From 3f11a39ec0002fdf00bedd60560a307b402ed0cc Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Tue, 25 Jun 2024 11:26:18 -0400 Subject: [PATCH 1/2] Disable haproxy and remove owrrm Signed-off-by: Carsten Schafer --- chart/Chart.yaml | 3 - chart/README.md | 6 +- chart/environment-values/deploy.sh | 11 +- chart/environment-values/values.aws.yaml | 3 +- .../values.base.insecure.yaml | 16 -- .../values.base.secure.yaml | 16 -- .../environment-values/values.custom.tpl.yaml | 38 ++-- .../values.openwifi-dev03.yaml | 22 --- .../values.openwifi-qa.owls-enabled.yaml | 175 +----------------- .../values.openwifi-qa.owls-external.yaml | 26 +-- .../values.openwifi-qa.separate-lbs.yaml | 12 +- .../values.openwifi-qa.test-nodes.yaml | 15 -- .../values.openwifi-qa.yaml | 69 ------- .../values.openwifi-qa03.yaml | 29 --- chart/values.yaml | 7 - 15 files changed, 47 insertions(+), 401 deletions(-) delete mode 100644 chart/environment-values/values.openwifi-dev03.yaml delete mode 100644 chart/environment-values/values.openwifi-qa03.yaml diff --git a/chart/Chart.yaml b/chart/Chart.yaml index e89fc81..cd6ed72 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -28,9 +28,6 @@ dependencies: - name: owsub repository: "git+https://github.com/Telecominfraproject/wlan-cloud-userportal@helm?ref=main" version: 0.1.0 -- name: owrrm - repository: "git+https://github.com/Telecominfraproject/wlan-cloud-rrm@helm?ref=main" - version: 0.1.0 - name: owls repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main" version: 0.1.0 diff --git a/chart/README.md b/chart/README.md index afeec4f..7e5f9e2 100644 --- a/chart/README.md +++ b/chart/README.md @@ -24,7 +24,6 @@ In order to access the UI and other RESTAPI endpoints you should run the followi ``` $ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 & -$ kubectl port-forward deployment/owrrm 16789 & $ kubectl port-forward deployment/owgwui 8080:80 & $ kubectl port-forward deployment/owprovui 8088:80 & ``` @@ -47,7 +46,6 @@ In order to access the UI and other RESTAPI endpoints you should run the followi ``` $ kubectl port-forward deployment/proxy 5912 5913 16001 16002 16003 16004 16005 16006 16009 & -$ kubectl port-forward deployment/owrrm 16789 & $ kubectl port-forward deployment/owgwui 8080:80 & $ kubectl port-forward deployment/owprovui 8088:80 & ``` @@ -143,8 +141,6 @@ The following table lists the configurable parameters that overrides microservic | `owsub.configProperties."openwifi\.kafka\.enable"` | string | Configures OpenWIFI Subscription to use Kafka for communication | `'true'` | | `owsub.configProperties."openwifi\.kafka\.brokerlist"` | string | Sets up Kafka broker list for OpenWIFI Subscription to the predictable Kubernetes service name (see `kafka.fullnameOverride` option description for details) | `'kafka:9092'` | | `owsub.certs` | map | Map with multiline string containing TLS certificates and private keys required for REST API | | -| `owrrm.public_env_variables` | map | Map of public environment variables passed to OpenWIFI RRM service | | -| `owrrm.mysql.enabled` | boolean | Flag to enable MySQL database deployment of OpenWIFI RRM service using subchart | `true` | | `kafka.enabled` | boolean | Enables [kafka](https://github.com/bitnami/charts/blob/master/bitnami/kafka/) deployment | `true` | | `kafka.fullnameOverride` | string | Overrides Kafka Kubernetes service name so it could be predictable and set in microservices configs | `'kafka'` | | `kafka.image.registry` | string | Kafka Docker image registry | `'docker.io'` | @@ -258,7 +254,7 @@ You may see example values to enable this feature in [values.restapi-disable-tls ### PostgreSQL storage option for services -By default, all microservices except RRM service use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used. +By default, all microservices use SQLite as default storage driver, but it is possible to use PostgreSQL for that purpose. Both [cluster-per-microservice](environment-values/values.openwifi-qa.external-db.yaml) and [cluster per installation](environment-values/values.openwifi-qa.single-external-db.yaml) deployments