scottk/wlan-cloud-userportal
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-userportal.git synced 2025-11-02 03:27:48 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Merge pull request #1 from Telecominfraproject/feature/wifi-7221--cicd

Browse Source 
[WIFI-7221] Add: CI/CD related files
This commit is contained in:
Dmitry Dunaev
2022-03-09 11:13:47 +03:00
committed by GitHub
parent c974d2c039 4122cf1f4c
commit 564ddadbab
26 changed files with 1010 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,71 @@
name: CI
on:
push:
paths-ignore:
- 'openapi/**'
- '**.md'
branches:
- main
- 'release/*'
tags:
- 'v*'
pull_request:
branches:
- main
defaults:
run:
shell: bash
jobs:
docker:
runs-on: ubuntu-20.04
env:
DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
DOCKER_REGISTRY_USERNAME: ucentral
steps:
- name: Checkout actions repo
uses: actions/checkout@v2
with:
repository: Telecominfraproject/.github
path: github
- name: Build and push Docker image
uses: ./github/composite-actions/docker-image-build
with:
image_name: owsub
registry: tip-tip-wlan-cloud-ucentral.jfrog.io
registry_user: ucentral
registry_password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
# TODO uncomment this action when OWSub is ready for wlan-testing
# trigger-testing:
# if: startsWith(github.ref, 'refs/pull/')
# runs-on: ubuntu-latest
# needs: docker
# steps:
# - name: Get base branch name and set as output
# id: get_base_branch
# run: |
# echo ::set-output name=branch::$(echo ${GITHUB_BASE_REF##*/})
# echo ::set-output name=owgw_branch::$(echo ${GITHUB_BASE_REF##*/} | sed 's/main/master/g')
#
# - name: Checkout actions repo
# uses: actions/checkout@v2
# with:
# repository: Telecominfraproject/.github
# path: github
#
# - name: Trigger testing of OpenWifi Docker Compose deployment and wait for result
# uses: ./github/composite-actions/trigger-workflow-and-wait
# env:
# BASE_BRANCH: ${{ steps.get_base_branch.outputs.branch }}
# OWGW_BASE_BRANCH: ${{ steps.get_base_branch.outputs.owgw_branch }}
# with:
# owner: Telecominfraproject
# repo: wlan-testing
# workflow: ow_docker-compose.yml
# token: ${{ secrets.WLAN_TESTING_PAT }}
# ref: master
# inputs: '{"owgw_version": "${{ env.OWGW_BASE_BRANCH }}", "owgwui_version": "${{ env.BASE_BRANCH }}", "owsec_version": "${{ env.BASE_BRANCH }}", "owfms_version": "${{ env.BASE_BRANCH }}", "owprov_version": "${{ env.BASE_BRANCH }}", "owprovui_version": "${{ env.BASE_BRANCH }}", "owsub_version": "{{ github.sha }}"}'

19
.github/workflows/cleanup.yml vendored Normal file
View File

@@ -0,0 +1,19 @@
name: Clean up PR Docker images
on:
pull_request:
branches:
- main
types: [ closed ]
defaults:
run:
shell: bash
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- run: |
export PR_BRANCH_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
curl -uucentral:${{ secrets.DOCKER_REGISTRY_PASSWORD }} -X DELETE "https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral/owsub/$PR_BRANCH_TAG"

24
.github/workflows/enforce-jira-issue-key.yml vendored Normal file
View File

@@ -0,0 +1,24 @@
name: Ensure Jira issue is linked
on:
pull_request:
types: [opened, edited, reopened, synchronize]
branches:
- 'release/*'
jobs:
check_for_issue_key:
runs-on: ubuntu-latest
steps:
- name: Checkout actions repo
uses: actions/checkout@v2
with:
repository: Telecominfraproject/.github
path: github
- name: Run JIRA check
uses: ./github/composite-actions/enforce-jira-issue-key
with:
jira_base_url: ${{ secrets.TIP_JIRA_URL }}
jira_user_email: ${{ secrets.TIP_JIRA_USER_EMAIL }}
jira_api_token: ${{ secrets.TIP_JIRA_API_TOKEN }}

