mirror of
https://github.com/Telecominfraproject/wlan-testing.git
synced 2025-10-31 02:48:11 +00:00
[WIFI-7604] Del: helm related files unrequired after migration (#531)
* [WIFI-7604] Del: helm related files unrequired after migration Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com> * Delete obsolote Docker Compose related deploy files Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> Co-authored-by: Johann Hoffmann <johann.hoffmann@mailbox.org>
This commit is contained in:
Dmitry Dunaev
@@ -1,4 +0,0 @@
|
||||
FROM docker/compose:latest
|
||||
RUN apk add git
|
||||
COPY deploy.sh deploy.sh
|
||||
ENTRYPOINT ["./deploy.sh"]
|
||||
@@ -1,151 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Usage function
|
||||
usage () {
|
||||
echo;
|
||||
echo "This script is intended for OpenWifi deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
|
||||
echo;
|
||||
echo "Required environment variables:"
|
||||
echo;
|
||||
echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
|
||||
echo;
|
||||
echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
|
||||
echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
|
||||
echo;
|
||||
echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication"
|
||||
echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
|
||||
echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication"
|
||||
echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication"
|
||||
echo "- INTERNAL_OWANALYTICS_HOSTNAME - OWAnalytics microservice hostname for Docker internal communication"
|
||||
echo "- INTERNAL_OWSUB_HOSTNAME - OWSub microservice hostname for Docker internal communication"
|
||||
echo;
|
||||
echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload";
|
||||
echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload";
|
||||
echo "- OWGW_SYSTEM_URI_PRIVATE - private URL to be used for OWGW";
|
||||
echo "- OWGW_SYSTEM_URI_PUBLIC - public URL to be used for OWGW";
|
||||
echo "- OWGW_RTTY_SERVER - public hostname of the RTTY server";
|
||||
echo;
|
||||
echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
|
||||
echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
|
||||
echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
|
||||
echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
|
||||
echo;
|
||||
echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
|
||||
echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
|
||||
echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
|
||||
echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
|
||||
echo;
|
||||
echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
|
||||
echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
|
||||
echo;
|
||||
echo "- OWANALYTICS_SYSTEM_URI_PRIVATE - private URL to be used for OWAnalytics";
|
||||
echo "- OWANALYTICS_SYSTEM_URI_PUBLIC - public URL to be used for OWAnalytics";
|
||||
echo;
|
||||
echo "- OWSUB_SYSTEM_URI_PRIVATE - private URL to be used for OWSub";
|
||||
echo "- OWSUB_SYSTEM_URI_PUBLIC - public URL to be used for OWSub";
|
||||
echo;
|
||||
echo "- WEBSOCKET_CERT - path to the websocket certificate";
|
||||
echo "- WEBSOCKET_KEY - path to the websocket key";
|
||||
}
|
||||
|
||||
# Check if required environment variables were passed
|
||||
## Deployment specifics
|
||||
[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
|
||||
## Configuration variables applying to multiple microservices
|
||||
[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
|
||||
[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
|
||||
## Internal microservice hostnames
|
||||
[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1
|
||||
[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
|
||||
[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1
|
||||
[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1
|
||||
[ -z ${INTERNAL_OWANALYTICS_HOSTNAME+x} ] && echo "INTERNAL_OWANALYTICS_HOSTNAME is unset" && usage && exit 1
|
||||
[ -z ${INTERNAL_OWSUB_HOSTNAME+x} ] && echo "INTERNAL_OWSUB_HOSTNAME is unset" && usage && exit 1
|
||||
## OWGW configuration variables
|
||||
[ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1
|
||||
[ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1
|
||||
[ -z ${OWGW_SYSTEM_URI_PRIVATE+x} ] && echo "OWGW_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
[ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
|
||||
## OWSec configuration variables
|
||||
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
|
||||
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
|
||||
[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
## OWFms configuration variables
|
||||
[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
|
||||
[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
|
||||
## OWProv configuration variables
|
||||
[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
## OWAnalytics configuration variables
|
||||
[ -z ${OWANALYTICS_SYSTEM_URI_PRIVATE+x} ] && echo "OWANALYTICS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWANALYTICS_SYSTEM_URI_PUBLIC+x} ] && echo "OWANALYTICS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
## OWSub configuration variables
|
||||
[ -z ${OWSUB_SYSTEM_URI_PRIVATE+x} ] && echo "OWSUB_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWSUB_SYSTEM_URI_PUBLIC+x} ] && echo "OWSUB_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
## cert related variables
|
||||