method may be used. ## Environment specific values diff --git a/chart/environment-values/deploy.sh b/chart/environment-values/deploy.sh index 1b6d8d3..49e7fd6 100755 --- a/chart/environment-values/deploy.sh +++ b/chart/environment-values/deploy.sh @@ -5,8 +5,7 @@ set -e function usage() { cat <<-EOF >&2 - -This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables +This script is intended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables Required environment variables: - NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test') @@ -31,7 +30,6 @@ The following environmnet variables may be passed, but will be ignored if CHART_ - OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) - OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) - OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) -- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) Optional environment variables: - EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,) @@ -42,12 +40,14 @@ Optional environment variables: - IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed - MAILER_USERNAME - SMTP username used for OWSEC mailer - MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled) +- CERTIFICATE_ARN - Certificate ARN (will default to ap-south-1 certificate ARN) EOF } # Global variables VALUES_FILE_LOCATION_SPLITTED=() EXTRA_VALUES_SPLITTED=() +DEF_CERT_ARN="arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c" # Helper functions function check_if_chart_version_is_release() @@ -72,7 +72,6 @@ if [[ "$DEPLOY_METHOD" != "local" ]] ; then [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1 [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1 [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1 fi fi ## Environment specifics @@ -90,9 +89,11 @@ fi [ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION [ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION [ -z ${INTERNAL_RESTAPI_ENDPOINT_SCHEMA+x} ] && echo "INTERNAL_RESTAPI_ENDPOINT_SCHEMA is unset, setting it to 'https'" && export INTERNAL_RESTAPI_ENDPOINT_SCHEMA=https +[ -z ${USE_SEPARATE_OWGW_LB+x} ] && echo "USE_SEPARATE_OWGW_LB is unset, setting it to true" && export USE_SEPARATE_OWGW_LB=true export MAILER_ENABLED="false" [ ! -z ${MAILER_USERNAME+x} ] && [ ! -z ${MAILER_PASSWORD+x} ] && echo "MAILER_USERNAME and MAILER_PASSWORD are set, mailer will be enabled" && export MAILER_ENABLED="true" [ -z "${DOMAIN}" ] && echo "DOMAIN is unset, using cicd.lab.wlan.tip.build" && export DOMAIN="cicd.lab.wlan.tip.build" +[ -z ${CERTIFICATE_ARN+x} ] && CERTIFICATE_ARN=$DEF_CERT_ARN # Transform some environment variables export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-') @@ -103,7 +104,6 @@ export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-') export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-') export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-') export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-') -export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-') # Check deployment method that's required for this environment helm plugin install https://github.com/databus23/helm-diff || true @@ -123,7 +123,6 @@ if [[ "$DEPLOY_METHOD" == "git" ]] ; then sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml fi #helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update [ -z "$SKIP_DEPS" ] && helm dependency update diff --git a/chart/environment-values/values.aws.yaml b/chart/environment-values/values.aws.yaml index 4edf225..da9b691 100644 --- a/chart/environment-values/values.aws.yaml +++ b/chart/environment-values/values.aws.yaml @@ -99,8 +99,7 @@ haproxy: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080" service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009,16007" service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip - external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build,rrm.cicd.lab.wlan.tip.build" # TODO change FQDNs + external-dns.alpha.kubernetes.io/hostname: "gw.cicd.lab.wlan.tip.build,sec.cicd.lab.wlan.tip.build,fms.cicd.lab.wlan.tip.build,prov.cicd.lab.wlan.tip.build,rtty.cicd.lab.wlan.tip.build,sub.cicd.lab.wlan.tip.build,analytics.cicd.lab.wlan.tip.build" # TODO change FQDNs diff --git a/chart/environment-values/values.base.insecure.yaml b/chart/environment-values/values.base.insecure.yaml index c5696ca..1aa32e1 100644 --- a/chart/environment-values/values.base.insecure.yaml +++ b/chart/environment-values/values.base.insecure.yaml @@ -52,22 +52,6 @@ owsub: openwifi.system.uri.private: http://owsub-owsub:17006 openwifi.system.uri.ui: http://localhost -owrrm: - public_env_variables: - SELFSIGNED_CERTS: "true" - KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092 - DATABASECONFIG_SERVER: owrrm-mysql:3306 - DATABASECONFIG_DBNAME: owrrm - DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1" - - secret_env_variables: - DATABASECONFIG_USER: root - DATABASECONFIG_PASSWORD: openwifi - - mysql: - enabled: true - fullnameOverride: "owrrm-mysql" - owgwui: public_env_variables: REACT_APP_UCENTRALSEC_URL: http://localhost:16001 diff --git a/chart/environment-values/values.base.secure.yaml b/chart/environment-values/values.base.secure.yaml index 28270d8..79f62b1 100644 --- a/chart/environment-values/values.base.secure.yaml +++ b/chart/environment-values/values.base.secure.yaml @@ -298,22 +298,6 @@ owsub: secret: secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls -owrrm: - public_env_variables: - SELFSIGNED_CERTS: "true" - KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092 - DATABASECONFIG_SERVER: owrrm-mysql:3306 - DATABASECONFIG_DBNAME: owrrm - DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1" - - secret_env_variables: - DATABASECONFIG_USER: root - DATABASECONFIG_PASSWORD: openwifi - - mysql: - enabled: true - fullnameOverride: "owrrm-mysql" - owgwui: public_env_variables: REACT_APP_UCENTRALSEC_URL: https://localhost:16001 diff --git a/chart/environment-values/values.custom.tpl.yaml b/chart/environment-values/values.custom.tpl.yaml index eba6806..362a607 100644 --- a/chart/environment-values/values.custom.tpl.yaml +++ b/chart/environment-values/values.custom.tpl.yaml @@ -2,7 +2,8 @@ owgw: services: owgw: annotations: - external-dns.alpha.kubernetes.io/hostname: "$OWGW_SERVICE_DNS_RECORDS" + external-dns.alpha.kubernetes.io/hostname: gw-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} configProperties: openwifi.fileuploader.host.0.name: gw-${NAMESPACE}.${DOMAIN} rtty.server: gw-${NAMESPACE}.${DOMAIN} @@ -27,6 +28,7 @@ owsec: owsec: annotations: external-dns.alpha.kubernetes.io/hostname: sec-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} owfms: configProperties: s3.secret: "${OWFMS_S3_SECRET}" @@ -38,22 +40,15 @@ owfms: owfms: annotations: external-dns.alpha.kubernetes.io/hostname: fms-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} public_env_variables: OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001 -owgwui: - ingresses: - default: - hosts: - - webui-${NAMESPACE}.${DOMAIN} - annotations: - external-dns.alpha.kubernetes.io/hostname: webui-${NAMESPACE}.${DOMAIN} - public_env_variables: - REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001 owprov: services: owprov: annotations: external-dns.alpha.kubernetes.io/hostname: prov-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} configProperties: openwifi.system.uri.public: https://prov-${NAMESPACE}.${DOMAIN}:16005 openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owprov-owprov:17005 @@ -61,6 +56,16 @@ owprov: iptocountry.ipinfo.token: "${IPTOCOUNTRY_IPINFO_TOKEN}" public_env_variables: OWSEC: sec-${NAMESPACE}.${DOMAIN}:16001 +owgwui: + ingresses: + default: + hosts: + - webui-${NAMESPACE}.${DOMAIN} + annotations: + external-dns.alpha.kubernetes.io/hostname: webui-${NAMESPACE}.${DOMAIN} + alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN} + public_env_variables: + REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001 owprovui: ingresses: default: @@ -68,6 +73,7 @@ owprovui: - provui-${NAMESPACE}.${DOMAIN} annotations: external-dns.alpha.kubernetes.io/hostname: provui-${NAMESPACE}.