id: qblat6dfDHxQAZ6yMe6MrypBpgRDhQrhUtTOovOXAKAWU8qOvjjKKiUai4t9hGjA openwifi.callback.0.localkey: t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk openwifi.callback.0.remotekey: t2dEOc88OIxVDb94mw7SLcLocgnCzZzzFoQ4JJv3OCU9UO6Ou5ds5Dh4CfBnHgrk # rtty rtty.token: 96181c567b4d0d98c50f127230068fa8 # Storage ## PostgreSQL storage.type.postgresql.username: stephb storage.type.postgresql.password: snoopy99 ## MySQL storage.type.mysql.username: stephb storage.type.mysql.password: snoopy99 # NOTE: List of required certificates may be found in "certs" key. Alternative way to pass required certificates is to create external secret with all required certificates and set secret name in "existingCertsSecret" key. Details may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart#tldr existingCertsSecret: "" certs: clientcas.pem: "" issuer.pem: "" restapi-ca.pem: "" restapi-cert.pem: "" restapi-key.pem: "" root.pem: "" websocket-cert.pem: "" websocket-key.pem: "" certsCAs: issuer.pem: "" root.pem: "" # PostgreSQL (https://github.com/bitnami/charts/tree/master/bitnami/postgresql) postgresql: enabled: false image: registry: docker.io repository: bitnami/postgresql tag: 11.13.0-debian-10-r0 postgresqlPostgresPassword: "rootPassword" postgresqlUsername: stephb postgresqlPassword: snoopy99 postgresqlDatabase: owgw persistence: enabled: true storageClass: "" size: 8Gi # MySQL (https://github.com/bitnami/charts/tree/master/bitnami/mysql) mysql: enabled: false image: registry: docker.io repository: bitnami/mysql tag: 8.0.26-debian-10-r10 auth: rootPassword: rootPassword database: owgw username: stephb password: snoopy99 primary: persistence: enabled: true storageClass: "" size: 8Gi # MariaDB (https://github.com/bitnami/charts/tree/master/bitnami/mariadb) mariadb: enabled: false image: registry: docker.io repository: bitnami/mariadb tag: 10.5.12-debian-10-r0 auth: rootPassword: rootPassword database: owgw username: stephb password: snoopy99 primary: persistence: enabled: true storageClass: "" size: 8Gi