5
.gitignore vendored
View File

@@ -30,3 +30,8 @@
*.exe
*.out
*.app
*.swp
helm/charts/*
!helm/charts/.gitkeep
test_scripts/curl/token.json

81
Dockerfile
View File

@@ -1,26 +1,15 @@
FROM alpine AS builder
FROM alpine:3.15 AS build-base
RUN apk add --update --no-cache \
openssl openssh \
ncurses-libs \
bash util-linux coreutils curl \
make cmake gcc g++ libstdc++ libgcc git zlib-dev yaml-cpp-dev \
openssl-dev boost-dev unixodbc-dev postgresql-dev mariadb-dev \
apache2-utils yaml-dev apr-util-dev \
lua-dev librdkafka-dev \
nlohmann-json
make cmake g++ git \
unixodbc-dev postgresql-dev mariadb-dev \
librdkafka-dev boost-dev openssl-dev \
zlib-dev nlohmann-json
RUN git clone https://github.com/telecominfraproject/wlan-cloud-userportal /owsub
FROM build-base AS poco-build
ADD https://api.github.com/repos/stephb9959/poco/git/refs/heads/master version.json
RUN git clone https://github.com/stephb9959/poco /poco
RUN git clone https://github.com/stephb9959/cppkafka /cppkafka
RUN git clone https://github.com/pboettch/json-schema-validator /json-schema-validator
WORKDIR /cppkafka
RUN mkdir cmake-build
WORKDIR cmake-build
RUN cmake ..
RUN cmake --build . --config Release -j8
RUN cmake --build . --target install
WORKDIR /poco
RUN mkdir cmake-build
@@ -29,6 +18,23 @@ RUN cmake ..
RUN cmake --build . --config Release -j8
RUN cmake --build . --target install
FROM build-base AS cppkafka-build
ADD https://api.github.com/repos/stephb9959/cppkafka/git/refs/heads/master version.json
RUN git clone https://github.com/stephb9959/cppkafka /cppkafka
WORKDIR /cppkafka
RUN mkdir cmake-build
WORKDIR cmake-build
RUN cmake ..
RUN cmake --build . --config Release -j8
RUN cmake --build . --target install
FROM build-base AS json-schema-validator-build
ADD https://api.github.com/repos/pboettch/json-schema-validator/git/refs/heads/master version.json
RUN git clone https://github.com/pboettch/json-schema-validator /json-schema-validator
WORKDIR /json-schema-validator
RUN mkdir cmake-build
WORKDIR cmake-build
@@ -36,47 +42,56 @@ RUN cmake ..
RUN make
RUN make install
FROM build-base AS owsub-build
ADD CMakeLists.txt build /owsub/
ADD cmake /owsub/cmake
ADD src /owsub/src
ADD .git /owsub/.git
# Build the service
COPY --from=poco-build /usr/local/include /usr/local/include
COPY --from=poco-build /usr/local/lib /usr/local/lib
COPY --from=cppkafka-build /usr/local/include /usr/local/include
COPY --from=cppkafka-build /usr/local/lib /usr/local/lib
COPY --from=json-schema-validator-build /usr/local/include /usr/local/include
COPY --from=json-schema-validator-build /usr/local/lib /usr/local/lib
WORKDIR /owsub
RUN mkdir cmake-build
WORKDIR /owsub/cmake-build
RUN cmake ..
RUN cmake --build . --config Release -j8
FROM alpine
FROM alpine:3.15
ENV OWSUB_USER=owsub \
OWSUB_ROOT=/owsub-data \
OWSUB_CONFIG=/owsub-data
RUN addgroup -S "OWSUB_USER" && \
adduser -S -G "OWSUB_USER" "OWSUB_USER"
RUN addgroup -S "$OWSUB_USER" && \
adduser -S -G "$OWSUB_USER" "$OWSUB_USER"
RUN mkdir /openwifi
RUN mkdir -p "OWSUB_ROOT" "OWSUB_CONFIG" && \
chown "OWSUB_USER": "OWSUB_ROOT" "OWSUB_CONFIG"
RUN apk add --update --no-cache librdkafka mariadb-connector-c libpq unixodbc su-exec gettext ca-certificates bash jq curl
RUN mkdir -p "$OWSUB_ROOT" "$OWSUB_CONFIG" && \
chown "$OWSUB_USER": "$OWSUB_ROOT" "$OWSUB_CONFIG"
COPY --from=builder /owsub/cmake-build/owsub /openwifi/owsub
COPY --from=builder /cppkafka/cmake-build/src/lib/* /lib/
COPY --from=builder /poco/cmake-build/lib/* /lib/
RUN apk add --update --no-cache librdkafka su-exec gettext ca-certificates bash jq curl \
mariadb-connector-c libpq unixodbc postgresql-client
COPY test_scripts/curl/cli /cli
COPY owsub.properties.tmpl /
COPY docker-entrypoint.sh /
COPY wait-for-postgres.sh /
RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \
-O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem \
-O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
COPY readiness_check /readiness_check
COPY test_scripts/curl/cli /cli
COPY --from=owsub-build /owsub/cmake-build/owsub /openwifi/owsub
COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib /usr/local/lib
COPY --from=poco-build /poco/cmake-build/lib /usr/local/lib
EXPOSE 16006
EXPOSE 16006 17006 16106
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/openwifi/owsub"]

