diff --git a/README.md b/README.md index 854ee91..b71dd58 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ More details can be found here: https://telecominfraproject.atlassian.net/wiki/s # Deleting the wlan-cloud deployment: Run the following command: ``` -helm del tip-wlan -n default +helm del tip-wlan -n tip (replace the namespace with your namespace) ``` (Note: this would not delete the tip namespace and any PVC/PV/Endpoints under this namespace. These are needed so we can reuse the same PVC mount when the pods are restarted.) diff --git a/tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml b/tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml index 20f5aaf..c2acd6f 100644 --- a/tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml +++ b/tip-wlan/charts/opensync-gw-cloud/templates/deployment.yaml @@ -67,9 +67,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} {{- if .Values.probes.enabled }} diff --git a/tip-wlan/charts/opensync-gw-static/templates/deployment.yaml b/tip-wlan/charts/opensync-gw-static/templates/deployment.yaml index 1f9fff0..eaf1832 100644 --- a/tip-wlan/charts/opensync-gw-static/templates/deployment.yaml +++ b/tip-wlan/charts/opensync-gw-static/templates/deployment.yaml @@ -25,9 +25,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} {{- if .Values.probes.enabled }} diff --git a/tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml b/tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml index 5671f61..82b27fd 100644 --- a/tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-cloud-graphql-gw/templates/deployment.yaml @@ -25,9 +25,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml b/tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml index 78be4ad..eabf5e3 100644 --- a/tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-cloud-static-portal/templates/deployment.yaml @@ -25,9 +25,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml b/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml index c0631ab..94f70ff 100644 --- a/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-integrated-cloud-component-service/templates/deployment.yaml @@ -82,9 +82,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml index 4093e0d..2b745a6 100644 --- a/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-port-forwarding-gateway-service/templates/deployment.yaml @@ -53,9 +53,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml b/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml index 4ee9599..b71140f 100644 --- a/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml +++ b/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml @@ -49,9 +49,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-prov-service/templates/deployment.yaml b/tip-wlan/charts/wlan-prov-service/templates/deployment.yaml index e01e353..14042ce 100644 --- a/tip-wlan/charts/wlan-prov-service/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-prov-service/templates/deployment.yaml @@ -119,9 +119,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-spc-service/templates/deployment.yaml b/tip-wlan/charts/wlan-spc-service/templates/deployment.yaml index 78f9d01..b8a367c 100644 --- a/tip-wlan/charts/wlan-spc-service/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-spc-service/templates/deployment.yaml @@ -33,9 +33,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml b/tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml index 1c77736..b896c9a 100644 --- a/tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml +++ b/tip-wlan/charts/wlan-ssc-service/templates/deployment.yaml @@ -113,9 +113,9 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- if .Values.global.testingEnabled }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}-{{.Values.global.testingTimestamp}} {{- else }} - image: {{ .Values.global.