[ -z ${WEBSOCKET_CERT+x} ] && echo "WEBSOCKET_CERT is unset" && usage && exit 1
|
||||
[ -z ${WEBSOCKET_KEY+x} ] && echo "WEBSOCKET_KEY is unset" && usage && exit 1
|
||||
|
||||
# Clone repo and copy certificates
|
||||
mkdir wlan-cloud-ucentral-deploy-tmp
|
||||
git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp
|
||||
mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
|
||||
cd wlan-cloud-ucentral-deploy/docker-compose
|
||||
|
||||
# Search and replace variable values in env files
|
||||
sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env
|
||||
sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
|
||||
sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env
|
||||
sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env
|
||||
sed -i "s~\(^INTERNAL_OWANALYTICS_HOSTNAME=\).*~\1$INTERNAL_OWANALYTICS_HOSTNAME~" .env
|
||||
sed -i "s~\(^INTERNAL_OWSUB_HOSTNAME=\).*~\1$INTERNAL_OWSUB_HOSTNAME~" .env
|
||||
|
||||
sed -i "s~\(^FILEUPLOADER_HOST_NAME=\).*~\1$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
|
||||
sed -i "s~\(^FILEUPLOADER_URI=\).*~\1$OWGW_FILEUPLOADER_URI~" owgw.env
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWGW_SYSTEM_URI_PRIVATE~" owgw.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWGW_SYSTEM_URI_PUBLIC~" owgw.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owgw.env
|
||||
sed -i "s~\(^RTTY_SERVER=\).*~\1$OWGW_RTTY_SERVER~" owgw.env
|
||||
|
||||
if [[ ! -z "$SIMULATORID" ]]; then
|
||||
sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
|
||||
fi
|
||||
|
||||
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
|
||||
|
||||
sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
|
||||
sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
|
||||
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owfms.env
|
||||
sed -i "s~\(^S3_SECRET=\).*~\1$OWFMS_S3_SECRET~" owfms.env
|
||||
sed -i "s~\(^S3_KEY=\).*~\1$OWFMS_S3_KEY~" owfms.env
|
||||
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owprov.env
|
||||
|
||||
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
|
||||
sed -i "s~\(^REACT_APP_UCENTRALSEC_URL=\).*~\1$REACT_APP_UCENTRALSEC_URL~" owprov-ui.env
|
||||
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWANALYTICS_SYSTEM_URI_PRIVATE~" owanalytics.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWANALYTICS_SYSTEM_URI_PUBLIC~" owanalytics.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owanalytics.env
|
||||
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSUB_SYSTEM_URI_PRIVATE~" owsub.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSUB_SYSTEM_URI_PUBLIC~" owsub.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsub.env
|
||||
|
||||
# Run the deployment and attach to logs
|
||||
cat $WEBSOCKET_CERT > certs/websocket-cert.pem
|
||||
cat $WEBSOCKET_KEY > certs/websocket-key.pem
|
||||
exec docker-compose up --attach-dependencies
|
||||
@@ -1,74 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Usage function
|
||||
usage () {
|
||||
echo;
|
||||
echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
|
||||
echo;
|
||||
echo "Required environment variables:"
|
||||
echo;
|
||||
echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
|
||||
echo;
|
||||
echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
|
||||
echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
|
||||
echo;
|
||||
echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
|
||||
echo;
|
||||
echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
|
||||
echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
|
||||
echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
|
||||
echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
|
||||
echo;
|
||||
echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS";
|
||||
echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS";
|
||||
echo;
|
||||
echo "- DEVICE_CERT - path to the device certificate";
|
||||
echo "- DEVICE_KEY - path to the device key";
|
||||
}
|
||||
|
||||
# Check if required environment variables were passed
|
||||
## Deployment specifics
|
||||
[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
|
||||
## Configuration variables applying to multiple microservices
|
||||
[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
|
||||
[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
|
||||
## Internal microservice hostnames
|
||||
[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
|
||||
## OWSec configuration variables
|
||||
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
|
||||
[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
|
||||
[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
# OWLS configuration variables
|
||||
[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
|
||||
[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
|
||||
## cert related variables
|
||||
[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1
|
||||
[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1
|
||||
|
||||
# Clone repo and copy certificates
|
||||
mkdir wlan-cloud-ucentral-deploy-tmp
|
||||
git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp
|
||||
mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
|
||||
cd wlan-cloud-ucentral-deploy/docker-compose/owls
|
||||
|
||||
# Search and replace variable values in env files
|
||||
sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
|
||||
sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
|
||||
|
||||
sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
