diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 3ed9618c..f09bca6e 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -1,4 +1,4 @@ -# Copyright (c) Magistrala +# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 name: Generate Helm Docs @@ -23,7 +23,7 @@ jobs: id: helm-docs uses: losisin/helm-docs-github-action@v1.3.1 with: - chart-search-root: "charts/magistrala" + chart-search-root: "charts/supermq" values-file: "values.yaml" output-file: "README.md" template-files: "README.md.gotmpl" @@ -32,4 +32,4 @@ jobs: - name: Show README diff if: failure() && steps.helm-docs.outcome == 'failure' - run: git diff charts/magistrala/README.md || echo "No git diff available." + run: git diff charts/supermq/README.md || echo "No git diff available." diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 544b5bd9..ee513fc9 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,4 +1,4 @@ -# Copyright (c) Magistrala +# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 name: Lint and Test Charts @@ -25,11 +25,14 @@ jobs: helm repo add jaegertracing https://jaegertracing.github.io/helm-charts helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add hashicorp https://helm.releases.hashicorp.com + helm repo add grafana https://grafana.github.io/helm-charts + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm repo add fluent https://fluent.github.io/helm-charts helm repo update - name: Update Helm dependencies run: | - helm dependency update charts/magistrala + helm dependency update charts/supermq # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and # yamllint (https://github.com/adrienverge/yamllint) which require Python @@ -61,4 +64,4 @@ jobs: - name: Run chart-testing (install) if: steps.list-changed.outputs.changed == 'true' run: | - ct install --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts/magistrala/charts + ct install --target-branch ${{ github.event.repository.default_branch }} --chart-dirs charts/supermq/charts diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 95e740e0..f0539ed0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -# Copyright (c) Magistrala +# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 name: Release Charts @@ -41,7 +41,7 @@ jobs: - name: Update Helm dependencies run: | - helm dependency update charts/magistrala + helm dependency update charts/supermq - name: Run chart-releaser uses: helm/chart-releaser-action@v1.6.0 diff --git a/charts/magistrala/README.md b/charts/magistrala/README.md deleted file mode 100644 index 477a8699..00000000 --- a/charts/magistrala/README.md +++ /dev/null @@ -1,315 +0,0 @@ -# magistrala - -Magistrala IoT Platform - -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.0](https://img.shields.io/badge/AppVersion-0.14.0-informational?style=flat-square) - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| drasko | | | -| dusan | | | - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| @bitnami | postgresqlbootstrap(postgresql) | 12.5.6 | -| @bitnami | postgresqlinvitations(postgresql) | 12.5.6 | -| @bitnami | postgresqlauth(postgresql) | 12.5.6 | -| @bitnami | postgresqlspicedb(postgresql) | 12.5.6 | -| @bitnami | postgresqlthings(postgresql) | 12.5.6 | -| @bitnami | postgresqlusers(postgresql) | 12.5.6 | -| @bitnami | postgresqlui(postgresql) | 12.5.6 | -| @bitnami | postgresqlcerts(postgresql) | 12.5.6 | -| @bitnami | timescaledb(postgresql) | 12.5.6 | -| @bitnami | postgresqljournal(postgresql) | 12.5.6 | -| @bitnami | redis-things(redis) | 19.6.2 | -| @hashicorp | vault(vault) | 0.28.1 | -| @jaegertracing | jaeger | 3.1.1 | -| @nats | nats | 1.2.1 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| adapter_coap.image | object | `{}` | | -| adapter_coap.port | int | `5683` | | -| adapter_http.httpPort | int | `8008` | | -| adapter_http.image | object | `{}` | | -| auth.accessTokenDuration | string | `"1h"` | | -| auth.adminEmail | string | `"admin@example.com"` | | -| auth.adminPassword | string | `"12345678"` | | -| auth.affinity | object | `{}` | | -| auth.grpcPort | int | `8181` | | -| auth.httpPort | int | `8189` | | -| auth.image | object | `{}` | | -| auth.invitationDuration | string | `"168h"` | | -| auth.nodeSelector | object | `{}` | | -| auth.refreshTokenDuration | string | `"24h"` | | -| auth.secret | string | `"supersecret"` | | -| auth.tolerations | object | `{}` | | -| bootstrap.enabled | bool | `true` | | -| bootstrap.encKey | string | `"randomstring"` | | -| bootstrap.eventConsumerName | string | `"EventConsumerByBootstrap"` | | -| bootstrap.httpPort | int | `9013` | | -| bootstrap.image | object | `{}` | | -| bootstrap.redisESPort | int | `6379` | | -| certs.enabled | bool | `true` | | -| certs.httpPort | int | `9019` | | -| certs.image | object | `{}` | | -| certs.logLevel | string | `"info"` | | -| certs.signCAKeyPath | string | `"/etc/ssl/certs/ca.key"` | | -| certs.signCAPath | string | `"/etc/ssl/certs/ca.crt"` | | -| certs.vault.approleRoleid | string | `"magistrala"` | | -| certs.vault.approleSecret | string | `"magistrala"` | | -| certs.vault.namespace | string | `"magistrala"` | | -| certs.vault.thingsCertsPkiPath | string | `"pki_int"` | | -| certs.vault.thingsCertsPkiRoleName | string | `"magistrala_things_certs"` | | -| certs.vault.url | string | `"http://magistrala-vault:8200"` | | -| defaults.eventStreamURL | string | `"magistrala-nats:4222"` | | -| defaults.image.pullPolicy | string | `"IfNotPresent"` | | -| defaults.image.rootRepository | string | `"magistrala"` | | -| defaults.image.tag | string | `"latest"` | | -| defaults.jaegerCollectorPort | int | `4318` | | -| defaults.jaegerTraceRatio | float | `1` | | -| defaults.logLevel | string | `"info"` | | -| defaults.natsPort | int | `4222` | | -| defaults.replicaCount | int | `3` | | -| defaults.sendTelemetry | bool | `true` | | -| envoy.image.pullPolicy | string | `"IfNotPresent"` | | -| envoy.image.repository | string | `"envoyproxy/envoy"` | | -| envoy.image.tag | string | `"v1.31-latest"` | | -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `true` | | -| ingress.labels | object | `{}` | | -| invitations.enabled | bool | `true` | | -| invitations.httpPort | int | `9020` | | -| invitations.image | object | `{}` | | -| jaeger.agent.enabled | bool | `false` | | -| jaeger.allInOne.enabled | bool | `false` | | -| jaeger.cassandra.persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| jaeger.cassandra.persistence.enabled | bool | `true` | | -| jaeger.cassandra.persistence.size | string | `"10Gi"` | | -| jaeger.cassandra.persistence.storageClass | string | `"do-block-storage"` | | -| jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | | -| jaeger.collector.service.otlp.grpc.port | int | `4317` | | -| jaeger.collector.service.otlp.http.name | string | `"otlp-http"` | | -| jaeger.collector.service.otlp.http.port | int | `4318` | | -| jaeger.fullnameOverride | string | `"magistrala-jaeger"` | | -| jaeger.provisionDataStore.cassandra | bool | `true` | | -| jaeger.storage.type | string | `"cassandra"` | | -| journal.enabled | bool | `true` | | -| journal.httpPort | int | `9021` | | -| journal.image | object | `{}` | | -| mqtt.adapter.image.pullSecrets | object | `{}` | | -| mqtt.adapter.logLevel | string | `"debug"` | | -| mqtt.adapter.mqttPort | int | `1884` | | -| mqtt.adapter.wsPort | int | `8081` | | -| mqtt.broker.image.repository | string | `"magistrala/vernemq"` | | -| mqtt.broker.logLevel | string | `"info"` | | -| mqtt.broker.mqttPort | int | `1883` | | -| mqtt.broker.persistentVolume.size | string | `"5Gi"` | | -| mqtt.broker.wsPort | int | `8080` | | -| mqtt.enabled | bool | `true` | | -| mqtt.redisCachePort | int | `6379` | | -| mqtt.redisESPort | int | `6379` | | -| mqtt.securityContext.fsGroup | int | `10000` | | -| mqtt.securityContext.runAsGroup | int | `10000` | | -| mqtt.securityContext.runAsUser | int | `10000` | | -| nats.config.cluster.enabled | bool | `false` | | -| nats.config.cluster.replicas | int | `3` | | -| nats.config.jetstream.enabled | bool | `true` | | -| nats.config.jetstream.fileStore.enabled | bool | `true` | | -| nats.config.jetstream.fileStore.pvc.enabled | bool | `true` | | -| nats.config.jetstream.memoryStore.enabled | bool | `true` | | -| nats.config.jetstream.memoryStore.maxSize | string | `"2Gi"` | | -| nginxInternal.image.pullPolicy | string | `"IfNotPresent"` | | -| nginxInternal.image.repository | string | `"nginx"` | | -| nginxInternal.image.tag | string | `"1.19.1-alpine"` | | -| nginxInternal.mtls.intermediateCrt | string | `""` | | -| nginxInternal.mtls.tls | string | `""` | | -| postgresqlauth.database | string | `"auth"` | | -| postgresqlauth.enabled | bool | `true` | | -| postgresqlauth.global.postgresql.auth.database | string | `"auth"` | | -| postgresqlauth.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlauth.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlauth.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlauth.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlauth.host | string | `"postgresql-auth"` | | -| postgresqlauth.name | string | `"postgresql-auth"` | | -| postgresqlauth.password | string | `"magistrala"` | | -| postgresqlauth.port | int | `5432` | | -| postgresqlauth.username | string | `"magistrala"` | | -| postgresqlbootstrap.database | string | `"bootstrap"` | | -| postgresqlbootstrap.enabled | bool | `true` | | -| postgresqlbootstrap.global.postgresql.auth.database | string | `"bootstrap"` | | -| postgresqlbootstrap.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlbootstrap.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlbootstrap.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlbootstrap.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlbootstrap.host | string | `"postgresql-bootstrap"` | | -| postgresqlbootstrap.name | string | `"postgresql-bootstrap"` | | -| postgresqlbootstrap.password | string | `"magistrala"` | | -| postgresqlbootstrap.port | int | `5432` | | -| postgresqlbootstrap.username | string | `"magistrala"` | | -| postgresqlcerts.database | string | `"certs"` | | -| postgresqlcerts.enabled | bool | `true` | | -| postgresqlcerts.global.postgresql.auth.database | string | `"certs"` | | -| postgresqlcerts.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlcerts.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlcerts.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlcerts.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlcerts.host | string | `"postgresql-certs"` | | -| postgresqlcerts.name | string | `"postgresql-certs"` | | -| postgresqlcerts.password | string | `"magistrala"` | | -| postgresqlcerts.port | int | `5432` | | -| postgresqlcerts.username | string | `"magistrala"` | | -| postgresqlinvitations.database | string | `"invitations"` | | -| postgresqlinvitations.enabled | bool | `true` | | -| postgresqlinvitations.global.postgresql.auth.database | string | `"invitations"` | | -| postgresqlinvitations.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlinvitations.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlinvitations.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlinvitations.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlinvitations.host | string | `"postgresql-invitations"` | | -| postgresqlinvitations.name | string | `"postgresql-invitations"` | | -| postgresqlinvitations.password | string | `"magistrala"` | | -| postgresqlinvitations.port | int | `5432` | | -| postgresqlinvitations.username | string | `"magistrala"` | | -| postgresqljournal.database | string | `"journal"` | | -| postgresqljournal.enabled | bool | `true` | | -| postgresqljournal.global.postgresql.auth.database | string | `"journal"` | | -| postgresqljournal.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqljournal.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqljournal.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqljournal.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqljournal.host | string | `"postgresql-journal"` | | -| postgresqljournal.name | string | `"postgresql-journal"` | | -| postgresqljournal.password | string | `"magistrala"` | | -| postgresqljournal.port | int | `5432` | | -| postgresqljournal.username | string | `"magistrala"` | | -| postgresqlspicedb.database | string | `"spicedb"` | | -| postgresqlspicedb.enabled | bool | `true` | | -| postgresqlspicedb.global.postgresql.auth.database | string | `"spicedb"` | | -| postgresqlspicedb.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlspicedb.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlspicedb.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlspicedb.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlspicedb.host | string | `"postgresql-spicedb"` | | -| postgresqlspicedb.name | string | `"postgresql-spicedb"` | | -| postgresqlspicedb.password | string | `"magistrala"` | | -| postgresqlspicedb.port | int | `5432` | | -| postgresqlspicedb.username | string | `"magistrala"` | | -| postgresqlthings.database | string | `"things"` | | -| postgresqlthings.enabled | bool | `true` | | -| postgresqlthings.global.postgresql.auth.database | string | `"things"` | | -| postgresqlthings.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlthings.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlthings.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlthings.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlthings.host | string | `"postgresql-things"` | | -| postgresqlthings.name | string | `"postgresql-things"` | | -| postgresqlthings.password | string | `"magistrala"` | | -| postgresqlthings.port | int | `5432` | | -| postgresqlthings.username | string | `"magistrala"` | | -| postgresqlui.database | string | `"ui"` | | -| postgresqlui.enabled | bool | `true` | | -| postgresqlui.global.postgresql.auth.database | string | `"ui"` | | -| postgresqlui.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlui.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlui.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlui.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlui.host | string | `"postgresql-ui"` | | -| postgresqlui.name | string | `"postgresql-ui"` | | -| postgresqlui.password | string | `"magistrala"` | | -| postgresqlui.port | int | `5432` | | -| postgresqlui.username | string | `"magistrala"` | | -| postgresqlusers.database | string | `"users"` | | -| postgresqlusers.enabled | bool | `true` | | -| postgresqlusers.global.postgresql.auth.database | string | `"users"` | | -| postgresqlusers.global.postgresql.auth.password | string | `"magistrala"` | | -| postgresqlusers.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| postgresqlusers.global.postgresql.auth.username | string | `"magistrala"` | | -| postgresqlusers.global.postgresql.service.ports.postgresql | int | `5432` | | -| postgresqlusers.host | string | `"postgresql-users"` | | -| postgresqlusers.name | string | `"postgresql-users"` | | -| postgresqlusers.password | string | `"magistrala"` | | -| postgresqlusers.port | int | `5432` | | -| postgresqlusers.username | string | `"magistrala"` | | -| redis-things.cluster.enabled | bool | `false` | | -| redis-things.usePassword | bool | `false` | | -| redis-things.volumePermissions.enabled | bool | `true` | | -| spicedb.affinity | object | `{}` | | -| spicedb.datastore.engine | string | `"postgres"` | | -| spicedb.dispatch.enabled | bool | `false` | | -| spicedb.dispatch.port | int | `50053` | | -| spicedb.grpc.port | int | `50051` | | -| spicedb.grpc.presharedKey | string | `"helloworld"` | | -| spicedb.http.enabled | bool | `false` | | -| spicedb.http.port | int | `8443` | | -| spicedb.image.pullSecrets | object | `{}` | | -| spicedb.image.repository | string | `"authzed/spicedb"` | | -| spicedb.image.tag | string | `"latest"` | | -| spicedb.metrics.enabled | bool | `true` | | -| spicedb.metrics.port | int | `9090` | | -| spicedb.nodeSelector | object | `{}` | | -| spicedb.tolerations | object | `{}` | | -| things.authGrpcPort | int | `7000` | | -| things.authHttpPort | int | `9001` | | -| things.httpPort | int | `9000` | | -| things.image | object | `{}` | | -| things.redisCachePort | int | `6379` | | -| things.redisESPort | int | `6379` | | -| timescaledb.database | string | `"messages"` | | -| timescaledb.enabled | bool | `true` | | -| timescaledb.global.postgresql.auth.database | string | `"messages"` | | -| timescaledb.global.postgresql.auth.password | string | `"magistrala"` | | -| timescaledb.global.postgresql.auth.postgresPassword | string | `"magistrala"` | | -| timescaledb.global.postgresql.auth.username | string | `"magistrala"` | | -| timescaledb.global.postgresql.service.ports.postgresql | int | `5432` | | -| timescaledb.host | string | `"timescalerw"` | | -| timescaledb.image.registry | string | `"docker.io"` | | -| timescaledb.image.repository | string | `"timescale/timescaledb"` | | -| timescaledb.image.tag | string | `"latest-pg12"` | | -| timescaledb.name | string | `"timescalerw"` | | -| timescaledb.password | string | `"magistrala"` | | -| timescaledb.port | int | `5432` | | -| timescaledb.reader.enabled | bool | `true` | | -| timescaledb.reader.http.port | int | `9011` | | -| timescaledb.reader.image | object | `{}` | | -| timescaledb.username | string | `"magistrala"` | | -| timescaledb.writer.enabled | bool | `true` | | -| timescaledb.writer.http.port | int | `9012` | | -| timescaledb.writer.image | object | `{}` | | -| ui.blockKey | string | `"UtgZjr92jwRY6SPUndHXiyl9QY8qTUyZ"` | | -| ui.contentType | string | `"application/senml+json"` | | -| ui.enabled | bool | `true` | | -| ui.googleClientID | string | `""` | | -| ui.googleClientSecret | string | `""` | | -| ui.googleRedirectHostname | string | `"https://stage-domain-name"` | | -| ui.googleRedirectPath | string | `"/oauth/callback/google"` | | -| ui.googleState | string | `"somerandomstring"` | | -| ui.hashKey | string | `"5jx4x2Qg9OUmzpP5dbveWQ"` | | -| ui.image | object | `{}` | | -| ui.pathPrefix | string | `"/ui"` | | -| ui.port | int | `9095` | | -| users.adminEmail | string | `"admin@example.com"` | | -| users.adminPassword | string | `"12345678"` | | -| users.allowSelfRegister | bool | `true` | | -| users.deleteAfter | string | `"720h"` | | -| users.deleteInterval | string | `"24h"` | | -| users.grpcPort | int | `7001` | | -| users.httpPort | int | `9002` | | -| users.image | object | `{}` | | -| users.passwordRegex | string | `"^.{8,}$"` | | -| users.secretKey | string | `"secretKey"` | | -| users.tokenResetEndpoint | string | `"/reset-request"` | | -| vault.enabled | bool | `false` | | diff --git a/charts/magistrala/templates/bootstrap-deployment.yaml b/charts/magistrala/templates/bootstrap-deployment.yaml deleted file mode 100644 index 15a17f87..00000000 --- a/charts/magistrala/templates/bootstrap-deployment.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.bootstrap.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-bootstrap -spec: - selector: - matchLabels: - app: {{ .Release.Name }} - component: bootstrap - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "{{ .Values.bootstrap.httpPort }}" - prometheus.io/scrape: "true" - labels: - app: {{ .Release.Name }} - component: bootstrap - spec: - {{- with (default .Values.defaults.image.pullSecrets .Values.bootstrap.image.pullSecrets) }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - dnsPolicy: ClusterFirst - restartPolicy: Always - containers: - - name: {{ .Release.Name }}-bootstrap - image: "{{ default (printf "%s/bootstrap" .Values.defaults.image.rootRepository) .Values.bootstrap.image.repository }}:{{ default .Values.defaults.image.tag .Values.bootstrap.image.tag }}" - imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.bootstrap.image.pullPolicy }} - env: - - name: MG_JAEGER_URL - value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO - value: {{ default .Values.defaults.jaegerTraceRatio .Values.bootstrap.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY - value: {{ default .Values.defaults.sendTelemetry .Values.bootstrap.sendTelemetry | quote }} - - name: MG_ES_URL - value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_BOOTSTRAP_LOG_LEVEL - value: {{ default .Values.defaults.logLevel .Values.bootstrap.logLevel | quote }} - - name: MG_BOOTSTRAP_HTTP_HOST - value: "0.0.0.0" - - name: MG_BOOTSTRAP_HTTP_PORT - value: {{ .Values.bootstrap.httpPort | quote }} - - name: MG_THINGS_URL - value: http://{{ .Release.Name }}-things:{{ .Values.things.httpPort }} - - name: MG_THINGS_ES_URL - value: {{ .Release.Name }}-redis-streams-master:{{ .Values.things.redisESPort }} - - name: MG_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} - - name: MG_BOOTSTRAP_ENCRYPT_KEY - value: {{ .Values.bootstrap.encKey | quote }} - - name: MG_BOOTSTRAP_EVENT_CONSUMER - value: {{ .Values.bootstrap.eventConsumerName | quote }} - - name: MG_BOOTSTRAP_DB_HOST - {{- if .Values.postgresqlbootstrap.enabled }} - value: {{ .Release.Name }}-postgresqlbootstrap - {{- else }} - value: {{ .Values.postgresqlbootstrap.host | quote }} - {{- end }} - - name: MG_BOOTSTRAP_DB_PORT - value: {{ .Values.postgresqlbootstrap.port | quote }} - - name: MG_BOOTSTRAP_DB_USER - value: {{ .Values.postgresqlbootstrap.username | quote }} - - name: MG_BOOTSTRAP_DB_PASS - value: {{ .Values.postgresqlbootstrap.password | quote }} - - name: MG_BOOTSTRAP_DB_NAME - value: {{ .Values.postgresqlbootstrap.database | quote }} - - ports: - - containerPort: {{ .Values.bootstrap.httpPort }} - protocol: TCP - {{- with .Values.bootstrap.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bootstrap.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.bootstrap.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - -{{- end }} diff --git a/charts/magistrala/templates/bootstrap-service.yaml b/charts/magistrala/templates/bootstrap-service.yaml deleted file mode 100644 index 0d28852e..00000000 --- a/charts/magistrala/templates/bootstrap-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.bootstrap.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-bootstrap -spec: - selector: - app: {{ .Release.Name }} - component: bootstrap - ports: - - port: {{ .Values.bootstrap.httpPort }} - protocol: TCP - name: {{ .Release.Name }}-bootstrap-{{ .Values.bootstrap.httpPort }} -{{- end }} diff --git a/charts/magistrala/templates/envoy-config.yaml b/charts/magistrala/templates/envoy-config.yaml deleted file mode 100644 index 877f653f..00000000 --- a/charts/magistrala/templates/envoy-config.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{- define "magistrala.envoy.config" -}} -static_resources: - listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 1883 - filter_chains: - - filters: - - name: envoy.filters.network.