From 19328d3ec5ae9802a32d5479d1ba4ab8f96ef3b8 Mon Sep 17 00:00:00 2001 From: Dmitry Dunaev <83591011+dunaev-opsfleet@users.noreply.github.com> Date: Mon, 16 May 2022 16:33:27 +0300 Subject: [PATCH] [WIFI-7604] Del: helm related files unrequired after migration (#531) * [WIFI-7604] Del: helm related files unrequired after migration Signed-off-by: Dmitry Dunaev * Delete obsolote Docker Compose related deploy files Signed-off-by: Johann Hoffmann Co-authored-by: Johann Hoffmann --- docker-compose/openwifi/Dockerfile | 4 - docker-compose/openwifi/deploy.sh | 151 ----- docker-compose/openwifi/deploy_owls.sh | 74 --- helm/ucentral/.gitignore | 1 - helm/ucentral/deploy.sh | 241 ------- .../values.ucentral-qa.external-db.yaml | 14 - .../values.ucentral-qa.owls-enabled.yaml | 173 ----- .../values.ucentral-qa.separate-lbs.yaml | 74 --- .../values.ucentral-qa.test-nodes.yaml | 118 ---- helm/ucentral/values.ucentral-qa.yaml | 629 ------------------ 10 files changed, 1479 deletions(-) delete mode 100644 docker-compose/openwifi/Dockerfile delete mode 100755 docker-compose/openwifi/deploy.sh delete mode 100755 docker-compose/openwifi/deploy_owls.sh delete mode 100644 helm/ucentral/.gitignore delete mode 100755 helm/ucentral/deploy.sh delete mode 100644 helm/ucentral/values.ucentral-qa.external-db.yaml delete mode 100644 helm/ucentral/values.ucentral-qa.owls-enabled.yaml delete mode 100644 helm/ucentral/values.ucentral-qa.separate-lbs.yaml delete mode 100644 helm/ucentral/values.ucentral-qa.test-nodes.yaml delete mode 100644 helm/ucentral/values.ucentral-qa.yaml diff --git a/docker-compose/openwifi/Dockerfile b/docker-compose/openwifi/Dockerfile deleted file mode 100644 index 08bcef91c..000000000 --- a/docker-compose/openwifi/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM docker/compose:latest -RUN apk add git -COPY deploy.sh deploy.sh -ENTRYPOINT ["./deploy.sh"] diff --git a/docker-compose/openwifi/deploy.sh b/docker-compose/openwifi/deploy.sh deleted file mode 100755 index cd26ccd55..000000000 --- a/docker-compose/openwifi/deploy.sh +++ /dev/null @@ -1,151 +0,0 @@ -#!/bin/bash -set -e - -# Usage function -usage () { - echo; - echo "This script is intended for OpenWifi deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod"; - echo; - echo "Required environment variables:" - echo; - echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used"; - echo; - echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service" - echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service" - echo; - echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication" - echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication" - echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication" - echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication" - echo "- INTERNAL_OWANALYTICS_HOSTNAME - OWAnalytics microservice hostname for Docker internal communication" - echo "- INTERNAL_OWSUB_HOSTNAME - OWSub microservice hostname for Docker internal communication" - echo; - echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload"; - echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload"; - echo "- OWGW_SYSTEM_URI_PRIVATE - private URL to be used for OWGW"; - echo "- OWGW_SYSTEM_URI_PUBLIC - public URL to be used for OWGW"; - echo "- OWGW_RTTY_SERVER - public hostname of the RTTY server"; - echo; - echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec"; - echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec"; - echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec"; - echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)"; - echo; - echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms"; - echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms"; - echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket"; - echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket"; - echo; - echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv"; - echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv"; - echo; - echo "- OWANALYTICS_SYSTEM_URI_PRIVATE - private URL to be used for OWAnalytics"; - echo "- OWANALYTICS_SYSTEM_URI_PUBLIC - public URL to be used for OWAnalytics"; - echo; - echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub"; - echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub"; - echo; - echo "- WEBSOCKET_CERT - path to the websocket certificate"; - echo "- WEBSOCKET_KEY - path to the websocket key"; -} - -# Check if required environment variables were passed -## Deployment specifics -[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1 -## Configuration variables applying to multiple microservices -[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1 -[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1 -## Internal microservice hostnames -[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1 -[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1 -[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1 -[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1 -[ -z ${INTERNAL_OWANALYTICS_HOSTNAME+x} ] && echo "INTERNAL_OWANALYTICS_HOSTNAME is unset" && usage && exit 1 -[ -z ${INTERNAL_OWSUB_HOSTNAME+x} ] && echo "INTERNAL_OWSUB_HOSTNAME is unset" && usage && exit 1 -## OWGW configuration variables -[ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1 -[ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1 -[ -z ${OWGW_SYSTEM_URI_PRIVATE+x} ] && echo "OWGW_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -[ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1 -## OWSec configuration variables -[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1 -[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1 -[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -## OWFms configuration variables -[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1 -[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1 -## OWProv configuration variables -[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -## OWAnalytics configuration variables -[ -z ${OWANALYTICS_SYSTEM_URI_PRIVATE+x} ] && echo "OWANALYTICS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWANALYTICS_SYSTEM_URI_PUBLIC+x} ] && echo "OWANALYTICS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -## OWSub configuration variables -[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -## cert related variables -[ -z ${WEBSOCKET_CERT+x} ] && echo "WEBSOCKET_CERT is unset" && usage && exit 1 -[ -z ${WEBSOCKET_KEY+x} ] && echo "WEBSOCKET_KEY is unset" && usage && exit 1 - -# Clone repo and copy certificates -mkdir wlan-cloud-ucentral-deploy-tmp -git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp -mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp -cd wlan-cloud-ucentral-deploy/docker-compose - -# Search and replace variable values in env files -sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env -sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env -sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env -sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env -sed -i "s~\(^INTERNAL_OWANALYTICS_HOSTNAME=\).