4
docker-entrypoint.sh
View File

@@ -24,6 +24,10 @@ if [[ "$TEMPLATE_CONFIG" = 'true' && ! -f "$OWSUB_CONFIG"/owsub.properties ]]; t
SYSTEM_URI_UI=${SYSTEM_URI_UI:-"http://localhost"} \
KAFKA_ENABLE=${KAFKA_ENABLE:-"true"} \
KAFKA_BROKERLIST=${KAFKA_BROKERLIST:-"localhost:9092"} \
KAFKA_SSL_CA_LOCATION=${KAFKA_SSL_CA_LOCATION:-""} \
KAFKA_SSL_CERTIFICATE_LOCATION=${KAFKA_SSL_CERTIFICATE_LOCATION:-""} \
KAFKA_SSL_KEY_LOCATION=${KAFKA_SSL_KEY_LOCATION:-""} \
KAFKA_SSL_KEY_PASSWORD=${KAFKA_SSL_KEY_PASSWORD:-""} \
STORAGE_TYPE=${STORAGE_TYPE:-"sqlite"} \
STORAGE_TYPE_POSTGRESQL_HOST=${STORAGE_TYPE_POSTGRESQL_HOST:-"localhost"} \
STORAGE_TYPE_POSTGRESQL_USERNAME=${STORAGE_TYPE_POSTGRESQL_USERNAME:-"owsub"} \

1
helm/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
*.swp

22
helm/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

12
helm/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 10.9.2
- name: mysql
repository: https://charts.bitnami.com/bitnami
version: 8.8.3
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 9.4.2
digest: sha256:1fdae7cbea906e41dccd8618ff9e2c68d0c684724ae27c79a12bb6089968df5c
generated: "2022-03-08T13:14:58.389051618+03:00"

18
helm/Chart.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v2
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: owsub
version: 0.1.0
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 10.9.2
condition: postgresql.enabled
- name: mysql
repository: https://charts.bitnami.com/bitnami
version: 8.8.3
condition: mysql.enabled
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 9.4.2
condition: mariadb.enabled

