scottk/wlan-testing
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-testing.git synced 2025-10-31 02:48:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WIFI-7604] Del: helm related files unrequired after migration (#531)

Browse Source 
* [WIFI-7604] Del: helm related files unrequired after migration

Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>

* Delete obsolote Docker Compose related deploy files

Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>

Co-authored-by: Johann Hoffmann <johann.hoffmann@mailbox.org>
This commit is contained in:
Dmitry Dunaev
2022-05-16 16:33:27 +03:00
committed by GitHub
parent 1f10c22ee4
commit 19328d3ec5
10 changed files with 0 additions and 1479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose/openwifi/Dockerfile
View File

@@ -1,4 +0,0 @@
FROM docker/compose:latest
RUN apk add git
COPY deploy.sh deploy.sh
ENTRYPOINT ["./deploy.sh"]

151
docker-compose/openwifi/deploy.sh
View File

@@ -1,151 +0,0 @@
#!/bin/bash
set -e
# Usage function
usage () {
echo;
echo "This script is intended for OpenWifi deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
echo;
echo "Required environment variables:"
echo;
echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
echo;
echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
echo;
echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication"
echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication"
echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication"
echo "- INTERNAL_OWANALYTICS_HOSTNAME - OWAnalytics microservice hostname for Docker internal communication"
echo "- INTERNAL_OWSUB_HOSTNAME - OWSub microservice hostname for Docker internal communication"
echo;
echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload";
echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload";
echo "- OWGW_SYSTEM_URI_PRIVATE - private URL to be used for OWGW";
echo "- OWGW_SYSTEM_URI_PUBLIC - public URL to be used for OWGW";
echo "- OWGW_RTTY_SERVER - public hostname of the RTTY server";
echo;
echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
echo;
echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
echo;
echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
echo;
echo "- OWANALYTICS_SYSTEM_URI_PRIVATE - private URL to be used for OWAnalytics";
echo "- OWANALYTICS_SYSTEM_URI_PUBLIC - public URL to be used for OWAnalytics";
echo;
echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
echo;
echo "- WEBSOCKET_CERT - path to the websocket certificate";
echo "- WEBSOCKET_KEY - path to the websocket key";
}
# Check if required environment variables were passed
## Deployment specifics
[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
## Configuration variables applying to multiple microservices
[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
## Internal microservice hostnames
[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1
[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1
[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1
[ -z ${INTERNAL_OWANALYTICS_HOSTNAME+x} ] && echo "INTERNAL_OWANALYTICS_HOSTNAME is unset" && usage && exit 1
[ -z ${INTERNAL_OWSUB_HOSTNAME+x} ] && echo "INTERNAL_OWSUB_HOSTNAME is unset" && usage && exit 1
## OWGW configuration variables
[ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1
[ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1
[ -z ${OWGW_SYSTEM_URI_PRIVATE+x} ] && echo "OWGW_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
[ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
## OWSec configuration variables
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
## OWFms configuration variables
[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
## OWProv configuration variables
[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
## OWAnalytics configuration variables
[ -z ${OWANALYTICS_SYSTEM_URI_PRIVATE+x} ] && echo "OWANALYTICS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWANALYTICS_SYSTEM_URI_PUBLIC+x} ] && echo "OWANALYTICS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
## OWSub configuration variables
[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
## cert related variables
[ -z ${WEBSOCKET_CERT+x} ] && echo "WEBSOCKET_CERT is unset" && usage && exit 1
[ -z ${WEBSOCKET_KEY+x} ] && echo "WEBSOCKET_KEY is unset" && usage && exit 1
# Clone repo and copy certificates
mkdir wlan-cloud-ucentral-deploy-tmp
git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp
mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
cd wlan-cloud-ucentral-deploy/docker-compose
# Search and replace variable values in env files
sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWANALYTICS_HOSTNAME=\).*~\1$INTERNAL_OWANALYTICS_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWSUB_HOSTNAME=\).*~\1$INTERNAL_OWSUB_HOSTNAME~" .env
sed -i "s~\(^FILEUPLOADER_HOST_NAME=\).*~\1$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
sed -i "s~\(^FILEUPLOADER_URI=\).*~\1$OWGW_FILEUPLOADER_URI~" owgw.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWGW_SYSTEM_URI_PRIVATE~" owgw.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWGW_SYSTEM_URI_PUBLIC~" owgw.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owgw.env
sed -i "s~\(^RTTY_SERVER=\).*~\1$OWGW_RTTY_SERVER~" owgw.env
if [[ ! -z "$SIMULATORID" ]]; then
sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
fi
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owfms.env
sed -i "s~\(^S3_SECRET=\).*~\1$OWFMS_S3_SECRET~" owfms.env
sed -i "s~\(^S3_KEY=\).*~\1$OWFMS_S3_KEY~" owfms.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owprov.env
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$REACT_APP_UCENTRALSEC_URL~" owprov-ui.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWANALYTICS_SYSTEM_URI_PRIVATE~" owanalytics.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWANALYTICS_SYSTEM_URI_PUBLIC~" owanalytics.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owanalytics.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSUB_SYSTEM_URI_PRIVATE~" owsub.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsub.env
# Run the deployment and attach to logs
cat $WEBSOCKET_CERT > certs/websocket-cert.pem
cat $WEBSOCKET_KEY > certs/websocket-key.pem
exec docker-compose up --attach-dependencies