|
||||
|
||||
sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
|
||||
sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
|
||||
sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
|
||||
|
||||
sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env
|
||||
sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env
|
||||
|
||||
# Run the deployment and attach to logs
|
||||
cat $DEVICE_CERT > ../certs/device-cert.pem
|
||||
cat $DEVICE_KEY > ../certs/device-key.pem
|
||||
exec docker-compose up --attach-dependencies
|
||||
1
helm/ucentral/.gitignore
vendored
1
helm/ucentral/.gitignore
vendored
@@ -1 +0,0 @@
|
||||
wlan-cloud-ucentral-deploy
|
||||
@@ -1,241 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Usage function
|
||||
usage () {
|
||||
echo >&2;
|
||||
echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2;
|
||||
echo >&2;
|
||||
echo "Required environment variables:" >&2;
|
||||
echo >&2;
|
||||
echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2;
|
||||
echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2;
|
||||
echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2;
|
||||
echo >&2;
|
||||
echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2;
|
||||
echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2;
|
||||
echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2;
|
||||
echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
|
||||
echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2;
|
||||
echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2;
|
||||
echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2;
|
||||
echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2;
|
||||
echo >&2;
|
||||
echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2;
|
||||
echo >&2;
|
||||
echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2;
|
||||
echo >&2;
|
||||
echo "Optional environment variables:" >&2;
|
||||
echo >&2;
|
||||
echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2;
|
||||
echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2;
|
||||
echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2;
|
||||
echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2;
|
||||
echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2;
|
||||
echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2;
|
||||
echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2;
|
||||
}
|
||||
|
||||
# Global variables
|
||||
VALUES_FILE_LOCATION_SPLITTED=()
|
||||
EXTRA_VALUES_SPLITTED=()
|
||||
|
||||
# Helper functions
|
||||
check_if_chart_version_is_release() {
|
||||
PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
|
||||
if [[ -z "$PARSED_CHART_VERSION" ]]; then
|
||||
return 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if required environment variables were passed
|
||||
## Deployment specifics
|
||||
[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1
|
||||
[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1
|
||||
if check_if_chart_version_is_release; then
|
||||
echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
|
||||
else
|
||||
echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
|
||||
[ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1
|
||||
fi
|
||||
## Environment specifics
|
||||
[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1
|
||||
## Variables specifics
|
||||
[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" >&2 && usage && exit 1
|
||||
[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" >&2 && usage && exit 1
|
||||
[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" >&2 && usage && exit 1
|
||||
[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" >&2 && usage && exit 1
|
||||
|
||||
[ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
|
||||
[ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
|
||||
[ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https
|
||||
export MAILER_ENABLED="false"
|
||||
[ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true"
|
||||
|
||||
# Transform some environment variables
|
||||
export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
|
||||
export OWGWUI_VERSION_TAG=$(echo ${OWGWUI_VERSION} | tr '/' '-')
|
||||
export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-')
|
||||
export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-')
|
||||
export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
|
||||
export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
|
||||
export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-')
|
||||
export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-')
|
||||
|
||||
# Debug get bash version
|
||||
bash --version >&2
|
||||
|
||||
# Check deployment method that's required for this environment
|
||||
helm plugin install https://github.com/databus23/helm-diff || true
|
||||
if [[ "$DEPLOY_METHOD" == "git" ]]; then
|
||||
helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
|
||||
rm -rf wlan-cloud-ucentral-deploy || true
|
||||
git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
|
||||
cd wlan-cloud-ucentral-deploy
|
||||
git checkout $CHART_VERSION
|
||||
cd chart
|
||||
if ! check_if_chart_version_is_release; then
|
||||
sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml
|
||||
sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml
|
||||
fi
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
helm repo update
|
||||
helm dependency update
|
||||
cd ../..
