-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #273 from Telecominfraproject/WIFI-13836
WIFI-13836: first cgw helmfile checkin
- Loading branch information
Showing
5 changed files
with
288 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| creation_rules: | ||
| - kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| # CGW Charts | ||
|
|
||
| ## Pre-requisites | ||
|
|
||
| The following binaries are needed: | ||
| - [helmfile](https://github.com/helmfile/helmfile/releases/download/v0.165.0/helmfile_0.165.0_linux_amd64.tar.gz) | ||
| - helm | ||
| - kubectl | ||
|
|
||
| The following helm plugins are needed: | ||
| ```bash | ||
| helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0 | ||
| helm plugin install https://github.com/databus23/helm-diff | ||
| helm plugin install https://github.com/jkroepke/helm-secrets | ||
| ``` | ||
|
|
||
| ## Configuration | ||
|
|
||
| _helmfile.yaml_ contains the configuration for all the environments. External values files are used for secrets or where appropriate. Each environment needs to be created in this file before it can be deployed. The files in ./secrets/ are encrypted with SOPS. Use `helm secrets edit secrets/FILE` to edit. | ||
|
|
||
| ## Installation | ||
|
|
||
| To install the entire stack: `helm --environment ENVNAME apply`. | ||
| To install just cgw: `helm --environment ENVNAME -l app=cgw apply`. | ||
| To install just cgw with a specific image tag: `helm --environment ENVNAME -l app=cgw apply --state-values-set "cgw.tag=latest"`. | ||
|
|
||
| ## Removal | ||
|
|
||
| To remove the entire stack: `helm --environment ENVNAME delete`. | ||
| To remove just cgw: `helm --environment ENVNAME -l app=cgw delete`. | ||
| Delete the namespace manually if it is no longer required. | ||
|
|
||
| # Re-installation | ||
|
|
||
| Note that the kafka, postgres and redis charts do not want to be reinstalled so will have to be removed and installed. If you wish to upgrade these then you must follow the respective Bitnami instructions on how to upgrade these charts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,210 @@ | ||
| environments: | ||
| default: | ||
| secrets: | ||
| - secrets/values.postgres.yaml | ||
| - secrets/certs.tip.yaml | ||
| values: | ||
| - global: | ||
| name: devcgw | ||
| namespace: openwifi-devcgw | ||
| domain: cicd.lab.wlan.tip.build | ||
| certificateARN: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be | ||
| - kafka: | ||
| enabled: true | ||
| - redis: | ||
| enabled: true | ||
| - postgres: | ||
| enabled: true | ||
| - cgw: | ||
| enabled: true | ||
| tag: next | ||
| cgw01: | ||
| secrets: | ||
| - secrets/values.postgres.yaml | ||
| - secrets/certs.tip.yaml | ||
| values: | ||
| - global: | ||
| name: cgw01 | ||
| namespace: openlan-cgw01 | ||
| domain: cicd.lab.wlan.tip.build | ||
| certificateARN: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c | ||
| - kafka: | ||
| enabled: true | ||
| - redis: | ||
| enabled: true | ||
| - postgres: | ||
| enabled: true | ||
| - cgw: | ||
| enabled: true | ||
| tag: next | ||
|
|
||
| --- | ||
|
|
||
| helmDefaults: | ||
| force: false | ||
| timeout: 300 | ||
| createNamespace: true | ||
|
|
||
| releases: | ||
| - name: kafka | ||
| version: 28.3.0 | ||
| namespace: {{ .Environment.Values.global.namespace }} | ||
| condition: kafka.enabled | ||
| chart: oci://registry-1.docker.io/bitnamicharts/kafka | ||
| labels: | ||
| group: base | ||
| app: kafka | ||
| values: | ||
| - fullnameOverride: kafka | ||
| - volumePermissions: | ||
| enabled: true | ||
| - commonAnnotations: | ||
| cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | ||
| - readinessProbe: | ||
| initialDelaySeconds: 45 | ||
| - livenessProbe: | ||
| initialDelaySeconds: 60 | ||
| - heapOpts: -Xmx1024m -Xms1024m | ||
| - kraft: | ||
| enabled: true | ||
| - zookeeper: | ||
| enabled: false | ||
| - provisioning: | ||
| enabled: true | ||
| topics: | ||
| - name: CnC | ||
| partitions: 1 | ||
| replicationFactor: 1 | ||
| - name: CnC_Res | ||
| partitions: 1 | ||
| replicationFactor: 1 | ||
| - controller: | ||
| replicaCount: 1 | ||
| extraConfig: |- | ||
| maxMessageBytes = 1048588 | ||
| extraEnvVars: | ||