*~\1$INTERNAL_OWANALYTICS_HOSTNAME~" .env -sed -i "s~\(^INTERNAL_OWSUB_HOSTNAME=\).*~\1$INTERNAL_OWSUB_HOSTNAME~" .env - -sed -i "s~\(^FILEUPLOADER_HOST_NAME=\).*~\1$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env -sed -i "s~\(^FILEUPLOADER_URI=\).*~\1$OWGW_FILEUPLOADER_URI~" owgw.env -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWGW_SYSTEM_URI_PRIVATE~" owgw.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWGW_SYSTEM_URI_PUBLIC~" owgw.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owgw.env -sed -i "s~\(^RTTY_SERVER=\).*~\1$OWGW_RTTY_SERVER~" owgw.env - -if [[ ! -z "$SIMULATORID" ]]; then - sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env -fi - -sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env - -sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env -sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env - -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owfms.env -sed -i "s~\(^S3_SECRET=\).*~\1$OWFMS_S3_SECRET~" owfms.env -sed -i "s~\(^S3_KEY=\).*~\1$OWFMS_S3_KEY~" owfms.env - -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owprov.env - -sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env -sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$REACT_APP_UCENTRALSEC_URL~" owprov-ui.env - -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWANALYTICS_SYSTEM_URI_PRIVATE~" owanalytics.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWANALYTICS_SYSTEM_URI_PUBLIC~" owanalytics.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owanalytics.env - -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSUB_SYSTEM_URI_PRIVATE~" owsub.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsub.env - -# Run the deployment and attach to logs -cat $WEBSOCKET_CERT > certs/websocket-cert.pem -cat $WEBSOCKET_KEY > certs/websocket-key.pem -exec docker-compose up --attach-dependencies diff --git a/docker-compose/openwifi/deploy_owls.sh b/docker-compose/openwifi/deploy_owls.sh deleted file mode 100755 index 8fe4c73ae..000000000 --- a/docker-compose/openwifi/deploy_owls.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash -set -e - -# Usage function -usage () { - echo; - echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod"; - echo; - echo "Required environment variables:" - echo; - echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used"; - echo; - echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service" - echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service" - echo; - echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication" - echo; - echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec"; - echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec"; - echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec"; - echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)"; - echo; - echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS"; - echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS"; - echo; - echo "- DEVICE_CERT - path to the device certificate"; - echo "- DEVICE_KEY - path to the device key"; -} - -# Check if required environment variables were passed -## Deployment specifics -[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1 -## Configuration variables applying to multiple microservices -[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1 -[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1 -## Internal microservice hostnames -[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1 -## OWSec configuration variables -[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1 -[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1 -[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -# OWLS configuration variables -[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1 -[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1 -## cert related variables -[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1 -[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1 - -# Clone repo and copy certificates -mkdir wlan-cloud-ucentral-deploy-tmp -git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp -mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp -cd wlan-cloud-ucentral-deploy/docker-compose/owls - -# Search and replace variable values in env files -sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env -sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env - -sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env - -sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env -sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env -sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env - -sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env -sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env - -# Run the deployment and attach to logs -cat $DEVICE_CERT > ../certs/device-cert.pem -cat $DEVICE_KEY > ../certs/device-key.pem -exec docker-compose up --attach-dependencies diff --git a/helm/ucentral/.gitignore b/helm/ucentral/.gitignore deleted file mode 100644 index 11695a225..000000000 --- a/helm/ucentral/.gitignore +++ /dev/null @@ -1 +0,0 @@ -wlan-cloud-ucentral-deploy diff --git a/helm/ucentral/deploy.sh b/helm/ucentral/deploy.sh deleted file mode 100755 index bb4ab11f7..000000000 --- a/helm/ucentral/deploy.sh +++ /dev/null @@ -1,241 +0,0 @@ -#!