|
||||
export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
|
||||
else
|
||||
if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
|
||||
helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
|
||||
export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
|
||||
else
|
||||
echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
VALUES_FILES_FLAGS=()
|
||||
IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
|
||||
for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
|
||||
VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
|
||||
done
|
||||
EXTRA_VALUES_FLAGS=()
|
||||
IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
|
||||
for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
|
||||
EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
|
||||
done
|
||||
|
||||
if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
|
||||
export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
|
||||
export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
|
||||
else
|
||||
export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,analytics-${NAMESPACE}.cicd.lab.wlan.tip.build\,sub-${NAMESPACE}.cicd.lab.wlan.tip.build"
|
||||
export OWGW_SERVICE_DNS_RECORDS=""
|
||||
fi
|
||||
|
||||
# Run the deployment
|
||||
helm upgrade --install --create-namespace --wait --timeout 60m \
|
||||
--namespace openwifi-${NAMESPACE} \
|
||||
${VALUES_FILES_FLAGS[*]} \
|
||||
--set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owgw.configProperties."rtty\.server"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
|
||||
--set owgw.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owgw-owgw:17002 \
|
||||
--set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
|
||||
--set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
|
||||
--set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owsec.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsec-owsec:17001 \
|
||||
--set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owsec.configProperties."mailer\.sender"=sec-${NAMESPACE}@cicd.lab.wlan.tip.build \
|
||||
--set owsec.configProperties."mailer\.enabled"=$MAILER_ENABLED \
|
||||
--set owsec.configProperties."mailer\.username"=$MAILER_USERNAME \
|
||||
--set owsec.configProperties."mailer\.password"=$MAILER_PASSWORD \
|
||||
--set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
|
||||
--set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
|
||||
--set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
|
||||
--set owfms.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owfms-owfms:17004 \
|
||||
--set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
|
||||
--set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
|
||||
--set owprov.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 \
|
||||
--set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
|
||||
--set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owprovui.public_env_variables.REACT_APP_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owanalytics.services.owanalytics.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=analytics-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owanalytics.configProperties."openwifi\.system\.uri\.public"=https://analytics-${NAMESPACE}.cicd.lab.wlan.tip.build:16009 \
|
||||
--set owanalytics.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 \
|
||||
--set owanalytics.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owanalytics.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set owsub.services.owsub.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sub-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owsub.configProperties."openwifi\.system\.uri\.public"=https://sub-${NAMESPACE}.cicd.lab.wlan.tip.build:16006 \
|
||||
--set owsub.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 \
|
||||
--set owsub.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owsub.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
|
||||
--set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
|
||||
--set owls.configProperties."openwifi\.system\.uri\.private"=$INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 \
|
||||
--set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
|
||||
--set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
|
||||
--set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
|
||||
--set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
|
||||
--set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
|
||||
${EXTRA_VALUES_FLAGS[*]} \
|
||||
--set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owfms.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owprov.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owprov.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owls.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \
|
||||
--set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \
|
||||
--set-file owanalytics.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owanalytics.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