74
docker-compose/openwifi/deploy_owls.sh
View File

@@ -1,74 +0,0 @@
#!/bin/bash
set -e
# Usage function
usage () {
echo;
echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
echo;
echo "Required environment variables:"
echo;
echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
echo;
echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
echo;
echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
echo;
echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
echo;
echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS";
echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS";
echo;
echo "- DEVICE_CERT - path to the device certificate";
echo "- DEVICE_KEY - path to the device key";
}
# Check if required environment variables were passed
## Deployment specifics
[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
## Configuration variables applying to multiple microservices
[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
## Internal microservice hostnames
[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
## OWSec configuration variables
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
# OWLS configuration variables
[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
## cert related variables
[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1
[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1
# Clone repo and copy certificates
mkdir wlan-cloud-ucentral-deploy-tmp
git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp
mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
cd wlan-cloud-ucentral-deploy/docker-compose/owls
# Search and replace variable values in env files
sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env
# Run the deployment and attach to logs
cat $DEVICE_CERT > ../certs/device-cert.pem
cat $DEVICE_KEY > ../certs/device-key.pem
exec docker-compose up --attach-dependencies

1
helm/ucentral/.gitignore vendored
View File

@@ -1 +0,0 @@
wlan-cloud-ucentral-deploy

241
helm/ucentral/deploy.sh
View File

@@ -1,241 +0,0 @@
#!/bin/bash
set -e
# Usage function
usage () {
echo >&2;
echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
echo >&2;
echo "Required environment variables:" >&2;
echo >&2;
echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
echo >&2;
echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
echo >&2;
echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
echo >&2;
echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
echo >&2;
echo "Optional environment variables:" >&2;
echo >&2;
echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
}
# Global variables
VALUES_FILE_LOCATION_SPLITTED=()
EXTRA_VALUES_SPLITTED=()
# Helper functions
check_if_chart_version_is_release() {
PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
if [[ -z "$PARSED_CHART_VERSION" ]]; then
return 1
else
return 0
fi
}
# Check if required environment variables were passed
## Deployment specifics
[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
if check_if_chart_version_is_release; then
echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
else
echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
[ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
[ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
fi
## Environment specifics
[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
## Variables specifics
[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" >&2 && usage && exit 1
[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" >&2 && usage && exit 1
[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" >&2 && usage && exit 1
[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" >&2 && usage && exit 1
[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" >&2 && usage && exit 1
[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" >&2 && usage && exit 1
[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" >&2 && usage && exit 1
[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" >&2 && usage && exit 1
[ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
[ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
[ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
export MAILER_ENABLED="false"
[ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
# Transform some environment variables
export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
export OWGWUI_VERSION_TAG=$(echo ${OWGWUI_VERSION} | tr '/' '-')
export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-')
export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-')
export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
# Debug get bash version
bash --version >&2
# Check deployment method that's required for this environment
helm plugin install https://github.com/databus23/helm-diff || true
if [[ "$DEPLOY_METHOD" == "git" ]]; then
helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
rm -rf wlan-cloud-ucentral-deploy || true
git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
cd wlan-cloud-ucentral-deploy
git checkout $CHART_VERSION
cd chart
if ! check_if_chart_version_is_release; then
sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm dependency update
cd ../..
export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
else
if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
else
echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
exit 1
fi
fi
VALUES_FILES_FLAGS=()
IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
done
EXTRA_VALUES_FLAGS=()
IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
done
if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
else
export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
export OWGW_SERVICE_DNS_RECORDS=""
fi
# Run the deployment
helm upgrade --install --create-namespace --wait --timeout 60m \
--namespace openwifi-${NAMESPACE} \
${VALUES_FILES_FLAGS[*]} \
--set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
--set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
--set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
--set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
--set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
--set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
--set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
--set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
--set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
--set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
--set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
--set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
--set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
--set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
--set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
--set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
--set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
--set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
--set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
--set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
--set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
--set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
--set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
--set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
--set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
--set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
--set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
--set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
--set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
${EXTRA_VALUES_FLAGS[*]} \
--set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
--set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
--set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \
--set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \
--set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owfms.certs."restapi-key\.pem"=$KEY_LOCATION \
--set-file owprov.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owprov.certs."restapi-key\.pem"=$KEY_LOCATION \
--set-file owls.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \
--set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \
--set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \
--set-file owanalytics.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owanalytics.certs."restapi-key\.pem"=$KEY_LOCATION \
--set-file owsub.certs."restapi-cert\.pem"=$CERT_LOCATION \
--set-file owsub.certs."restapi-key\.pem"=$KEY_LOCATION \
tip-openwifi $DEPLOY_SOURCE

