scottk/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2025-10-29 09:42:29 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Merge pull request #53 from Telecominfraproject/feature/thirdparties-fixes

Browse Source 
fixing docker secret and fixing kafka topics
This commit is contained in:
4c74356b41
2021-01-29 16:29:22 +01:00
committed by GitHub
parent a3e523f922 86c29ae62c
commit fc783ea948
24 changed files with 178 additions and 1017 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -61,7 +61,7 @@ More details can be found here: https://telecominfraproject.atlassian.net/wiki/s
# Deleting the wlan-cloud deployment:
Run the following command:
```
helm del tip-wlan -n default
helm del tip-wlan -n tip (replace the namespace with your namespace)
```
(Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.)

4
tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml
View File

@@ -67,9 +67,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}

4
tip-wlan/charts/opensync-gw-static/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
{{- if .Values.probes.enabled }}

4
tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml
View File

@@ -25,9 +25,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml
View File

@@ -82,9 +82,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml
View File

@@ -53,9 +53,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -49,9 +49,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-prov-service/templates/deployment.yaml
View File

@@ -119,9 +119,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-spc-service/templates/deployment.yaml
View File

@@ -33,9 +33,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

4
tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml
View File

@@ -113,9 +113,9 @@ spec:
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.testingEnabled }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}}
{{- else }}
image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
env:

105
tip-wlan/resources/environments/dev-amazon-tip.yaml
View File

@@ -3,7 +3,6 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment:
testingEnabled:
@@ -115,121 +114,19 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: gp2
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: gp2
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: gp2
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

119
tip-wlan/resources/environments/dev-docker-on-windows.yaml
View File

@@ -3,23 +3,9 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -173,123 +159,22 @@ nginx-ingress-controller:
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: hostpath
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: hostpath
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: hostpath
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

105
tip-wlan/resources/environments/dev-integrated-aws-tip.yaml
View File

@@ -3,7 +3,6 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment:
testingEnabled: true
@@ -66,121 +65,19 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: gp2
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: gp2
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: gp2
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

103
tip-wlan/resources/environments/dev-integrated.yaml
View File

@@ -66,121 +66,18 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: glusterfs-storage
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: glusterfs-storage
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: glusterfs-storage
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

117
tip-wlan/resources/environments/dev-local.yaml
View File

@@ -22,24 +22,10 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -181,121 +167,18 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: standard
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: standard
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: standard
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

117
tip-wlan/resources/environments/dev-microk8s.yaml
View File

@@ -22,25 +22,11 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled: false
testingTimestamp:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -186,121 +172,18 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: microk8s-hostpath
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: microk8s-hostpath
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: microk8s-hostpath
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

107
tip-wlan/resources/environments/dev-no-gluster.yaml
View File

@@ -3,7 +3,6 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled: false
@@ -97,118 +96,18 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
storageClass: ""
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
storageClass: ""
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates
storageClass: ""

104
tip-wlan/resources/environments/dev.yaml
View File

@@ -22,7 +22,6 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled: false
@@ -159,121 +158,18 @@ nginx-ingress-controller:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: glusterfs-storage
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: glusterfs-storage
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: glusterfs-storage
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

1
tip-wlan/resources/environments/disable-allcharts.yaml
View File

@@ -3,7 +3,6 @@ global:
nodePortPrefixExt: 304
pullPolicy: Always
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
integratedDeployment: false
testingEnabled:

116
tip-wlan/resources/environments/migration.yaml
View File

@@ -1,17 +1,4 @@
global:
kafka:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
@@ -19,121 +6,18 @@ global:
kafka:
enabled: true
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: REPLACEME
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: true
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: REPLACEME
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: true
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: false
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
existingClaim: data-tip-wlan-postgresql-master-0
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates

10
tip-wlan/templates/docker-secret.yaml
View File

@@ -1,6 +1,13 @@
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.global.repository.registry (printf "%s:%s" .Values.global.repository.username .Values.global.repository.password | b64enc) | b64enc }}
{{- end }}
{{- if (.Values.createDockerRegistrySecret | default false) -}}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
name: {{ .Release.Namespace }}-docker-registry-key
namespace: {{ .Release.Namespace }}
@@ -10,6 +17,5 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
.dockerconfigjson: {{ .Values.dockerRegistrySecret }}
type: kubernetes.io/dockerconfigjson
.dockerconfigjson: {{ template "imagePullSecret" . }}
{{- end}}