94
helm/README.md Normal file
View File

@@ -0,0 +1,94 @@
# owsub
This Helm chart helps to deploy OpenWIFI Subscription service (further on refered as __Subscription__) to the Kubernetes clusters. It is mainly used in [assembly chart](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) as Subscription service requires other services as dependencies that are considered in that Helm chart. This chart is purposed to define deployment logic close to the application code itself and define default values that could be overriden during deployment.
## TL;DR;
```bash
$ helm install .
```
## Introduction
This chart bootstraps the Subscription on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Installing the Chart
Currently this chart is not assembled in charts archives, so [helm-git](https://github.com/aslafy-z/helm-git) is required for remote the installation
To install the chart with the release name `my-release`:
```bash
$ helm install --name my-release git+https://github.com/Telecominfraproject/wlan-cloud-owsub@helm/owsub-0.1.0.tgz?ref=main
```
The command deploys the Subscription on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the chart and their default values. If Default value is not listed in the table, please refer to the [Values](values.yaml) files for details.
| Parameter | Type | Description | Default |
|-----------|------|-------------|---------|
| replicaCount | number | Amount of replicas to be deployed | `1` |
| strategyType | string | Application deployment strategy | `'Recreate'` |
| nameOverride | string | Override to be used for application deployment | |
| fullnameOverride | string | Override to be used for application deployment (has priority over nameOverride) | |
| images.owsub.repository | string | Docker image repository | |
| images.owsub.tag | string | Docker image tag | `'master'` |
| images.owsub.pullPolicy | string | Docker image pull policy | `'Always'` |
| services.owsub.type | string | OpenWIFI Subscription service type | `'LoadBalancer'` |
| services.owsub.ports.restapi.servicePort | number | REST API endpoint port to be exposed on service | `16001` |
| services.owsub.ports.restapi.targetPort | number | REST API endpoint port to be targeted by service | `16001` |
| services.owsub.ports.restapi.protocol | string | REST API endpoint protocol | `'TCP'` |
| services.owsub.ports.restapiinternal.servicePort | string | Internal REST API endpoint port to be exposed on service | `17001` |
| services.owsub.ports.restapiinternal.targetPort | number | Internal REST API endpoint port to be targeted by service | `17001` |
| services.owsub.ports.restapiinternal.protocol | string | Internal REST API endpoint protocol | `'TCP'` |
| checks.owsub.liveness.httpGet.path | string | Liveness check path to be used | `'/'` |
| checks.owsub.liveness.httpGet.port | number | Liveness check port to be used (should be pointint to ALB endpoint) | `16101` |
| checks.owsub.readiness.httpGet.path | string | Readiness check path to be used | `'/'` |
| checks.owsub.readiness.httpGet.port | number | Readiness check port to be used (should be pointint to ALB endpoint) | `16101` |
| ingresses.restapi.enabled | boolean | Defines if REST API endpoint should be exposed via Ingress controller | `False` |
| ingresses.restapi.hosts | array | List of hosts for exposed REST API | |
| ingresses.restapi.paths | array | List of paths to be exposed for REST API | |
| volumes.owsub | array | Defines list of volumes to be attached to the Subscription | |
| persistence.enabled | boolean | Defines if the Subscription requires Persistent Volume (required for permanent files storage and SQLite DB if enabled) | `True` |
| persistence.accessModes | array | Defines PV access modes | |
| persistence.size | string | Defines PV size | `'10Gi'` |
| public_env_variables | hash | Defines list of environment variables to be passed to the Subscription | |
| configProperties | hash | Configuration properties that should be passed to the application in `owsub.properties`. May be passed by key in set (i.e. `configProperties."rtty\.token"`) | |
| certs | hash | Defines files (keys and certificates) that should be passed to the Subscription (PEM format is adviced to be used) (see `volumes.owsub` on where it is mounted) | |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install --name my-release \
--set replicaCount=1 \
.
```
The above command sets that only 1 instance of your app should be running
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install --name my-release -f values.yaml .
```
> **Tip**: You can use the default [values.yaml](values.yaml) as a base for customization.