14
helm/ucentral/values.ucentral-qa.external-db.yaml
View File

@@ -1,14 +0,0 @@
owgw:
configProperties:
storage.type: postgresql
storage.type.postgresql.host: owgw-pgsql
storage.type.postgresql.database: owgw
storage.type.postgresql.username: owgw
storage.type.postgresql.password: owgw
postgresql:
enabled: true
fullnameOverride: owgw-pgsql
postgresqlDatabase: owgw
postgresqlUsername: owgw
postgresqlPassword: owgw

173
helm/ucentral/values.ucentral-qa.owls-enabled.yaml
View File

@@ -1,173 +0,0 @@
owgw:
services:
owgw:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
configProperties:
simulatorid: 53494D020202
storage.type: postgresql
storage.type.postgresql.host: owgw-pgsql
storage.type.postgresql.database: owgw
storage.type.postgresql.username: owgw
storage.type.postgresql.password: owgw
resources:
requests:
cpu: 2000m
memory: 3000Mi
limits:
cpu: 2000m
memory: 3000Mi
postgresql:
enabled: true
fullnameOverride: owgw-pgsql
postgresqlDatabase: owgw
postgresqlUsername: owgw
postgresqlPassword: owgw
owls:
enabled: true
services:
owls:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
external-dns.alpha.kubernetes.io/ttl: "60"
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
resources:
requests:
cpu: 3000m
memory: 8000Mi
limits:
cpu: 3000m
memory: 8000Mi
checks:
owls:
liveness:
httpGet:
path: /
port: 16107
failureThreshold: 900
readiness:
httpGet:
path: /
port: 16107
failureThreshold: 900
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
volumes:
owls:
- name: config
mountPath: /owls-data/owls.properties
subPath: owls.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-config
- name: certs
mountPath: /owls-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-certs
- name: certs-cas
mountPath: /owls-data/certs/cas
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-certs-cas
# Change this if you want to use another volume type
- name: persist
mountPath: /owls-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owls.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owls-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
owlsui:
enabled: true
services:
owlsui:
type: NodePort
ingresses:
default:
enabled: true
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cicd
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
external-dns.alpha.kubernetes.io/ttl: "60"
paths:
- path: /*
serviceName: owlsui
servicePort: http
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

74
helm/ucentral/values.ucentral-qa.separate-lbs.yaml
View File

@@ -1,74 +0,0 @@
owgw:
services:
owgw:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
owsec:
services:
owsec:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
owfms:
services:
owfms:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
owprov:
services:
owprov:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
owanalytics:
services:
owanalytics:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
owsub:
services:
owsub:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
haproxy:
enabled: false

118
helm/ucentral/values.ucentral-qa.test-nodes.yaml
View File

@@ -1,118 +0,0 @@
owgw:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
postgresql:
primary:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
readReplicas:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owsec:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owgwui:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owfms:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owprov:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owprovui:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owls:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
postgresql:
primary:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
readReplicas:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owlsui:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
owanalytics:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
kafka:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"
zookeeper:
nodeSelector:
env: tests
tolerations:
- key: "tests"
operator: "Exists"
effect: "NoSchedule"