--set-file owsub.certs."restapi-cert\.pem"=$CERT_LOCATION \
|
||||
--set-file owsub.certs."restapi-key\.pem"=$KEY_LOCATION \
|
||||
tip-openwifi $DEPLOY_SOURCE
|
||||
@@ -1,14 +0,0 @@
|
||||
owgw:
|
||||
configProperties:
|
||||
storage.type: postgresql
|
||||
storage.type.postgresql.host: owgw-pgsql
|
||||
storage.type.postgresql.database: owgw
|
||||
storage.type.postgresql.username: owgw
|
||||
storage.type.postgresql.password: owgw
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
fullnameOverride: owgw-pgsql
|
||||
postgresqlDatabase: owgw
|
||||
postgresqlUsername: owgw
|
||||
postgresqlPassword: owgw
|
||||
@@ -1,173 +0,0 @@
|
||||
owgw:
|
||||
services:
|
||||
owgw:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
|
||||
|
||||
configProperties:
|
||||
simulatorid: 53494D020202
|
||||
storage.type: postgresql
|
||||
storage.type.postgresql.host: owgw-pgsql
|
||||
storage.type.postgresql.database: owgw
|
||||
storage.type.postgresql.username: owgw
|
||||
storage.type.postgresql.password: owgw
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 2000m
|
||||
memory: 3000Mi
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 3000Mi
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
fullnameOverride: owgw-pgsql
|
||||
|
||||
postgresqlDatabase: owgw
|
||||
postgresqlUsername: owgw
|
||||
postgresqlPassword: owgw
|
||||
|
||||
owls:
|
||||
enabled: true
|
||||
services:
|
||||
owls:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
|
||||
external-dns.alpha.kubernetes.io/ttl: "60"
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 3000m
|
||||
memory: 8000Mi
|
||||
limits:
|
||||
cpu: 3000m
|
||||
memory: 8000Mi
|
||||
|
||||
checks:
|
||||
owls:
|
||||
liveness:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 16107
|
||||
failureThreshold: 900
|
||||
readiness:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 16107
|
||||
failureThreshold: 900
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
|
||||
|
||||
volumes:
|
||||
owls:
|
||||
- name: config
|
||||
mountPath: /owls-data/owls.properties
|
||||
subPath: owls.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owls.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owls-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owls.fullname" . }}-certs
|
||||
- name: certs-cas
|
||||
mountPath: /owls-data/certs/cas
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owls.fullname" . }}-certs-cas
|
||||
# Change this if you want to use another volume type
|
||||
- name: persist
|
||||
mountPath: /owls-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owls.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owls-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
|
||||
|
||||
owlsui:
|
||||
enabled: true
|
||||
|
||||
services:
|
||||
owlsui:
|
||||
type: NodePort
|
||||
|
||||
ingresses:
|
||||
default:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: alb
|
||||
alb.ingress.kubernetes.io/scheme: internet-facing
|
||||
alb.ingress.kubernetes.io/group.name: wlan-cicd
|
||||
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
|
||||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
|
||||
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
|
||||
external-dns.alpha.kubernetes.io/ttl: "60"
|
||||
paths:
|
||||
- path: /*
|
||||
serviceName: owlsui
|
||||
servicePort: http
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
@@ -1,74 +0,0 @@
|
||||
owgw:
|
||||
services:
|
||||
owgw:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
|
||||
|
||||
owsec:
|
||||
services:
|
||||
owsec:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
|
||||
|
||||
owfms:
|
||||
services:
|
||||
owfms:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
|
||||
|
||||
owprov:
|
||||
services:
|
||||
owprov:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
|
||||
|
||||
owanalytics:
|
||||
services:
|
||||
owanalytics:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009"
|
||||
|
||||
owsub:
|
||||
services:
|
||||
owsub:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106"
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006"
|
||||
|
||||
haproxy:
|
||||
enabled: false
|
||||
@@ -1,118 +0,0 @@
|
||||
owgw:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
postgresql:
|
||||
primary:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
readReplicas:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owsec:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owgwui:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owfms:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owprov:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owprovui:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owls:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
postgresql:
|
||||
primary:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
readReplicas:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owlsui:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
owanalytics:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
|
||||
kafka:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