5
helm/templates/_config.tpl Normal file
View File

@@ -0,0 +1,5 @@
{{- define "owsub.config" -}}
{{- range $key, $value := .Values.configProperties }}
{{ $key }} = {{ $value }}
{{- end }}
{{- end -}}

42
helm/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,42 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "owsub.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "owsub.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "owsub.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "owsub.ingress.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}

131
helm/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,131 @@
{{- $root := . -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "owsub.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "owsub.name" . }}
helm.sh/chart: {{ include "owsub.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.strategyType }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "owsub.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.services.owsub.labels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
annotations:
checksum/config: {{ include "owsub.config" . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "owsub.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.services.owsub.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
initContainers:
- name: wait-kafka
image: "{{ .Values.images.dockerize.repository }}:{{ .Values.images.dockerize.tag }}"
imagePullPolicy: {{ .Values.images.dockerize.pullPolicy }}
args:
- -wait
- tcp://{{ index .Values.configProperties "openwifi.kafka.brokerlist" }}
- -timeout
- 600s
containers:
- name: owsub
image: "{{ .Values.images.owsub.repository }}:{{ .Values.images.owsub.tag }}"
imagePullPolicy: {{ .Values.images.owsub.pullPolicy }}
env:
- name: KUBERNETES_DEPLOYED
value: "{{ now }}"
{{- range $key, $value := .Values.public_env_variables }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.secret_env_variables }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "owsub.fullname" $root }}-env
key: {{ $key }}
{{- end }}
ports:
{{- range $port, $portValue := .Values.services.owsub.ports }}
- name: {{ $port }}
containerPort: {{ $portValue.targetPort }}
protocol: {{ $portValue.protocol }}
{{- end }}
volumeMounts:
{{- range .Values.volumes.owsub }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- if .subPath }}
subPath: {{ .subPath }}
{{- end }}
{{- end }}
{{- if .Values.checks.owsub.liveness }}
livenessProbe:
{{- toYaml .Values.checks.owsub.liveness | nindent 12 }}
{{- end }}
{{- if .Values.checks.owsub.readiness }}
readinessProbe:
{{- toYaml .Values.checks.owsub.readiness | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
fsGroup: 101
imagePullSecrets:
{{- range $image, $imageValue := .Values.images }}
{{- if $imageValue.regcred }}
- name: {{ include "owsub.fullname" $root }}-{{ $image }}-regcred
{{- end }}
{{- end }}
volumes:
{{- range $container, $containerVolumes := .Values.volumes }}
{{- range $containerVolumes }}
- name: {{ .name }}
{{- tpl .volumeDefinition $root | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

61
helm/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,61 @@
{{- $root := . -}}
{{- range $ingress, $ingressValue := .Values.ingresses }}
{{- if $ingressValue.enabled }}
---
apiVersion: {{ include "owsub.ingress.apiVersion" $root }}
kind: Ingress
metadata:
name: {{ include "owsub.fullname" $root }}-{{ $ingress }}
labels:
app.kubernetes.io/name: {{ include "owsub.name" $root }}
helm.sh/chart: {{ include "owsub.chart" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/managed-by: {{ $root.Release.Service }}
{{- with $ingressValue.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if $ingressValue.tls }}
tls:
{{- range $ingressValue.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ tpl .secretName $root }}
{{- end }}
{{- end }}
rules:
{{- range $ingressValue.hosts }}
- host: {{ . | quote }}
http:
paths:
{{- range $ingressValue.paths }}
- path: {{ .path }}
{{- if $root.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: {{ .pathType | default "ImplementationSpecific" }}
{{- end }}
backend:
{{- if $root.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: {{ include "owsub.fullname" $root }}-{{ .serviceName }}
port:
{{- if kindIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else }}
number: {{ .servicePort }}
{{- end }}
{{- else }}
serviceName: {{ include "owsub.fullname" $root }}-{{ .serviceName }}
servicePort: {{ .servicePort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

27
helm/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if .Values.persistence.enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "owsub.fullname" . }}-pvc
labels:
app.kubernetes.io/name: {{ include "owsub.name" . }}
helm.sh/chart: {{ include "owsub.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClassName }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- end }}
{{- end }}

15
helm/templates/secret-certs.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
apiVersion: v1
metadata:
labels:
app.kuberentes.io/name: {{ include "owsub.name" . }}
helm.sh/chart: {{ include "owsub.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ include "owsub.fullname" . }}-certs
kind: Secret
type: Opaque
data:
{{- range $key, $value := .Values.certs }}
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}