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: {{ .Release.Name }}-mqtt-envoy - cluster: {{ .Release.Name }}_mqtt_cluster - - address: - socket_address: - address: 0.0.0.0 - port_value: {{ .Values.auth.grpcPort }} - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - codec_type: AUTO - stat_prefix: {{ .Release.Name }}-auth-envoy - route_config: - name: auth_route - virtual_hosts: - - name: auth_service - domains: ["*"] - routes: - - match: { prefix: "/" } - route: - cluster: {{ .Release.Name }}_auth_cluster - http_filters: - - name: envoy.filters.http.grpc_web - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - address: - socket_address: - address: 0.0.0.0 - port_value: {{ .Values.things.authGrpcPort }} - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - codec_type: AUTO - stat_prefix: {{ .Release.Name }}-things-envoy - route_config: - name: things_route - virtual_hosts: - - name: things_service - domains: ["*"] - routes: - - match: { prefix: "/" } - route: - cluster: {{ .Release.Name }}_things_cluster - http_filters: - - name: envoy.filters.http.grpc_web - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - - name: {{ .Release.Name }}_mqtt_cluster - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: {{ .Release.Name }}_mqtt_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: {{ .Release.Name }}-mqtt - port_value: 1884 - - name: {{ .Release.Name }}_auth_cluster - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: {{ .Release.Name }}_auth_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: {{ .Release.Name }}-auth-headless - port_value: {{ .Values.auth.grpcPort }} - - - name: {{ .Release.Name }}_things_cluster - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - http2_protocol_options: {} - load_assignment: - cluster_name: {{ .Release.Name }}_things_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: {{ .Release.Name }}-things-headless - port_value: {{ .Values.things.authGrpcPort }} -admin: - access_log_path: "/dev/null" - address: - socket_address: - address: 0.0.0.0 - port_value: 8001 - -{{- end -}} diff --git a/charts/magistrala/templates/ingress.yaml b/charts/magistrala/templates/ingress.yaml deleted file mode 100644 index 02090704..00000000 --- a/charts/magistrala/templates/ingress.yaml +++ /dev/null @@ -1,303 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 -{{- if .Values.ingress.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-nginx-ingress -{{- if .Values.ingress.annotations }} - annotations: -{{ toYaml .Values.ingress.annotations | indent 4 }} -{{- end }} -{{- if .Values.ingress.labels }} - labels: -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ .Release.Name }}-ui - port: - number: {{ .Values.ui.port }} - - path: /health - pathType: Exact - backend: - service: - name: {{ .Release.Name }}-things - port: - number: {{ .Values.things.httpPort }} -{{- if .Values.ingress.tls }} - tls: - - hosts: - - {{ .Values.ingress.tls.hostname }} - secretName: {{ .Values.ingress.tls.secret }} -{{- end }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-users-things-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/configuration-snippet: | - if ($request_method = GET) { - proxy_pass http://{{ .Release.Name }}-things.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.things.httpPort }}; - break; - } -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - - path: /((users|groups)/(.+)/(channels|things)) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-users - port: - number: {{ .Values.users.httpPort }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-things-users-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/configuration-snippet: | - if ($request_method = GET) { - proxy_pass http://{{ .Release.Name }}-users.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.users.httpPort }}; - break; - } -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - - path: /((channels|things)/(.+)/(users|groups)) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-things - port: - number: {{ .Values.things.httpPort }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-users-domains-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/configuration-snippet: | - if ($request_method = GET) { - proxy_pass http://{{ .Release.Name }}-auth.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.auth.httpPort }}; - break; - } -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - - path: /((users)/(.+)/(domains)) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-users - port: - number: {{ .Values.users.httpPort }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-domains-users-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/configuration-snippet: | - if ($request_method = GET) { - proxy_pass http://{{ .Release.Name }}-users.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.users.httpPort }}; - break; - } -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - - path: /((domains)/(.+)/(users)) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-auth - port: - number: {{ .Values.auth.httpPort }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-nginx-rewrite-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 -{{- if .Values.ingress.annotations }} -{{ toYaml .Values.ingress.annotations | indent 4 }} -{{- end }} -{{- if .Values.ingress.labels }} - labels: -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - - path: /(domains.*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-auth - port: - number: {{ .Values.auth.httpPort }} - - path: /((users|groups|password|authorize).*|oauth/callback/[^/]+) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-users - port: - number: {{ .Values.users.httpPort }} - - path: /((things|channels|connect|disconnect|identify).*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-things - port: - number: {{ .Values.things.httpPort }} - - path: /(invitations.*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-invitations - port: - number: {{ .Values.invitations.httpPort }} - - path: /(journal.*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-journal - port: - number: {{ .Values.journal.httpPort }} -{{- if .Values.certs.enabled }} - - path: /((certs|serials).*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-certs - port: - number: {{ .Values.certs.httpPort }} -{{- end }} -{{- if .Values.bootstrap.enabled }} - - path: /bootstrap/?(.*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-bootstrap - port: - number: {{ .Values.bootstrap.httpPort }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - - hosts: - - {{ .Values.ingress.tls.hostname }} - secretName: {{ .Values.ingress.tls.secret }} -{{- end }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-nginx-rewrite-ingress-http-adapter - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 -{{- if and (ne .Values.nginxInternal.mtls.tls "") (ne .Values.nginxInternal.mtls.intermediateCrt "") }} - nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" - nginx.ingress.kubernetes.io/auth-tls-secret: {{ .Release.Namespace }}/ca - nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" - nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2" -{{- end }} -{{- if .Values.ingress.annotations }} -{{ toYaml .Values.ingress.annotations | indent 4 }} -{{- end }} -{{- if .Values.ingress.labels }} - labels: -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} -spec: - ingressClassName: nginx - rules: - - host: "{{ .Values.ingress.hostname }}" - http: - paths: - {{- if and (ne .Values.nginxInternal.mtls.tls "") (ne .Values.nginxInternal.mtls.intermediateCrt "") }} - - path: /(http/?.*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-nginx-internal - port: - number: 80 - - path: /(mqtt) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-nginx-internal - port: - number: 80 - {{- else }} - - path: /http/?(.*) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-adapter-http - port: - number: {{ .Values.adapter_http.httpPort }} - - path: /(mqtt) - pathType: ImplementationSpecific - backend: - service: - name: {{ .Release.Name }}-mqtt - port: - number: {{ default .Values.mqtt.adapter.wsPort }} - {{- end }} -{{- if .Values.ingress.tls }} - tls: - - hosts: - - {{ .Values.ingress.tls.hostname }} - secretName: {{ .Values.ingress.tls.secret }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: tcp-services - namespace: default -data: - 1883: "{{ .Release.Namespace }}/{{ .Release.Name }}-envoy:1883" - 8883: "{{ .Release.Namespace }}/{{ .Release.Name }}-nginx-internal:8883" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: udp-services - namespace: default -data: - 5683: "{{ .Release.Namespace }}/{{ .Release.Name }}-adapter-coap:5683" - -{{- end }} diff --git a/charts/magistrala/templates/invitations-deployment.yaml b/charts/magistrala/templates/invitations-deployment.yaml deleted file mode 100644 index 91da7c84..00000000 --- a/charts/magistrala/templates/invitations-deployment.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-invitations -spec: - selector: - matchLabels: - app: {{ .Release.Name }} - component: invitations - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "{{ .Values.invitations.httpPort }}" - prometheus.io/scrape: "true" - labels: - app: {{ .Release.Name }} - component: invitations - spec: - {{- with (default .Values.defaults.image.pullSecrets .Values.invitations.image.pullSecrets) }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - dnsPolicy: ClusterFirst - restartPolicy: Always - containers: - - name: {{ .Release.Name }}-invitations - image: "{{ default (printf "%s/invitations" .Values.defaults.image.rootRepository) .Values.invitations.image.repository }}:{{ default .Values.defaults.image.tag .Values.invitations.image.tag }}" - imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.invitations.image.pullPolicy }} - env: - - name: MG_JAEGER_URL - value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO - value: {{ default .Values.defaults.jaegerTraceRatio .Values.invitations.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY - value: {{ default .Values.defaults.sendTelemetry .Values.invitations.sendTelemetry | quote }} - - name: MG_ES_URL - value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_INVITATIONS_LOG_LEVEL - value: {{ default .Values.defaults.logLevel .Values.invitations.logLevel | quote }} - - name: MG_INVITATIONS_HTTP_HOST - value: "0.0.0.0" - - name: MG_INVITATIONS_HTTP_PORT - value: {{ .Values.invitations.httpPort | quote }} - - name : MG_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} - - name: MG_USERS_URL - value: http://{{ .Release.Name }}-users:{{ .Values.users.httpPort }} - - name: MG_DOMAINS_URL - value: http://{{ .Release.Name }}-auth:{{ .Values.auth.httpPort }} - - name: MG_INVITATIONS_DB_HOST - {{- if .Values.postgresqlinvitations.enabled }} - value: "{{ .Release.Name }}-postgresqlinvitations" - {{- else }} - value: {{ .Values.postgresqlinvitations.host | quote }} - {{- end }} - - name: MG_INVITATIONS_DB_PORT - value: {{ .Values.postgresqlinvitations.port | quote }} - - name: MG_INVITATIONS_DB_NAME - value: {{ .Values.postgresqlinvitations.database | quote }} - - name: MG_INVITATIONS_DB_USER - value: {{ .Values.postgresqlinvitations.username | quote }} - - name: MG_INVITATIONS_DB_PASS - value: {{ .Values.postgresqlinvitations.password | quote }} - ports: - - containerPort: {{ .Values.invitations.httpPort }} - protocol: TCP - {{- with .Values.invitations.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.invitations.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.invitations.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/magistrala/templates/invitations-service.yaml b/charts/magistrala/templates/invitations-service.yaml deleted file mode 100644 index 1d2022f0..00000000 --- a/charts/magistrala/templates/invitations-service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-invitations -spec: - selector: - app: {{ .Release.Name }} - component: invitations - ports: - - protocol: TCP - port: {{ .Values.invitations.httpPort }} - name: {{ .Release.Name }}-invitations-http diff --git a/charts/magistrala/templates/scpiedb-schema.yaml b/charts/magistrala/templates/scpiedb-schema.yaml deleted file mode 100644 index af8d203c..00000000 --- a/charts/magistrala/templates/scpiedb-schema.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{- define "spicedb.schema.zed" -}} - -definition user {} - -definition thing { - relation administrator: user - relation group: group - relation domain: domain - - permission admin = administrator + group->admin + domain->admin - permission delete = admin - permission edit = admin + group->edit + domain->edit - permission view = edit + group->view + domain->view - permission share = edit - permission publish = group - permission subscribe = group - - // These permission are made for only list purpose. It helps to list users have only particular permission excluding other higher and lower permission. - permission admin_only = admin - permission edit_only = edit - admin - permission view_only = view - - // These permission are made for only list purpose. It helps to list users from external, users who are not in group but have permission on the group through parent group - permission ext_admin = admin - administrator // For list of external admin , not having direct relation with group, but have indirect relation from parent group -} - -definition group { - relation administrator: user - relation editor: user - relation contributor: user - relation member: user - relation guest: user - - relation parent_group: group - relation domain: domain - - permission admin = administrator + parent_group->admin + domain->admin - permission delete = admin - permission edit = admin + editor + parent_group->edit + domain->edit - permission share = edit - permission view = contributor + edit + parent_group->view + domain->view + guest - permission membership = view + member - permission create = membership - guest - - // These permissions are made for listing purposes. They enable listing users who have only particular permission excluding higher-level permissions users. - permission admin_only = admin - permission edit_only = edit - admin - permission view_only = view - permission membership_only = membership - view - - // These permission are made for only list purpose. They enable listing users who have only particular permission from parent group excluding higher-level permissions. - permission ext_admin = admin - administrator // For list of external admin , not having direct relation with group, but have indirect relation from parent group - permission ext_edit = edit - editor // For list of external edit , not having direct relation with group, but have indirect relation from parent group - permission ext_view = view - contributor // For list of external view , not having direct relation with group, but have indirect relation from parent group -} - -definition domain { - relation administrator: user // combination domain + user id - relation editor: user - relation contributor: user - relation member: user - relation guest: user - - relation platform: platform - - permission admin = administrator + platform->admin - permission edit = admin + editor - permission share = edit - permission view = edit + contributor + guest - permission membership = view + member - permission create = membership - guest -} - -definition platform { - relation administrator: user - relation member: user - - permission admin = administrator - permission membership = administrator + member -} - - -{{- end -}} diff --git a/charts/magistrala/templates/things-deployment.yaml b/charts/magistrala/templates/things-deployment.yaml deleted file mode 100644 index d9114579..00000000 --- a/charts/magistrala/templates/things-deployment.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-things -spec: - replicas: {{ .Values.defaults.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }} - component: things - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "{{ .Values.things.httpPort }}" - prometheus.io/scrape: "true" - labels: - app: {{ .Release.Name }} - component: things - spec: - {{- with (default .Values.defaults.image.pullSecrets .Values.things.image.pullSecrets) }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - dnsPolicy: ClusterFirst - restartPolicy: Always - containers: - - name: {{ .Release.Name }}-things - image: "{{ default (printf "%s/things" .Values.defaults.image.rootRepository) .Values.things.image.repository }}:{{ default .Values.defaults.image.tag .Values.things.image.tag }}" - imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.things.image.pullPolicy }} - env: - - name: MG_JAEGER_URL - value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" - - name: MG_THINGS_AUTH_GRPC_HOST - value: "0.0.0.0" - - name: MG_THINGS_AUTH_GRPC_PORT - value: {{ .Values.things.authGrpcPort | quote}} - - name: MG_THINGS_AUTH_HTTP_HOST - value: "0.0.0.0" - - name: MG_THINGS_AUTH_HTTP_PORT - value: {{ .Values.things.authHttpPort | quote}} - - name: MG_THINGS_CACHE_URL - value: redis://{{ .Release.Name }}-redis-things-master:{{ .Values.things.redisCachePort }}/0 - - name: MG_THINGS_DB_HOST - {{- if .Values.postgresqlthings.enabled }} - value: {{ .Release.Name }}-postgresqlthings - {{- else }} - value: {{ .Values.postgresqlthings.host | quote}} - {{- end }} - - name: MG_THINGS_DB_PORT - value: {{ .Values.postgresqlthings.port | quote}} - - name: MG_THINGS_DB_USER - value: {{ .Values.postgresqlthings.username | quote }} - - name: MG_THINGS_DB_PASS - value: {{ .Values.postgresqlthings.password | quote }} - - name: MG_THINGS_DB_NAME - value: {{ .Values.postgresqlthings.database | quote }} - - name: MG_ES_URL - value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_THINGS_HTTP_HOST - value: "0.0.0.0" - - name: MG_THINGS_HTTP_PORT - value: {{ .Values.things.httpPort | quote }} - - name: MG_THINGS_LOG_LEVEL - value: {{ default .Values.defaults.logLevel .Values.things.logLevel | quote }} - - name: MG_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} - ports: - - containerPort: {{ .Values.things.httpPort }} - protocol: TCP - - containerPort: {{ .Values.things.authGrpcPort }} - protocol: TCP - - containerPort: {{ .Values.things.authHttpPort }} - protocol: TCP - {{- with .Values.things.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.things.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.things.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/magistrala/templates/things-service.yaml b/charts/magistrala/templates/things-service.yaml deleted file mode 100644 index 054f1a89..00000000 --- a/charts/magistrala/templates/things-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-things -spec: - selector: - app: {{ .Release.Name }} - component: things - ports: - - port: {{ .Values.things.httpPort }} - protocol: TCP - name: {{ .Release.Name }}-things-{{ .Values.things.httpPort }} - - port: {{ .Values.things.authGrpcPort }} - protocol: TCP - name: {{ .Release.Name }}-things-{{ .Values.things.authGrpcPort }} - - port: {{ .Values.things.authHttpPort }} - protocol: TCP - name: {{ .Release.Name }}-things-{{ .Values.things.authHttpPort }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-things-headless -spec: - selector: - app: {{ .Release.Name }} - component: things - ports: - - port: {{ .Values.things.httpPort }} - protocol: TCP - name: {{ .Release.Name }}-things-{{ .Values.things.httpPort }} - - port: {{ .Values.things.authGrpcPort }} - protocol: TCP - name: {{ .Release.Name }}-things-{{ .Values.things.authGrpcPort }} - - port: {{ .Values.things.authHttpPort }} - protocol: TCP - name: {{ .Release.Name }}-things-{{ .Values.things.authHttpPort }} - clusterIP: None diff --git a/charts/magistrala/templates/timescal-reader-service.yaml b/charts/magistrala/templates/timescal-reader-service.yaml deleted file mode 100644 index 8ee370b7..00000000 --- a/charts/magistrala/templates/timescal-reader-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.timescaledb.reader.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-timescaledb-reader -spec: - selector: - app: {{ .Release.Name }} - component: timescaledb-reader - ports: - - port: {{ .Values.timescaledb.reader.http.port }} - protocol: TCP - name: {{ .Release.Name }}-timescaledb-reader-{{ .Values.timescaledb.reader.http.port }} -{{- end }} - diff --git a/charts/magistrala/templates/timescale-reader-deployment.yaml b/charts/magistrala/templates/timescale-reader-deployment.yaml deleted file mode 100644 index 5c2ae8b0..00000000 --- a/charts/magistrala/templates/timescale-reader-deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.timescaledb.reader.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-timescaledb-reader -spec: - selector: - matchLabels: - app: {{ .Release.Name }} - component: timescaledb-reader - template: - metadata: - labels: - app: {{ .Release.Name }} - component: timescaledb-reader - spec: - {{- with (default .Values.defaults.image.pullSecrets .Values.timescaledb.reader.image.pullSecrets) }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - dnsPolicy: ClusterFirst - restartPolicy: Always - containers: - - name: {{ .Release.Name }}-timescaledb-reader - image: "{{ default (printf "%s/timescale-reader" .Values.defaults.image.rootRepository) .Values.timescaledb.reader.image.repository }}:{{ default .Values.defaults.image.tag .Values.timescaledb.reader.image.tag }}" - imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.timescaledb.reader.image.pullPolicy }} - env: - - name: MG_JAEGER_URL - value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO - value: {{ default .Values.defaults.jaegerTraceRatio .Values.timescaledb.reader.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY - value: {{ default .Values.defaults.sendTelemetry .Values.timescaledb.reader.sendTelemetry | quote }} - - name: MG_ES_URL - value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_TIMESCALE_READER_LOG_LEVEL - value: {{ default .Values.defaults.logLevel .Values.timescaledb.reader.logLevel | quote }} - - name: MG_TIMESCALE_READER_HTTP_HOST - value: "0.0.0.0" - - name: MG_TIMESCALE_READER_HTTP_PORT - value: {{ .Values.timescaledb.reader.http.port | quote }} - - name: MG_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} - - name: MG_THINGS_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.things.authGrpcPort }} - - name: MG_TIMESCALE_HOST - {{- if .Values.timescaledb.enabled }} - value: "{{ .Release.Name }}-timescaledb" - {{- else }} - value: {{ .Values.timescaledb.host | quote }} - {{- end }} - - name: MG_TIMESCALE_PORT - value: {{ .Values.timescaledb.port | quote }} - - name: MG_TIMESCALE_USER - value: {{ .Values.timescaledb.username | quote }} - - name: MG_TIMESCALE_PASS - value: {{ .Values.timescaledb.password | quote }} - - name: MG_TIMESCALE_NAME - value: {{ .Values.timescaledb.database | quote }} - ports: - - containerPort: {{ .Values.timescaledb.reader.http.port }} - protocol: TCP - {{- with .Values.timescaledb.reader.