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: {{ .Values.global.repository.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }} {{- end }} imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} env: diff --git a/tip-wlan/resources/environments/dev-amazon-tip.yaml b/tip-wlan/resources/environments/dev-amazon-tip.yaml index 7be4133..d48d5f9 100644 --- a/tip-wlan/resources/environments/dev-amazon-tip.yaml +++ b/tip-wlan/resources/environments/dev-amazon-tip.yaml @@ -3,7 +3,6 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: testingEnabled: @@ -115,121 +114,19 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: gp2 - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: gp2 - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: gp2 - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates + diff --git a/tip-wlan/resources/environments/dev-docker-on-windows.yaml b/tip-wlan/resources/environments/dev-docker-on-windows.yaml index c161ebf..5e324dc 100644 --- a/tip-wlan/resources/environments/dev-docker-on-windows.yaml +++ b/tip-wlan/resources/environments/dev-docker-on-windows.yaml @@ -3,23 +3,9 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: false testingEnabled: - kafka: - image: confluentinc/cp-kafka:5.0.1 - port: 9092 - topics: - - name: wlan_service_metrics - partitions: 1 - replicationFactor: 1 - - name: system_events - partitions: 1 - replicationFactor: 1 - - name: customer_events - partitions: 1 - replicationFactor: 1 creds: sslKeyPassword: mypassword sslKeystorePassword: mypassword @@ -173,123 +159,22 @@ nginx-ingress-controller: cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZEekNDQXZlZ0F3SUJBZ0lVYSthaVJZWG9QTGliSS9wdVJCdi9DZ2RTTDNzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0Z6RVZNQk1HQTFVRUF3d01LaTUzYkdGdUxteHZZMkZzTUI0WERUSXdNVEl5TVRJd05UQXpNVm9YRFRNdwpNVEl4T1RJd05UQXpNVm93RnpFVk1CTUdBMVVFQXd3TUtpNTNiR0Z1TG14dlkyRnNNSUlDSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEwQjhuZE1raGIzZEN6N0I2aS9kRlFWenJwaEtQK2RmY2JKN1gKMzB3MU1FWDIvM3ZvVStkRlBNbnZrS3hEdFJwanZCbnhCczF6L1VmajlyUFhDSzZkazNNYU5DajRQYVUxem9WQQppK1Z6amc0ZG5XNjJxWG1qYVYrYUMrQm5zQndyQmx2THQ0dkh1eFRLbHh1RnR4THdid3VObGJvS1lVN01kV3oyCllMY3QzUWZBWElVb2FRK1RTMUZGdVdFeEZOTFRidlBGZWNoajB4ZnhyOU5BcU9aTXI0RGE0NHMzVERxMVVyRTIKbjhaZXFxVXZ1YUE4ZmEzQjNVZVRFNmJ4OEdhN1JybG5Dakd3UDRGVml3ajdvellmanV6T2JOM2dlcjdWcEpLMQpMSjdIdDBBemZlRm9aQ2xPbUVBd1p5alFwRGZOckdNTCs1dWtIK2JxWngyaUo5UndFcDNmdlE4em5jN1Q4dHJDCmxzMjRWNUpySWhUQXlCcTZRWVNnSXdXM2V5TmVpUnQ0ZHp6Sk5rNnd4cFp0WE96WTFwamJrV2FMaEhKOW1LRWoKU3lqVVBnS3dKSVlmb3BJbTJoUzl1dVZHZDdiU1MyV055aHJSOU5LSG5Lamo5Y0IrUWU0eEh0Z1pEcm1GZ1ZpZQp0cXZBUHhJL0ZkV1pSN3RmT2JCNTR3alMxVFk3TEd6cll4TDZSMWNjZDE4WUppcGNTS05xa05ORlllZ092VkNICmFldW1OTUdVNlZZalJWS1JmQXMva2FzcWxleGpheSt0SXNtd3dDZGoxUUN3UitRa2VEZFdoNE8vQzM1NENRb28KTkxZYzRNRk8xbVVDY2NsbUgvbFBvcTd1anBCMWI2VmFBNVprNFhjVUpRc0c4SUlSMDFHTFM5RW1HVVZaeTlOWApwV2dCbXNVQ0F3RUFBYU5UTUZFd0hRWURWUjBPQkJZRUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQjhHCkExVWRJd1FZTUJhQUZOZlVJSGhXdnFwUzg2ZC82SnJvbmxFYzZMU1NNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKRFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUtlTW9PckhLZ3BGemtkckVhMVhSSVRUOHFZanhKc04yNmFIMFovLwp1dDRXVkE4ckNDNzV4VkpaNnpBQWlBOFE2eTRYSHBzRzl2ZSs1QlJIWEdCS0lYOU5FZGNrbWdNdExzQ2xOR0JCCkxkN3lWd3hhaGVCQzhVTWIrVTAxMlNwaFc3K0t6UFJhQ3g4cHNMMUlFQUkyblQ1MzlCNDBmR2NyTktNSDRqZGkKdkxad3VxT00rZnJucFJ1MkZlK3Bja2Fwek92SEJTb0I3THovR1dmMWUwZ0llc1B4WEdmVG9hbGM1SzU5bDF1TQpCTkhpUW15S3E4TS9MbllMejhyOWp3dHNKU2lLYUljelpISjNtQ0ZUb3ljREF3NTl3WEdmWXZWcFBMaWZXTTJxCm1uSlJKM2dQS1lzOUhXWFgyYktoSmZoMjRLOTN2M1duMVRUellYOGtTbWlnRG0wTUhOSTNwZktlMmJqVW9MNmgKMlQ4bWhRbjdPQ2dvZHMvOXczR1dOdmFxYTAySHRnc0tTbk9YdmpSNXFMaVFLRjdhMi95TTlrNWNQcUdHaW1GYgppUWV3eUgvMWw2YjQ0T0s2RGwwMVltWFltNUVqR3plckp2aU90eUhSaWhtME01VmNBWWJaYkE0S1Y1eHhLZjRqClIwaktwQXdqbEpzTDdRMk9zTC9IRkxmaDV1RU1HMXlmTzF1blZkVURKK1FBZHJQUG5tZTZVTVFQZm1UcGx1WjAKS3pvOXY3NEpYV0pwQkNtaWNTbFBQdnB3cXZLTk5iOWd6b0hjOXFheWMwNWVxRldRbzNNZjIzYU82b05wU2ZuaAp5aWMvczFQcC9ZS2FHakVSQXB1UmRvYTlWT1diUncycFZMei9rZVNraS9QTDJFRFc4RUVHYjFXcUFBMkJPVVhDCi9oYXQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFFIeWQweVNGdmQwTFAKc0hxTDkwVkJYT3VtRW8vNTE5eHNudGZmVERVd1JmYi9lK2hUNTBVOHllK1FyRU8xR21POEdmRUd6WFA5UitQMgpzOWNJcnAyVGN4bzBLUGc5cFRYT2hVQ0w1WE9PRGgyZGJyYXBlYU5wWDVvTDRHZXdIQ3NHVzh1M2k4ZTdGTXFYCkc0VzNFdkJ2QzQyVnVncGhUc3gxYlBaZ3R5M2RCOEJjaFNocEQ1TkxVVVc1WVRFVTB0TnU4OFY1eUdQVEYvR3YKMDBDbzVreXZnTnJqaXpkTU9yVlNzVGFmeGw2cXBTKzVvRHg5cmNIZFI1TVRwdkh3WnJ0R3VXY0tNYkEvZ1ZXTApDUHVqTmgrTzdNNXMzZUI2dnRXa2tyVXNuc2UzUUROOTRXaGtLVTZZUURCbktOQ2tOODJzWXd2N202UWY1dXBuCkhhSW4xSEFTbmQrOUR6T2R6dFB5MnNLV3piaFhrbXNpRk1ESUdycEJoS0FqQmJkN0kxNkpHM2gzUE1rMlRyREcKbG0xYzdOaldtTnVSWm91RWNuMllvU05MS05RK0FyQWtoaCtpa2liYUZMMjY1VVozdHRKTFpZM0tHdEgwMG9lYwpxT1Axd0g1QjdqRWUyQmtPdVlXQldKNjJxOEEvRWo4VjFabEh1MTg1c0huakNOTFZOanNzYk90akV2cEhWeHgzClh4Z21LbHhJbzJxUTAwVmg2QTY5VUlkcDY2WTB3WlRwVmlORlVwRjhDeitScXlxVjdHTnJMNjBpeWJEQUoyUFYKQUxCSDVDUjROMWFIZzc4TGZuZ0pDaWcwdGh6Z3dVN1daUUp4eVdZZitVK2lydTZPa0hWdnBWb0RsbVRoZHhRbApDd2J3Z2hIVFVZdEwwU1laUlZuTDAxZWxhQUdheFFJREFRQUJBb0lDQVFDUVRkbXN4enl3cmUrY1ZCQlVkaW9GCjdTalRhTEY5bWFlVGhQdkhMMjc5dnJWSlpoK3I5WUp6YU16NzhnV3NUOVR4ZXNjOVlUMVlVLzJEZENUWU4wSzUKRnlrSEc1VXNJUjVTeU4vOVlDWWtURE5La3BhQ29mMmxOWTE1U0twOFdMdVlXQlBEZTE4TW41anM5ejlhdGY0Ugo4Ti9GL2szdU5KWGRvYVNmWU1Pakt4bTh6UE05RFhpaTA0SlZ6RWNjMmlXU0crSkQwNmNybWNHUm1SZVBSTWZOCk5Mb1E1ZGw4dUlRN0J2Y0tCNkJpRDlFc2t5YitPWGxmTlo2TUZNaFNXTmpuYSt3L0REN1plWkxYcVczWk45RGYKNStBbGFoNlkzVE1EUGxueXkxRk5CVzN1alZrMWdkS21ESFBEUTNDUFBNWVdEa01qdlVJcWdKRHMySVl6dWIvTwpXRjRVUTV5UEJhZzluaWp1dS9uMVZDdGZuSkxwakZIakU1VzdkK3p1UGh6aUJ1WDFOcjRtOVVJdEpaSTNsYmJtCmdvZFlMdGl4b3RwNWF3ang1eXA3MU1zUHlTZzcrbHBPenA4dStuRENJcnc0K0VSME56MG8yTXFmcmJ2VklGQXIKWHIyc2YrejljbmtxalBWWEZaVks3em1TUHI5N0YrbTV4RHpURG9lTG53aVlhUUpOQ0ZhejhMVERjNldVT2w4SQpLOWhHd3FaK0llTlgreW16em16Nkx6WWVPaGlrRmNRaUI0UXVPSjdWWnZWRmVoS3JJMXJLWHJDRU01VmpJZXBkCkhzR0c1eTlLUkcxdEszSU5ScmI0SHlhRDF6SHJSTHRneFpLT1BvWDN0UjNmbTJ1aGova3dwelZnWTltRXJDWDkKd2I4SVA5TXdRR3REQVNBcjZWVmJvUUtDQVFFQThIeWlaK1lVeFEzQnprL1hoNmZMWWNYakE3NTJrQ204VWZzWQp0d1Z4N0EyNW5YRStiUDRIT3UyVC9kTlc0Tkw1elZPT0JkaWZIcTJQVFNVMGYzQUFHL0pNcnVzM3NrNHd4azM5CitYYlh0dHltWkdxb3FEcVN3TUw2czVpY1RnangvenRhSXk1TWFKYWhUYUpNdFRQQlVpZ3U3enhoeGNwVlhNVUMKTklHcFl5Mkt5R2hyMjVVOFdlR0RYQm9SS2xYUXJXYkNZeW1kMXdYQStEaVl0dzA5eit0VHhPNTRodjFCZkJKZwpWMGd0VWdJU0I2WEZDMU9CWDZXQ1pXYlhCN2hPaHhISjNkNHAyQlZyN0gxL2JDQ0ZvVDY5by9WQVNHRmdtTHRiCnpGalRNbjFIaTluVW5jUFlScWpsN1h0NWdPOHBOa3BwMjVrNHIxRVludWhIazcrYzdRS0NBUUVBM1l3THozNloKNEVPRndvODIrUlVId2lkaFExOEdrU1JvWStKVm1udXJpSXdHZTk3ZmRTVk91d092SDlZSVhsRWpjRitoOHFQVQpJVnpIOXBuYXZjTENEMnhIOWZ5d09ML3pmYmJnYnExZjV4Y3BOUXlYM1JnTGFDUVpLNkpJa3NzOUtDb0dhSzlaCmpMVm41MjFFZlFBRE5DSi93YlRCb3dLQ0dTNDUzSzRBaWFEWHN6TkJLUk5MOHVaWWYwK0x0U2IzV3lkZVQ2eUgKdGZiSXR3NlBSS1lxb2NaeGIrM0pWQWFHcGxScjVZSlNDU1BtTjFMSjU0djlTcXBIVnJMNzJudFNwKzdDODJ6SgpJajVOSXFEOGFsOVZ3WFB5dExRd25hYWc1TW5ka0NLQ3R0MlVHSGZwMEh3ZTJTL1hkemppS2gzZTZaT3MyMSt1CitQUHVrSkUxTTZzU09RS0NBUUJjWVJRbDR6MUJRUHFjM1JESEhJN0UvVFlxWHdTK2RqblFLQ3VqU3FVcmIwNUoKQzVKV1hmSzdFVDVUTjliY3dFNlRNRENUVUZZM2U2WmJsUm9vaGdhVXRhdjlXWC9vcjU2TzNyRGNIbW5ZNWNQSgpPU3VXakFHSnFKeVRWdUZjSEpXUlhPUlFOVjNHbzI1Tkd6WnFPUHBmSys1em1mZFkrbE4yTW51WlhlR0twcGowClNTQjlsa003cDZSRlFnSXNDQkVFTzBBYXhZYkxiWHRtSHArVFdiUFA1ZThrN0JKQ2tKQ1NMNkR3aGxwYWNVOHAKdnVVRlo4dC95VjFneEhOL2xLNGR0cGliOE5hVUdnNStKdXRHeHV0dU9HS3kwK2dncGI5c2pEUkVPQzdRNjAwTApqTjdleDdlUjFSbVY4Mk9HUXRqSzhTVGU1V25mOXNBRmN1YmorNncxQW9JQkFHYXM4Z2hQRHpkOWM2OXd1alNFCkI1MTJyTUFSZVRTcEgrd3l5Q09aYnkwUVlDem1aTCtnODdUK2h4b0ZFc25MWnRZOHJBeU0ydEkvY3JrYUl1TlIKTUtqL01QYVREb1N1aVVWWkRQaWVSMVVOU2Q2NUlHU3FNUmNwcTdTcU9HSTM2UGNGU3dVWFJ6Uk1Hb1NLQW5UQQpIYnY2eFNUY0JlWHJVcW9pMzFRa0hFR3NsbXNKdFFnNVZqaVRncTQyQ25TQlE2QXVSYW85Tm9RaGhISTZRREc3CnBRUm11TW43OVJPSkZyeGRZY2Z6TnR2ZmxHRk5jQjlzcEk0SERwcml4cEJDR1ZPVTl5cmozdStNMmlqVFhVaGIKT0o0NGcySTJKRlhjRkxNVHp5aHVwZy9qN3kvTDIwUHhVa2Fyd25zUmxOZWFFbVpFTjVkUDZBS2U0cENEaTVtUApqaGtDZ2dFQkFMUmtVeG9oZDh2ZVBwR3hPbWlOak5HekpiTDlscGx0TWxhR0dPQ3JOUkZSeEppblgzWU9UVnhiCkRFVlpqaXRHNldydzFxaDdnZXAzeEdJaWZHQ1lZV3pNc0RZTitueGtwV0lRRmZOV3dYemNRWlhrTEduZVlUdTAKSVU2RjY5Myt1Q0tkcHVCdVl0d3BQNEJCVkNCRTVON0FzRGV4bFBYTzk1cEw3ZzR4OG5RckdNeGJlRXVOdytaTwpPYmYvTnFFMGZZcURkaERiVHI0UDR6bUpBRlpYeDlKMjNJdWRMUFI3MDZITGZ5bDMrb1pUS2Y2ZWdEL1drWXZGCllLdEtDZzI1UmtSYmZBakZkeDlpOVkzcDlPNEFNVUNaRVFIOWQwU1d6LzJWR0VmYzVha09YL2xvWlAyUXF3c2UKeXMyc0k1U0Z5TEd1ZGM3R2MzVTd5UGd0RVN0elVoWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: hostpath - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: hostpath - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: hostpath - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates + diff --git a/tip-wlan/resources/environments/dev-integrated-aws-tip.yaml b/tip-wlan/resources/environments/dev-integrated-aws-tip.yaml index 6a9d702..c31c105 100644 --- a/tip-wlan/resources/environments/dev-integrated-aws-tip.yaml +++ b/tip-wlan/resources/environments/dev-integrated-aws-tip.yaml @@ -3,7 +3,6 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: testingEnabled: true @@ -66,121 +65,19 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: gp2 - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: gp2 - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: gp2 - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates + diff --git a/tip-wlan/resources/environments/dev-integrated.yaml b/tip-wlan/resources/environments/dev-integrated.yaml index 3d77565..e3f018a 100644 --- a/tip-wlan/resources/environments/dev-integrated.yaml +++ b/tip-wlan/resources/environments/dev-integrated.yaml @@ -66,121 +66,18 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: glusterfs-storage - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: glusterfs-storage - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: glusterfs-storage - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates diff --git a/tip-wlan/resources/environments/dev-local.yaml b/tip-wlan/resources/environments/dev-local.yaml index 8ad1c52..27d7283 100644 --- a/tip-wlan/resources/environments/dev-local.yaml +++ b/tip-wlan/resources/environments/dev-local.yaml @@ -22,24 +22,10 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: false testingEnabled: - kafka: - image: confluentinc/cp-kafka:5.0.1 - port: 9092 - topics: - - name: wlan_service_metrics - partitions: 1 - replicationFactor: 1 - - name: system_events - partitions: 1 - replicationFactor: 1 - - name: customer_events - partitions: 1 - replicationFactor: 1 creds: sslKeyPassword: mypassword sslKeystorePassword: mypassword @@ -181,121 +167,18 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: standard - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: standard - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: standard - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates diff --git a/tip-wlan/resources/environments/dev-microk8s.yaml b/tip-wlan/resources/environments/dev-microk8s.yaml index 1f47a5c..ee6511c 100644 --- a/tip-wlan/resources/environments/dev-microk8s.yaml +++ b/tip-wlan/resources/environments/dev-microk8s.yaml @@ -22,25 +22,11 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: false testingEnabled: false testingTimestamp: - kafka: - image: confluentinc/cp-kafka:5.0.1 - port: 9092 - topics: - - name: wlan_service_metrics - partitions: 1 - replicationFactor: 1 - - name: system_events - partitions: 1 - replicationFactor: 1 - - name: customer_events - partitions: 1 - replicationFactor: 1 creds: sslKeyPassword: mypassword sslKeystorePassword: mypassword @@ -186,121 +172,18 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: microk8s-hostpath - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: microk8s-hostpath - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: microk8s-hostpath - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates diff --git a/tip-wlan/resources/environments/dev-no-gluster.yaml b/tip-wlan/resources/environments/dev-no-gluster.yaml index 7ab67da..95a567d 100644 --- a/tip-wlan/resources/environments/dev-no-gluster.yaml +++ b/tip-wlan/resources/environments/dev-no-gluster.yaml @@ -3,7 +3,6 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: false testingEnabled: false @@ -97,118 +96,18 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true + storageClass: "" cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi + storageClass: "" postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates + storageClass: "" diff --git a/tip-wlan/resources/environments/dev.yaml b/tip-wlan/resources/environments/dev.yaml index 518e619..083632c 100644 --- a/tip-wlan/resources/environments/dev.yaml +++ b/tip-wlan/resources/environments/dev.yaml @@ -22,7 +22,6 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: false testingEnabled: false @@ -159,121 +158,18 @@ nginx-ingress-controller: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: glusterfs-storage - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: glusterfs-storage - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: falsea - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true storageClass: glusterfs-storage - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates diff --git a/tip-wlan/resources/environments/disable-allcharts.yaml b/tip-wlan/resources/environments/disable-allcharts.yaml index 53b8617..4ea8691 100644 --- a/tip-wlan/resources/environments/disable-allcharts.yaml +++ b/tip-wlan/resources/environments/disable-allcharts.yaml @@ -3,7 +3,6 @@ global: nodePortPrefixExt: 304 pullPolicy: Always - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io integratedDeployment: false testingEnabled: diff --git a/tip-wlan/resources/environments/migration.yaml b/tip-wlan/resources/environments/migration.yaml index 392ebdd..1e0215d 100644 --- a/tip-wlan/resources/environments/migration.yaml +++ b/tip-wlan/resources/environments/migration.yaml @@ -1,17 +1,4 @@ global: - kafka: - image: confluentinc/cp-kafka:5.0.1 - port: 9092 - topics: - - name: wlan_service_metrics - partitions: 1 - replicationFactor: 1 - - name: system_events - partitions: 1 - replicationFactor: 1 - - name: customer_events - partitions: 1 - replicationFactor: 1 creds: sslKeyPassword: mypassword sslKeystorePassword: mypassword @@ -19,121 +6,18 @@ global: kafka: enabled: true - replicaCount: 1 - image: - debug: true - auth: - clientProtocol: mtls - interBrokerProtocol: tls - jksSecret: tip-common-kafka-certs - jksPassword: mypassword - tlsEndpointIdentificationAlgorithm: "" - jaas: - clientUsers: - - brokerUser - clientPassword: - - brokerPassword - extraEnvVars: - - name: KAFKA_CFG_SSL_KEYSTORE_TYPE - value: PKCS12 - allowPlaintextListener: true persistence: enabled: true storageClass: REPLACEME - metrics: - serviceMonitor: - enabled: false - namespace: monitoring - selector: - release: prometheus-operator - zookeeper: - enabled: true - persistence: - enabled: true cassandra: enabled: true - tlsEncryptionSecretName: tip-common-cassandra-certs - image: - debug: true persistence: enabled: true storageClass: REPLACEME - replicaCount: 1 - cluster: - name: TipWlanCluster - seedCount: 1 - internodeEncryption: all - clientEncryption: true - exporter: - enabled: false - serviceMonitor: - enabled: false - additionalLabels: - release: prometheus-operator - dbUser: - user: cassandra - password: cassandra - resources: - limits: {} - requests: - cpu: 1 - memory: 3Gi postgresql: enabled: true - postgresqlDatabase: tip - image: - debug: true - metrics: - enabled: false - serviceMonitor: - enabled: false - namespace: monitoring - additionalLabels: - release: prometheus-operator - postgresqlUsername: postgres - postgresqlPassword: postgres - pgHbaConfiguration: | - hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 - hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 - hostssl postgres postgres ::/0 cert clientcert=1 - hostssl all all 0.0.0.0/0 md5 clientcert=1 - replication: - enabled: true - user: repl_user - password: repl_password - slaveReplicas: 1 persistence: enabled: true existingClaim: data-tip-wlan-postgresql-master-0 - volumePermissions: - enabled: true - livenessProbe: - enabled: false - readinessProbe: - enabled: false - tls: - enabled: true - certificatesSecret: tip-common-postgres-certs - certFilename: cert.crt - certKeyFilename: cert.key - certCAFilename: cacert.pem - initdbScriptsConfigMap: tip-common-postgres-scripts - extraEnv: - - name: PGSSLCERT - value: /opt/tip-wlan/certs/postgresclientcert.pem - - name: PGSSLKEY - value: /opt/tip-wlan/certs/postgresclientkey_dec.pem - - name: PGSSLROOTCERT - value: /opt/tip-wlan/certs/cacert.pem - primary: - extraInitContainers: - - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] - image: busybox:latest - name: chmod-client-cert-additional - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /opt/bitnami/postgresql/certs - name: postgresql-certificates diff --git a/tip-wlan/templates/docker-secret.yaml b/tip-wlan/templates/docker-secret.yaml index 4c2f313..e7d4ad6 100644 --- a/tip-wlan/templates/docker-secret.yaml +++ b/tip-wlan/templates/docker-secret.yaml @@ -1,6 +1,13 @@ +{{- define "imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.global.repository.registry (printf "%s:%s" .Values.global.repository.username .Values.global.repository.password | b64enc) | b64enc }} +{{- end }} + {{- if (.Values.createDockerRegistrySecret | default false) -}} + +--- apiVersion: v1 kind: Secret +type: kubernetes.io/dockerconfigjson metadata: name: {{ .Release.Namespace }}-docker-registry-key namespace: {{ .Release.Namespace }} @@ -10,6 +17,5 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - .dockerconfigjson: {{ .Values.dockerRegistrySecret }} -type: kubernetes.io/dockerconfigjson + .dockerconfigjson: {{ template "imagePullSecret" . }} {{- end}} \ No newline at end of file diff --git a/tip-wlan/templates/kafka-dependencies.yaml b/tip-wlan/templates/kafka-dependencies.yaml index 7b291a3..37ecb57 100644 --- a/tip-wlan/templates/kafka-dependencies.yaml +++ b/tip-wlan/templates/kafka-dependencies.yaml @@ -22,7 +22,7 @@ data: server.pkcs12: {{ .Files.Get "resources/certs/server.pkcs12" | b64enc }} -{{ if .Values.global.kafka.topics }} +{{ if .Values.kafka.initJobConfig.topics }} {{- $zk := printf "%s-zookeeper-headless" .Release.Name -}} --- apiVersion: batch/v1 @@ -37,7 +37,7 @@ spec: restartPolicy: OnFailure initContainers: - name: depends-on - image: {{ .Values.global.kafka.image }} + image: {{ .Values.kafka.initJobConfig.image }} command: - bash - -c @@ -47,7 +47,7 @@ spec: echo "Waiting for Zookeeper..." sleep 20 done - until nc -z {{ $.Release.Name }}-kafka {{ .Values.global.kafka.port }} || (( retries++ >= 6 )) + until nc -z {{ $.Release.Name }}-kafka {{ .Values.kafka.initJobConfig.port }} || (( retries++ >= 6 )) do echo "Waiting for Kafka..." sleep 20 @@ -60,7 +60,7 @@ spec: - -c - | set -e - {{- range $n, $topic := .Values.global.kafka.topics }} + {{- range $n, $topic := .Values.kafka.initJobConfig.topics }} {{- if and $topic.partitions $topic.replicationFactor $topic.reassignPartitions }} cat << EOF > {{ $topic.name }}-increase-replication-factor.json {"version":1, "partitions":[ diff --git a/tip-wlan/values.yaml b/tip-wlan/values.yaml index a8ff262..f65b10e 100644 --- a/tip-wlan/values.yaml +++ b/tip-wlan/values.yaml @@ -37,11 +37,13 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - repository: tip-tip-wlan-cloud-docker-repo.jfrog.io + repository: + registry: tip-tip-wlan-cloud-docker-repo.jfrog.io + username: tip-read + password: tip-read # image pull policy pullPolicy: Always - # flag to enable debugging - application support required debugEnabled: false @@ -84,11 +86,144 @@ wlan-port-forwarding-gateway-service: enabled: false wlan-integrated-cloud-component-service: enabled: false + nginx-ingress-controller: enabled: false + kafka: + initJobConfig: + image: confluentinc/cp-kafka:5.0.1 + port: 9092 + topics: + - name: wlan_service_metrics + partitions: 1 + replicationFactor: 1 + - name: system_events + partitions: 1 + replicationFactor: 1 + - name: customer_events + partitions: 1 + replicationFactor: 1 + creds: + sslKeyPassword: mypassword + sslKeystorePassword: mypassword + sslTruststorePassword: mypassword enabled: false + replicaCount: 1 + image: + debug: true + auth: + clientProtocol: mtls + interBrokerProtocol: tls + jksSecret: tip-common-kafka-certs + jksPassword: mypassword + tlsEndpointIdentificationAlgorithm: "" + jaas: + clientUsers: + - brokerUser + clientPassword: + - brokerPassword + extraEnvVars: + - name: KAFKA_CFG_SSL_KEYSTORE_TYPE + value: PKCS12 + allowPlaintextListener: true + persistence: + enabled: true + storageClass: glusterfs-storage + metrics: + serviceMonitor: + enabled: false + namespace: monitoring + selector: + release: prometheus-operator + zookeeper: + enabled: true + persistence: + enabled: true + cassandra: enabled: false + tlsEncryptionSecretName: tip-common-cassandra-certs + image: + debug: true + persistence: + enabled: true + storageClass: glusterfs-storage + replicaCount: 1 + cluster: + name: TipWlanCluster + seedCount: 1 + internodeEncryption: all + clientEncryption: true + exporter: + enabled: false + serviceMonitor: + enabled: false + additionalLabels: + release: prometheus-operator + dbUser: + user: cassandra + password: cassandra + resources: + limits: {} + requests: + cpu: 1 + memory: 3Gi + postgresql: - enabled: false \ No newline at end of file + enabled: false + postgresqlDatabase: tip + image: + debug: true + metrics: + enabled: false + serviceMonitor: + enabled: falsea + namespace: monitoring + additionalLabels: + release: prometheus-operator + postgresqlUsername: postgres + postgresqlPassword: postgres + pgHbaConfiguration: | + hostssl replication repl_user 0.0.0.0/0 md5 clientcert=0 + hostssl postgres postgres 0.0.0.0/0 cert clientcert=1 + hostssl postgres postgres ::/0 cert clientcert=1 + hostssl all all 0.0.0.0/0 md5 clientcert=1 + replication: + enabled: true + user: repl_user + password: repl_password + slaveReplicas: 1 + persistence: + enabled: true + storageClass: glusterfs-storage + volumePermissions: + enabled: true + livenessProbe: + enabled: false + readinessProbe: + enabled: false + tls: + enabled: true + certificatesSecret: tip-common-postgres-certs + certFilename: cert.crt + certKeyFilename: cert.key + certCAFilename: cacert.pem + initdbScriptsConfigMap: tip-common-postgres-scripts + extraEnv: + - name: PGSSLCERT + value: /opt/tip-wlan/certs/postgresclientcert.pem + - name: PGSSLKEY + value: /opt/tip-wlan/certs/postgresclientkey_dec.pem + - name: PGSSLROOTCERT + value: /opt/tip-wlan/certs/cacert.pem + primary: + extraInitContainers: + - command: [ "sh", "-c", "chmod 0600 /opt/bitnami/postgresql/certs/postgresclientkey_dec.pem" ] + image: busybox:latest + name: chmod-client-cert-additional + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /opt/bitnami/postgresql/certs + name: postgresql-certificates