13
helm/templates/secret-config.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
metadata:
labels:
app.kuberentes.io/name: {{ include "owsub.name" . }}
helm.sh/chart: {{ include "owsub.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ include "owsub.fullname" . }}-config
kind: Secret
type: Opaque
data:
owsub.properties: {{ include "owsub.config" . | b64enc }}

17
helm/templates/secret-env.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: v1
metadata:
labels:
app.kuberentes.io/name: {{ include "owsub.name" . }}
helm.sh/chart: {{ include "owsub.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ include "owsub.fullname" . }}-env
kind: Secret
type: Opaque
data:
# Secret env variables
{{- range $key, $value := .Values.secret_env_variables }}
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}

21
helm/templates/secret-regcred.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }}
{{- end }}
{{- $root := . -}}
{{- range $image, $imageValue := .Values.images }}
{{- if $imageValue.regcred }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
labels:
app.kuberentes.io/name: {{ include "owsub.name" $root }}
helm.sh/chart: {{ include "owsub.chart" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/managed-by: {{ $root.Release.Service }}
name: {{ include "owsub.fullname" $root }}-{{ $image }}-regcred
data:
.dockerconfigjson: {{ template "imagePullSecret" $imageValue.regcred }}
{{- end }}
{{- end }}

48
helm/templates/service.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{- $root := . -}}
{{- range $service, $serviceValue := .Values.services }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "owsub.fullname" $root }}-{{ $service }}
{{- with $serviceValue.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "owsub.name" $root }}
helm.sh/chart: {{ include "owsub.chart" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/managed-by: {{ $root.Release.Service }}
{{- with $serviceValue.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $serviceValue.serviceMonitor }}
{{- range $selector, $selectorValue := $serviceValue.serviceMonitor.serviceSelector }}
{{ $selector }}: {{ tpl $selectorValue $root }}
{{- end }}
{{- end }}
spec:
type: {{ $serviceValue.type }}
ports:
{{- range $service_service, $service_value := $serviceValue.ports }}
- name: {{ $service_service }}
targetPort: {{ $service_value.targetPort }}
protocol: {{ $service_value.protocol }}
port: {{ $service_value.servicePort }}
{{- if and (eq "NodePort" $serviceValue.type) $service_value.nodePort }}
nodePort: {{ $service_value.nodePort }}
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ include "owsub.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
{{- with $serviceValue.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