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.timescaledb.reader.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.timescaledb.reader.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} - diff --git a/charts/magistrala/templates/timescale-writer-deployment.yaml b/charts/magistrala/templates/timescale-writer-deployment.yaml deleted file mode 100644 index 7d9c0cc0..00000000 --- a/charts/magistrala/templates/timescale-writer-deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.timescaledb.writer.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-timescaledb-writer-config -data: - subjects.toml: | - # If you want to listen on all subjects, just pass one element ["channels.>"], otherwise - # pass the list of subjects (e.g ["channels.", "channels..sub.topic.x", ...]). - [subjects] - filter = ["channels.>"] ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-timescaledb-writer -spec: - selector: - matchLabels: - app: {{ .Release.Name }} - component: timescaledb-writer - template: - metadata: - labels: - app: {{ .Release.Name }} - component: timescaledb-writer - spec: - {{- with (default .Values.defaults.image.pullSecrets .Values.timescaledb.writer.image.pullSecrets) }} - imagePullSecrets: - {{- toYaml . | nindent 12 }} - {{- end }} - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - configMap: - defaultMode: 256 - name: {{ .Release.Name }}-timescaledb-writer-config - optional: false - name: timescaledb-writer-config - containers: - - name: {{ .Release.Name }}-timescaledb-writer - image: "{{ default (printf "%s/timescale-writer" .Values.defaults.image.rootRepository) .Values.timescaledb.writer.image.repository }}:{{ default .Values.defaults.image.tag .Values.timescaledb.writer.image.tag }}" - imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.timescaledb.writer.image.pullPolicy }} - env: - - name: MG_JAEGER_URL - value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO - value: {{ default .Values.defaults.jaegerTraceRatio .Values.timescaledb.writer.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY - value: {{ default .Values.defaults.sendTelemetry .Values.timescaledb.writer.sendTelemetry | quote }} - - name: MG_ES_URL - value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_TIMESCALE_WRITER_LOG_LEVEL - value: {{ default .Values.defaults.logLevel .Values.timescaledb.writer.logLevel | quote }} - - name: MG_TIMESCALE_WRITER_HTTP_HOST - value: "0.0.0.0" - - name: MG_TIMESCALE_WRITER_HTTP_PORT - value: {{ .Values.timescaledb.writer.http.port | quote }} - - name: MG_TIMESCALE_WRITER_CONFIG_PATH - value: "/config/subjects.toml" - - name: MG_MESSAGE_BROKER_URL - value: "nats://{{ .Release.Name }}-nats:{{ .Values.defaults.natsPort }}" - - name: MG_TIMESCALE_HOST - {{- if .Values.timescaledb.enabled }} - value: "{{ .Release.Name }}-timescaledb" - {{- else }} - value: {{ .Values.timescaledb.host | quote }} - {{- end }} - - name: MG_TIMESCALE_PORT - value: {{ .Values.timescaledb.port | quote }} - - name: MG_TIMESCALE_USER - value: {{ .Values.timescaledb.username | quote }} - - name: MG_TIMESCALE_PASS - value: {{ .Values.timescaledb.password | quote }} - - name: MG_TIMESCALE_NAME - value: {{ .Values.timescaledb.database | quote }} - ports: - - containerPort: {{ .Values.timescaledb.writer.http.port }} - protocol: TCP - volumeMounts: - - mountPath: /config/subjects.toml - name: timescaledb-writer-config - subPath: subjects.toml - {{- with .Values.timescaledb.writer.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.timescaledb.writer.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.timescaledb.writer.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/magistrala/templates/timescale-writer-service.yaml b/charts/magistrala/templates/timescale-writer-service.yaml deleted file mode 100644 index 23a6b90e..00000000 --- a/charts/magistrala/templates/timescale-writer-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) Abstract Machines -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.timescaledb.writer.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-timescaledb-writer -spec: - selector: - app: {{ .Release.Name }} - component: timescaledb-writer - ports: - - port: {{ .Values.timescaledb.writer.http.port }} - protocol: TCP - name: {{ .Release.Name }}-timescaledb-writer-{{ .Values.timescaledb.writer.http.port }} -{{- end }} diff --git a/charts/magistrala/.helmignore b/charts/supermq/.helmignore similarity index 100% rename from charts/magistrala/.helmignore rename to charts/supermq/.helmignore diff --git a/charts/magistrala/Chart.lock b/charts/supermq/Chart.lock similarity index 73% rename from charts/magistrala/Chart.lock rename to charts/supermq/Chart.lock index 8af33910..ab4987eb 100644 --- a/charts/magistrala/Chart.lock +++ b/charts/supermq/Chart.lock @@ -4,7 +4,7 @@ dependencies: version: 1.2.1 - name: jaeger repository: https://jaegertracing.github.io/helm-charts - version: 3.1.1 + version: 3.4.0 - name: postgresql repository: https://charts.bitnami.com/bitnami version: 12.5.6 @@ -41,5 +41,14 @@ dependencies: - name: vault repository: https://helm.releases.hashicorp.com version: 0.28.1 -digest: sha256:9b98511c690b0f1f61f58130390537b9b02727bd1f190d6e334ef9c60d0bc82c -generated: "2024-08-01T23:25:55.078828535+05:30" +- name: grafana + repository: https://grafana.github.io/helm-charts + version: 8.9.0 +- name: prometheus + repository: https://prometheus-community.github.io/helm-charts + version: 27.3.0 +- name: fluent-bit + repository: https://fluent.github.io/helm-charts + version: 0.48.5 +digest: sha256:4a68d2f63dcda502e72d036840699995c9697ac96a661b73aa6dd56ddaa84210 +generated: "2025-02-19T16:16:19.604558063+03:00" diff --git a/charts/magistrala/Chart.yaml b/charts/supermq/Chart.yaml similarity index 63% rename from charts/magistrala/Chart.yaml rename to charts/supermq/Chart.yaml index 47b546bf..b1431ce9 100644 --- a/charts/magistrala/Chart.yaml +++ b/charts/supermq/Chart.yaml @@ -2,15 +2,15 @@ # SPDX-License-Identifier: Apache-2.0 apiVersion: v2 -name: magistrala -description: Magistrala IoT Platform +name: Supermq +description: Event-driven Infrastructure for Modern Cloud icon: https://avatars1.githubusercontent.com/u/13207490 type: application -version: 0.14.2 # Incremented chart version if the chart is updated -appVersion: "0.14.0" # Update application version if the app is updated -home: https://abstractmachines.fr/magistrala.html +version: 0.16.0 +appVersion: "0.16.0" +home: https://abstractmachines.fr/supermq.html sources: - - https://hub.docker.com/u/magistrala + - https://hub.docker.com/u/supermq maintainers: - name: drasko email: drasko.draskovic@abstractmachines.fr @@ -23,7 +23,7 @@ dependencies: repository: "@nats" - name: jaeger - version: "3.1.1" + version: "3.4.0" repository: "@jaegertracing" - name: postgresql @@ -41,44 +41,44 @@ dependencies: - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: postgresqlthings - condition: postgresqlthings.enabled + alias: postgresqlchannels + condition: postgresqlchannels.enabled - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: postgresqlusers - condition: postgresqlusers.enabled + alias: postgresqlclients + condition: postgresqlclients.enabled - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: postgresqlbootstrap - condition: postgresqlbootstrap.enabled + alias: postgresqldomains + condition: postgresqldomains.enabled - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: postgresqlcerts - condition: postgresqlcerts.enabled + alias: postgresqlgroups + condition: postgresqlgroups.enabled - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: postgresqlinvitations - condition: postgresqlinvitations.enabled + alias: postgresqlusers + condition: postgresqlusers.enabled - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: postgresqljournal - condition: postgresqljournal.enabled + alias: postgresqlcerts + condition: postgresqlcerts.enabled - name: postgresql version: "12.5.6" repository: "@bitnami" - alias: timescaledb - condition: timescaledb.enabled + alias: postgresqljournal + condition: postgresqljournal.enabled - name: postgresql version: "12.5.6" @@ -89,10 +89,28 @@ dependencies: - name: redis version: "19.6.2" repository: "@bitnami" - alias: redis-things + alias: redis-clients - name: vault version: "0.28.1" repository: "@hashicorp" alias: "vault" condition: vault.enabled + + - name: grafana + version: "8.9.0" + repository: "https://grafana.github.io/helm-charts" + alias: grafana + condition: grafana.enabled + + - name: prometheus + version: "27.3.0" + repository: "https://prometheus-community.github.io/helm-charts" + alias: prometheus + condition: prometheus.enabled + + - name: fluent-bit + version: "0.48.5" + repository: "https://fluent.github.io/helm-charts" + alias: fluent-bit + condition: fluent-bit.enabled diff --git a/charts/supermq/README.md b/charts/supermq/README.md new file mode 100644 index 00000000..f7b75ae0 --- /dev/null +++ b/charts/supermq/README.md @@ -0,0 +1,452 @@ +# Supermq + +Event-driven Infrastructure for Modern Cloud + +![Version: 0.16.0](https://img.shields.io/badge/Version-0.16.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.16.0](https://img.shields.io/badge/AppVersion-0.16.0-informational?style=flat-square) + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| drasko | | | +| dusan | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| @bitnami | postgresqlusers(postgresql) | 12.5.6 | +| @bitnami | postgresqlchannels(postgresql) | 12.5.6 | +| @bitnami | postgresqlui(postgresql) | 12.5.6 | +| @bitnami | postgresqlspicedb(postgresql) | 12.5.6 | +| @bitnami | postgresqlcerts(postgresql) | 12.5.6 | +| @bitnami | postgresqlclients(postgresql) | 12.5.6 | +| @bitnami | postgresqldomains(postgresql) | 12.5.6 | +| @bitnami | postgresqljournal(postgresql) | 12.5.6 | +| @bitnami | postgresqlauth(postgresql) | 12.5.6 | +| @bitnami | postgresqlgroups(postgresql) | 12.5.6 | +| @bitnami | redis-clients(redis) | 19.6.2 | +| @hashicorp | vault(vault) | 0.28.1 | +| @jaegertracing | jaeger | 3.1.1 | +| @nats | nats | 1.2.1 | +| https://fluent.github.io/helm-charts | fluent-bit(fluent-bit) | 0.48.5 | +| https://grafana.github.io/helm-charts | grafana(grafana) | 8.9.0 | +| https://prometheus-community.github.io/helm-charts | prometheus(prometheus) | 27.3.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| adapter_coap.image | object | `{}` | | +| adapter_coap.jaegerTraceRatio | float | `1` | | +| adapter_coap.port | int | `5683` | | +| adapter_coap.sendTelemetry | bool | `true` | | +| adapter_http.httpPort | int | `8008` | | +| adapter_http.image | object | `{}` | | +| adapter_ws.httpPort | int | `8186` | | +| adapter_ws.image | object | `{}` | | +| auth.accessTokenDuration | string | `"1h"` | | +| auth.adminEmail | string | `"admin@example.com"` | | +| auth.adminPassword | string | `"12345678"` | | +| auth.affinity | object | `{}` | | +| auth.grpcClientCert | string | `"./ssl/certs/auth-grpc-client.crt"` | | +| auth.grpcClientKey | string | `"./ssl/certs/auth-grpc-client.key"` | | +| auth.grpcPort | int | `7001` | | +| auth.grpcTimeout | string | `"300s"` | | +| auth.httpPort | int | `9001` | | +| auth.image | object | `{}` | | +| auth.nodeSelector | object | `{}` | | +| auth.refreshTokenDuration | string | `"24h"` | | +| auth.secretKey | string | `"supersecret"` | | +| auth.tolerations | object | `{}` | | +| certs.enabled | bool | `true` | | +| certs.httpPort | int | `9019` | | +| certs.image | object | `{}` | | +| certs.logLevel | string | `"error"` | | +| certs.sdkCertsUrl | string | `"${SMQ_CERTS_SDK_HOST}:9010"` | | +| certs.sdkHost | string | `"http://supermq-am-certs"` | | +| certs.sdkTlsVerification | string | `"false"` | | +| certs.signCAKeyPath | string | `"/etc/ssl/certs/ca.key"` | | +| certs.signCAPath | string | `"/etc/ssl/certs/ca.crt"` | | +| certs.vault.approleRoleid | string | `"supermq"` | | +| certs.vault.approleSecret | string | `"supermq"` | | +| certs.vault.namespace | string | `"supermq"` | | +| certs.vault.thingsCertsPkiPath | string | `"pki_int"` | | +| certs.vault.thingsCertsPkiRoleName | string | `"supermq_things_certs"` | | +| certs.vault.url | string | `"http://supermq-vault:8200"` | | +| channels.grpcClientCaCerts | string | `"./ssl/certs/ca.crt"` | | +| channels.grpcClientCert | string | `"./ssl/certs/channels-grpc-client.crt"` | | +| channels.grpcClientKey | string | `"./ssl/certs/channels-grpc-client.key"` | | +| channels.grpcPort | int | `7005` | | +| channels.grpcServerCert | string | `"./ssl/certs/channels-grpc-server.crt"` | | +| channels.grpcServerKey | string | `"./ssl/certs/channels-grpc-server.key"` | | +| channels.grpcTimeout | string | `"1s"` | | +| channels.httpPort | int | `9005` | | +| channels.image | object | `{}` | | +| clients.authGrpcPort | int | `7006` | | +| clients.authHttpPort | int | `9001` | | +| clients.cacheKeyduration | string | `"10m"` | | +| clients.grpcClientCert | string | `"./ssl/certs/clients-grpc-client.crt"` | | +| clients.grpcClientKey | string | `"./ssl/certs/clients-grpc-client.key"` | | +| clients.grpcTimeout | string | `"1s"` | | +| clients.httpPort | int | `9006` | | +| clients.image | object | `{}` | | +| clients.redisCachePort | int | `6379` | | +| clients.redisESPort | int | `6379` | | +| defaults.eventStreamURL | string | `"supermq-nats:4222"` | | +| defaults.image.pullPolicy | string | `"IfNotPresent"` | | +| defaults.image.rootRepository | string | `"supermq"` | | +| defaults.image.tag | string | `"latest"` | | +| defaults.jaegerCollectorPort | int | `4318` | | +| defaults.jaegerTraceRatio | float | `1` | | +| defaults.logLevel | string | `"error"` | | +| defaults.natsPort | int | `4222` | | +| defaults.replicaCount | int | `3` | | +| defaults.sendTelemetry | bool | `true` | | +| domains.cacheKeyduration | string | `"10m"` | | +| domains.grpcClientCaCerts | string | `"./ssl/certs/ca.crt"` | | +| domains.grpcClientCert | string | `"./ssl/certs/domains-grpc-client.crt"` | | +| domains.grpcPort | int | `7003` | | +| domains.grpcTimeout | string | `"300s"` | | +| domains.httpPort | int | `9003` | | +| domains.image | object | `{}` | | +| domains.redisTCPPort | int | `6379` | | +| envoy.image.pullPolicy | string | `"IfNotPresent"` | | +| envoy.image.repository | string | `"envoyproxy/envoy"` | | +| envoy.image.tag | string | `"v1.31-latest"` | | +| fluent-bit.config.filters | string | `"[FILTER]\n Name kubernetes\n Match kube.*\n k8s-logging.exclude off\n Buffer_Size 256k\n"` | | +| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Read_from_head true\n Tag kube.*\n"` | | +| fluent-bit.config.outputs | string | `"[OUTPUT]\n Name loki\n Match *\n Host supermq-loki.loki\n Port 3100\n Uri /loki/api/v1/push\n Labels job=fluent-bit\n Label_Keys $kubernetes['namespace_name'], $kubernetes['pod_name']\n Line_Format json\n Auto_Kubernetes_Labels off\n"` | | +| fluent-bit.enabled | bool | `true` | | +| fluent-bit.resources | object | `{}` | | +| fluent-bit.serviceAccount.create | bool | `true` | | +| grafana.adminPassword | string | `"12345678"` | | +| grafana.adminUser | string | `"admin"` | | +| grafana.datasources."datasources.yaml".apiVersion | int | `1` | | +| grafana.datasources."datasources.yaml".datasources[0].access | string | `"proxy"` | | +| grafana.datasources."datasources.yaml".datasources[0].isDefault | bool | `true` | | +| grafana.datasources."datasources.yaml".datasources[0].name | string | `"Prometheus"` | | +| grafana.datasources."datasources.yaml".datasources[0].type | string | `"prometheus"` | | +| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://supermq-prometheus-server:9200"` | | +| grafana.datasources."datasources.yaml".datasources[1].access | string | `"proxy"` | | +| grafana.datasources."datasources.yaml".datasources[1].isDefault | bool | `false` | | +| grafana.datasources."datasources.yaml".datasources[1].name | string | `"Loki"` | | +| grafana.datasources."datasources.yaml".datasources[1].type | string | `"loki"` | | +| grafana.datasources."datasources.yaml".datasources[1].url | string | `"http://supermq-loki.loki:3100"` | | +| grafana.enabled | bool | `true` | | +| grafana.service.type | string | `"LoadBalancer"` | | +| groups.grpcClientCaCerts | string | `"./ssl/certs/ca.crt"` | | +| groups.grpcClientCert | string | `"./ssl/certs/groups-grpc-client.crt"` | | +| groups.grpcClientKey | string | `"./ssl/certs/groups-grpc-client.key"` | | +| groups.grpcPort | int | `7004` | | +| groups.grpcServerCert | string | `"./ssl/certs/groups-grpc-server.crt"` | | +| groups.grpcServerKey | string | `"./ssl/certs/groups-grpc-server.key"` | | +| groups.grpcTimeout | string | `"300s"` | | +| groups.httpPort | int | `9004` | | +| groups.image | object | `{}` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `true` | | +| ingress.labels | object | `{}` | | +| jaeger.agent.enabled | bool | `false` | | +| jaeger.allInOne.enabled | bool | `false` | | +| jaeger.cassandra.persistence.accessModes[0] | string | `"ReadWriteOnce"` | | +| jaeger.cassandra.persistence.enabled | bool | `true` | | +| jaeger.cassandra.persistence.size | string | `"10Gi"` | | +| jaeger.cassandra.persistence.storageClass | string | `"do-block-storage"` | | +| jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | | +| jaeger.collector.service.otlp.grpc.port | int | `4317` | | +| jaeger.collector.service.otlp.http.name | string | `"otlp-http"` | | +| jaeger.collector.service.otlp.http.port | int | `4318` | | +| jaeger.fullnameOverride | string | `"supermq-jaeger"` | | +| jaeger.provisionDataStore.cassandra | bool | `true` | | +| jaeger.storage.type | string | `"cassandra"` | | +| journal.enabled | bool | `true` | | +| journal.httpPort | int | `9021` | | +| journal.image | object | `{}` | | +| mqtt.adapter.forwarderTimeout | string | `"30s"` | | +| mqtt.adapter.image.pullSecrets | object | `{}` | | +| mqtt.adapter.logLevel | string | `"error"` | | +| mqtt.adapter.mqttPort | int | `1884` | | +| mqtt.adapter.qos | string | `"2"` | | +| mqtt.adapter.wsPort | int | `8081` | | +| mqtt.broker.image.repository | string | `"supermq/vernemq"` | | +| mqtt.broker.logLevel | string | `"error"` | | +| mqtt.broker.mqttPort | int | `1883` | | +| mqtt.broker.persistentVolume.size | string | `"5Gi"` | | +| mqtt.broker.wsPort | int | `8080` | | +| mqtt.enabled | bool | `true` | | +| mqtt.redisCachePort | int | `6379` | | +| mqtt.redisESPort | int | `6379` | | +| mqtt.securityContext.fsGroup | int | `10000` | | +| mqtt.securityContext.runAsGroup | int | `10000` | | +| mqtt.securityContext.runAsUser | int | `10000` | | +| nats.config.cluster.enabled | bool | `false` | | +| nats.config.cluster.replicas | int | `3` | | +| nats.config.jetstream.enabled | bool | `true` | | +| nats.config.jetstream.fileStore.enabled | bool | `true` | | +| nats.config.jetstream.fileStore.pvc.enabled | bool | `true` | | +| nats.config.jetstream.memoryStore.enabled | bool | `true` | | +| nats.config.jetstream.memoryStore.maxSize | string | `"2Gi"` | | +| nginxInternal.image.pullPolicy | string | `"IfNotPresent"` | | +| nginxInternal.image.repository | string | `"nginx"` | | +| nginxInternal.image.tag | string | `"1.19.1-alpine"` | | +| nginxInternal.mtls.intermediateCrt | string | `""` | | +| nginxInternal.mtls.tls | string | `""` | | +| postgresqlauth.database | string | `"auth"` | | +| postgresqlauth.enabled | bool | `true` | | +| postgresqlauth.global.postgresql.auth.database | string | `"auth"` | | +| postgresqlauth.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlauth.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlauth.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlauth.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlauth.host | string | `"postgresql-auth"` | | +| postgresqlauth.name | string | `"postgresql-auth"` | | +| postgresqlauth.password | string | `"supermq"` | | +| postgresqlauth.port | int | `5432` | | +| postgresqlauth.username | string | `"supermq"` | | +| postgresqlcerts.database | string | `"certs"` | | +| postgresqlcerts.enabled | bool | `true` | | +| postgresqlcerts.global.postgresql.auth.database | string | `"certs"` | | +| postgresqlcerts.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlcerts.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlcerts.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlcerts.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlcerts.host | string | `"postgresql-certs"` | | +| postgresqlcerts.name | string | `"postgresql-certs"` | | +| postgresqlcerts.password | string | `"supermq"` | | +| postgresqlcerts.port | int | `5432` | | +| postgresqlcerts.username | string | `"supermq"` | | +| postgresqlchannels.database | string | `"channels"` | | +| postgresqlchannels.enabled | bool | `true` | | +| postgresqlchannels.global.postgresql.auth.database | string | `"channels"` | | +| postgresqlchannels.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlchannels.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlchannels.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlchannels.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlchannels.host | string | `"channels-db"` | | +| postgresqlchannels.name | string | `"postgresql-channels"` | | +| postgresqlchannels.password | string | `"supermq"` | | +| postgresqlchannels.port | int | `5432` | | +| postgresqlchannels.username | string | `"supermq"` | | +| postgresqlclients.database | string | `"clients"` | | +| postgresqlclients.enabled | bool | `true` | | +| postgresqlclients.global.postgresql.auth.database | string | `"clients"` | | +| postgresqlclients.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlclients.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlclients.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlclients.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlclients.host | string | `"postgresql-clients"` | | +| postgresqlclients.name | string | `"postgresql-clients"` | | +| postgresqlclients.password | string | `"supermq"` | | +| postgresqlclients.port | int | `5432` | | +| postgresqlclients.username | string | `"supermq"` | | +| postgresqldomains.database | string | `"domains"` | | +| postgresqldomains.enabled | bool | `true` | | +| postgresqldomains.global.postgresql.auth.database | string | `"domains"` | | +| postgresqldomains.