/bin/bash -set -e - -# Usage function -usage () { - echo >&2; - echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2; - echo >&2; - echo "Required environment variables:" >&2; - echo >&2; - echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2; - echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2; - echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2; - echo >&2; - echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2; - echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2; - echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2; - echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2; - echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2; - echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2; - echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2; - echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2; - echo >&2; - echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2; - echo >&2; - echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo >&2; - echo "Optional environment variables:" >&2; - echo >&2; - echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2; - echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2; - echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2; - echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2; - echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2; - echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2; - echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2; -} - -# Global variables -VALUES_FILE_LOCATION_SPLITTED=() -EXTRA_VALUES_SPLITTED=() - -# Helper functions -check_if_chart_version_is_release() { - PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*") - if [[ -z "$PARSED_CHART_VERSION" ]]; then - return 1 - else - return 0 - fi -} - -# Check if required environment variables were passed -## Deployment specifics -[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1 -[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1 -if check_if_chart_version_is_release; then - echo "Chart version ($CHART_VERSION) is release version, ignoring services versions" -else - echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set" - [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1 -fi -## Environment specifics -[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1 -## Variables specifics -[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" >&2 && usage && exit 1 -[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" >&2 && usage && exit 1 -[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" >&2 && usage && exit 1 -[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" >&2 && usage && exit 1 -[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" >&2 && usage && exit 1 -[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" >&2 && usage && exit 1 -[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" >&2 && usage && exit 1 -[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" >&2 && usage && exit 1 - -[ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION -[ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION -[ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https -export MAILER_ENABLED="false" -[ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true" - -# Transform some environment variables -export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-') -export OWGWUI_VERSION_TAG=$(echo ${OWGWUI_VERSION} | tr '/' '-') -export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-') -export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-') -export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-') -export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-') -export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-') -export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-') - -# Debug get bash version -bash --version >&2 - -# Check deployment method that's required for this environment -helm plugin install https://github.com/databus23/helm-diff || true -if [[ "$DEPLOY_METHOD" == "git" ]]; then - helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true - rm -rf wlan-cloud-ucentral-deploy || true - git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git - cd wlan-cloud-ucentral-deploy - git checkout $CHART_VERSION - cd chart - if ! check_if_chart_version_is_release; then - sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml - fi - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo update - helm dependency update - cd ../.. - export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart" -else - if [[ "$DEPLOY_METHOD" == "bundle" ]]; then - helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true - export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION" - else - echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2 - exit 1 - fi -fi - -VALUES_FILES_FLAGS=() -IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION" -for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do - VALUES_FILES_FLAGS+=("-f" $VALUE_FILE) -done -EXTRA_VALUES_FLAGS=() -IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES" -for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do - EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE) -done - -if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then - export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build" - export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build" -else - export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build" - export OWGW_SERVICE_DNS_RECORDS="" -fi - -# Run the deployment -helm upgrade --install --create-namespace --wait --timeout 60m \ - --namespace openwifi-${NAMESPACE} \ - ${VALUES_FILES_FLAGS[*]} \ - --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \ - --set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \ - --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \ - --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \ - --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \ - --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \ - --set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \ - --set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \ - --set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \ - --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \ - --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \ - --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \ - --set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \ - --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \ - --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \ - --set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \ - --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \ - --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \ - --set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \ - --set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \ - --set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \ - --set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \ - --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \ - --set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \ - --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \ - --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \ - --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \ - --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \ - --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \ - ${EXTRA_VALUES_FLAGS[*]} \ - --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \ - --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \ - --set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \ - --set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \ - --set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owfms.certs."restapi-key\.pem"=$KEY_LOCATION \ - --set-file owprov.