265
helm/values.yaml Normal file
View File

@@ -0,0 +1,265 @@
# System
replicaCount: 1
strategyType: Recreate
revisionHistoryLimit: 2
nameOverride: ""
fullnameOverride: ""
images:
owsub:
repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owsub
tag: main
pullPolicy: Always
# regcred:
# registry: tip-tip-wlan-cloud-ucentral.jfrog.io
# username: username
# password: password
dockerize:
repository: tip-tip-wlan-cloud-ucentral.jfrog.io/dockerize
tag: 0.16.0
pullPolicy: IfNotPresent
services:
owsub:
type: ClusterIP
ports:
restapi:
servicePort: 16006
targetPort: 16006
protocol: TCP
restapiinternal:
servicePort: 17006
targetPort: 17006
protocol: TCP
checks:
owsub:
liveness:
httpGet:
path: /
port: 16106
readiness:
httpGet:
path: /
port: 16106
ingresses:
restapi:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- restapi.chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
serviceName: owsub
servicePort: restapi
volumes:
owsub:
- name: config
mountPath: /owsub-data/owsub.properties
subPath: owsub.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owsub.fullname" . }}-config
- name: certs
mountPath: /owsub-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owsub.fullname" . }}-certs
# Change this if you want to use another volume type
- name: persist
mountPath: /owsub-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owsub.fullname" . }}-pvc
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# requests:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
persistence:
enabled: true
# storageClassName: "-"
accessModes:
- ReadWriteOnce
size: 10Gi
annotations: {}
# Application
public_env_variables:
OWSUB_ROOT: /owsub-data
OWSUB_CONFIG: /owsub-data
# Environment variables required for the readiness checks using script
FLAGS: "-s --connect-timeout 3"
# NOTE in order for readiness check to use system info you need to set READINESS_METHOD to "systeminfo" and set OWSEC to the OWSEC's REST API endpoint
#READINESS_METHOD: systeminfo
#OWSEC: gw-qa01.cicd.lab.wlan.tip.build:16001
secret_env_variables:
# NOTE in order for readiness check to use system info method you need to override these values to the real OWSEC credentials
OWSEC_USERNAME: tip@ucentral.com
OWSEC_PASSWORD: openwifi
configProperties:
# -> Public part
# REST API
openwifi.restapi.host.0.backlog: 100
openwifi.restapi.host.0.security: relaxed
openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-ca.pem
openwifi.restapi.host.0.address: "*"
openwifi.restapi.host.0.port: 16006
openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-cert.pem
openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-key.pem
openwifi.internal.restapi.host.0.backlog: 100
openwifi.internal.restapi.host.0.security: relaxed
openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-ca.pem
openwifi.internal.restapi.host.0.address: "*"
openwifi.internal.restapi.host.0.port: 17006
openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-cert.pem
openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-key.pem
# ALB
alb.enable: "true"
alb.port: 16106
# Kafka
openwifi.kafka.enable: "false"
openwifi.kafka.group.id: sub
openwifi.kafka.client.id: sub1
openwifi.kafka.brokerlist: localhost:9092
openwifi.kafka.auto.commit: false
openwifi.kafka.queue.buffering.max.ms: 50
openwifi.kafka.ssl.ca.location: ""
openwifi.kafka.ssl.certificate.location: ""
openwifi.kafka.ssl.key.location: ""
openwifi.kafka.ssl.key.password: ""
# Storage
storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
## SQLite
storage.type.sqlite.db: sub.db
storage.type.sqlite.idletime: 120
storage.type.sqlite.maxsessions: 128
## PostgreSQL
storage.type.postgresql.maxsessions: 64
storage.type.postgresql.idletime: 60
storage.type.postgresql.host: localhost
storage.type.postgresql.database: owsub
storage.type.postgresql.port: 5432
storage.type.postgresql.connectiontimeout: 60
## MySQL
storage.type.mysql.maxsessions: 64
storage.type.mysql.idletime: 60
storage.type.mysql.host: localhost
storage.type.mysql.database: owsub
storage.type.mysql.port: 3306
storage.type.mysql.connectiontimeout: 60
# System
openwifi.service.key: $OWSUB_ROOT/certs/restapi-key.pem
openwifi.system.data: $OWSUB_ROOT/persist
openwifi.system.debug: "true"
openwifi.system.uri.private: https://localhost:17006
openwifi.system.uri.public: https://localhost:16006
openwifi.system.uri.ui: https://localhost
openwifi.system.commandchannel: /tmp/app_owsub
# Logging
logging.type: console
logging.path: $OWSUB_ROOT/logs
logging.level: debug
# -> Secret part
# REST API
openwifi.restapi.host.0.key.password: mypassword
openwifi.internal.restapi.host.0.key.password: mypassword
# Storage
## PostgreSQL
storage.type.postgresql.username: stephb
storage.type.postgresql.password: snoopy99
## MySQL
storage.type.mysql.username: stephb
storage.type.mysql.password: snoopy99
certs:
# restapi-ca.pem: ""
# restapi-cert.pem: ""
# restapi-key.pem: ""
# PostgreSQL (https://github.com/bitnami/charts/tree/master/bitnami/postgresql)
postgresql:
enabled: false
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.13.0-debian-10-r0
postgresqlPostgresPassword: ""
postgresqlUsername: postgres
postgresqlPassword: ""
postgresqlDatabase: ""
persistence:
enabled: true
storageClass: ""
size: 8Gi
# MySQL (https://github.com/bitnami/charts/tree/master/bitnami/mysql)
mysql:
enabled: false
image:
registry: docker.io
repository: bitnami/mysql
tag: 8.0.26-debian-10-r10
auth:
rootPassword: ""
database: my_database
username: ""
password: ""
primary:
persistence:
enabled: true
storageClass: ""
size: 8Gi
# MariaDB (https://github.com/bitnami/charts/tree/master/bitnami/mariadb)
mariadb:
enabled: false
image:
registry: docker.io
repository: bitnami/mariadb
tag: 10.5.12-debian-10-r0
auth:
rootPassword: ""
database: my_database
username: ""
password: ""
primary:
persistence:
enabled: true
storageClass: ""
size: 8Gi