${DOMAIN} + alb.ingress.kubernetes.io/certificate-arn: ${CERTIFICATE_ARN} public_env_variables: REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001 owanalytics: @@ -75,6 +81,7 @@ owanalytics: owanalytics: annotations: external-dns.alpha.kubernetes.io/hostname: analytics-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} configProperties: openwifi.system.uri.public: https://analytics-${NAMESPACE}.${DOMAIN}:16009 openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owanalytics-owanalytics:17009 @@ -86,6 +93,7 @@ owsub: owsub: annotations: external-dns.alpha.kubernetes.io/hostname: sub-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} configProperties: openwifi.system.uri.public: https://sub-${NAMESPACE}.${DOMAIN}:16006 openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owsub-owsub:17006 @@ -102,6 +110,7 @@ owls: owls: annotations: external-dns.alpha.kubernetes.io/hostname: ls-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} configProperties: openwifi.system.uri.public: https://ls-${NAMESPACE}.${DOMAIN}:16007 openwifi.system.uri.private: $INTERNAL_RESTAPI_ENDPOINT_SCHEMA://owls-owls:17007 @@ -113,16 +122,11 @@ owlsui: - lsui-${NAMESPACE}.${DOMAIN} annotations: external-dns.alpha.kubernetes.io/hostname: lsui-${NAMESPACE}.${DOMAIN} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} public_env_variables: REACT_APP_UCENTRALSEC_URL: https://sec-${NAMESPACE}.${DOMAIN}:16001 -owrrm: - public_env_variables: - SERVICECONFIG_PUBLICENDPOINT: https://rrm-${NAMESPACE}.${DOMAIN}:16789 - services: - owrrm: - annotations: - external-dns.alpha.kubernetes.io/hostname: rrm-${NAMESPACE}.${DOMAIN} haproxy: service: annotations: external-dns.alpha.kubernetes.io/hostname: "$HAPROXY_SERVICE_DNS_RECORDS" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: ${CERTIFICATE_ARN} diff --git a/chart/environment-values/values.openwifi-dev03.yaml b/chart/environment-values/values.openwifi-dev03.yaml deleted file mode 100644 index 7f6fef2..0000000 --- a/chart/environment-values/values.openwifi-dev03.yaml +++ /dev/null @@ -1,22 +0,0 @@ -owgwui: - ingresses: - default: - annotations: - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -owprovui: - ingresses: - default: - annotations: - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -owrrm: - services: - owrrm: - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -haproxy: - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be diff --git a/chart/environment-values/values.openwifi-qa.owls-enabled.yaml b/chart/environment-values/values.openwifi-qa.owls-enabled.yaml index 5561fa2..72be470 100644 --- a/chart/environment-values/values.openwifi-qa.owls-enabled.yaml +++ b/chart/environment-values/values.openwifi-qa.owls-enabled.yaml @@ -1,43 +1,21 @@ # This helm values file is to be used when OWLS is run in the same namespace. owgw: - services: - owgw: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002" - configProperties: simulatorid: 53494D020202 - storage.type: postgresql - storage.type.postgresql.host: owgw-pgsql - storage.type.postgresql.database: owgw - storage.type.postgresql.username: owgw - storage.type.postgresql.password: owgw - openwifi.certificates.allowmismatch: "true" + storage.type.postgresql.maxsessions: 120 + # this actually disables websocket logging: + logging.websocket: true resources: requests: cpu: 2000m - memory: 3000Mi + memory: 3Gi limits: cpu: 2000m - memory: 3000Mi - - postgresql: - enabled: true - fullnameOverride: owgw-pgsql - postgresqlDatabase: owgw - postgresqlUsername: owgw - postgresqlPassword: owgw + memory: 5Gi owls: enabled: true - services: owls: type: LoadBalancer @@ -46,7 +24,6 @@ owls: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007" external-dns.alpha.kubernetes.io/ttl: "60" @@ -115,7 +92,6 @@ owls: - name: config mountPath: /owls-data/owls.properties subPath: owls.properties - # Template below will be rendered in template volumeDefinition: | secret: secretName: {{ include "owls.fullname" . }}-config @@ -129,7 +105,6 @@ owls: volumeDefinition: | secret: secretName: {{ include "owls.fullname" . }}-certs-cas - # Change this if you want to use another volume type - name: persist mountPath: /owls-data/persist volumeDefinition: | @@ -148,151 +123,12 @@ owls: secret: secretName: {{ include "owls.fullname" . }}-owls-restapi-tls -owlsui: - enabled: true - - services: - owlsui: - type: NodePort - - ingresses: - default: - enabled: true - annotations: - kubernetes.io/ingress.class: alb - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' - external-dns.alpha.kubernetes.io/ttl: "60" - paths: - - path: /* - serviceName: owlsui - servicePort: http - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" -owls: - enabled: true - - services: - owls: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007" - external-dns.alpha.kubernetes.io/ttl: "60" - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - resources: - requests: - cpu: 6000m - memory: 8000Mi - limits: - cpu: 6000m - memory: 8000Mi - - checks: - owls: - liveness: - httpGet: - path: / - port: 16107 - failureThreshold: 900 - readiness: - httpGet: - path: / - port: 16107 - failureThreshold: 900 - - certs: - restapi-ca.pem: | - -----BEGIN CERTIFICATE----- - MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL - BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj - dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy - b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx - CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu - Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0 - IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u - AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm - KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO - aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO - t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6 - Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX - 720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG - lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF - AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM - dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF - PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj - 19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG - L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA - 5IOM7ItsRmen6u3qu+JXros54e4juQ== - -----END CERTIFICATE----- - - public_env_variables: - SELFSIGNED_CERTS: "true" - - configProperties: - openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt - openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt - openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key - openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt - openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt - openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key - - volumes: - owls: - - name: config - mountPath: /owls-data/owls.properties - subPath: owls.properties - # Template below will be rendered in template - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-config - - name: certs - mountPath: /owls-data/certs - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-certs - - name: certs-cas - mountPath: /owls-data/certs/cas - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-certs-cas - # Change this if you want to use another volume type - - name: persist - mountPath: /owls-data/persist - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owls.fullname" . }}-pvc - - - name: restapi-certs - mountPath: /owls-data/certs/restapi-certs - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-owls-restapi-tls - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owls.fullname" . }}-owls-restapi-tls owlsui: enabled: true - services: owlsui: type: NodePort - ingresses: default: enabled: true @@ -300,7 +136,6 @@ owlsui: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}' external-dns.alpha.kubernetes.io/ttl: "60" diff --git a/chart/environment-values/values.openwifi-qa.owls-external.yaml b/chart/environment-values/values.openwifi-qa.owls-external.yaml index 1fa726d..daca53b 100644 --- a/chart/environment-values/values.openwifi-qa.owls-external.yaml +++ b/chart/environment-values/values.openwifi-qa.owls-external.yaml @@ -1,16 +1,5 @@ # This helm values file is to be used when OWLS is run externally. owgw: - services: - owgw: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002" - configProperties: # done by default for owgw now: #simulatorid: 53494D020202 @@ -36,13 +25,6 @@ owgw: cpu: 2000m memory: 5Gi -# Postgres tuning for larger # of APs -#postgresql: -# primary: -# resourcesPreset: large -# persistence: -# size: 120Gi - owprov: # consider providing more memory to owprov resources: @@ -52,3 +34,11 @@ owprov: limits: cpu: 100m memory: 4Gi + +# Postgres tuning for larger # of APs +#postgresql: +# primary: +# resourcesPreset: large +# persistence: +# size: 120Gi + diff --git a/chart/environment-values/values.openwifi-qa.separate-lbs.yaml b/chart/environment-values/values.openwifi-qa.separate-lbs.yaml index 944aa0a..08ab753 100644 --- a/chart/environment-values/values.openwifi-qa.separate-lbs.yaml +++ b/chart/environment-values/values.openwifi-qa.separate-lbs.yaml @@ -7,8 +7,8 @@ owgw: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true owsec: services: @@ -19,8 +19,8 @@ owsec: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true owfms: services: @@ -31,8 +31,8 @@ owfms: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true owprov: services: @@ -43,8 +43,8 @@ owprov: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true owanalytics: services: @@ -55,8 +55,8 @@ owanalytics: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16109" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16009,17009" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true owsub: services: @@ -67,8 +67,8 @@ owsub: service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16106" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16006,17006" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true haproxy: enabled: false diff --git a/chart/environment-values/values.openwifi-qa.test-nodes.yaml b/chart/environment-values/values.openwifi-qa.test-nodes.yaml index 38b3a4e..96f38dd 100644 --- a/chart/environment-values/values.openwifi-qa.test-nodes.yaml +++ b/chart/environment-values/values.openwifi-qa.test-nodes.yaml @@ -188,21 +188,6 @@ owsub: operator: "Exists" effect: "NoSchedule" -owrrm: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - mysql: - nodeSelector: - env: tests - tolerations: - - key: "tests" - operator: "Exists" - effect: "NoSchedule" - kafka: nodeSelector: env: tests diff --git a/chart/environment-values/values.openwifi-qa.yaml b/chart/environment-values/values.openwifi-qa.yaml index 660e77c..db9a269 100644 --- a/chart/environment-values/values.openwifi-qa.yaml +++ b/chart/environment-values/values.openwifi-qa.yaml @@ -521,7 +521,6 @@ owprov: openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key - rrm.providers: owrrm volumes: owprov: @@ -743,73 +742,6 @@ owsub: secret: secretName: {{ include "owsub.fullname" . }}-owsub-restapi-tls -owrrm: - fullnameOverride: owrrm - - services: - owrrm: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16789" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16789,16790" - - resources: - requests: - cpu: 1000m - memory: 2048Mi - limits: - cpu: 1000m - memory: 2048Mi - - podAnnotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - - public_env_variables: - SELFSIGNED_CERTS: "true" - SERVICECONFIG_PRIVATEENDPOINT: http://owrrm-owrrm:16789 - KAFKACONFIG_BOOTSTRAPSERVER: kafka:9092 - DATABASECONFIG_DBNAME: owrrm - DATABASECONFIG_DATARETENTIONINTERVALDAYS: "1" - # Empty string will disable DB usage - DATABASECONFIG_SERVER: "" - # Uncomment these parameters to enable DB usage + enable mysql below - #DATABASECONFIG_SERVER: owrrm-mysql:3306 - - secret_env_variables: - DATABASECONFIG_USER: root - DATABASECONFIG_PASSWORD: openwifi - - volumes: - owrrm: - - name: persist - mountPath: /owrrm-data/ - volumeDefinition: | - persistentVolumeClaim: - claimName: {{ template "owrrm.fullname" . }}-pvc - - - name: restapi-ca - mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt - subPath: ca.crt - volumeDefinition: | - secret: - secretName: {{ include "owrrm.fullname" . }}-owrrm-restapi-tls - - mysql: - enabled: false - fullnameOverride: "owrrm-mysql" - - resources: - requests: - cpu: 100m - memory: 512Mi - limits: - cpu: 100m - memory: 512Mi - kafka: volumePermissions: enabled: true @@ -873,7 +805,6 @@ haproxy: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080" service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,5913,16001,17001,16009,16006,17006" service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip diff --git a/chart/environment-values/values.openwifi-qa03.yaml b/chart/environment-values/values.openwifi-qa03.yaml deleted file mode 100644 index 51c217b..0000000 --- a/chart/environment-values/values.openwifi-qa03.yaml +++ /dev/null @@ -1,29 +0,0 @@ - -owgw: - services: - owgw: - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -owgwui: - ingresses: - default: - annotations: - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -owprovui: - ingresses: - default: - annotations: - alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -owrrm: - services: - owrrm: - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be - -haproxy: - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be diff --git a/chart/values.yaml b/chart/values.yaml index ceb27fd..e2d422f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -48,12 +48,6 @@ owsub: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 -# OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/) -owrrm: - fullnameOverride: owrrm - mysql: - enabled: true - # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/) kafka: enabled: true @@ -405,7 +399,6 @@ restapiCerts: - owls-owls - owanalytics-owanalytics - owsub-owsub - - owrrm-owrrm clusterDomain: cluster.local postgresql: From 79f13fb117b8cbbc04d563743e262c2f04b4132a Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Fri, 5 Jul 2024 10:17:28 -0400 Subject: [PATCH 2/2] WIFI-13796 Switch to brokerless kafka setup - more likely to work with most recent OW components Signed-off-by: Carsten Schafer --- chart/environment-values/values.base.insecure.yaml | 4 +++- chart/environment-values/values.base.secure.yaml | 4 +++- chart/environment-values/values.openwifi-qa.yaml | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/chart/environment-values/values.base.insecure.yaml b/chart/environment-values/values.base.insecure.yaml index 1aa32e1..d934606 100644 --- a/chart/environment-values/values.base.insecure.yaml +++ b/chart/environment-values/values.base.insecure.yaml @@ -78,6 +78,8 @@ kafka: replicaCount: 1 extraConfig: |- maxMessageBytes = 1048588 + offsets.topic.replication.factor = 1 + transaction.state.log.replication.factor = 1 extraEnvVars: - name: ALLOW_PLAINTEXT_LISTENER value: "yes" @@ -90,4 +92,4 @@ kafka: broker: persistence: size: 20Gi - replicaCount: 2 + replicaCount: 0 diff --git a/chart/environment-values/values.base.secure.yaml b/chart/environment-values/values.base.secure.yaml index 79f62b1..bc65df6 100644 --- a/chart/environment-values/values.base.secure.yaml +++ b/chart/environment-values/values.base.secure.yaml @@ -331,6 +331,8 @@ kafka: replicaCount: 1 extraConfig: |- maxMessageBytes = 1048588 + offsets.topic.replication.factor = 1 + transaction.state.log.replication.factor = 1 extraEnvVars: - name: ALLOW_PLAINTEXT_LISTENER value: "yes" @@ -343,7 +345,7 @@ kafka: broker: persistence: size: 20Gi - replicaCount: 2 + replicaCount: 0 restapiCerts: enabled: true diff --git a/chart/environment-values/values.openwifi-qa.yaml b/chart/environment-values/values.openwifi-qa.yaml index db9a269..a69e578 100644 --- a/chart/environment-values/values.openwifi-qa.yaml +++ b/chart/environment-values/values.openwifi-qa.yaml @@ -760,6 +760,8 @@ kafka: replicaCount: 1 extraConfig: |- maxMessageBytes = 1048588 + offsets.topic.replication.factor = 1 + transaction.state.log.replication.factor = 1 extraEnvVars: - name: ALLOW_PLAINTEXT_LISTENER value: "yes" @@ -779,7 +781,7 @@ kafka: broker: persistence: size: 20Gi - replicaCount: 2 + replicaCount: 0 resources: requests: cpu: 500m