zookeeper:
|
||||
nodeSelector:
|
||||
env: tests
|
||||
tolerations:
|
||||
- key: "tests"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
@@ -1,629 +0,0 @@
|
||||
owgw:
|
||||
# https://telecominfraproject.atlassian.net/browse/WIFI-5840
|
||||
checks:
|
||||
owgw:
|
||||
readiness:
|
||||
exec:
|
||||
command: ["true"]
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 200Mi
|
||||
|
||||
securityContext:
|
||||
sysctls:
|
||||
- name: net.ipv4.tcp_keepalive_intvl
|
||||
value: "5"
|
||||
- name: net.ipv4.tcp_keepalive_probes
|
||||
value: "2"
|
||||
- name: net.ipv4.tcp_keepalive_time
|
||||
value: "45"
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
podSecurityPolicy:
|
||||
enabled: true
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
|
||||
|
||||
volumes:
|
||||
owgw:
|
||||
- name: config
|
||||
mountPath: /owgw-data/owgw.properties
|
||||
subPath: owgw.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owgw.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owgw-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owgw.fullname" . }}-certs
|
||||
- name: certs-cas
|
||||
mountPath: /owgw-data/certs/cas
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owgw.fullname" . }}-certs-cas
|
||||
- name: persist
|
||||
mountPath: /owgw-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owgw.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owgw-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
|
||||
|
||||
owsec:
|
||||
# https://telecominfraproject.atlassian.net/browse/WIFI-5840
|
||||
checks:
|
||||
owsec:
|
||||
readiness:
|
||||
exec:
|
||||
command: ["true"]
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 15Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
|
||||
mailer.hostname: email-smtp.us-east-2.amazonaws.com
|
||||
|
||||
volumes:
|
||||
owsec:
|
||||
- name: config
|
||||
mountPath: /owsec-data/owsec.properties
|
||||
subPath: owsec.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsec.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owsec-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsec.fullname" . }}-certs
|
||||
- name: persist
|
||||
mountPath: /owsec-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owsec.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owsec-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
|
||||
|
||||
owgwui:
|
||||
services:
|
||||
owgwui:
|
||||
type: NodePort
|
||||
|
||||
ingresses:
|
||||
default:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: alb
|
||||
alb.ingress.kubernetes.io/scheme: internet-facing
|
||||
alb.ingress.kubernetes.io/group.name: wlan-cicd
|
||||
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
|
||||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
|
||||
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
|
||||
paths:
|
||||
- path: /*
|
||||
serviceName: owgwui
|
||||
servicePort: http
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 30Mi
|
||||
limits:
|
||||
cpu: 10m
|
||||
memory: 30Mi
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
owfms:
|
||||
# https://telecominfraproject.atlassian.net/browse/WIFI-5840
|
||||
checks:
|
||||
owfms:
|
||||
readiness:
|
||||
exec:
|
||||
command: ["true"]
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 30Mi
|
||||
limits:
|
||||
cpu: 50m
|
||||
memory: 80Mi
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
|
||||
|
||||
volumes:
|
||||
owfms:
|
||||
- name: config
|
||||
mountPath: /owfms-data/owfms.properties
|
||||
subPath: owfms.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owfms.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owfms-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owfms.fullname" . }}-certs
|
||||
- name: persist
|
||||
mountPath: /owfms-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owfms.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owfms-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
|
||||
|
||||
owprov:
|
||||
checks:
|
||||
owprov:
|
||||
readiness:
|
||||
exec:
|
||||
command: ["true"]
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
|
||||
|
||||
volumes:
|
||||
owprov:
|
||||
- name: config
|
||||
mountPath: /owprov-data/owprov.properties
|
||||
subPath: owprov.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owprov.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owprov-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owprov.fullname" . }}-certs
|
||||
- name: persist
|
||||
mountPath: /owprov-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owprov.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owprov-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
|
||||
|
||||
owprovui:
|
||||
services:
|
||||
owprovui:
|
||||
type: NodePort
|
||||
|
||||
ingresses:
|
||||
default:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: alb
|
||||
alb.ingress.kubernetes.io/scheme: internet-facing
|
||||
alb.ingress.kubernetes.io/group.name: wlan-cicd
|
||||
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
|
||||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