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owprov.certs."restapi-key\.pem"=$KEY_LOCATION \ - --set-file owls.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \ - --set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \ - --set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \ - --set-file owanalytics.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owanalytics.certs."restapi-key\.pem"=$KEY_LOCATION \ - --set-file owsub.certs."restapi-cert\.pem"=$CERT_LOCATION \ - --set-file owsub.certs."restapi-key\.pem"=$KEY_LOCATION \ - tip-openwifi $DEPLOY_SOURCE diff --git a/helm/ucentral/values.ucentral-qa.external-db.yaml b/helm/ucentral/values.ucentral-qa.external-db.yaml deleted file mode 100644 index 27f3b99fd..000000000 --- a/helm/ucentral/values.ucentral-qa.external-db.yaml +++ /dev/null @@ -1,14 +0,0 @@ -owgw: - configProperties: - storage.type: postgresql - storage.type.postgresql.host: owgw-pgsql - storage.type.postgresql.database: owgw - storage.type.postgresql.username: owgw - storage.type.postgresql.password: owgw - - postgresql: - enabled: true - fullnameOverride: owgw-pgsql - postgresqlDatabase: owgw - postgresqlUsername: owgw - postgresqlPassword: owgw diff --git a/helm/ucentral/values.ucentral-qa.owls-enabled.yaml b/helm/ucentral/values.ucentral-qa.owls-enabled.yaml deleted file mode 100644 index 3007ad026..000000000 --- a/helm/ucentral/values.ucentral-qa.owls-enabled.yaml +++ /dev/null @@ -1,173 +0,0 @@ -owgw: - services: - owgw: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002" - - configProperties: - simulatorid: 53494D020202 - storage.type: postgresql - storage.type.postgresql.host: owgw-pgsql - storage.type.postgresql.database: owgw - storage.type.postgresql.username: owgw - storage.type.postgresql.password: owgw - - resources: - requests: - cpu: 2000m - memory: 3000Mi - limits: - cpu: 2000m - memory: 3000Mi - - postgresql: - enabled: true - fullnameOverride: owgw-pgsql - - postgresqlDatabase: owgw - postgresqlUsername: owgw - postgresqlPassword: owgw - -owls: - enabled: true - services: - owls: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007" - external-dns.alpha.kubernetes.io/ttl: "60" - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - resources: - requests: - cpu: 3000m - memory: 8000Mi - limits: - cpu: 3000m - memory: 8000Mi - - checks: - owls: - liveness: - httpGet: - path: / - port: 16107 - failureThreshold: 900 - readiness: - httpGet: - path: / - port: 16107 - failureThreshold: 900 - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key - - volumes: - owls: - - name: config - mountPath: /owls-data/owls.properties - subPath: owls.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-config - - name: certs - mountPath: /owls-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-certs - - name: certs-cas - mountPath: /owls-data/certs/cas - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-certs-cas - # Change this if you want to use another volume type - - name: persist - mountPath: /owls-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owls.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owls-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-owls-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-owls-restapi-tls - -owlsui: - enabled: true - - services: - owlsui: - type: NodePort - - ingresses: - default: - enabled: true - annotations: - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' - external-dns.alpha.kubernetes.io/ttl: "60" - paths: - - path: /* - serviceName: owlsui - servicePort: http - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" diff --git a/helm/ucentral/values.ucentral-qa.separate-lbs.yaml b/helm/ucentral/values.ucentral-qa.separate-lbs.yaml deleted file mode 100644 index bb0133fbe..000000000 --- a/helm/ucentral/values.ucentral-qa.separate-lbs.yaml +++ /dev/null @@ -1,74 +0,0 @@ -owgw: - services: - owgw: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913" - -owsec: - services: - owsec: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001" - -owfms: - services: - owfms: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004" - -owprov: - services: - owprov: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005" - -owanalytics: - services: - owanalytics: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009" - -owsub: - services: - owsub: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006" - -haproxy: - enabled: false diff --git a/helm/ucentral/values.ucentral-qa.test-nodes.yaml b/helm/ucentral/values.ucentral-qa.test-nodes.yaml deleted file mode 100644 index f5eb06226..000000000 --- a/helm/ucentral/values.ucentral-qa.test-nodes.yaml +++ /dev/null @@ -1,118 +0,0 @@ -owgw: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - - postgresql: - primary: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - readReplicas: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owsec: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owgwui: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owfms: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owprov: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owprovui: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owls: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - - postgresql: - primary: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - readReplicas: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owlsui: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -owanalytics: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - -kafka: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - zookeeper: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" diff --git a/helm/ucentral/values.ucentral-qa.yaml b/helm/ucentral/values.ucentral-qa.yaml deleted file mode 100644 index e34f93810..000000000 --- a/helm/ucentral/values.ucentral-qa.yaml +++ /dev/null @@ -1,629 +0,0 @@ -owgw: - # https://telecominfraproject.atlassian.net/browse/WIFI-5840 - checks: - owgw: - readiness: - exec: - command: ["true"] - - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 100m - memory: 200Mi - - securityContext: - sysctls: - - name: net.ipv4.tcp_keepalive_intvl - value: "5" - - name: net.ipv4.tcp_keepalive_probes - value: "2" - - name: net.ipv4.tcp_keepalive_time - value: "45" - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - podSecurityPolicy: - enabled: true - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key - - volumes: - owgw: - - name: config - mountPath: /owgw-data/owgw.properties - subPath: owgw.