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqldomains.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqldomains.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqldomains.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqldomains.host | string | `"postgresql-domains"` | | +| postgresqldomains.name | string | `"postgresql-domains"` | | +| postgresqldomains.password | string | `"supermq"` | | +| postgresqldomains.port | int | `5432` | | +| postgresqldomains.username | string | `"supermq"` | | +| postgresqlgroups.database | string | `"groups"` | | +| postgresqlgroups.enabled | bool | `true` | | +| postgresqlgroups.global.postgresql.auth.database | string | `"groups"` | | +| postgresqlgroups.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlgroups.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlgroups.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlgroups.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlgroups.host | string | `"postgresql-groups"` | | +| postgresqlgroups.name | string | `"postgresql-groups"` | | +| postgresqlgroups.password | string | `"supermq"` | | +| postgresqlgroups.port | int | `5432` | | +| postgresqlgroups.username | string | `"supermq"` | | +| postgresqljournal.database | string | `"journal"` | | +| postgresqljournal.enabled | bool | `true` | | +| postgresqljournal.global.postgresql.auth.database | string | `"journal"` | | +| postgresqljournal.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqljournal.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqljournal.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqljournal.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqljournal.host | string | `"postgresql-journal"` | | +| postgresqljournal.name | string | `"postgresql-journal"` | | +| postgresqljournal.password | string | `"supermq"` | | +| postgresqljournal.port | int | `5432` | | +| postgresqljournal.username | string | `"supermq"` | | +| postgresqlspicedb.database | string | `"spicedb"` | | +| postgresqlspicedb.enabled | bool | `true` | | +| postgresqlspicedb.global.postgresql.auth.database | string | `"spicedb"` | | +| postgresqlspicedb.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlspicedb.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlspicedb.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlspicedb.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlspicedb.host | string | `"postgresql-spicedb"` | | +| postgresqlspicedb.name | string | `"postgresql-spicedb"` | | +| postgresqlspicedb.password | string | `"supermq"` | | +| postgresqlspicedb.port | int | `5432` | | +| postgresqlspicedb.username | string | `"supermq"` | | +| postgresqlui.database | string | `"ui"` | | +| postgresqlui.enabled | bool | `true` | | +| postgresqlui.global.postgresql.auth.database | string | `"ui"` | | +| postgresqlui.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlui.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlui.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlui.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlui.host | string | `"postgresql-ui"` | | +| postgresqlui.name | string | `"postgresql-ui"` | | +| postgresqlui.password | string | `"supermq"` | | +| postgresqlui.port | int | `5432` | | +| postgresqlui.username | string | `"supermq"` | | +| postgresqlusers.database | string | `"users"` | | +| postgresqlusers.enabled | bool | `true` | | +| postgresqlusers.global.postgresql.auth.database | string | `"users"` | | +| postgresqlusers.global.postgresql.auth.password | string | `"supermq"` | | +| postgresqlusers.global.postgresql.auth.postgresPassword | string | `"supermq"` | | +| postgresqlusers.global.postgresql.auth.username | string | `"supermq"` | | +| postgresqlusers.global.postgresql.service.ports.postgresql | int | `5432` | | +| postgresqlusers.host | string | `"postgresql-users"` | | +| postgresqlusers.name | string | `"postgresql-users"` | | +| postgresqlusers.password | string | `"supermq"` | | +| postgresqlusers.port | int | `5432` | | +| postgresqlusers.username | string | `"supermq"` | | +| prometheus.alertmanager.enabled | bool | `true` | | +| prometheus.alertmanager.persistence.size | string | `"2Gi"` | | +| prometheus.configmapReload.prometheus.containerPort | int | `8080` | | +| prometheus.configmapReload.prometheus.containerPortName | string | `"metrics"` | | +| prometheus.configmapReload.prometheus.enabled | bool | `true` | | +| prometheus.configmapReload.prometheus.image.pullPolicy | string | `"IfNotPresent"` | | +| prometheus.configmapReload.prometheus.image.repository | string | `"quay.io/prometheus-operator/prometheus-config-reloader"` | | +| prometheus.configmapReload.prometheus.image.tag | string | `"v0.79.2"` | | +| prometheus.configmapReload.prometheus.name | string | `"configmap-reload"` | | +| prometheus.configmapReload.prometheus.resources | object | `{}` | | +| prometheus.enabled | bool | `true` | | +| prometheus.kubeStateMetrics.enabled | bool | `true` | | +| prometheus.nodeExporter.containerPort | int | `9100` | | +| prometheus.nodeExporter.enabled | bool | `true` | | +| prometheus.nodeExporter.extraArgs[0] | string | `"--web.listen-address=0.0.0.0:9100"` | | +| prometheus.nodeExporter.hostNetwork | bool | `true` | | +| prometheus.nodeExporter.hostPID | bool | `true` | | +| prometheus.nodeExporter.hostPort | int | `9100` | | +| prometheus.nodeExporter.image.pullPolicy | string | `"IfNotPresent"` | | +| prometheus.nodeExporter.image.repository | string | `"quay.io/prometheus/node-exporter"` | | +| prometheus.nodeExporter.image.tag | string | `"v1.8.2"` | | +| prometheus.nodeExporter.livenessProbe.httpGet.path | string | `"/metrics"` | | +| prometheus.nodeExporter.livenessProbe.httpGet.port | int | `9100` | | +| prometheus.nodeExporter.livenessProbe.httpGet.scheme | string | `"HTTP"` | | +| prometheus.nodeExporter.livenessProbe.initialDelaySeconds | int | `5` | | +| prometheus.nodeExporter.livenessProbe.periodSeconds | int | `10` | | +| prometheus.nodeExporter.nodeSelector."kubernetes.io/os" | string | `"linux"` | | +| prometheus.nodeExporter.readinessProbe.httpGet.path | string | `"/metrics"` | | +| prometheus.nodeExporter.readinessProbe.httpGet.port | int | `9100` | | +| prometheus.nodeExporter.readinessProbe.httpGet.scheme | string | `"HTTP"` | | +| prometheus.nodeExporter.readinessProbe.initialDelaySeconds | int | `5` | | +| prometheus.nodeExporter.readinessProbe.periodSeconds | int | `10` | | +| prometheus.nodeExporter.service.annotations."prometheus.io/scrape" | string | `"true"` | | +| prometheus.nodeExporter.service.clusterIP | string | `""` | | +| prometheus.nodeExporter.service.enabled | bool | `true` | | +| prometheus.nodeExporter.service.port | int | `9100` | | +| prometheus.nodeExporter.service.servicePort | int | `9100` | | +| prometheus.nodeExporter.service.targetPort | int | `9100` | | +| prometheus.nodeExporter.service.type | string | `"ClusterIP"` | | +| prometheus.nodeExporter.tolerations[0].effect | string | `"NoSchedule"` | | +| prometheus.nodeExporter.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | +| prometheus.nodeExporter.tolerations[0].operator | string | `"Exists"` | | +| prometheus.prometheusPushgateway.enabled | bool | `false` | | +| prometheus.pushgateway.enabled | bool | `false` | | +| prometheus.rbac.create | bool | `true` | | +| prometheus.server.extraFlags[0] | string | `"web.enable-lifecycle"` | | +| prometheus.server.image.pullPolicy | string | `"IfNotPresent"` | | +| prometheus.server.image.repository | string | `"quay.io/prometheus/prometheus"` | | +| prometheus.server.image.tag | string | `""` | | +| prometheus.server.ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | +| prometheus.server.ingress.enabled | bool | `true` | | +| prometheus.server.ingress.hosts[0] | string | `"prometheus.example.com"` | | +| prometheus.server.ingress.ingressClassName | string | `"nginx"` | | +| prometheus.server.livenessProbe.httpGet.path | string | `"/-/healthy"` | | +| prometheus.server.livenessProbe.httpGet.port | int | `9090` | | +| prometheus.server.livenessProbe.httpGet.scheme | string | `"HTTP"` | | +| prometheus.server.livenessProbe.initialDelaySeconds | int | `30` | | +| prometheus.server.livenessProbe.timeoutSeconds | int | `5` | | +| prometheus.server.name | string | `"server"` | | +| prometheus.server.persistentVolume.accessModes[0] | string | `"ReadWriteOnce"` | | +| prometheus.server.persistentVolume.enabled | bool | `true` | | +| prometheus.server.persistentVolume.mountPath | string | `"/data"` | | +| prometheus.server.persistentVolume.size | string | `"8Gi"` | | +| prometheus.server.persistentVolume.storageClass | string | `"do-block-storage"` | | +| prometheus.server.readinessProbe.httpGet.path | string | `"/-/ready"` | | +| prometheus.server.readinessProbe.httpGet.port | int | `9090` | | +| prometheus.server.readinessProbe.httpGet.scheme | string | `"HTTP"` | | +| prometheus.server.readinessProbe.initialDelaySeconds | int | `5` | | +| prometheus.server.readinessProbe.timeoutSeconds | int | `5` | | +| prometheus.server.resources | object | `{}` | | +| prometheus.server.securityContext.fsGroup | int | `65534` | | +| prometheus.server.securityContext.runAsGroup | int | `65534` | | +| prometheus.server.securityContext.runAsNonRoot | bool | `true` | | +| prometheus.server.securityContext.runAsUser | int | `65534` | | +| prometheus.server.service.annotations."prometheus.io/scrape" | string | `"true"` | | +| prometheus.server.service.clusterIP | string | `""` | | +| prometheus.server.service.enabled | bool | `true` | | +| prometheus.server.service.port | int | `9200` | | +| prometheus.server.service.portName | string | `"metrics"` | | +| prometheus.server.service.servicePort | int | `9200` | | +| prometheus.server.service.targetPort | int | `9090` | | +| prometheus.server.service.type | string | `"ClusterIP"` | | +| prometheus.serviceAccounts.server.annotations | object | `{}` | | +| prometheus.serviceAccounts.server.automountServiceAccountToken | bool | `true` | | +| prometheus.serviceAccounts.server.create | bool | `true` | | +| prometheus.serviceAccounts.server.name | string | `""` | | +| redis-clients.cluster.enabled | bool | `false` | | +| redis-clients.usePassword | bool | `false` | | +| redis-clients.volumePermissions.enabled | bool | `true` | | +| spicedb.affinity | object | `{}` | | +| spicedb.datastore.engine | string | `"postgres"` | | +| spicedb.dispatch.enabled | bool | `false` | | +| spicedb.dispatch.port | int | `50053` | | +| spicedb.grpc.port | int | `50051` | | +| spicedb.grpc.presharedKey | string | `"12345678"` | | +| spicedb.http.enabled | bool | `false` | | +| spicedb.http.port | int | `8443` | | +| spicedb.image.pullSecrets | object | `{}` | | +| spicedb.image.repository | string | `"authzed/spicedb"` | | +| spicedb.image.tag | string | `"latest"` | | +| spicedb.metrics.enabled | bool | `true` | | +| spicedb.metrics.port | int | `9090` | | +| spicedb.nodeSelector | object | `{}` | | +| spicedb.tolerations | object | `{}` | | +| ui.blockKey | string | `"UtgZjr92jwRY6SPUndHXiyl9QY8qTUyZ"` | | +| ui.contentType | string | `"application/senml+json"` | | +| ui.enabled | bool | `true` | | +| ui.googleClientID | string | `""` | | +| ui.googleClientSecret | string | `""` | | +| ui.googleRedirectHostname | string | `"https://stage-domain-name"` | | +| ui.googleRedirectPath | string | `"/oauth/callback/google"` | | +| ui.googleState | string | `"somerandomstring"` | | +| ui.hashKey | string | `"5jx4x2Qg9OUmzpP5dbveWQ"` | | +| ui.image | object | `{}` | | +| ui.pathPrefix | string | `"/ui"` | | +| ui.port | int | `9095` | | +| users.accessTokenDuration | string | `"15m"` | | +| users.admin.email | string | `"admin@example.com"` | | +| users.admin.firstname | string | `"super"` | | +| users.admin.lastname | string | `"admin"` | | +| users.admin.password | string | `"12345678"` | | +| users.admin.username | string | `"admin"` | | +| users.allowSelfRegister | bool | `true` | | +| users.deleteAfter | string | `"720h"` | | +| users.deleteInterval | string | `"24h"` | | +| users.httpPort | int | `9002` | | +| users.image | object | `{}` | | +| users.passwordRegex | string | `"^.{8,}$"` | | +| users.refreshTokenDuration | string | `"24h"` | | +| users.secretKey | string | `"supersecret"` | | +| users.tokenResetEndpoint | string | `"/reset-request"` | | +| vault.enabled | bool | `false` | | diff --git a/charts/magistrala/README.md.gotmpl b/charts/supermq/README.md.gotmpl similarity index 100% rename from charts/magistrala/README.md.gotmpl rename to charts/supermq/README.md.gotmpl diff --git a/charts/magistrala/charts/.gitignore b/charts/supermq/charts/.gitignore similarity index 100% rename from charts/magistrala/charts/.gitignore rename to charts/supermq/charts/.gitignore diff --git a/charts/supermq/loki-override.yaml b/charts/supermq/loki-override.yaml new file mode 100644 index 00000000..73ff13bf --- /dev/null +++ b/charts/supermq/loki-override.yaml @@ -0,0 +1,70 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +loki: + enabled: true + auth_enabled: false + storage: + bucketNames: + chunks: loki-migration + ruler: loki-migration + admin: loki-migration + type: filesystem + filesystem: + chunks_directory: /var/loki/chunks + rules_directory: /var/loki/rules + admin_api_directory: /var/loki/admin + commonConfig: + path_prefix: /var/loki + replication_factor: 1 + schemaConfig: + configs: + - from: "2024-04-01" + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: loki_index_ + period: 24h + pattern_ingester: + enabled: true + limits_config: + allow_structured_metadata: true + volume_enabled: true + ruler: + enable_api: true + +deploymentMode: SingleBinary + +singleBinary: + replicas: 1 + targetModule: "all" + persistence: + enabled: true + size: 10Gi + storageClass: "do-block-storage" + enableStatefulSetAutoDeletePVC: true + +# Disable other deployment modes +gateway: + enabled: false +backend: + replicas: 0 +read: + replicas: 0 +write: + replicas: 0 +ingester: + replicas: 0 +querier: + replicas: 0 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 +distributor: + replicas: 0 +compactor: + replicas: 0 +indexGateway: + replicas: 0 diff --git a/charts/magistrala/secrets/.gitignore b/charts/supermq/secrets/.gitignore similarity index 100% rename from charts/magistrala/secrets/.gitignore rename to charts/supermq/secrets/.gitignore diff --git a/charts/magistrala/secrets/secrets.sh b/charts/supermq/secrets/secrets.sh similarity index 100% rename from charts/magistrala/secrets/secrets.sh rename to charts/supermq/secrets/secrets.sh diff --git a/charts/magistrala/templates/_helpers.tpl b/charts/supermq/templates/_helpers.tpl similarity index 69% rename from charts/magistrala/templates/_helpers.tpl rename to charts/supermq/templates/_helpers.tpl index 528a102c..829b2cab 100644 --- a/charts/magistrala/templates/_helpers.tpl +++ b/charts/supermq/templates/_helpers.tpl @@ -2,11 +2,11 @@ Copyright (c) Abstract Machines SPDX-License-Identifier: Apache-2.0 */ -}} -{{- define "magistrala.name" -}} +{{- define "supermq.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "magistrala.fullname" -}} +{{- define "supermq.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -19,10 +19,10 @@ SPDX-License-Identifier: Apache-2.0 {{- end -}} {{- end -}} -{{- define "magistrala.gen-certs" -}} -{{- $altNames := list ( printf "%s.%s" (include "magistrala.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "magistrala.name" .) .Release.Namespace ) -}} -{{- $ca := genCA "magistrala-ca" 365 -}} -{{- $cert := genSignedCert ( include "magistrala.name" . ) nil $altNames 365 $ca -}} +{{- define "supermq.gen-certs" -}} +{{- $altNames := list ( printf "%s.%s" (include "supermq.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "supermq.name" .) .Release.Namespace ) -}} +{{- $ca := genCA "supermq-ca" 365 -}} +{{- $cert := genSignedCert ( include "supermq.name" . ) nil $altNames 365 $ca -}} tls.crt: {{ $cert.Cert | b64enc }} tls.key: {{ $cert.Key | b64enc }} {{- end -}} diff --git a/charts/magistrala/templates/adapter_coap-deployment.yaml b/charts/supermq/templates/adapter_coap-deployment.yaml similarity index 66% rename from charts/magistrala/templates/adapter_coap-deployment.yaml rename to charts/supermq/templates/adapter_coap-deployment.yaml index ab9a3cea..4bd8ccbb 100644 --- a/charts/magistrala/templates/adapter_coap-deployment.yaml +++ b/charts/supermq/templates/adapter_coap-deployment.yaml @@ -31,22 +31,34 @@ spec: image: "{{ default (printf "%s/coap" .Values.defaults.image.rootRepository) .Values.adapter_coap.image.repository }}:{{ default .Values.defaults.image.tag .Values.adapter_coap.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.adapter_coap.image.pullPolicy }} env: - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" - - name: MG_MESSAGE_BROKER_URL + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.adapter_coap.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.adapter_coap.sendTelemetry | quote }} + - name: SMQ_MESSAGE_BROKER_URL value: nats://{{ .Release.Name }}-nats:{{ .Values.defaults.natsPort }} - - name: MG_THINGS_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.things.authGrpcPort }} - - name: MG_COAP_ADAPTER_LOG_LEVEL + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name: SMQ_COAP_ADAPTER_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.adapter_coap.logLevel | quote }} - - name: MG_COAP_ADAPTER_HTTP_HOST + - name: SMQ_COAP_ADAPTER_HTTP_HOST value: "0.0.0.0" - - name: MG_COAP_ADAPTER_HTTP_PORT + - name: SMQ_COAP_ADAPTER_HTTP_PORT value: {{ .Values.adapter_coap.port | quote }} - - name: MG_COAP_ADAPTER_HOST + - name: SMQ_COAP_ADAPTER_HOST value: "0.0.0.0" - - name: MG_COAP_ADAPTER_PORT + - name: SMQ_COAP_ADAPTER_PORT value: {{ .Values.adapter_coap.port | quote }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} ports: - containerPort: {{ .Values.adapter_coap.port }} protocol: UDP diff --git a/charts/magistrala/templates/adapter_coap-service.yaml b/charts/supermq/templates/adapter_coap-service.yaml similarity index 100% rename from charts/magistrala/templates/adapter_coap-service.yaml rename to charts/supermq/templates/adapter_coap-service.yaml diff --git a/charts/magistrala/templates/adapter_http-deployment.yaml b/charts/supermq/templates/adapter_http-deployment.yaml similarity index 61% rename from charts/magistrala/templates/adapter_http-deployment.yaml rename to charts/supermq/templates/adapter_http-deployment.yaml index cc15e6c7..7bbd1a6c 100644 --- a/charts/magistrala/templates/adapter_http-deployment.yaml +++ b/charts/supermq/templates/adapter_http-deployment.yaml @@ -31,18 +31,34 @@ spec: image: "{{ default (printf "%s/http" .Values.defaults.image.rootRepository) .Values.adapter_http.image.repository }}:{{ default .Values.defaults.image.tag .Values.adapter_http.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.adapter_http.image.pullPolicy }} env: - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" - - name: MG_HTTP_ADAPTER_LOG_LEVEL + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.users.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.users.sendTelemetry | quote }} + - name: SMQ_HTTP_ADAPTER_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.adapter_http.logLevel | quote }} - - name: MG_HTTP_ADAPTER_HOST + - name: SMQ_HTTP_ADAPTER_HOST value: "0.0.0.0" - - name: MG_HTTP_ADAPTER_PORT + - name: SMQ_HTTP_ADAPTER_PORT value: {{ .Values.adapter_http.httpPort | quote }} - - name: MG_MESSAGE_BROKER_URL + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name : SMQ_AUTH_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_MESSAGE_BROKER_URL value: nats://{{ .Release.Name }}-nats:{{ .Values.defaults.natsPort }} - - name: MG_THINGS_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.things.authGrpcPort }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} ports: - containerPort: {{ .Values.adapter_http.httpPort }} protocol: TCP diff --git a/charts/magistrala/templates/adapter_http-service.yaml b/charts/supermq/templates/adapter_http-service.yaml similarity index 100% rename from charts/magistrala/templates/adapter_http-service.yaml rename to charts/supermq/templates/adapter_http-service.yaml diff --git a/charts/magistrala/templates/adapter_mqtt-statefulstet.yaml b/charts/supermq/templates/adapter_mqtt-statefulstet.yaml similarity index 80% rename from charts/magistrala/templates/adapter_mqtt-statefulstet.yaml rename to charts/supermq/templates/adapter_mqtt-statefulstet.yaml index 4333c9c5..98d9a91c 100644 --- a/charts/magistrala/templates/adapter_mqtt-statefulstet.yaml +++ b/charts/supermq/templates/adapter_mqtt-statefulstet.yaml @@ -71,19 +71,19 @@ spec: - name: data mountPath: /vernemq/data env: - - name: MG_MQTT_ADAPTER_LOG_LEVEL + - name: SMQ_MQTT_ADAPTER_LOG_LEVEL value: {{ .Values.mqtt.broker.logLevel }} - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - - name: MG_MQTT_INSTANCE_ID + - name: SMQ_MQTT_INSTANCE_ID valueFrom: fieldRef: fieldPath: metadata.name - name: DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL value: {{ default .Values.defaults.logLevel .Values.mqtt.broker.logLevel }} - - name: MG_MQTT_VERNEMQ_GRPC_POOL_SIZE + - name: SMQ_MQTT_VERNEMQ_GRPC_POOL_SIZE value: "1000" - name: DOCKER_VERNEMQ_ALLOW_ANONYMOUS value: "on" @@ -174,31 +174,45 @@ spec: stdin: true tty: true env: - - name: MG_MQTT_ADAPTER_LOG_LEVEL + - name: SMQ_MQTT_ADAPTER_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.mqtt.adapter.logLevel }} - - name: MG_MQTT_ADAPTER_MQTT_PORT + - name: SMQ_MQTT_ADAPTER_MQTT_PORT value: {{ .Values.mqtt.adapter.mqttPort | quote }} - - name: MG_MQTT_ADAPTER_WS_PORT + - name: SMQ_MQTT_ADAPTER_WS_PORT value: {{ .Values.mqtt.adapter.wsPort | quote }} - - name: MG_MESSAGE_BROKER_URL + - name: SMQ_MQTT_ADAPTER_FORWARDER_TIMEOUT + value: {{ .Values.mqtt.adapter.forwarderTimeout | quote}} + - name: SMQ_MQTT_ADAPTER_MQTT_QOS + value: {{ .Values.mqtt.adapter.qos | quote }} + - name: SMQ_MQTT_ADAPTER_WS_TARGET_PATH + value: "/mqtt" + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort | quote }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort | quote }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name: SMQ_MESSAGE_BROKER_URL value: nats://{{ .Release.Name }}-nats:{{ .Values.defaults.natsPort }} - - name: MG_THINGS_AUTH_GRPC_URL - value: {{ .Release.Name }}-envoy:{{ .Values.things.authGrpcPort }} - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" - - name: MG_MQTT_ADAPTER_MQTT_TARGET_HOST + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.adapter_coap.jaegerTraceRatio | quote }} + - name: SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST value: localhost - - name: MG_MQTT_ADAPTER_MQTT_TARGET_PORT + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.users.sendTelemetry | quote }} + - name: SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT value: {{ .Values.mqtt.broker.mqttPort | quote }} - - name: MG_MQTT_ADAPTER_WS_TARGET_HOST + - name: SMQ_MQTT_ADAPTER_WS_TARGET_HOST value: localhost - - name: MG_MQTT_ADAPTER_WS_TARGET_PORT + - name: SMQ_MQTT_ADAPTER_WS_TARGET_PORT value: {{ .Values.mqtt.broker.wsPort | quote }} - - name: MG_MQTT_ADAPTER_THINGS_TIMEOUT - value: "15" - - name: MG_ES_URL + - name: SMQ_ES_URL value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK + - name: SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK value: http://localhost:8888/health livenessProbe: failureThreshold: 3 diff --git a/charts/magistrala/templates/auth-deployment.yaml b/charts/supermq/templates/auth-deployment.yaml similarity index 68% rename from charts/magistrala/templates/auth-deployment.yaml rename to charts/supermq/templates/auth-deployment.yaml index b9f213b6..29815697 100644 --- a/charts/magistrala/templates/auth-deployment.yaml +++ b/charts/supermq/templates/auth-deployment.yaml @@ -1,5 +1,8 @@ -# Copyright (c) Magistrala +--- +# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 + +--- apiVersion: v1 kind: ConfigMap metadata: @@ -34,68 +37,67 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} dnsPolicy: ClusterFirst - restartPolicy: Always containers: - name: {{ .Release.Name }}-auth image: "{{ default (printf "%s/auth" .Values.defaults.image.rootRepository) .Values.auth.image.repository }}:{{ default .Values.defaults.image.tag .Values.auth.