| - name: ALLOW_PLAINTEXT_LISTENER | ||
| value: "yes" | ||
| resources: | ||
| requests: | ||
| cpu: 500m | ||
| memory: 512Mi | ||
| limits: | ||
| cpu: 750m | ||
| memory: 2Gi | ||
| - listeners: | ||
| client: | ||
| protocol: PLAINTEXT | ||
| containerPort: 9092 | ||
| controller: | ||
| protocol: "PLAINTEXT" | ||
| - broker: | ||
| replicaCount: 2 | ||
| persistence: | ||
| size: 20Gi | ||
| resources: | ||
| requests: | ||
| cpu: 500m | ||
| memory: 512Mi | ||
| limits: | ||
| cpu: 750m | ||
| memory: 2Gi | ||
|
|
||
| - name: postgres | ||
| namespace: {{ .Environment.Values.global.namespace }} | ||
| chart: oci://registry-1.docker.io/bitnamicharts/postgresql | ||
| version: 13.4.3 | ||
| condition: postgres.enabled | ||
| labels: | ||
| group: base | ||
| app: postgres | ||
| values: | ||
| - fullnameOverride: pgsql | ||
| # workaround for: postgresql.conf file not detected. Generating it... | ||
| # cp: cannot create regular file '/bitnami/postgresql/conf/postgresql.conf': Permission denied | ||
| - volumePermissions: | ||
| enabled: true | ||
| - global: | ||
| postgresql: | ||
| auth: | ||
| postgresPassword: {{ .Environment.Values.postgres.pgUser.password }} | ||
| - auth: | ||
| postgresPassword: {{ .Environment.Values.postgres.pgUser.password }} | ||
| - primary: | ||
| extendedConfiguration: |- | ||
| max_connections = 550 | ||
| shared_buffers = 128MB | ||
| log_error_verbosity = verbose | ||
| tcp_keepalives_idle = 300 | ||
| tcp_keepalives_interval = 30 | ||
| tcp_user_timeout = 300 | ||
| initdb: | ||
| scripts: | ||
| initusers.sql: |- | ||
| CREATE USER {{ .Environment.Values.postgres.cgwUser.name }}; | ||
| ALTER USER cgw WITH ENCRYPTED PASSWORD '{{ .Environment.Values.postgres.cgwUser.password }}'; | ||
| CREATE DATABASE cgw OWNER {{ .Environment.Values.postgres.cgwUser.name }}; | ||
| \c cgw | ||
| CREATE TABLE infrastructure_groups (id INT PRIMARY KEY, reserved_size INT, actual_size INT); | ||
| CREATE TABLE infras (mac MACADDR PRIMARY KEY, infra_group_id INT, FOREIGN KEY(infra_group_id) REFERENCES infrastructure_groups(id) ON DELETE CASCADE); | ||
| - name: redis | ||
| namespace: {{ .Environment.Values.global.namespace }} | ||
| chart: oci://registry-1.docker.io/bitnamicharts/redis | ||
| version: 19.5.2 | ||
| condition: redis.enabled | ||
| labels: | ||
| group: base | ||
| app: redis | ||
| values: | ||
| - architecture: standalone | ||
| - auth: | ||
| enabled: false | ||
| - master: | ||
| extraEnvVars: | ||
| - name: ALLOW_EMPTY_PASSWORD | ||
| value: "yes" | ||
|
|
||
| - name: cgw | ||
| namespace: {{ .Environment.Values.global.namespace }} | ||
| chart: ../../openlan-cgw/helm | ||
| #chart: "git+https://github.com/Telecominfraproject/openlan-cgw@helm?ref=next" | ||
| version: 0.1.0 | ||
| condition: cgw.enabled | ||
| labels: | ||
| group: apps | ||
| app: cgw | ||
| secrets: | ||
| - secrets/certs.tip.yaml | ||
| values: | ||
| - images: | ||
| cgw: | ||
| tag: {{ .Environment.Values.cgw.tag }} | ||
| - public_env_variables: | ||
| CGW_DB_HOST: pgsql | ||
| CGW_DB_PORT: "5432" | ||
| CGW_DB_USERNAME: "{{ .Environment.Values.postgres.cgwUser.name }}" | ||
| CGW_KAFKA_HOST: kafka | ||
| CGW_KAFKA_PORT: "9092" | ||
| CGW_REDIS_HOST: redis-master | ||
| CGW_REDIS_PORT: "6379" | ||
| CGW_ALLOW_CERT_MISMATCH: "yes" | ||
| DEFAULT_WSS_THREAD_NUM: "4" | ||
| # Useful for debugging: | ||
| #CFG_LOG_LEVEL: "Debug" | ||
| #RUST_BACKTRACE: "full" | ||
| - secret_env_variables: | ||
| CGW_DB_PASSWORD: "{{ .Environment.Values.postgres.cgwUser.password }}" | ||
| - services: | ||
| cgw: | ||
| type: LoadBalancer | ||
| annotations: | ||
| external-dns.alpha.kubernetes.io/hostname: cgw-{{ .Environment.Values.global.name }}.{{ .Environment.Values.global.domain }} | ||
| #service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip | ||
| service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing | ||
| service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.global.certificateARN }} | ||
| service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15003" | ||
| service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002" | ||
| alb.ingress.kubernetes.io/healthcheck-path: /health |
Oops, something went wrong.