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owgw.fullname" . }}-config - - name: certs - mountPath: /owgw-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owgw.fullname" . }}-certs - - name: certs-cas - mountPath: /owgw-data/certs/cas - volumeDefinition: | - secret: - secretName: {{ include "owgw.fullname" . }}-certs-cas - - name: persist - mountPath: /owgw-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owgw.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owgw-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls - -owsec: - # https://telecominfraproject.atlassian.net/browse/WIFI-5840 - checks: - owsec: - readiness: - exec: - command: ["true"] - - resources: - requests: - cpu: 10m - memory: 15Mi - limits: - cpu: 100m - memory: 100Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key - mailer.hostname: email-smtp.us-east-2.amazonaws.com - - volumes: - owsec: - - name: config - mountPath: /owsec-data/owsec.properties - subPath: owsec.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owsec.fullname" . }}-config - - name: certs - mountPath: /owsec-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owsec.fullname" . }}-certs - - name: persist - mountPath: /owsec-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owsec.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owsec-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls - -owgwui: - services: - owgwui: - type: NodePort - - ingresses: - default: - enabled: true - annotations: - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' - paths: - - path: /* - serviceName: owgwui - servicePort: http - - resources: - requests: - cpu: 10m - memory: 30Mi - limits: - cpu: 10m - memory: 30Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - -owfms: - # https://telecominfraproject.atlassian.net/browse/WIFI-5840 - checks: - owfms: - readiness: - exec: - command: ["true"] - - resources: - requests: - cpu: 10m - memory: 30Mi - limits: - cpu: 50m - memory: 80Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key - - volumes: - owfms: - - name: config - mountPath: /owfms-data/owfms.properties - subPath: owfms.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owfms.fullname" . }}-config - - name: certs - mountPath: /owfms-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owfms.fullname" . }}-certs - - name: persist - mountPath: /owfms-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owfms.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owfms-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls - -owprov: - checks: - owprov: - readiness: - exec: - command: ["true"] - - resources: - requests: - cpu: 10m - memory: 20Mi - limits: - cpu: 100m - memory: 100Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key - - volumes: - owprov: - - name: config - mountPath: /owprov-data/owprov.properties - subPath: owprov.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owprov.fullname" . }}-config - - name: certs - mountPath: /owprov-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owprov.fullname" . }}-certs - - name: persist - mountPath: /owprov-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owprov.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owprov-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls - -owprovui: - services: - owprovui: - type: NodePort - - ingresses: - default: - enabled: true - annotations: - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' - paths: - - path: /* - serviceName: owprovui - servicePort: http - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - -owanalytics: - checks: - owanalytics: - readiness: - exec: - command: ["true"] - - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 500Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key - - volumes: - owanalytics: - - name: config - mountPath: /owanalytics-data/owanalytics.properties - subPath: owanalytics.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owanalytics.fullname" . }}-config - - name: certs - mountPath: /owanalytics-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owanalytics.fullname" . }}-certs - - name: persist - mountPath: /owanalytics-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owanalytics.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owanalytics-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls - -owsub: - resources: - requests: - cpu: 10m - memory: 100Mi - limits: - cpu: 100m - memory: 500Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key - - volumes: - owsub: - - name: config - mountPath: /owsub-data/owsub.properties - subPath: owsub.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owsub.fullname" . }}-config - - name: certs - mountPath: /owsub-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owsub.fullname" . }}-certs - - name: persist - mountPath: /owsub-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owsub.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owsub-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls - - -kafka: - commonAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - heapOpts: -Xmx512m -Xms512m - resources: - requests: - cpu: 100m - memory: 512Mi - limits: - cpu: 500m - memory: 1Gi - readinessProbe: - initialDelaySeconds: 45 - livenessProbe: - initialDelaySeconds: 60 - zookeeper: - commonAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - heapSize: 256 - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 200m - memory: 384Mi - -clustersysteminfo: - enabled: true - delay: 60 # delaying to wait for AWS Route53 DNS propagation - -haproxy: - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285 - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009" - service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip - -restapiCerts: - enabled: true