2
owsub.properties
View File

@@ -68,7 +68,7 @@ storage.type = sqlite
#storage.type = mysql
#storage.type = odbc
storage.type.sqlite.db = prov.db
storage.type.sqlite.db = sub.db
storage.type.sqlite.idletime = 120
storage.type.sqlite.maxsessions = 128

12
owsub.properties.tmpl
View File

@@ -44,17 +44,21 @@ openwifi.system.uri.ui = ${SYSTEM_URI_UI}
# NLB Support
#
alb.enable = true
alb.port = 16105
alb.port = 16106
#
# Kafka
#
openwifi.kafka.group.id = prov
openwifi.kafka.client.id = prov1
openwifi.kafka.group.id = sub
openwifi.kafka.client.id = sub1
openwifi.kafka.enable = ${KAFKA_ENABLE}
openwifi.kafka.brokerlist = ${KAFKA_BROKERLIST}
openwifi.kafka.auto.commit = false
openwifi.kafka.queue.buffering.max.ms = 50
openwifi.kafka.ssl.ca.location = ${KAFKA_SSL_CA_LOCATION}
openwifi.kafka.ssl.certificate.location = ${KAFKA_SSL_CERTIFICATE_LOCATION}
openwifi.kafka.ssl.key.location = ${KAFKA_SSL_KEY_LOCATION}
openwifi.kafka.ssl.key.password = ${KAFKA_SSL_KEY_PASSWORD}
#
# This section select which form of persistence you need
@@ -63,7 +67,7 @@ openwifi.kafka.queue.buffering.max.ms = 50
#
storage.type = ${STORAGE_TYPE}
storage.type.sqlite.db = prov.db
storage.type.sqlite.db = sub.db
storage.type.sqlite.idletime = 120
storage.type.sqlite.maxsessions = 128

13
test_scripts/curl/cli
View File

@@ -37,11 +37,20 @@ target_service_endpoint="${OWSUB}"
token=""
result_file=result.json
username="stephane.bourque@gmail.com"
password="NoMoreN00bs!"
browser_list=(firefox sensible-browser xdg-open w3m links links2 lynx youtube-dl)
browser=""
if [ -z ${OWSEC_USERNAME+x} ]; then
username="script.runner@arilia.com"
else
username=${OWSEC_USERNAME}
fi
if [ -z ${OWSEC_PASSWORD+x} ]; then
password="Snoopy99!!!"
else
password=${OWSEC_PASSWORD}
fi
login() {
payload="{ \"userId\" : \"$username\" , \"password\" : \"$password\" }"
curl ${FLAGS} -X POST -H "Content-Type: application/json" -d "$payload" "https://${target_service_endpoint}/api/v1/oauth2" > ${result_file}

26
wait-for-postgres.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/sh
# wait-for-postgres.sh
set -e
host="$1"
shift
export PGUSER=$(grep 'storage.type.postgresql.username' $OWSUB_CONFIG/owsub.properties | awk -F '= ' '{print $2}')
export PGPASSWORD=$(grep 'storage.type.postgresql.password' $OWSUB_CONFIG/owsub.properties | awk -F '= ' '{print $2}')
until psql -h "$host" -c '\q'; do
>&2 echo "Postgres is unavailable - sleeping"
sleep 1
done
>&2 echo "Postgres is up - executing command"
if [ "$1" = '/openwifi/owsub' -a "$(id -u)" = '0' ]; then
if [ "$RUN_CHOWN" = 'true' ]; then
chown -R "$OWSUB_USER": "$OWSUB_ROOT" "$OWSUB_CONFIG"
fi
exec su-exec "$OWSUB_USER" "$@"
fi
exec "$@"