629
helm/ucentral/values.ucentral-qa.yaml
View File

@@ -1,629 +0,0 @@
owgw:
# https://telecominfraproject.atlassian.net/browse/WIFI-5840
checks:
owgw:
readiness:
exec:
command: ["true"]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 200Mi
securityContext:
sysctls:
- name: net.ipv4.tcp_keepalive_intvl
value: "5"
- name: net.ipv4.tcp_keepalive_probes
value: "2"
- name: net.ipv4.tcp_keepalive_time
value: "45"
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
podSecurityPolicy:
enabled: true
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
volumes:
owgw:
- name: config
mountPath: /owgw-data/owgw.properties
subPath: owgw.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owgw.fullname" . }}-config
- name: certs
mountPath: /owgw-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owgw.fullname" . }}-certs
- name: certs-cas
mountPath: /owgw-data/certs/cas
volumeDefinition: |
secret:
secretName: {{ include "owgw.fullname" . }}-certs-cas
- name: persist
mountPath: /owgw-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owgw.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owgw-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
owsec:
# https://telecominfraproject.atlassian.net/browse/WIFI-5840
checks:
owsec:
readiness:
exec:
command: ["true"]
resources:
requests:
cpu: 10m
memory: 15Mi
limits:
cpu: 100m
memory: 100Mi
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
mailer.hostname: email-smtp.us-east-2.amazonaws.com
volumes:
owsec:
- name: config
mountPath: /owsec-data/owsec.properties
subPath: owsec.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owsec.fullname" . }}-config
- name: certs
mountPath: /owsec-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owsec.fullname" . }}-certs
- name: persist
mountPath: /owsec-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owsec.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owsec-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
owgwui:
services:
owgwui:
type: NodePort
ingresses:
default:
enabled: true
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cicd
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
paths:
- path: /*
serviceName: owgwui
servicePort: http
resources:
requests:
cpu: 10m
memory: 30Mi
limits:
cpu: 10m
memory: 30Mi
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
owfms:
# https://telecominfraproject.atlassian.net/browse/WIFI-5840
checks:
owfms:
readiness:
exec:
command: ["true"]
resources:
requests:
cpu: 10m
memory: 30Mi
limits:
cpu: 50m
memory: 80Mi
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
volumes:
owfms:
- name: config
mountPath: /owfms-data/owfms.properties
subPath: owfms.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owfms.fullname" . }}-config
- name: certs
mountPath: /owfms-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owfms.fullname" . }}-certs
- name: persist
mountPath: /owfms-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owfms.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owfms-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
owprov:
checks:
owprov:
readiness:
exec:
command: ["true"]
resources:
requests:
cpu: 10m
memory: 20Mi
limits:
cpu: 100m
memory: 100Mi
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
volumes:
owprov:
- name: config
mountPath: /owprov-data/owprov.properties
subPath: owprov.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owprov.fullname" . }}-config
- name: certs
mountPath: /owprov-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owprov.fullname" . }}-certs
- name: persist
mountPath: /owprov-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owprov.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owprov-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
owprovui:
services:
owprovui:
type: NodePort
ingresses:
default:
enabled: true
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cicd
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
paths:
- path: /*
serviceName: owprovui
servicePort: http
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
owanalytics:
checks:
owanalytics:
readiness:
exec:
command: ["true"]
resources:
requests:
cpu: 10m
memory: 100Mi
limits:
cpu: 100m
memory: 500Mi
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
volumes:
owanalytics:
- name: config
mountPath: /owanalytics-data/owanalytics.properties
subPath: owanalytics.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owanalytics.fullname" . }}-config
- name: certs
mountPath: /owanalytics-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owanalytics.fullname" . }}-certs
- name: persist
mountPath: /owanalytics-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owanalytics.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owanalytics-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
owsub:
resources:
requests:
cpu: 10m
memory: 100Mi
limits:
cpu: 100m
memory: 500Mi
podAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
certs:
restapi-ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
5IOM7ItsRmen6u3qu+JXros54e4juQ==
-----END CERTIFICATE-----
public_env_variables:
SELFSIGNED_CERTS: "true"
configProperties:
openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
volumes:
owsub:
- name: config
mountPath: /owsub-data/owsub.properties
subPath: owsub.properties
# Template below will be rendered in template
volumeDefinition: |
secret:
secretName: {{ include "owsub.fullname" . }}-config
- name: certs
mountPath: /owsub-data/certs
volumeDefinition: |
secret:
secretName: {{ include "owsub.fullname" . }}-certs
- name: persist
mountPath: /owsub-data/persist
volumeDefinition: |
persistentVolumeClaim:
claimName: {{ template "owsub.fullname" . }}-pvc
- name: restapi-certs
mountPath: /owsub-data/certs/restapi-certs
volumeDefinition: |
secret:
secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
- name: restapi-ca
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
subPath: ca.crt
volumeDefinition: |
secret:
secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
kafka:
commonAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
heapOpts: -Xmx512m -Xms512m
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi
readinessProbe:
initialDelaySeconds: 45
livenessProbe:
initialDelaySeconds: 60
zookeeper:
commonAnnotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
heapSize: 256
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 200m
memory: 384Mi
clustersysteminfo:
enabled: true
delay: 60 # delaying to wait for AWS Route53 DNS propagation
haproxy:
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009"
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
restapiCerts:
enabled: true