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.auth.image.pullPolicy }} env: - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO + - name: SMQ_JAEGER_TRACE_RATIO value: {{ default .Values.defaults.jaegerTraceRatio .Values.auth.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY + - name: SMQ_SEND_TELEMETRY value: {{ default .Values.defaults.sendTelemetry .Values.auth.sendTelemetry | quote }} - - name: MG_ES_URL + - name: SMQ_ES_URL value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_AUTH_LOG_LEVEL + - name: SMQ_AUTH_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.auth.logLevel | quote }} - - name: MG_AUTH_GRPC_HOST + - name: SMQ_AUTH_GRPC_HOST value: "0.0.0.0" - - name: MG_AUTH_GRPC_PORT + - name: SMQ_AUTH_GRPC_PORT value: {{ .Values.auth.grpcPort | quote }} - - name: MG_AUTH_HTTP_HOST + - name: SMQ_AUTH_HTTP_HOST value: "0.0.0.0" - - name: MG_AUTH_HTTP_PORT - value: {{ .Values.auth.httpPort | quote }} - - name: MG_AUTH_SECRET - value: {{ .Values.auth.secret | quote }} - - name: MG_AUTH_ACCESS_TOKEN_DURATION + - name: SMQ_AUTH_HTTP_PORT + value: {{ .Values.auth.httpPort | quote }} + - name: SMQ_AUTH_ACCESS_TOKEN_DURATION value: {{ .Values.auth.accessTokenDuration | quote }} - - name: MG_AUTH_REFRESH_TOKEN_DURATION + - name: SMQ_AUTH_REFRESH_TOKEN_DURATION value: {{ .Values.auth.refreshTokenDuration | quote }} - - name: MG_AUTH_INVITATION_DURATION - value: {{ .Values.auth.invitationDuration | quote }} - - name: MG_AUTH_DB_HOST + - name: SMQ_AUTH_SECRET_KEY + value: {{ .Values.auth.secretKey | quote }} + - name: SMQ_AUTH_DB_HOST {{- if .Values.postgresqlauth.enabled }} value: {{ .Release.Name }}-postgresqlauth {{- else }} value: {{ .Values.postgresqlauth.host | quote }} {{- end }} - - name: MG_AUTH_DB_PORT + - name: SMQ_AUTH_DB_PORT value: {{ .Values.postgresqlauth.port | quote }} - - name: MG_AUTH_DB_NAME + - name: SMQ_AUTH_DB_NAME value: {{ .Values.postgresqlauth.database | quote }} - - name: MG_AUTH_DB_USER + - name: SMQ_AUTH_DB_USER value: {{ .Values.postgresqlauth.username | quote }} - - name: MG_AUTH_DB_PASS + - name: SMQ_AUTH_DB_PASS value: {{ .Values.postgresqlauth.password | quote }} - - name: MG_SPICEDB_HOST + - name: SMQ_SPICEDB_HOST value: {{ .Release.Name }}-spicedb-envoy - - name: MG_SPICEDB_PORT - value: {{ .Values.spicedb.grpc.port | quote}} - - name: MG_SPICEDB_SCHEMA_FILE + - name: SMQ_SPICEDB_PORT + value: {{ .Values.spicedb.grpc.port | quote }} + - name: SMQ_SPICEDB_SCHEMA_FILE value: /schema.zed - - name: MG_SPICEDB_PRE_SHARED_KEY - value: {{.Values.spicedb.grpc.presharedKey | quote }} + - name: SMQ_SPICEDB_PRE_SHARED_KEY + value: {{ .Values.spicedb.grpc.presharedKey | quote }} ports: - - containerPort: {{ .Values.auth.httpPort }} - protocol: TCP - - containerPort: {{ .Values.auth.grpcPort }} - protocol: TCP + - containerPort: {{ .Values.auth.httpPort }} + protocol: TCP + - containerPort: {{ .Values.auth.grpcPort }} + protocol: TCP volumeMounts: - - mountPath: /schema.zed - name: spicedb-schema-zed + - name: auth-data + mountPath: /supermq-data + - name: spicedb-schema-zed + mountPath: /schema.zed subPath: schema.zed volumes: - name: spicedb-schema-zed @@ -103,6 +105,8 @@ spec: defaultMode: 256 name: {{ .Release.Name }}-spicedb-schema-zed optional: false + - name: auth-data + emptyDir: {} {{- with .Values.auth.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/magistrala/templates/auth-service.yaml b/charts/supermq/templates/auth-service.yaml similarity index 96% rename from charts/magistrala/templates/auth-service.yaml rename to charts/supermq/templates/auth-service.yaml index 44d5c54d..af551825 100644 --- a/charts/magistrala/templates/auth-service.yaml +++ b/charts/supermq/templates/auth-service.yaml @@ -1,4 +1,4 @@ -# Copyright (c) Magistrala +# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 apiVersion: v1 diff --git a/charts/magistrala/templates/certs-deployment.yaml b/charts/supermq/templates/certs-deployment.yaml similarity index 63% rename from charts/magistrala/templates/certs-deployment.yaml rename to charts/supermq/templates/certs-deployment.yaml index 41344450..04de9228 100644 --- a/charts/magistrala/templates/certs-deployment.yaml +++ b/charts/supermq/templates/certs-deployment.yaml @@ -32,52 +32,60 @@ spec: image: "{{ default (printf "%s/certs" .Values.defaults.image.rootRepository) .Values.certs.image.repository }}:{{ default .Values.defaults.image.tag .Values.certs.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.certs.image.pullPolicy }} env: - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO + - name: SMQ_JAEGER_TRACE_RATIO value: {{ default .Values.defaults.jaegerTraceRatio .Values.certs.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY + - name: SMQ_SEND_TELEMETRY value: {{ default .Values.defaults.sendTelemetry .Values.certs.sendTelemetry | quote }} - - name: MG_CERTS_LOG_LEVEL + - name: SMQ_CERTS_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.certs.logLevel | quote }} - - name: MG_CERTS_HTTP_HOST + - name: SMQ_CERTS_HTTP_HOST value: "0.0.0.0" - - name: MG_CERTS_HTTP_PORT + - name: SMQ_CERTS_HTTP_PORT value: {{ .Values.certs.httpPort | quote }} - - name: MG_AUTH_GRPC_URL + - name: SMQ_CERTS_SDK_HOST + value: {{ .Values.certs.sdkHost | quote }} + - name: SMQ_CERTS_SDK_CERTS_URL + value: {{ .Values.certs.sdkCertsUrl | quote }} + - name: SMQ_CERTS_SDK_TLS_VERIFICATION + value: {{ .Values.certs.sdkTlsVerification | quote }} + - name: SMQ_AUTH_GRPC_URL value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} - - name: MG_THINGS_URL - value: http://{{ .Release.Name }}-things:{{ .Values.things.httpPort }} - - name: MG_CERTS_DB_HOST + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_CLIENTS_URL + value: http://{{ .Release.Name }}-clients:{{ .Values.clients.httpPort }} + - name: SMQ_CERTS_DB_HOST {{- if .Values.postgresqlcerts.enabled }} value: {{ .Release.Name }}-postgresqlcerts {{- else }} value: {{ .Values.postgresqlcerts.host | quote }} {{- end }} - - name: MG_CERTS_DB_PORT + - name: SMQ_CERTS_DB_PORT value: {{ .Values.postgresqlcerts.port | quote }} - - name: MG_CERTS_DB_NAME + - name: SMQ_CERTS_DB_NAME value: {{ .Values.postgresqlcerts.database | quote }} - - name: MG_CERTS_DB_USER + - name: SMQ_CERTS_DB_USER value: {{ .Values.postgresqlcerts.username | quote }} - - name: MG_CERTS_DB_PASS + - name: SMQ_CERTS_DB_PASS value: {{ .Values.postgresqlcerts.password | quote }} - - name: MG_CERTS_SIGN_CA_PATH + - name: SMQ_CERTS_SIGN_CA_PATH value: {{ .Values.certs.signCAPath }} - - name: MG_CERTS_SIGN_CA_KEY_PATH + - name: SMQ_CERTS_SIGN_CA_KEY_PATH value: {{ .Values.certs.signCAKeyPath }} - - name: MG_CERTS_VAULT_HOST + - name: SMQ_CERTS_VAULT_HOST value: {{ .Values.certs.vault.url | quote }} - - name: MG_CERTS_VAULT_APPROLE_ROLEID + - name: SMQ_CERTS_VAULT_APPROLE_ROLEID value: {{ .Values.certs.vault.approleRoleid | quote }} - - name: MG_CERTS_VAULT_APPROLE_SECRET + - name: SMQ_CERTS_VAULT_APPROLE_SECRET value: {{ .Values.certs.vault.approleSecret | quote }} - - name: MG_CERTS_VAULT_NAMESPACE + - name: SMQ_CERTS_VAULT_NAMESPACE value: {{ .Values.certs.vault.namespace | quote }} - - name: MG_CERTS_VAULT_THINGS_CERTS_PKI_PATH - value: {{ .Values.certs.vault.thingsCertsPkiPath | quote }} - - name: MG_CERTS_VAULT_THINGS_CERTS_PKI_ROLE_NAME - value: {{ .Values.certs.vault.thingsCertsPkiRoleName | quote }} + - name: SMQ_CERTS_VAULT_CLIENTS_CERTS_PKI_PATH + value: {{ .Values.certs.vault.clientsCertsPkiPath | quote }} + - name: SMQ_CERTS_VAULT_CLIENTS_CERTS_PKI_ROLE_NAME + value: {{ .Values.certs.vault.clientsCertsPkiRoleName | quote }} ports: - containerPort: {{ .Values.certs.httpPort }} protocol: TCP diff --git a/charts/magistrala/templates/certs-service.yaml b/charts/supermq/templates/certs-service.yaml similarity index 100% rename from charts/magistrala/templates/certs-service.yaml rename to charts/supermq/templates/certs-service.yaml diff --git a/charts/supermq/templates/channels-deployment.yaml b/charts/supermq/templates/channels-deployment.yaml new file mode 100644 index 00000000..361e41ec --- /dev/null +++ b/charts/supermq/templates/channels-deployment.yaml @@ -0,0 +1,113 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-channels +spec: + selector: + matchLabels: + app: {{ .Release.Name }} + component: channels + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "{{ .Values.channels.httpPort }}" + prometheus.io/scrape: "true" + labels: + app: {{ .Release.Name }} + component: channels + spec: + containers: + - name: {{ .Release.Name }}-channels + image: "{{ default (printf "%s/channels" .Values.defaults.image.rootRepository) .Values.channels.image.repository }}:{{ default .Values.defaults.image.tag .Values.channels.image.tag }}" + imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.channels.image.pullPolicy }} + env: + - name: SMQ_CHANNELS_LOG_LEVEL + value: {{ default .Values.defaults.logLevel .Values.channels.logLevel | quote }} + - name: SMQ_CHANNELS_HTTP_HOST + value: "0.0.0.0" + - name: SMQ_CHANNELS_HTTP_PORT + value: "{{ .Values.channels.httpPort }}" + - name: SMQ_CHANNELS_GRPC_HOST + value: "0.0.0.0" + - name: SMQ_CHANNELS_GRPC_PORT + value: "{{ .Values.channels.grpcPort }}" + - name: SMQ_CHANNELS_DB_HOST + {{- if .Values.postgresqlchannels.enabled }} + value: {{ .Release.Name }}-postgresqlchannels + {{- else }} + value: {{ .Values.postgresqlchannels.host | quote }} + {{- end }} + - name: SMQ_CHANNELS_DB_PORT + value: {{ .Values.postgresqlchannels.port | quote }} + - name: SMQ_CHANNELS_DB_NAME + value: {{ .Values.postgresqlchannels.database | quote }} + - name: SMQ_CHANNELS_DB_USER + value: {{ .Values.postgresqlchannels.username | quote }} + - name: SMQ_CHANNELS_DB_PASS + value: {{ .Values.postgresqlchannels.password | quote }} + - name: SMQ_SPICEDB_SCHEMA_FILE + value: /schema.zed + - name : SMQ_AUTH_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_AUTH_GRPC_CLIENT_CERT + value: {{ .Values.auth.grpcClientCert | quote }} + - name: SMQ_AUTH_GRPC_CLIENT_KEY + value: {{ .Values.auth.grpcClientKey | quote }} + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_CLIENTS_GRPC_CLIENT_CERT + value: "{{ .Values.clients.grpcClientCert }}" + - name: SMQ_CLIENTS_GRPC_CLIENT_KEY + value: "{{ .Values.clients.grpcClientKey }}" + - name: SMQ_GROUPS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.groups.grpcPort }} + - name: SMQ_GROUPS_GRPC_TIMEOUT + value: {{ .Values.groups.grpcTimeout | quote }} + - name: SMQ_GROUPS_GRPC_CLIENT_CERT + value: {{ .Values.groups.grpcClientCert | quote }} + - name: SMQ_GROUPS_GRPC_CLIENT_KEY + value: {{ .Values.groups.grpcClientKey | quote }} + - name: SMQ_DOMAINS_GRPC_URL + value: http://{{ .Release.Name }}-envoy:{{ .Values.domains.grpcPort }} + - name: SMQ_DOMAINS_GRPC_TIMEOUT + value: {{ .Values.domains.grpcTimeout | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_CERT + value: {{ .Values.domains.grpcClientCert | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_KEY + value: {{ .Values.domains.grpcClientKey | quote }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} + - name: SMQ_JAEGER_URL + value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.channels.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.channels.sendTelemetry | quote }} + - name: SMQ_SPICEDB_PRE_SHARED_KEY + value: {{.Values.spicedb.grpc.presharedKey | quote }} + - name: SMQ_SPICEDB_HOST + value: {{ .Release.Name }}-spicedb-envoy + - name: SMQ_SPICEDB_PORT + value: {{ .Values.spicedb.grpc.port | quote}} + ports: + - containerPort: {{ .Values.channels.httpPort }} + protocol: TCP + - containerPort: {{ .Values.channels.grpcPort }} + protocol: TCP + volumeMounts: + - name: spicedb-schema + mountPath: /schema.zed + subPath: schema.zed + volumes: + - name: spicedb-schema + configMap: + name: {{ .Release.Name }}-spicedb-schema-zed + diff --git a/charts/supermq/templates/channels-service.yaml b/charts/supermq/templates/channels-service.yaml new file mode 100644 index 00000000..92e9af72 --- /dev/null +++ b/charts/supermq/templates/channels-service.yaml @@ -0,0 +1,20 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-channels +spec: + selector: + app: {{ .Release.Name }} + component: channels + ports: + - protocol: TCP + port: {{ .Values.channels.httpPort }} + targetPort: {{ .Values.channels.httpPort }} + name: http + - protocol: TCP + port: {{ .Values.channels.grpcPort }} + targetPort: {{ .Values.channels.grpcPort }} + name: grpc diff --git a/charts/supermq/templates/clients-deployment.yaml b/charts/supermq/templates/clients-deployment.yaml new file mode 100644 index 00000000..909777b7 --- /dev/null +++ b/charts/supermq/templates/clients-deployment.yaml @@ -0,0 +1,132 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-clients +spec: + replicas: {{ .Values.defaults.replicaCount }} + selector: + matchLabels: + app: {{ .Release.Name }} + component: clients + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "{{ .Values.clients.httpPort }}" + prometheus.io/scrape: "true" + labels: + app: {{ .Release.Name }} + component: clients + spec: + {{- with (default .Values.defaults.image.pullSecrets .Values.clients.image.pullSecrets) }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + dnsPolicy: ClusterFirst + restartPolicy: Always + containers: + - name: {{ .Release.Name }}-clients + image: "{{ default (printf "%s/clients" .Values.defaults.image.rootRepository) .Values.clients.image.repository }}:{{ default .Values.defaults.image.tag .Values.clients.image.tag }}" + imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.clients.image.pullPolicy }} + env: + - name: SMQ_JAEGER_URL + value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.clients.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.clients.sendTelemetry | quote }} + - name: SMQ_CLIENTS_LOG_LEVEL + value: {{ default .Values.defaults.logLevel .Values.clients.logLevel | quote }} + - name: SMQ_CLIENTS_GRPC_HOST + value: "0.0.0.0" + - name: SMQ_CLIENTS_GRPC_PORT + value: {{ .Values.clients.authGrpcPort | quote}} + - name: SMQ_CLIENTS_AUTH_HTTP_HOST + value: "0.0.0.0" + - name: SMQ_CLIENTS_AUTH_HTTP_PORT + value: {{ .Values.clients.authHttpPort | quote}} + - name: SMQ_CLIENTS_CACHE_URL + value: redis://{{ .Release.Name }}-redis-clients-master:{{ .Values.clients.redisCachePort }}/0 + - name: SMQ_SPICEDB_SCHEMA_FILE + value: /schema.zed + - name: SMQ_CLIENTS_DB_HOST + {{- if .Values.postgresqlclients.enabled }} + value: {{ .Release.Name }}-postgresqlclients + {{- else }} + value: {{ .Values.postgresqlclients.host | quote}} + {{- end }} + - name: SMQ_CLIENTS_DB_PORT + value: {{ .Values.postgresqlclients.port | quote}} + - name: SMQ_CLIENTS_DB_USER + value: {{ .Values.postgresqlclients.username | quote }} + - name: SMQ_CLIENTS_DB_PASS + value: {{ .Values.postgresqlclients.password | quote }} + - name: SMQ_CLIENTS_DB_NAME + value: {{ .Values.postgresqlclients.database | quote }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} + - name: SMQ_CLIENTS_HTTP_HOST + value: "0.0.0.0" + - name: SMQ_CLIENTS_HTTP_PORT + value: {{ .Values.clients.httpPort | quote }} + - name: SMQ_CLIENTS_CACHE_KEY_DURATION + value: {{ .Values.clients.cacheKeyduration | quote }} + - name: SMQ_AUTH_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_CHANNELS_URL + value: {{ .Release.Name }}-channels:{{ .Values.channels.httpPort }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name: SMQ_GROUPS_URL + value: {{ .Release.Name }}-groups:{{ .Values.groups.httpPort }} + - name: SMQ_GROUPS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.groups.grpcPort }} + - name: SMQ_GROUPS_GRPC_TIMEOUT + value: {{ .Values.groups.grpcTimeout | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_CERT + value: {{ .Values.domains.grpcClientCert | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_KEY + value: {{ .Values.domains.grpcClientKey | quote }} + - name: SMQ_DOMAINS_GRPC_TIMEOUT + value: {{ .Values.domains.grpcTimeout | quote }} + - name: SMQ_DOMAINS_GRPC_URL + value: http://{{ .Release.Name }}-envoy:{{ .Values.domains.grpcPort }} + - name: SMQ_SPICEDB_PRE_SHARED_KEY + value: {{.Values.spicedb.grpc.presharedKey | quote }} + - name: SMQ_SPICEDB_HOST + value: {{ .Release.Name }}-spicedb-envoy + - name: SMQ_SPICEDB_PORT + value: {{ .Values.spicedb.grpc.port | quote}} + ports: + - containerPort: {{ .Values.clients.httpPort }} + protocol: TCP + - containerPort: {{ .Values.clients.authGrpcPort }} + protocol: TCP + - containerPort: {{ .Values.clients.authHttpPort }} + protocol: TCP + volumeMounts: + - name: spicedb-schema + mountPath: /schema.zed + subPath: schema.zed + volumes: + - name: spicedb-schema + configMap: + name: {{ .Release.Name }}-spicedb-schema-zed + + {{- with .Values.clients.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.clients.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.clients.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/supermq/templates/clients-service.yaml b/charts/supermq/templates/clients-service.yaml new file mode 100644 index 00000000..1d2e0645 --- /dev/null +++ b/charts/supermq/templates/clients-service.yaml @@ -0,0 +1,41 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-clients +spec: + selector: + app: {{ .Release.Name }} + component: clients + ports: + - port: {{ .Values.clients.httpPort }} + protocol: TCP + name: {{ .Release.Name }}-clients-{{ .Values.clients.httpPort }} + - port: {{ .Values.clients.authGrpcPort }} + protocol: TCP + name: {{ .Release.Name }}-clients-{{ .Values.clients.authGrpcPort }} + - port: {{ .Values.clients.authHttpPort }} + protocol: TCP + name: {{ .Release.Name }}-clients-{{ .Values.clients.authHttpPort }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-clients-headless +spec: + selector: + app: {{ .Release.Name }} + component: clients + ports: + - port: {{ .Values.clients.httpPort }} + protocol: TCP + name: {{ .Release.Name }}-clients-{{ .Values.clients.httpPort }} + - port: {{ .Values.clients.authGrpcPort }} + protocol: TCP + name: {{ .Release.Name }}-clients-{{ .Values.clients.authGrpcPort }} + - port: {{ .Values.clients.authHttpPort }} + protocol: TCP + name: {{ .Release.Name }}-clients-{{ .Values.clients.authHttpPort }} + clusterIP: None diff --git a/charts/supermq/templates/domains-deployment.yaml b/charts/supermq/templates/domains-deployment.yaml new file mode 100644 index 00000000..7574cc61 --- /dev/null +++ b/charts/supermq/templates/domains-deployment.yaml @@ -0,0 +1,123 @@ +--- +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-domains +spec: + replicas: {{ .Values.defaults.replicaCount }} + selector: + matchLabels: + app: {{ .Release.Name }} + component: domains + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "{{ .Values.domains.httpPort }}" + prometheus.io/scrape: "true" + labels: + app: {{ .Release.Name }} + component: domains + spec: + {{- with (default .Values.defaults.image.pullSecrets .Values.domains.image.pullSecrets) }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + dnsPolicy: ClusterFirst + restartPolicy: Always + containers: + - name: {{ .Release.Name }}-domains + image: "{{ default (printf "%s/domains" .Values.defaults.image.rootRepository) .Values.domains.image.repository }}:{{ default .Values.defaults.image.tag .Values.domains.image.tag }}" + imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.domains.image.pullPolicy }} + env: + - name: SMQ_DOMAINS_LOG_LEVEL + value: {{ default .Values.defaults.logLevel .Values.domains.logLevel | quote }} + - name: SMQ_SPICEDB_PRE_SHARED_KEY + value: {{ .Values.spicedb.grpc.presharedKey | quote }} + - name: SMQ_SPICEDB_HOST + value: {{ .Release.Name }}-spicedb-envoy + - name: SMQ_SPICEDB_PORT + value: {{ .Values.spicedb.grpc.port | quote }} + - name: SMQ_SPICEDB_SCHEMA_FILE + value: /schema.zed + - name: SMQ_DOMAINS_HTTP_HOST + value: "0.0.0.0" + - name: SMQ_DOMAINS_HTTP_PORT + value: {{ .Values.domains.httpPort | quote }} + - name: SMQ_DOMAINS_GRPC_HOST + value: "0.0.0.0" + - name: SMQ_DOMAINS_GRPC_PORT + value: {{ .Values.domains.grpcPort | quote }} + - name: SMQ_DOMAINS_DB_HOST + {{- if .Values.postgresqldomains.enabled }} + value: {{ .Release.Name }}-postgresqldomains + {{- else }} + value: {{ .Values.postgresqldomains.host | quote }} + {{- end }} + - name: SMQ_DOMAINS_DB_PORT + value: {{ .Values.postgresqldomains.port | quote }} + - name: SMQ_DOMAINS_DB_USER + value: {{ .Values.postgresqldomains.username | quote }} + - name: SMQ_DOMAINS_DB_PASS + value: {{ .Values.postgresqldomains.password | quote }} + - name: SMQ_DOMAINS_DB_NAME + value: {{ .Values.postgresqldomains.database | quote }} + - name: SMQ_DOMAINS_CACHE_URL + value: redis://{{ .Release.Name }}-domains-redis:{{ .Values.domains.redisTCPPort }}/0 + - name: SMQ_DOMAINS_CACHE_KEY_DURATION + value: {{ .Values.domains.cacheKeyduration | quote }} + - name: SMQ_AUTH_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_GROUPS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.groups.grpcPort }} + - name: SMQ_GROUPS_GRPC_TIMEOUT + value: {{ .Values.groups.grpcTimeout | quote }} + - name: SMQ_CHANNELS_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.httpPort }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_JAEGER_URL + value: "http://{{ .Release.Name }}-jaeger-collector:4318/v1/traces" + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.adapter_coap.