|
||||
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
|
||||
paths:
|
||||
- path: /*
|
||||
serviceName: owprovui
|
||||
servicePort: http
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
owanalytics:
|
||||
checks:
|
||||
owanalytics:
|
||||
readiness:
|
||||
exec:
|
||||
command: ["true"]
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 500Mi
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWANALYTICS_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWANALYTICS_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWANALYTICS_ROOT/certs/restapi-certs/tls.key
|
||||
|
||||
volumes:
|
||||
owanalytics:
|
||||
- name: config
|
||||
mountPath: /owanalytics-data/owanalytics.properties
|
||||
subPath: owanalytics.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owanalytics.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owanalytics-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owanalytics.fullname" . }}-certs
|
||||
- name: persist
|
||||
mountPath: /owanalytics-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owanalytics.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owanalytics-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owanalytics.fullname" . }}-owanalytics-restapi-tls
|
||||
|
||||
owsub:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 500Mi
|
||||
|
||||
podAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
|
||||
certs:
|
||||
restapi-ca.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
|
||||
BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
|
||||
dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
|
||||
b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
|
||||
CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
|
||||
Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
|
||||
IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
|
||||
AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
|
||||
KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
|
||||
aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
|
||||
t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
|
||||
Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
|
||||
720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
|
||||
lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
|
||||
dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
|
||||
PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
|
||||
19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
|
||||
L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
|
||||
5IOM7ItsRmen6u3qu+JXros54e4juQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
public_env_variables:
|
||||
SELFSIGNED_CERTS: "true"
|
||||
|
||||
configProperties:
|
||||
openwifi.internal.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.internal.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.internal.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
|
||||
openwifi.restapi.host.0.rootca: $OWSUB_ROOT/certs/restapi-certs/ca.crt
|
||||
openwifi.restapi.host.0.cert: $OWSUB_ROOT/certs/restapi-certs/tls.crt
|
||||
openwifi.restapi.host.0.key: $OWSUB_ROOT/certs/restapi-certs/tls.key
|
||||
|
||||
volumes:
|
||||
owsub:
|
||||
- name: config
|
||||
mountPath: /owsub-data/owsub.properties
|
||||
subPath: owsub.properties
|
||||
# Template below will be rendered in template
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsub.fullname" . }}-config
|
||||
- name: certs
|
||||
mountPath: /owsub-data/certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsub.fullname" . }}-certs
|
||||
- name: persist
|
||||
mountPath: /owsub-data/persist
|
||||
volumeDefinition: |
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "owsub.fullname" . }}-pvc
|
||||
|
||||
- name: restapi-certs
|
||||
mountPath: /owsub-data/certs/restapi-certs
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
|
||||
- name: restapi-ca
|
||||
mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
|
||||
subPath: ca.crt
|
||||
volumeDefinition: |
|
||||
secret:
|
||||
secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls
|
||||
|
||||
|
||||
kafka:
|
||||
commonAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
heapOpts: -Xmx512m -Xms512m
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
readinessProbe:
|
||||
initialDelaySeconds: 45
|
||||
livenessProbe:
|
||||
initialDelaySeconds: 60
|
||||
zookeeper:
|
||||
commonAnnotations:
|
||||
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
|
||||
heapSize: 256
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 384Mi
|
||||
|
||||
clustersysteminfo:
|
||||
enabled: true
|
||||
delay: 60 # delaying to wait for AWS Route53 DNS propagation
|
||||
|
||||
haproxy:
|
||||
service:
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
|
||||
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
|
||||
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009"
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
|
||||
|
||||
restapiCerts:
|
||||
enabled: true
|
||||
Reference in New Issue
Block a user