# System replicaCount: 1 strategyType: Recreate revisionHistoryLimit: 2 nameOverride: "" fullnameOverride: "" images: owsec: repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owsec tag: main pullPolicy: Always # regcred: # registry: tip-tip-wlan-cloud-ucentral.jfrog.io # username: username # password: password dockerize: repository: tip-tip-wlan-cloud-ucentral.jfrog.io/dockerize tag: 0.16.0 pullPolicy: IfNotPresent services: owsec: type: ClusterIP ports: restapi: servicePort: 16001 targetPort: 16001 protocol: TCP restapiinternal: servicePort: 17001 targetPort: 17001 protocol: TCP checks: owsec: liveness: httpGet: path: / port: 16101 readiness: exec: command: - /readiness_check ingresses: restapi: enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - restapi.chart-example.local paths: - path: / pathType: ImplementationSpecific serviceName: owsec servicePort: restapi volumes: owsec: - name: config mountPath: /owsec-data/owsec.properties subPath: owsec.properties # Template below will be rendered in template volumeDefinition: | secret: secretName: {{ include "owsec.fullname" . }}-config - name: certs mountPath: /owsec-data/certs volumeDefinition: | secret: secretName: {{ if .Values.existingCertsSecret }}{{ .Values.existingCertsSecret }}{{ else }}{{ include "owsec.fullname" . }}-certs{{ end }} # Change this if you want to use another volume type - name: persist mountPath: /owsec-data/persist volumeDefinition: | persistentVolumeClaim: claimName: {{ template "owsec.fullname" . }}-pvc resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # requests: # cpu: 100m # memory: 128Mi # limits: # cpu: 100m # memory: 128Mi securityContext: fsGroup: 1000 nodeSelector: {} tolerations: [] affinity: {} podAnnotations: {} persistence: enabled: true # storageClassName: "-" accessModes: - ReadWriteOnce size: 10Gi annotations: {} # Application public_env_variables: OWSEC_ROOT: /owsec-data OWSEC_CONFIG: /owsec-data # Environment variables required for the readiness checks using script FLAGS: "-s --connect-timeout 3" # NOTE in order for readiness check to use system info you need to set READINESS_METHOD to "systeminfo" and set OWSEC to the OWSEC's REST API endpoint #READINESS_METHOD: systeminfo secret_env_variables: OWSEC_USERNAME: tip@ucentral.com OWSEC_PASSWORD: openwifi configProperties: # -> Public part # REST API openwifi.restapi.host.0.backlog: 100 openwifi.restapi.host.0.security: relaxed openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-ca.pem openwifi.restapi.host.0.address: "*" openwifi.restapi.host.0.port: 16001 openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-cert.pem openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-key.pem openwifi.restapi.wwwassets: $OWSEC_ROOT/persist/wwwassets openwifi.internal.restapi.host.0.backlog: 100 openwifi.internal.restapi.host.0.security: relaxed openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-ca.pem openwifi.internal.restapi.host.0.address: "*" openwifi.internal.restapi.host.0.port: 17001 openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-cert.pem openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-key.pem # Authentication authentication.enabled: true authentication.default.access: master authentication.service.type: internal # Mailer mailer.enabled: "false" mailer.hostname: smtp.gmail.com mailer.sender: OpenWIFI mailer.loginmethod: login mailer.port: 587 mailer.templates: $OWSEC_ROOT/persist/templates # SMS smssender.enabled: "false" smssender.provider: "aws" #smssender.aws.region: "" #smssender.twilio.phonenumber: "" # ALB alb.enable: "true" alb.port: 16101 # Kafka openwifi.kafka.enable: "false" openwifi.kafka.group.id: security openwifi.kafka.client.id: security1 openwifi.kafka.brokerlist: localhost:9092 openwifi.kafka.auto.commit: false openwifi.kafka.queue.buffering.max.ms: 50 openwifi.kafka.ssl.ca.location: "" openwifi.kafka.ssl.certificate.location: "" openwifi.kafka.ssl.key.location: "" openwifi.kafka.ssl.key.password: "" # Storage storage.type: sqlite # (sqlite|postgresql|mysql|odbc) ## SQLite storage.type.sqlite.db: devices.db storage.type.sqlite.idletime: 120 storage.type.sqlite.maxsessions: 128 ## PostgreSQL storage.type.postgresql.maxsessions: 64 storage.type.postgresql.idletime: 60 storage.type.postgresql.host: localhost storage.type.postgresql.database: owsec storage.type.postgresql.port: 5432 storage.type.postgresql.connectiontimeout: 60 ## MySQL storage.type.mysql.maxsessions: 64 storage.type.mysql.idletime: 60 storage.type.mysql.host: localhost storage.type.mysql.database: owsec storage.type.mysql.port: 3306 storage.type.mysql.connectiontimeout: 60 # System openwifi.service.key: $OWSEC_ROOT/certs/restapi-key.pem openwifi.system.data: $OWSEC_ROOT/persist openwifi.system.debug: "true" openwifi.system.uri.private: https://localhost:17001 openwifi.system.uri.public: https://localhost:16001 openwifi.system.uri.ui: https://localhost openwifi.system.commandchannel: /tmp/app_owsec # Logging logging.type: console logging.path: $OWSEC_ROOT/logs logging.level: debug # -> Secret part # REST API openwifi.restapi.host.0.key.password: mypassword openwifi.internal.restapi.host.0.key.password: mypassword # Authentication authentication.default.username: tip@ucentral.com authentication.default.password: 13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf # Mailer mailer.username: no-reply@arilia.com mailer.password: "**************************" # SMS #smssender.aws.secretkey: "" #smssender.aws.accesskey: "" #smssender.twilio.sid: "" #smssender.twilio.token: "" # # Storage ## PostgreSQL storage.type.postgresql.username: stephb storage.type.postgresql.password: snoopy99 ## MySQL storage.type.mysql.username: stephb storage.type.mysql.password: snoopy99 # NOTE: List of required certificates may be found in "certs" key. Alternative way to pass required certificates is to create external secret with all required certificates and set secret name in "existingCertsSecret" key. Details may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart#tldr existingCertsSecret: "" certs: # restapi-ca.pem: "" # restapi-cert.pem: "" # restapi-key.pem: "" # PostgreSQL (https://github.com/bitnami/charts/tree/master/bitnami/postgresql) postgresql: enabled: false image: registry: docker.io repository: bitnami/postgresql tag: 11.13.0-debian-10-r0 postgresqlPostgresPassword: "rootPassword" postgresqlUsername: stephb postgresqlPassword: snoopy99 postgresqlDatabase: owgw persistence: enabled: true storageClass: "" size: 8Gi # MySQL (https://github.com/bitnami/charts/tree/master/bitnami/mysql) mysql: enabled: false image: registry: docker.io repository: bitnami/mysql tag: 8.0.26-debian-10-r10 auth: rootPassword: rootPassword database: owgw username: stephb password: snoopy99 primary: persistence: enabled: true storageClass: "" size: 8Gi # MariaDB (https://github.com/bitnami/charts/tree/master/bitnami/mariadb) mariadb: enabled: false image: registry: docker.io repository: bitnami/mariadb tag: 10.5.12-debian-10-r0 auth: rootPassword: rootPassword database: owgw username: stephb password: snoopy99 primary: persistence: enabled: true storageClass: "" size: 8Gi