8
tip-wlan/templates/kafka-dependencies.yaml
View File

@@ -22,7 +22,7 @@ data:
server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }}
{{ if .Values.global.kafka.topics }}
{{ if .Values.kafka.initJobConfig.topics }}
{{- $zk := printf "%s-zookeeper-headless" .Release.Name -}}
---
apiVersion: batch/v1
@@ -37,7 +37,7 @@ spec:
restartPolicy: OnFailure
initContainers:
- name: depends-on
image: {{ .Values.global.kafka.image }}
image: {{ .Values.kafka.initJobConfig.image }}
command:
- bash
- -c
@@ -47,7 +47,7 @@ spec:
echo "Waiting for Zookeeper..."
sleep 20
done
until nc -z {{ $.Release.Name }}-kafka {{ .Values.global.kafka.port }} || (( retries++ >= 6 ))
until nc -z {{ $.Release.Name }}-kafka {{ .Values.kafka.initJobConfig.port }} || (( retries++ >= 6 ))
do
echo "Waiting for Kafka..."
sleep 20
@@ -60,7 +60,7 @@ spec:
- -c
- |
set -e
{{- range $n, $topic := .Values.global.kafka.topics }}
{{- range $n, $topic := .Values.kafka.initJobConfig.topics }}
{{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }}
cat << EOF > {{ $topic.name }}-increase-replication-factor.json
{"version":1, "partitions":[

141
tip-wlan/values.yaml
View File

@@ -37,11 +37,13 @@ global:
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: tip-tip-wlan-cloud-docker-repo.jfrog.io
repository:
registry: tip-tip-wlan-cloud-docker-repo.jfrog.io
username: tip-read
password: tip-read
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
@@ -84,11 +86,144 @@ wlan-port-forwarding-gateway-service:
enabled: false
wlan-integrated-cloud-component-service:
enabled: false
nginx-ingress-controller:
enabled: false
kafka:
initJobConfig:
image: confluentinc/cp-kafka:5.0.1
port: 9092
topics:
- name: wlan_service_metrics
partitions: 1
replicationFactor: 1
- name: system_events
partitions: 1
replicationFactor: 1
- name: customer_events
partitions: 1
replicationFactor: 1
creds:
sslKeyPassword: mypassword
sslKeystorePassword: mypassword
sslTruststorePassword: mypassword
enabled: false
replicaCount: 1
image:
debug: true
auth:
clientProtocol: mtls
interBrokerProtocol: tls
jksSecret: tip-common-kafka-certs
jksPassword: mypassword
tlsEndpointIdentificationAlgorithm: ""
jaas:
clientUsers:
- brokerUser
clientPassword:
- brokerPassword
extraEnvVars:
- name: KAFKA_CFG_SSL_KEYSTORE_TYPE
value: PKCS12
allowPlaintextListener: true
persistence:
enabled: true
storageClass: glusterfs-storage
metrics:
serviceMonitor:
enabled: false
namespace: monitoring
selector:
release: prometheus-operator
zookeeper:
enabled: true
persistence:
enabled: true
cassandra:
enabled: false
tlsEncryptionSecretName: tip-common-cassandra-certs
image:
debug: true
persistence:
enabled: true
storageClass: glusterfs-storage
replicaCount: 1
cluster:
name: TipWlanCluster
seedCount: 1
internodeEncryption: all
clientEncryption: true
exporter:
enabled: false
serviceMonitor:
enabled: false
additionalLabels:
release: prometheus-operator
dbUser:
user: cassandra
password: cassandra
resources:
limits: {}
requests:
cpu: 1
memory: 3Gi
postgresql:
enabled: false
enabled: false
postgresqlDatabase: tip
image:
debug: true
metrics:
enabled: false
serviceMonitor:
enabled: falsea
namespace: monitoring
additionalLabels:
release: prometheus-operator
postgresqlUsername: postgres
postgresqlPassword: postgres
pgHbaConfiguration: |
hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0
hostssl postgres postgres 0.0.0.0/0 cert clientcert=1
hostssl postgres postgres ::/0 cert clientcert=1
hostssl all all 0.0.0.0/0 md5 clientcert=1
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 1
persistence:
enabled: true
storageClass: glusterfs-storage
volumePermissions:
enabled: true
livenessProbe:
enabled: false
readinessProbe:
enabled: false
tls:
enabled: true
certificatesSecret: tip-common-postgres-certs
certFilename: cert.crt
certKeyFilename: cert.key
certCAFilename: cacert.pem
initdbScriptsConfigMap: tip-common-postgres-scripts
extraEnv:
- name: PGSSLCERT
value: /opt/tip-wlan/certs/postgresclientcert.pem
- name: PGSSLKEY
value: /opt/tip-wlan/certs/postgresclientkey_dec.pem
- name: PGSSLROOTCERT
value: /opt/tip-wlan/certs/cacert.pem
primary:
extraInitContainers:
- command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ]
image: busybox:latest
name: chmod-client-cert-additional
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/bitnami/postgresql/certs
name: postgresql-certificates