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.users.sendTelemetry | quote }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} + volumeMounts: + - name: spicedb-schema-zed + mountPath: /schema.zed + subPath: schema.zed + ports: + - containerPort: {{ .Values.domains.httpPort }} + protocol: TCP + - containerPort: {{ .Values.domains.grpcPort }} + protocol: TCP + volumes: + - name: spicedb-schema-zed + configMap: + name: {{ .Release.Name }}-spicedb-schema-zed + optional: false + {{- with .Values.domains.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.domains.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.domains.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/supermq/templates/domains-service.yaml b/charts/supermq/templates/domains-service.yaml new file mode 100644 index 00000000..a8d193aa --- /dev/null +++ b/charts/supermq/templates/domains-service.yaml @@ -0,0 +1,18 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-domains +spec: + selector: + app: {{ .Release.Name }} + component: domains + ports: + - protocol: TCP + port: {{ .Values.domains.httpPort }} + name: {{ .Release.Name }}-domains-http + - protocol: TCP + port: {{ .Values.domains.grpcPort }} + name: {{ .Release.Name }}-domains-grpc diff --git a/charts/supermq/templates/envoy-config.yaml b/charts/supermq/templates/envoy-config.yaml new file mode 100644 index 00000000..e3a76996 --- /dev/null +++ b/charts/supermq/templates/envoy-config.yaml @@ -0,0 +1,253 @@ +{{- define "supermq.envoy.config" -}} +static_resources: + listeners: + - address: + socket_address: + address: 0.0.0.0 + port_value: 1883 + filter_chains: + - filters: + - name: envoy.filters.network.tcp_proxy + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + stat_prefix: {{ .Release.Name }}-mqtt-envoy + cluster: {{ .Release.Name }}_mqtt_cluster + + - address: + socket_address: + address: 0.0.0.0 + port_value: {{ .Values.auth.grpcPort }} + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: {{ .Release.Name }}-auth-envoy + route_config: + name: auth_route + virtual_hosts: + - name: auth_service + domains: ["*"] + routes: + - match: { prefix: "/" } + route: + cluster: {{ .Release.Name }}_auth_cluster + http_filters: + - name: envoy.filters.http.grpc_web + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + - address: + socket_address: + address: 0.0.0.0 + port_value: {{ .Values.clients.authGrpcPort }} + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: {{ .Release.Name }}-clients-envoy + route_config: + name: clients_route + virtual_hosts: + - name: clients_service + domains: ["*"] + routes: + - match: { prefix: "/" } + route: + cluster: {{ .Release.Name }}_clients_cluster + http_filters: + - name: envoy.filters.http.grpc_web + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + - address: + socket_address: + address: 0.0.0.0 + port_value: {{ .Values.domains.grpcPort }} + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: {{ .Release.Name }}-domains-envoy + route_config: + name: domains_route + virtual_hosts: + - name: domains_service + domains: ["*"] + routes: + - match: { prefix: "/" } + route: + cluster: {{ .Release.Name }}_domains_cluster + http_filters: + - name: envoy.filters.http.grpc_web + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + - address: + socket_address: + address: 0.0.0.0 + port_value: {{ .Values.groups.grpcPort }} + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: {{ .Release.Name }}-groups-envoy + route_config: + name: groups_route + virtual_hosts: + - name: groups_service + domains: ["*"] + routes: + - match: { prefix: "/" } + route: + cluster: {{ .Release.Name }}_groups_cluster + http_filters: + - name: envoy.filters.http.grpc_web + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + - address: + socket_address: + address: 0.0.0.0 + port_value: {{ .Values.channels.grpcPort }} + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: {{ .Release.Name }}-channels-envoy + route_config: + name: channels_route + virtual_hosts: + - name: channels_service + domains: ["*"] + routes: + - match: { prefix: "/" } + route: + cluster: {{ .Release.Name }}_channels_cluster + http_filters: + - name: envoy.filters.http.grpc_web + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + clusters: + - name: {{ .Release.Name }}_mqtt_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: {{ .Release.Name }}_mqtt_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Release.Name }}-mqtt + port_value: 1884 + + - name: {{ .Release.Name }}_auth_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: {{ .Release.Name }}_auth_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Release.Name }}-auth-headless + port_value: {{ .Values.auth.grpcPort }} + + - name: {{ .Release.Name }}_clients_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: {{ .Release.Name }}_clients_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Release.Name }}-clients-headless + port_value: {{ .Values.clients.authGrpcPort }} + + - name: {{ .Release.Name }}_domains_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: {{ .Release.Name }}_domains_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Release.Name }}-domains + port_value: {{ .Values.domains.grpcPort }} + + - name: {{ .Release.Name }}_groups_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: {{ .Release.Name }}_groups_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Release.Name }}-groups + port_value: {{ .Values.groups.grpcPort }} + + - name: {{ .Release.Name }}_channels_cluster + connect_timeout: 0.25s + type: STRICT_DNS + lb_policy: ROUND_ROBIN + http2_protocol_options: {} + load_assignment: + cluster_name: {{ .Release.Name }}_channels_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ .Release.Name }}-channels + port_value: {{ .Values.channels.grpcPort }} + +admin: + access_log_path: "/dev/null" + address: + socket_address: + address: 0.0.0.0 + port_value: 8001 +{{- end }} diff --git a/charts/magistrala/templates/envoy.yaml b/charts/supermq/templates/envoy.yaml similarity index 67% rename from charts/magistrala/templates/envoy.yaml rename to charts/supermq/templates/envoy.yaml index 23202bb8..357ecd30 100644 --- a/charts/magistrala/templates/envoy.yaml +++ b/charts/supermq/templates/envoy.yaml @@ -4,7 +4,7 @@ apiVersion: v1 data: envoy.yaml: |- -{{ include "magistrala.envoy.config" . | indent 4 }} +{{ include "supermq.envoy.config" . | indent 4 }} kind: ConfigMap metadata: @@ -28,7 +28,7 @@ spec: spec: containers: - name: {{ .Release.Name }}-envoy - image: "{{.Values.envoy.image.repository }}:{{ .Values.envoy.image.tag }}" + image: "{{ .Values.envoy.image.repository }}:{{ .Values.envoy.image.tag }}" imagePullPolicy: {{ .Values.envoy.image.pullPolicy | quote }} args: - -c /etc/envoy/envoy.yaml @@ -38,7 +38,13 @@ spec: protocol: TCP - containerPort: {{ .Values.auth.grpcPort }} protocol: TCP - - containerPort: {{ .Values.things.authGrpcPort }} + - containerPort: {{ .Values.clients.authGrpcPort }} + protocol: TCP + - containerPort: {{ .Values.domains.grpcPort }} + protocol: TCP + - containerPort: {{ .Values.groups.grpcPort }} + protocol: TCP + - containerPort: {{ .Values.channels.grpcPort }} protocol: TCP - containerPort: 8001 protocol: TCP @@ -68,9 +74,18 @@ spec: - port: {{ .Values.auth.grpcPort }} protocol: TCP name: auth-grpc - - port: {{ .Values.things.authGrpcPort }} + - port: {{ .Values.clients.authGrpcPort }} + protocol: TCP + name: clients-grpc + - port: {{ .Values.domains.grpcPort }} + protocol: TCP + name: domains-grpc + - port: {{ .Values.groups.grpcPort }} + protocol: TCP + name: groups-grpc + - port: {{ .Values.channels.grpcPort }} protocol: TCP - name: things-grpc + name: channels-grpc - port: 8001 protocol: TCP name: admin diff --git a/charts/supermq/templates/groups-deployment.yaml b/charts/supermq/templates/groups-deployment.yaml new file mode 100644 index 00000000..cdc14bd6 --- /dev/null +++ b/charts/supermq/templates/groups-deployment.yaml @@ -0,0 +1,119 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-groups +spec: + replicas: {{ .Values.defaults.replicaCount }} + selector: + matchLabels: + app: {{ .Release.Name }} + component: groups + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "{{ .Values.groups.httpPort }}" + prometheus.io/scrape: "true" + labels: + app: {{ .Release.Name }} + component: groups + spec: + {{- with (default .Values.defaults.image.pullSecrets .Values.groups.image.pullSecrets) }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: ClusterFirst + restartPolicy: Always + containers: + - name: {{ .Release.Name }}-groups + image: "{{ default (printf "%s/groups" .Values.defaults.image.rootRepository) .Values.groups.image.repository }}:{{ default .Values.defaults.image.tag .Values.groups.image.tag }}" + imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.groups.image.pullPolicy }} + env: + - name: SMQ_GROUPS_LOG_LEVEL + value: {{ default .Values.defaults.logLevel .Values.groups.logLevel | quote }} + - name: SMQ_GROUPS_HTTP_HOST + value: "0.0.0.0" + - name: SMQ_GROUPS_HTTP_PORT + value: "{{ .Values.groups.httpPort }}" + - name: SMQ_GROUPS_GRPC_HOST + value: "0.0.0.0" + - name: SMQ_GROUPS_GRPC_PORT + value: "{{ .Values.groups.grpcPort }}" + - name: SMQ_GROUPS_DB_HOST + {{- if .Values.postgresqlgroups.enabled }} + value: "{{ .Release.Name }}-postgresqlgroups" + {{- else }} + value: {{ .Values.postgresqlgroups.host | quote }} + {{- end }} + - name: SMQ_GROUPS_DB_PORT + value: {{ .Values.postgresqlgroups.port | quote }} + - name: SMQ_GROUPS_DB_NAME + value: {{ .Values.postgresqlgroups.database | quote }} + - name: SMQ_GROUPS_DB_USER + value: {{ .Values.postgresqlgroups.username | quote }} + - name: SMQ_GROUPS_DB_PASS + value: {{ .Values.postgresqlgroups.password | quote }} + - name: SMQ_CHANNELS_URL + value: {{ .Release.Name }}-channels:{{ .Values.channels.httpPort }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_DOMAINS_GRPC_URL + value: http://{{ .Release.Name }}-envoy:{{ .Values.domains.grpcPort | quote }} + - name: SMQ_DOMAINS_GRPC_TIMEOUT + value: {{ .Values.domains.grpcTimeout | quote }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} + - name: SMQ_JAEGER_URL + value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.groups.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.groups.sendTelemetry | quote }} + - name: SMQ_AUTH_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_SPICEDB_PRE_SHARED_KEY + value: {{ .Values.spicedb.grpc.presharedKey | quote }} + - name: SMQ_SPICEDB_HOST + value: {{ .Release.Name }}-spicedb-envoy + - name: SMQ_SPICEDB_PORT + value: {{ .Values.spicedb.grpc.port | quote }} + - name: SMQ_SPICEDB_SCHEMA_FILE + value: /schema.zed + ports: + - containerPort: {{ .Values.groups.httpPort }} + protocol: TCP + - containerPort: {{ .Values.groups.grpcPort }} + protocol: TCP + volumeMounts: + - mountPath: /schema.zed + name: spicedb-schema-zed + subPath: schema.zed + volumes: + - name: spicedb-schema-zed + configMap: + defaultMode: 256 + name: {{ .Release.Name }}-spicedb-schema-zed + optional: false + {{- with .Values.groups.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.groups.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.groups.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/supermq/templates/groups-service.yaml b/charts/supermq/templates/groups-service.yaml new file mode 100644 index 00000000..7a320be9 --- /dev/null +++ b/charts/supermq/templates/groups-service.yaml @@ -0,0 +1,20 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-groups +spec: + selector: + app: {{ .Release.Name }} + component: groups + ports: + - protocol: TCP + port: {{ .Values.groups.httpPort }} + targetPort: {{ .Values.groups.httpPort }} + name: http + - protocol: TCP + port: {{ .Values.groups.grpcPort }} + targetPort: {{ .Values.groups.grpcPort }} + name: grpc diff --git a/charts/supermq/templates/ingress.yaml b/charts/supermq/templates/ingress.yaml new file mode 100644 index 00000000..97b55e11 --- /dev/null +++ b/charts/supermq/templates/ingress.yaml @@ -0,0 +1,140 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-nginx + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/configuration-snippet: | + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Access-Control-Allow-Origin '*'; + add_header Access-Control-Allow-Methods '*'; + add_header Access-Control-Allow-Headers '*'; +spec: + ingressClassName: nginx + rules: + - host: "{{ .Values.ingress.hostname }}" + http: + paths: + # Health and metrics endpoints + - path: /health + pathType: Exact + backend: + service: + name: {{ .Release.Name }}-clients + port: + number: {{ .Values.clients.httpPort }} + - path: /metrics + pathType: Exact + backend: + service: + name: {{ .Release.Name }}-clients + port: + number: {{ .Values.clients.httpPort }} + + # Domains service + - path: /domains + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-domains + port: + number: {{ .Values.domains.httpPort }} + + # Users service + - path: /users + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-users + port: + number: {{ .Values.users.httpPort }} + - path: /password + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-users + port: + number: {{ .Values.users.httpPort }} + - path: /authorize + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-users + port: + number: {{ .Values.users.httpPort }} + - path: /oauth/callback + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-users + port: + number: {{ .Values.users.httpPort }} + + # Groups service + - path: /groups + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-groups + port: + number: {{ .Values.groups.httpPort }} + + # Clients service + - path: /clients + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-clients + port: + number: {{ .Values.clients.httpPort }} + + # Channels service + - path: /channels + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-channels + port: + number: {{ .Values.channels.httpPort }} + + # HTTP adapter + - path: /http + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-http-adapter + port: + number: {{ .Values.adapter_http.httpPort }} + + # MQTT adapter (WebSocket) + - path: /mqtt + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-mqtt + port: + number: {{ default .Values.mqtt.adapter.wsPort }} + + # WS adapter + - path: /ws + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-ws-adapter + port: + number: {{ .Values.adapter_ws.httpPort }} + +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.tls.hostname }} + secretName: {{ .Values.ingress.tls.secret }} +{{- end }} +{{- end }} diff --git a/charts/magistrala/templates/journal-deployment.yaml b/charts/supermq/templates/journal-deployment.yaml similarity index 65% rename from charts/magistrala/templates/journal-deployment.yaml rename to charts/supermq/templates/journal-deployment.yaml index c1bc114a..66ad3f8e 100644 --- a/charts/magistrala/templates/journal-deployment.yaml +++ b/charts/supermq/templates/journal-deployment.yaml @@ -31,35 +31,51 @@ spec: image: "{{ default (printf "%s/journal" .Values.defaults.image.rootRepository) .Values.journal.image.repository }}:{{ default .Values.defaults.image.tag .Values.journal.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.journal.image.pullPolicy }} env: - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO + - name: SMQ_JAEGER_TRACE_RATIO value: {{ default .Values.defaults.jaegerTraceRatio .Values.journal.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY + - name: SMQ_SEND_TELEMETRY value: {{ default .Values.defaults.sendTelemetry .Values.journal.sendTelemetry | quote }} - - name: MG_ES_URL + - name: SMQ_ES_URL value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_JOURNAL_LOG_LEVEL + - name: SMQ_JOURNAL_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.journal.logLevel | quote }} - - name: MG_JOURNAL_HTTP_HOST + - name: SMQ_JOURNAL_HTTP_HOST value: "0.0.0.0" - - name: MG_JOURNAL_HTTP_PORT + - name: SMQ_JOURNAL_HTTP_PORT value: {{ .Values.journal.httpPort | quote }} - - name : MG_AUTH_GRPC_URL + - name : SMQ_AUTH_GRPC_URL value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} - - name: MG_JOURNAL_DB_HOST + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_AUTH_GRPC_CLIENT_KEY + value: {{ .Values.journal.authGrpcClientKey | quote }} + - name: SMQ_AUTH_GRPC_SERVER_CA_CERTS + value: {{ .Values.journal.authGrpcServerCaCerts | quote }} + - name: SMQ_AUTH_GRPC_CLIENT_CERT + value: {{ .Values.auth.grpcClientCert | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_CERT + value: {{ .Values.domains.grpcClientCert | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_KEY + value: {{ .Values.domains.grpcClientKey | quote }} + - name: SMQ_DOMAINS_GRPC_TIMEOUT + value: {{ .Values.domains.grpcTimeout | quote }} + - name: SMQ_DOMAINS_GRPC_URL + value: http://{{ .Release.Name }}-envoy:{{ .Values.domains.grpcPort | quote }} + - name: SMQ_JOURNAL_DB_HOST {{- if .Values.postgresqljournal.enabled }} value: "{{ .Release.Name }}-postgresqljournal" {{- else }} value: {{ .Values.postgresqljournal.host | quote }} {{- end }} - - name: MG_JOURNAL_DB_PORT + - name: SMQ_JOURNAL_DB_PORT value: {{ .Values.postgresqljournal.port | quote }} - - name: MG_JOURNAL_DB_NAME + - name: SMQ_JOURNAL_DB_NAME value: {{ .Values.postgresqljournal.database | quote }} - - name: MG_JOURNAL_DB_USER + - name: SMQ_JOURNAL_DB_USER value: {{ .Values.postgresqljournal.username | quote }} - - name: MG_JOURNAL_DB_PASS + - name: SMQ_JOURNAL_DB_PASS value: {{ .Values.postgresqljournal.password | quote }} ports: - containerPort: {{ .Values.journal.httpPort }} diff --git a/charts/magistrala/templates/journal-service.yaml b/charts/supermq/templates/journal-service.yaml similarity index 100% rename from charts/magistrala/templates/journal-service.yaml rename to charts/supermq/templates/journal-service.yaml diff --git a/charts/magistrala/templates/nginx-internal.yaml b/charts/supermq/templates/nginx-internal.yaml similarity index 97% rename from charts/magistrala/templates/nginx-internal.yaml rename to charts/supermq/templates/nginx-internal.yaml index 13af0186..bdc26a2d 100644 --- a/charts/magistrala/templates/nginx-internal.yaml +++ b/charts/supermq/templates/nginx-internal.yaml @@ -48,8 +48,8 @@ data: # These paths are set to its default values as # a volume in the docker/docker-compose.yml file. - ssl_certificate /etc/ssl/certs/magistrala-server/tls.crt; - ssl_certificate_key /etc/ssl/certs/magistrala-server/tls.key; + ssl_certificate /etc/ssl/certs/supermq-server/tls.crt; + ssl_certificate_key /etc/ssl/certs/supermq-server/tls.key; ssl_client_certificate /etc/ssl/certs/ca.crt; # ssl_crl /etc/ssl/certs/crl.pem; ssl_verify_client optional; @@ -126,7 +126,7 @@ data: } } - # Proxy pass to magistrala-http-adapter + # Proxy pass to supermq-http-adapter location /http/ { if ($auth_key = '') { return 403; @@ -147,7 +147,7 @@ data: } } - #Proxy pass to magistrala-mqtt for MQTT over WS + #Proxy pass to supermq-mqtt for MQTT over WS location /mqtt { if ($auth_key = '') { return 403; @@ -193,8 +193,8 @@ data: # These paths are set to its default values as # a volume in the docker/docker-compose.yml file. - ssl_certificate /etc/ssl/certs/magistrala-server/tls.crt; - ssl_certificate_key /etc/ssl/certs/magistrala-server/tls.key; + ssl_certificate /etc/ssl/certs/supermq-server/tls.crt; + ssl_certificate_key /etc/ssl/certs/supermq-server/tls.key; ssl_client_certificate /etc/ssl/certs/ca.crt; # FIXME # ssl_crl /etc/ssl/certs/crl.pem; @@ -457,8 +457,8 @@ spec: - mountPath: /etc/ssl/certs/ca.crt name: ca subPath: ca.crt - - mountPath: /etc/ssl/certs/magistrala-server - name: magistrala-server + - mountPath: /etc/ssl/certs/supermq-server + name: supermq-server dnsPolicy: ClusterFirst restartPolicy: Always shareProcessNamespace: true @@ -485,7 +485,7 @@ spec: - name: ca secret: secretName: {{ .Values.nginxInternal.mtls.intermediateCrt }} - - name: magistrala-server + - name: supermq-server secret: secretName: {{ .Values.nginxInternal.mtls.tls }} --- diff --git a/charts/magistrala/templates/spicedb-deployment.yaml b/charts/supermq/templates/spicedb-deployment.yaml similarity index 100% rename from charts/magistrala/templates/spicedb-deployment.yaml rename to charts/supermq/templates/spicedb-deployment.yaml diff --git a/charts/magistrala/templates/spicedb-envoy-config.yaml b/charts/supermq/templates/spicedb-envoy-config.yaml similarity index 100% rename from charts/magistrala/templates/spicedb-envoy-config.yaml rename to charts/supermq/templates/spicedb-envoy-config.yaml diff --git a/charts/magistrala/templates/spicedb-envoy-deployment.yaml b/charts/supermq/templates/spicedb-envoy-deployment.yaml similarity index 100% rename from charts/magistrala/templates/spicedb-envoy-deployment.yaml rename to charts/supermq/templates/spicedb-envoy-deployment.yaml diff --git a/charts/magistrala/templates/spicedb-envoy-service.yaml b/charts/supermq/templates/spicedb-envoy-service.yaml similarity index 100% rename from charts/magistrala/templates/spicedb-envoy-service.yaml rename to charts/supermq/templates/spicedb-envoy-service.yaml diff --git a/charts/magistrala/templates/spicedb-migration-job.yaml b/charts/supermq/templates/spicedb-migration-job.yaml similarity index 100% rename from charts/magistrala/templates/spicedb-migration-job.yaml rename to charts/supermq/templates/spicedb-migration-job.yaml diff --git a/charts/supermq/templates/spicedb-schema.yaml b/charts/supermq/templates/spicedb-schema.yaml new file mode 100644 index 00000000..7afc1ced --- /dev/null +++ b/charts/supermq/templates/spicedb-schema.yaml @@ -0,0 +1,528 @@ +{{- define "spicedb.schema.zed" -}} + +definition user {} + + +definition role { + relation entity: domain | group | channel | client + relation member: user + relation built_in_role: domain | group | channel | client + + permission delete = entity->manage_role_permission - built_in_role->manage_role_permission + permission update = entity->manage_role_permission - built_in_role->manage_role_permission + permission read = entity->manage_role_permission - built_in_role->manage_role_permission + + permission add_user = entity->add_role_users_permission + permission remove_user = entity->remove_role_users_permission + permission view_user = entity->view_role_users_permission +} + +definition client { + relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain + relation parent_group: group + + relation update: role#member + relation read: role#member + relation delete: role#member + relation set_parent_group: role#member + relation connect_to_channel: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + permission update_permission = update + parent_group->client_update_permission + domain->client_update_permission + permission read_permission = read + parent_group->client_read_permission + domain->client_read_permission + permission delete_permission = delete + parent_group->client_delete_permission + domain->client_delete_permission + permission set_parent_group_permission = set_parent_group + parent_group->client_set_parent_group_permission + domain->client_set_parent_group_permission + permission connect_to_channel_permission = connect_to_channel + parent_group->client_connect_to_channel + domain->client_connect_to_channel_permission + + permission manage_role_permission = manage_role + parent_group->client_manage_role_permission + domain->client_manage_role_permission + permission add_role_users_permission = add_role_users + parent_group->client_add_role_users_permission + domain->client_add_role_users_permission + permission remove_role_users_permission = remove_role_users + parent_group->client_remove_role_users_permission + domain->client_remove_role_users_permission + permission view_role_users_permission = view_role_users + parent_group->client_view_role_users_permission + domain->client_view_role_users_permission +} + +definition channel { + relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it safe to add domain + relation parent_group: group + + relation update: role#member + relation read: role#member + relation delete: role#member + relation set_parent_group: role#member + relation connect_to_client: role#member + relation publish: role#member | client + relation subscribe: role#member | client + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + permission update_permission = update + parent_group->channel_update_permission + domain->channel_update_permission + permission read_permission = read + parent_group->channel_read_permission + domain->channel_read_permission + permission delete_permission = delete + parent_group->channel_delete_permission + domain->channel_delete_permission + permission set_parent_group_permission = set_parent_group + parent_group->channel_set_parent_group_permission + domain->channel_set_parent_group_permission + permission connect_to_client_permission = connect_to_client + parent_group->channel_connect_to_client_permission + domain->channel_connect_to_client + permission publish_permission = publish + parent_group->channel_publish_permission + domain->channel_publish_permission + permission subscribe_permission = subscribe + parent_group->channel_subscribe_permission + domain->channel_subscribe_permission + + permission manage_role_permission = manage_role + parent_group->channel_manage_role_permission + domain->channel_manage_role_permission + permission add_role_users_permission = add_role_users + parent_group->channel_add_role_users_permission + domain->channel_add_role_users_permission + permission remove_role_users_permission = remove_role_users + parent_group->channel_remove_role_users_permission + domain->channel_remove_role_users_permission + permission view_role_users_permission = view_role_users + parent_group->channel_view_role_users_permission + domain->channel_view_role_users_permission +} + +definition group { + relation domain: domain // This can't be clubbed with parent_group, but if parent_group is unassigned then we could not track belongs to which domain, so it is safe to add domain + relation parent_group: group + + relation update: role#member + relation read: role#member + relation membership: role#member + relation delete: role#member + relation set_child: role#member + relation set_parent: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + relation client_create: role#member + relation channel_create: role#member + // this allows to add parent for group during the new group creation + relation subgroup_create: role#member + relation subgroup_client_create: role#member + relation subgroup_channel_create: role#member + + relation client_update: role#member + relation client_read: role#member + relation client_delete: role#member + relation client_set_parent_group: role#member + relation client_connect_to_channel: role#member + + relation client_manage_role: role#member + relation client_add_role_users: role#member + relation client_remove_role_users: role#member + relation client_view_role_users: role#member + + relation channel_update: role#member + relation channel_read: role#member + relation channel_delete: role#member + relation channel_set_parent_group: role#member + relation channel_connect_to_client: role#member + relation channel_publish: role#member + relation channel_subscribe: role#member + + relation channel_manage_role: role#member + relation channel_add_role_users: role#member + relation channel_remove_role_users: role#member + relation channel_view_role_users: role#member + + relation subgroup_update: role#member + relation subgroup_read: role#member + relation subgroup_membership: role#member + relation subgroup_delete: role#member + relation subgroup_set_child: role#member + relation subgroup_set_parent: role#member + + relation subgroup_manage_role: role#member + relation subgroup_add_role_users: role#member + relation subgroup_remove_role_users: role#member + relation subgroup_view_role_users: role#member + + relation subgroup_client_update: role#member + relation subgroup_client_read: role#member + relation subgroup_client_delete: role#member + relation subgroup_client_set_parent_group: role#member + relation subgroup_client_connect_to_channel: role#member + + relation subgroup_client_manage_role: role#member + relation subgroup_client_add_role_users: role#member + relation subgroup_client_remove_role_users: role#member + relation subgroup_client_view_role_users: role#member + + relation subgroup_channel_update: role#member + relation subgroup_channel_read: role#member + relation subgroup_channel_delete: role#member + relation subgroup_channel_set_parent_group: role#member + relation subgroup_channel_connect_to_client: role#member + relation subgroup_channel_publish: role#member + relation subgroup_channel_subscribe: role#member + + relation subgroup_channel_manage_role: role#member + relation subgroup_channel_add_role_users: role#member + relation subgroup_channel_remove_role_users: role#member + relation subgroup_channel_view_role_users: role#member + + // Subgroup permission + permission subgroup_create_permission = subgroup_create + parent_group->subgroup_create_permission + permission subgroup_client_create_permission = subgroup_client_create + parent_group->subgroup_client_create_permission + permission subgroup_channel_create_permission = subgroup_channel_create + parent_group->subgroup_channel_create_permission + + permission subgroup_update_permission = subgroup_update + parent_group->subgroup_update_permission + permission subgroup_membership_permission = subgroup_membership + parent_group->subgroup_membership_permission + permission subgroup_read_permission = subgroup_read + parent_group->subgroup_read_permission + permission subgroup_delete_permission = subgroup_delete + parent_group->subgroup_delete_permission + permission subgroup_set_child_permission = subgroup_set_child + parent_group->subgroup_set_child_permission + permission subgroup_set_parent_permission = subgroup_set_parent + parent_group->subgroup_set_parent_permission + + permission subgroup_manage_role_permission = subgroup_manage_role + parent_group->subgroup_manage_role_permission + permission subgroup_add_role_users_permission = subgroup_add_role_users + parent_group->subgroup_add_role_users_permission + permission subgroup_remove_role_users_permission = subgroup_remove_role_users + parent_group->subgroup_remove_role_users_permission + permission subgroup_view_role_users_permission = subgroup_view_role_users + parent_group->subgroup_view_role_users_permission + + // Group permission + permission update_permission = update + parent_group->subgroup_create_permission + domain->group_update_permission + permission membership_permission = membership + parent_group->subgroup_membership_permission + domain->group_membership_permission + permission read_permission = read + parent_group->subgroup_read_permission + domain->group_read_permission + permission delete_permission = delete + parent_group->subgroup_delete_permission + domain->group_delete_permission + permission set_child_permission = set_child + parent_group->subgroup_set_child_permission + domain->group_set_child + permission set_parent_permission = set_parent + parent_group->subgroup_set_parent_permission + domain->group_set_parent + + permission manage_role_permission = manage_role + parent_group->subgroup_manage_role_permission + domain->group_manage_role_permission + permission add_role_users_permission = add_role_users + parent_group->subgroup_add_role_users_permission + domain->group_add_role_users_permission + permission remove_role_users_permission = remove_role_users + parent_group->subgroup_remove_role_users_permission + domain->group_remove_role_users_permission + permission view_role_users_permission = view_role_users + parent_group->subgroup_view_role_users_permission + domain->group_view_role_users_permission + + // Subgroup clients permission + permission subgroup_client_update_permission = subgroup_client_update + parent_group->subgroup_client_update_permission + permission subgroup_client_read_permission = subgroup_client_read + parent_group->subgroup_client_read_permission + permission subgroup_client_delete_permission = subgroup_client_delete + parent_group->subgroup_client_delete_permission + permission subgroup_client_set_parent_group_permission = subgroup_client_set_parent_group + parent_group->subgroup_client_set_parent_group_permission + permission subgroup_client_connect_to_channel_permission = subgroup_client_connect_to_channel + parent_group->subgroup_client_connect_to_channel_permission + + permission subgroup_client_manage_role_permission = subgroup_client_manage_role + parent_group->subgroup_client_manage_role_permission + permission subgroup_client_add_role_users_permission = subgroup_client_add_role_users + parent_group->subgroup_client_add_role_users_permission + permission subgroup_client_remove_role_users_permission = subgroup_client_remove_role_users + parent_group->subgroup_client_remove_role_users_permission + permission subgroup_client_view_role_users_permission = subgroup_client_view_role_users + parent_group->subgroup_client_view_role_users_permission + + // Group clients permission + permission client_create_permission = client_create + parent_group->subgroup_client_create + domain->client_create_permission + permission client_update_permission = client_update + parent_group->subgroup_client_update + domain->client_update_permission + permission client_read_permission = client_read + parent_group->subgroup_client_read + domain->client_read_permission + permission client_delete_permission = client_delete + parent_group->subgroup_client_delete + domain->client_delete_permission + permission client_set_parent_group_permission = client_set_parent_group + parent_group->subgroup_client_set_parent_group + domain->client_set_parent_group_permission + permission client_connect_to_channel_permission = client_connect_to_channel + parent_group->subgroup_client_connect_to_channel + domain->client_connect_to_channel_permission + + permission client_manage_role_permission = client_manage_role + parent_group->subgroup_client_manage_role + domain->client_manage_role_permission + permission client_add_role_users_permission = client_add_role_users + parent_group->subgroup_client_add_role_users + domain->client_add_role_users_permission + permission client_remove_role_users_permission = client_remove_role_users + parent_group->subgroup_client_remove_role_users + domain->client_remove_role_users_permission + permission client_view_role_users_permission = client_view_role_users + parent_group->subgroup_client_view_role_users + domain->client_view_role_users_permission + + // Subgroup channels permission + permission subgroup_channel_update_permission = subgroup_channel_update + parent_group->subgroup_channel_update_permission + permission subgroup_channel_read_permission = subgroup_channel_read + parent_group->subgroup_channel_read_permission + permission subgroup_channel_delete_permission = subgroup_channel_delete + parent_group->subgroup_channel_delete_permission + permission subgroup_channel_set_parent_group_permission = subgroup_channel_set_parent_group + parent_group->subgroup_channel_set_parent_group_permission + permission subgroup_channel_connect_to_client_permission = subgroup_channel_connect_to_client + parent_group->subgroup_channel_connect_to_client_permission + permission subgroup_channel_publish_permission = subgroup_channel_publish + parent_group->subgroup_channel_publish_permission + permission subgroup_channel_subscribe_permission = subgroup_channel_subscribe + parent_group->subgroup_channel_subscribe_permission + + permission subgroup_channel_manage_role_permission = subgroup_channel_manage_role + parent_group->subgroup_channel_manage_role_permission + permission subgroup_channel_add_role_users_permission = subgroup_channel_add_role_users + parent_group->subgroup_channel_add_role_users_permission + permission subgroup_channel_remove_role_users_permission = subgroup_channel_remove_role_users + parent_group->subgroup_channel_remove_role_users_permission + permission subgroup_channel_view_role_users_permission = subgroup_channel_view_role_users + parent_group->subgroup_channel_view_role_users_permission + + // Group channels permission + permission channel_create_permission = channel_create + parent_group->subgroup_channel_create_permission + domain->channel_create_permission + permission channel_update_permission = channel_update + parent_group->subgroup_channel_update + domain->channel_update_permission + permission channel_read_permission = channel_read + parent_group->subgroup_channel_read + domain->channel_read_permission + permission channel_delete_permission = channel_delete + parent_group->subgroup_channel_delete_permission + domain->channel_delete_permission + permission channel_set_parent_group_permission = channel_set_parent_group + parent_group->subgroup_channel_set_parent_group + domain->channel_set_parent_group_permission + permission channel_connect_to_client_permission = channel_connect_to_client + parent_group->subgroup_channel_connect_to_client + domain->channel_connect_to_client_permission + permission channel_publish_permission = channel_publish + parent_group->subgroup_channel_publish + domain->channel_publish_permission + permission channel_subscribe_permission = channel_subscribe + parent_group->subgroup_channel_subscribe + domain->channel_subscribe_permission + + permission channel_manage_role_permission = channel_manage_role + parent_group->subgroup_channel_manage_role + domain->channel_manage_role_permission + permission channel_add_role_users_permission = channel_add_role_users + parent_group->subgroup_channel_add_role_users + domain->channel_add_role_users_permission + permission channel_remove_role_users_permission = channel_remove_role_users + parent_group->subgroup_channel_remove_role_users + domain->channel_remove_role_users_permission + permission channel_view_role_users_permission = channel_view_role_users + parent_group->subgroup_channel_view_role_users + domain->channel_view_role_users_permission + + +} + +definition domain { + //Replace platform with organization in future + relation organization: platform + relation team: team + + relation update: role#member | team#member + relation enable: role#member | team#member + relation disable: role#member | team#member + relation read: role#member | team#member + relation delete: role#member | team#member + + relation manage_role: role#member | team#member + relation add_role_users: role#member | team#member + relation remove_role_users: role#member | team#member + relation view_role_users: role#member | team#member + + relation client_create: role#member | team#member + relation channel_create: role#member | team#member + relation group_create: role#member | team#member + + relation client_update: role#member | team#member + relation client_read: role#member | team#member + relation client_delete: role#member | team#member + relation client_set_parent_group: role#member | team#member + relation client_connect_to_channel: role#member | team#member + + relation client_manage_role: role#member | team#member + relation client_add_role_users: role#member | team#member + relation client_remove_role_users: role#member | team#member + relation client_view_role_users: role#member | team#member + + relation channel_update: role#member | team#member + relation channel_read: role#member | team#member + relation channel_delete: role#member | team#member + relation channel_set_parent_group: role#member | team#member + relation channel_connect_to_client: role#member | team#member + relation channel_publish: role#member | team#member + relation channel_subscribe: role#member | team#member + + relation channel_manage_role: role#member | team#member + relation channel_add_role_users: role#member | team#member + relation channel_remove_role_users: role#member | team#member + relation channel_view_role_users: role#member | team#member + + relation group_update: role#member | team#member + relation group_membership: role#member | team#member + relation group_read: role#member | team#member + relation group_delete: role#member | team#member + relation group_set_child: role#member | team#member + relation group_set_parent: role#member | team#member + + relation group_manage_role: role#member | team#member + relation group_add_role_users: role#member | team#member + relation group_remove_role_users: role#member | team#member + relation group_view_role_users: role#member | team#member + + permission update_permission = update + team->domain_update + organization->admin + permission read_permission = read + team->domain_read + organization->admin + permission enable_permission = enable + team->domain_update + organization->admin + permission disable_permission = disable + team->domain_update + organization->admin + permission delete_permission = delete + team->domain_delete + organization->admin + + permission manage_role_permission = manage_role + team->domain_manage_role + organization->admin + permission add_role_users_permission = add_role_users + team->domain_add_role_users + organization->admin + permission remove_role_users_permission = remove_role_users + team->domain_remove_role_users + organization->admin + permission view_role_users_permission = view_role_users + team->domain_view_role_users + organization->admin + + permission membership = read + update + enable + disable + delete + + manage_role + add_role_users + remove_role_users + view_role_users + + client_create + channel_create + group_create + + client_update + client_read + client_delete + client_set_parent_group + client_connect_to_channel + + client_manage_role + client_add_role_users + client_remove_role_users + client_view_role_users + + channel_update + channel_read + channel_delete + channel_set_parent_group + channel_connect_to_client + channel_publish + channel_subscribe + + channel_manage_role + channel_add_role_users + channel_remove_role_users + channel_view_role_users + + group_update + group_membership + group_read + group_delete + group_set_child + group_set_parent + + group_manage_role + group_add_role_users + group_remove_role_users + group_view_role_users + + permission admin = read & update & enable & disable & delete & manage_role & add_role_users & remove_role_users & view_role_users + + permission client_create_permission = client_create + team->client_create + organization->admin + permission channel_create_permission = channel_create + team->channel_create + organization->admin + permission group_create_permission = group_create + team->group_create + organization->admin + + permission client_update_permission = client_update + team->client_update + organization->admin + permission client_read_permission = client_read + team->client_read + organization->admin + permission client_delete_permission = client_delete + team->client_delete + organization->admin + permission client_set_parent_group_permission = client_set_parent_group + team->client_set_parent_group + organization->admin + permission client_connect_to_channel_permission = client_connect_to_channel + team->client_connect_to_channel + organization->admin + + permission client_manage_role_permission = client_manage_role + team->client_manage_role + organization->admin + permission client_add_role_users_permission = client_add_role_users + team->client_add_role_users + organization->admin + permission client_remove_role_users_permission = client_remove_role_users + team->client_remove_role_users + organization->admin + permission client_view_role_users_permission = client_view_role_users + team->client_view_role_users + organization->admin + + permission channel_update_permission = channel_update + team->channel_update + organization->admin + permission channel_read_permission = channel_read + team->channel_read + organization->admin + permission channel_delete_permission = channel_delete + team->channel_delete + organization->admin + permission channel_set_parent_group_permission = channel_set_parent_group + team->channel_set_parent_group + organization->admin + permission channel_connect_to_client_permission = channel_connect_to_client + team->channel_connect_to_client + organization->admin + permission channel_publish_permission = channel_publish + team->channel_publish + organization->admin + permission channel_subscribe_permission = channel_subscribe + team->channel_subscribe + organization->admin + + permission channel_manage_role_permission = channel_manage_role + team->channel_manage_role + organization->admin + permission channel_add_role_users_permission = channel_add_role_users + team->channel_add_role_users + organization->admin + permission channel_remove_role_users_permission = channel_remove_role_users + team->channel_remove_role_users + organization->admin + permission channel_view_role_users_permission = channel_view_role_users + team->channel_view_role_users + organization->admin + + permission group_update_permission = group_update + team->group_update + organization->admin + permission group_membership_permission = group_membership + team->group_membership + organization->admin + permission group_read_permission = group_read + team->group_read + organization->admin + permission group_delete_permission = group_delete + team->group_delete + organization->admin + permission group_set_child_permission = group_set_child + team->group_set_child + organization->admin + permission group_set_parent_permission = group_set_parent + team->group_set_parent + organization->admin + + permission group_manage_role_permission = group_manage_role + team->group_manage_role + organization->admin + permission group_add_role_users_permission = group_add_role_users + team->group_add_role_users + organization->admin + permission group_remove_role_users_permission = group_remove_role_users + team->group_remove_role_users + organization->admin + permission group_view_role_users_permission = group_view_role_users + team->group_view_role_users + organization->admin + +} + +// Add this relation and permission in future while adding organization +definition team { + relation organization: organization + relation parent_team: team + + relation delete: role#member + relation enable: role#member | team#member + relation disable: role#member | team#member + relation update: role#member + relation read: role#member + + relation set_parent: role#member + relation set_child: role#member + + relation member: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + relation subteam_delete: role#member + relation subteam_update: role#member + relation subteam_read: role#member + + relation subteam_member: role#member + + relation subteam_set_child: role#member + relation subteam_set_parent: role#member + + relation subteam_manage_role: role#member + relation subteam_add_role_users: role#member + relation subteam_remove_role_users: role#member + relation subteam_view_role_users: role#member + + // Domain related permission + + relation domain_update: role#member | team#member + relation domain_read: role#member | team#member + relation domain_membership: role#member | team#member + relation domain_delete: role#member | team#member + + relation domain_manage_role: role#member | team#member + relation domain_add_role_users: role#member | team#member + relation domain_remove_role_users: role#member | team#member + relation domain_view_role_users: role#member | team#member + + relation client_create: role#member | team#member + relation channel_create: role#member | team#member + relation group_create: role#member | team#member + + relation client_update: role#member | team#member + relation client_read: role#member | team#member + relation client_delete: role#member | team#member + relation client_set_parent_group: role#member | team#member + relation client_connect_to_channel: role#member | team#member + + relation client_manage_role: role#member | team#member + relation client_add_role_users: role#member | team#member + relation client_remove_role_users: role#member | team#member + relation client_view_role_users: role#member | team#member + + relation channel_update: role#member | team#member + relation channel_read: role#member | team#member + relation channel_delete: role#member | team#member + relation channel_set_parent_group: role#member | team#member + relation channel_connect_to_client: role#member | team#member + relation channel_publish: role#member | team#member + relation channel_subscribe: role#member | team#member + + relation channel_manage_role: role#member | team#member + relation channel_add_role_users: role#member | team#member + relation channel_remove_role_users: role#member | team#member + relation channel_view_role_users: role#member | team#member + + relation group_update: role#member | team#member + relation group_membership: role#member | team#member + relation group_read: role#member | team#member + relation group_delete: role#member | team#member + relation group_set_child: role#member | team#member + relation group_set_parent: role#member | team#member + + relation group_manage_role: role#member | team#member + relation group_add_role_users: role#member | team#member + relation group_remove_role_users: role#member | team#member + relation group_view_role_users: role#member | team#member + + permission delete_permission = delete + organization->team_delete + parent_team->subteam_delete + organization->admin + permission update_permission = update + organization->team_update + parent_team->subteam_update + organization->admin + permission read_permission = read + organization->team_read + parent_team->subteam_read + organization->admin + + permission set_parent_permission = set_parent + organization->team_set_parent + parent_team->subteam_set_parent + organization->admin + permission set_child_permisssion = set_child + organization->team_set_child + parent_team->subteam_set_child + organization->admin + + permission membership = member + organization->team_member + parent_team->subteam_member + organization->admin + + permission manage_role_permission = manage_role + organization->team_manage_role + parent_team->subteam_manage_role + organization->admin + permission add_role_users_permission = add_role_users + organization->team_add_role_users + parent_team->subteam_add_role_users + organization->admin + permission remove_role_users_permission = remove_role_users + organization->team_remove_role_users + parent_team->subteam_remove_role_users + organization->admin + permission view_role_users_permission = view_role_users + organization->team_view_role_users + parent_team->subteam_view_role_users + organization->admin +} + + +definition organization { + relation platform: platform + relation administrator: user + + relation delete: role#member + relation update: role#member + relation read: role#member + + relation member: role#member + + relation manage_role: role#member + relation add_role_users: role#member + relation remove_role_users: role#member + relation view_role_users: role#member + + relation team_create: role#member + + relation team_delete: role#member + relation team_update: role#member + relation team_read: role#member + + relation team_member: role#member // Will be member of all the teams in the organization + + relation team_set_child: role#member + relation team_set_parent: role#member + + relation team_manage_role: role#member + relation team_add_role_users: role#member + relation team_remove_role_users: role#member + relation team_view_role_users: role#member + + permission admin = administrator + platform->administrator + permission delete_permission = admin + delete->member + permission update_permission = admin + update->member + permission read_permission = admin + read->member + + permission membership = admin + member->member + + permission team_create_permission = admin + team_create->member + + permission manage_role_permission = admin + manage_role + permission add_role_users_permisson = admin + add_role_users + permission remove_role_users_permission = admin + remove_role_users + permission view_role_users_permission = admin + view_role_users +} + + +definition platform { + relation administrator: user + relation member: user + + permission admin = administrator + permission membership = administrator + member +} + + +{{- end -}} diff --git a/charts/magistrala/templates/spicedb-service.yaml b/charts/supermq/templates/spicedb-service.yaml similarity index 100% rename from charts/magistrala/templates/spicedb-service.yaml rename to charts/supermq/templates/spicedb-service.yaml diff --git a/charts/magistrala/templates/ui-deployment.yaml b/charts/supermq/templates/ui-deployment.yaml similarity index 67% rename from charts/magistrala/templates/ui-deployment.yaml rename to charts/supermq/templates/ui-deployment.yaml index 479bce56..d7043eef 100644 --- a/charts/magistrala/templates/ui-deployment.yaml +++ b/charts/supermq/templates/ui-deployment.yaml @@ -28,61 +28,55 @@ spec: image: "{{ default (printf "%s/ui" .Values.defaults.image.rootRepository) .Values.ui.image.repository }}:{{ default .Values.defaults.image.tag .Values.ui.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.ui.image.pullPolicy }} env: - - name: MG_UI_LOG_LEVEL + - name: SMQ_UI_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.ui.logLevel | quote }} - - name: MG_UI_PORT + - name: SMQ_UI_PORT value: {{ .Values.ui.port | quote }} {{- $hostname := default (printf "https://%s" .Values.ingress.hostname) .Values.ui.hostname }} {{- if $hostname }} - - name: MG_UI_HOST_URL + - name: SMQ_UI_HOST_URL value: {{ $hostname | quote }} {{- end }} - - name: MG_UI_PATH_PREFIX + - name: SMQ_UI_PATH_PREFIX value: {{ .Values.ui.pathPrefix | quote }} - - name: MG_HTTP_ADAPTER_URL + - name: SMQ_HTTP_ADAPTER_URL value: {{ default (printf "http://%s-adapter-http:%s " .Release.Name (.Values.adapter_http.httpPort | toString )) .Values.ui.httpAdapterUrl }} - - name: MG_READER_URL - value: {{ default (printf "http://%s-timescaledb-reader:%s" .Release.Name (.Values.timescaledb.reader.http.port | toString )) .Values.ui.readerUrl }} - - name: MG_THINGS_URL - value: {{ default (printf "http://%s-things:%s" .Release.Name (.Values.things.httpPort | toString )) .Values.ui.thingsUrl }} - - name: MG_USERS_URL + - name: SMQ_THINGS_URL + value: {{ default (printf "http://%s-clients:%s" .Release.Name (.Values.clients.httpPort | toString )) .Values.ui.clientsUrl }} + - name: SMQ_USERS_URL value: {{ default (printf "http://%s-users:%s" .Release.Name (.Values.users.httpPort | toString )) .Values.ui.usersUrl }} - - name: MG_INVITATIONS_URL - value: {{ default (printf "http://%s-invitations:%s" .Release.Name (.Values.invitations.httpPort | toString )) .Values.ui.invitationsUrl }} - - name: MG_DOMAINS_URL + - name: SMQ_DOMAINS_URL value: {{ default (printf "http://%s-auth:%s" .Release.Name (.Values.auth.httpPort | toString )) .Values.ui.authUrl }} - - name: MG_BOOTSTRAP_URL - value: {{ default (printf "http://%s-bootstrap:%s" .Release.Name (.Values.bootstrap.httpPort | toString )) .Values.ui.bootstrapUrl }} - - name: MG_JOURNAL_URL + - name: SMQ_JOURNAL_URL value: {{ default (printf "http://%s-journal:%s" .Release.Name (.Values.journal.httpPort | toString )) .Values.ui.journalUrl }} - - name: MG_UI_CONTENT_TYPE + - name: SMQ_UI_CONTENT_TYPE value: {{ .Values.ui.contentType | quote }} - - name: MG_UI_DB_HOST + - name: SMQ_UI_DB_HOST {{- if .Values.postgresqlui.enabled }} value: {{ .Release.Name }}-postgresqlui {{- else }} value: {{ .Values.postgresqlui.host }} {{- end }} - - name: MG_UI_DB_PORT + - name: SMQ_UI_DB_PORT value: {{ .Values.postgresqlui.port | quote }} - - name: MG_UI_DB_USER + - name: SMQ_UI_DB_USER value: {{ .Values.postgresqlui.username | quote }} - - name: MG_UI_DB_PASS + - name: SMQ_UI_DB_PASS value: {{ .Values.postgresqlui.password | quote }} - - name: MG_UI_DB_NAME + - name: SMQ_UI_DB_NAME value: {{ .Values.postgresqlui.database | quote }} - - name: MG_GOOGLE_CLIENT_ID + - name: SMQ_GOOGLE_CLIENT_ID value: {{ .Values.ui.googleClientID | quote }} - - name: MG_GOOGLE_CLIENT_SECRET + - name: SMQ_GOOGLE_CLIENT_SECRET value: {{ .Values.ui.googleClientSecret | quote }} {{- $googleRedirectHostname := default (printf "https://%s" .Values.ingress.hostname) .Values.ui.googleRedirectHostname }} - - name: MG_GOOGLE_REDIRECT_URL + - name: SMQ_GOOGLE_REDIRECT_URL value: {{$googleRedirectHostname}}{{.Values.ui.googleRedirectPath }} - - name: MG_GOOGLE_STATE + - name: SMQ_GOOGLE_STATE value: {{ .Values.ui.googleState | quote }} - - name: MG_UI_HASH_KEY + - name: SMQ_UI_HASH_KEY value: {{ .Values.ui.hashKey | quote }} - - name: MG_UI_BLOCK_KEY + - name: SMQ_UI_BLOCK_KEY value: {{ .Values.ui.blockKey | quote }} ports: - containerPort: {{ .Values.ui.port }} diff --git a/charts/magistrala/templates/ui-service.yaml b/charts/supermq/templates/ui-service.yaml similarity index 100% rename from charts/magistrala/templates/ui-service.yaml rename to charts/supermq/templates/ui-service.yaml diff --git a/charts/magistrala/templates/users-deployment.yaml b/charts/supermq/templates/users-deployment.yaml similarity index 63% rename from charts/magistrala/templates/users-deployment.yaml rename to charts/supermq/templates/users-deployment.yaml index b1fb6f2a..0a3faff6 100644 --- a/charts/magistrala/templates/users-deployment.yaml +++ b/charts/supermq/templates/users-deployment.yaml @@ -46,52 +46,74 @@ spec: image: "{{ default (printf "%s/users" .Values.defaults.image.rootRepository) .Values.users.image.repository }}:{{ default .Values.defaults.image.tag .Values.users.image.tag }}" imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.users.image.pullPolicy }} env: - - name: MG_JAEGER_URL + - name: SMQ_JAEGER_URL value: "http://{{ .Values.jaeger.fullnameOverride }}-collector:{{ .Values.jaeger.collector.service.otlp.http.port }}/v1/traces" - - name: MG_JAEGER_TRACE_RATIO + - name: SMQ_JAEGER_TRACE_RATIO value: {{ default .Values.defaults.jaegerTraceRatio .Values.users.jaegerTraceRatio | quote }} - - name: MG_SEND_TELEMETRY + - name: SMQ_SEND_TELEMETRY value: {{ default .Values.defaults.sendTelemetry .Values.users.sendTelemetry | quote }} - - name: MG_ES_URL + - name: SMQ_ES_URL value: {{ .Values.defaults.eventStreamURL | quote }} - - name: MG_USERS_LOG_LEVEL + - name: SMQ_USERS_LOG_LEVEL value: {{ default .Values.defaults.logLevel .Values.users.logLevel | quote }} - - name: MG_USERS_HTTP_HOST + - name: SMQ_USERS_HTTP_HOST value: "0.0.0.0" - - name: MG_USERS_HTTP_PORT + - name: SMQ_USERS_HTTP_PORT value: {{ .Values.users.httpPort | quote }} - - name: MG_TOKEN_RESET_ENDPOINT + - name: SMQ_TOKEN_RESET_ENDPOINT value: {{ .Values.users.tokenResetEndpoint | quote }} - - name: MG_USERS_ADMIN_EMAIL - value: {{ .Values.users.adminEmail | quote }} - - name: MG_USERS_ADMIN_PASSWORD - value: {{ .Values.users.adminPassword | quote }} - - name: MG_USERS_SECRET_KEY + - name: SMQ_USERS_ADMIN_EMAIL + value: {{ .Values.users.admin.email | quote }} + - name: SMQ_USERS_ADMIN_PASSWORD + value: {{ .Values.users.admin.password | quote }} + - name: SMQ_USERS_ADMIN_USERNAME + value: {{ .Values.users.admin.username | quote }} + - name: SMQ_USERS_ADMIN_FIRST_NAME + value: {{ .Values.users.admin.firstname | quote }} + - name: SMQ_USERS_ADMIN_LAST_NAME + value: {{ .Values.users.admin.lastname | quote }} + - name: SMQ_USERS_ACCESS_TOKEN_DURATION + value: {{ .Values.users.accessTokenDuration | quote }} + - name: SMQ_USERS_REFRESH_TOKEN_DURATION + value: {{ .Values.users.refreshTokenDuration | quote }} + - name: SMQ_USERS_SECRET_KEY value: {{ .Values.users.secretKey | quote }} - - name: MG_USERS_PASS_REGEX + - name: SMQ_USERS_PASS_REGEX value: {{ .Values.users.passwordRegex | quote }} - - name: MG_USERS_ALLOW_SELF_REGISTER + - name: SMQ_USERS_ALLOW_SELF_REGISTER value: {{ .Values.users.allowSelfRegister | quote }} - - name: MG_USERS_DELETE_INTERVAL + - name: SMQ_USERS_DELETE_INTERVAL value: {{ .Values.users.deleteInterval | quote }} - - name: MG_USERS_DELETE_AFTER + - name: SMQ_USERS_DELETE_AFTER value: {{ .Values.users.deleteAfter | quote }} - - name: MG_USERS_DB_HOST + - name: SMQ_DOMAINS_GRPC_CLIENT_KEY + value: {{ .Values.domains.grpcClientKey | quote }} + - name: SMQ_DOMAINS_GRPC_CLIENT_CERT + value: {{ .Values.domains.grpcClientCert | quote }} + - name: SMQ_DOMAINS_GRPC_TIMEOUT + value: {{ .Values.domains.grpcTimeout | quote }} + - name: SMQ_DOMAINS_GRPC_URL + value: http://{{ .Release.Name }}-envoy:{{ .Values.domains.grpcPort }} + - name: SMQ_USERS_DB_HOST {{- if .Values.postgresqlusers.enabled }} value: "{{ .Release.Name }}-postgresqlusers" {{- else }} value: {{ .Values.postgresqlusers.host | quote }} {{- end }} - - name: MG_USERS_DB_PORT + - name: SMQ_USERS_DB_PORT value: {{ .Values.postgresqlusers.port | quote }} - - name: MG_USERS_DB_NAME + - name: SMQ_USERS_DB_NAME value: {{ .Values.postgresqlusers.database | quote }} - - name: MG_USERS_DB_USER + - name: SMQ_USERS_DB_USER value: {{ .Values.postgresqlusers.username | quote }} - - name: MG_USERS_DB_PASS + - name: SMQ_USERS_DB_PASS value: {{ .Values.postgresqlusers.password | quote }} - - name : MG_AUTH_GRPC_URL + - name : SMQ_AUTH_GRPC_URL value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_SPICEDB_HOST + value: {{ .Release.Name }}-spicedb-envoy + - name: SMQ_SPICEDB_PORT + value: {{ .Values.spicedb.grpc.port | quote}} ports: - containerPort: {{ .Values.users.httpPort }} protocol: TCP diff --git a/charts/magistrala/templates/users-service.yaml b/charts/supermq/templates/users-service.yaml similarity index 100% rename from charts/magistrala/templates/users-service.yaml rename to charts/supermq/templates/users-service.yaml diff --git a/charts/supermq/templates/ws-deployment.yaml b/charts/supermq/templates/ws-deployment.yaml new file mode 100644 index 00000000..38c18954 --- /dev/null +++ b/charts/supermq/templates/ws-deployment.yaml @@ -0,0 +1,77 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-ws-adapter +spec: + replicas: {{ .Values.defaults.replicaCount }} + selector: + matchLabels: + app: {{ .Release.Name }} + component: ws-adapter + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "{{ .Values.adapter_ws.httpPort }}" + prometheus.io/scrape: "true" + labels: + app: {{ .Release.Name }} + component: ws-adapter + spec: + {{- with (default .Values.defaults.image.pullSecrets .Values.adapter_ws.image.pullSecrets) }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: ClusterFirst + restartPolicy: Always + containers: + - name: {{ .Release.Name }}-ws-adapter + image: "{{ default (printf "%s/ws" .Values.defaults.image.rootRepository) .Values.adapter_ws.image.repository }}:{{ default .Values.defaults.image.tag .Values.adapter_ws.image.tag }}" + imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.adapter_ws.image.pullPolicy }} + env: + - name: SMQ_WS_ADAPTER_LOG_LEVEL + value: {{ default .Values.defaults.logLevel .Values.adapter_ws.logLevel | quote }} + - name: SMQ_WS_ADAPTER_HTTP_HOST + value: "0.0.0.0" + - name: SMQ_WS_ADAPTER_HTTP_PORT + value: {{ .Values.adapter_ws.httpPort | quote }} + - name: SMQ_CLIENTS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.clients.authGrpcPort }} + - name: SMQ_CLIENTS_GRPC_TIMEOUT + value: {{ .Values.clients.grpcTimeout | quote }} + - name: SMQ_CHANNELS_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.channels.grpcPort }} + - name: SMQ_CHANNELS_GRPC_TIMEOUT + value: {{ .Values.channels.grpcTimeout | quote }} + - name: SMQ_AUTH_GRPC_URL + value: {{ .Release.Name }}-envoy:{{ .Values.auth.grpcPort }} + - name: SMQ_AUTH_GRPC_TIMEOUT + value: {{ .Values.auth.grpcTimeout | quote }} + - name: SMQ_MESSAGE_BROKER_URL + value: nats://{{ .Release.Name }}-nats:{{ .Values.defaults.natsPort }} + - name: SMQ_JAEGER_URL + value: "http://{{ .Release.Name }}-jaeger-collector:{{ .Values.defaults.jaegerCollectorPort }}/v1/traces" + - name: SMQ_JAEGER_TRACE_RATIO + value: {{ default .Values.defaults.jaegerTraceRatio .Values.adapter_ws.jaegerTraceRatio | quote }} + - name: SMQ_SEND_TELEMETRY + value: {{ default .Values.defaults.sendTelemetry .Values.adapter_ws.sendTelemetry | quote }} + - name: SMQ_ES_URL + value: {{ .Values.defaults.eventStreamURL | quote }} + ports: + - containerPort: {{ .Values.adapter_ws.httpPort | int }} + protocol: TCP + {{- with .Values.domains.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.domains.affinity }} + affinity: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.domains.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/supermq/templates/ws-service.yaml b/charts/supermq/templates/ws-service.yaml new file mode 100644 index 00000000..c1a759f3 --- /dev/null +++ b/charts/supermq/templates/ws-service.yaml @@ -0,0 +1,14 @@ +# Copyright (c) Abstract Machines +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-adapter-ws +spec: + selector: + app: {{ .Release.Name }} + component: adapter-ws + ports: + - port: {{ .Values.adapter_ws.httpPort }} + protocol: TCP diff --git a/charts/magistrala/values.yaml b/charts/supermq/values.yaml similarity index 51% rename from charts/magistrala/values.yaml rename to charts/supermq/values.yaml index 7790fe4c..50dd3eca 100644 --- a/charts/magistrala/values.yaml +++ b/charts/supermq/values.yaml @@ -1,14 +1,14 @@ -# Copyright (c) Magistrala +# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 # The explanations for optional configuration parameters described in the adapter_coap section # apply across other services where the same named configuration parameters are used. defaults: - logLevel: "info" + logLevel: "error" image: pullPolicy: "IfNotPresent" - rootRepository: "magistrala" + rootRepository: "supermq" tag: "latest" # pullSecrets: {} # Replicas of MQTT adapter, NATS, Things, Envoy and Auth @@ -17,79 +17,7 @@ defaults: jaegerCollectorPort: 4318 jaegerTraceRatio: 1.0 sendTelemetry: true - eventStreamURL: "magistrala-nats:4222" - -ingress: - enabled: true - annotations: {} - labels: {} - # Uncomment this block for TLS support in public ingress - # hostname: "" - # tls: - # hostname: "" - # secret: "magistrala-server" - -nginxInternal: - image: - pullPolicy: "IfNotPresent" - repository: "nginx" - tag: "1.19.1-alpine" - mtls: - # By default mTLS is disabled. If you use mTLS, comment this block. - tls: "" - intermediateCrt: "" - # Uncomment this block for TLS and mTLS support. - # Use sh script from /secrets/secrets.sh to create config maps with your certs - # tls: "magistrala-server" - # intermediateCrt: "ca" - -envoy: - image: - pullPolicy: "IfNotPresent" - repository: "envoyproxy/envoy" - tag: "v1.31-latest" - -jaeger: - fullnameOverride: magistrala-jaeger - provisionDataStore: - cassandra: true - agent: - enabled: false - allInOne: - enabled: false - storage: - type: cassandra - cassandra: - persistence: - enabled: true - storageClass: "do-block-storage" - accessModes: - - ReadWriteOnce - size: 10Gi - collector: - service: - otlp: - grpc: - name: otlp-grpc - port: 4317 - http: - name: otlp-http - port: 4318 - -nats: - config: - cluster: - enabled: false - replicas: 3 - jetstream: - enabled: true - fileStore: - enabled: true - pvc: - enabled: true - memoryStore: - enabled: true - maxSize: 2Gi + eventStreamURL: "supermq-nats:4222" adapter_coap: image: @@ -100,7 +28,7 @@ adapter_coap: # pullSecrets: # - my-registry-key - # repository: "magistrala" + # repository: "supermq" # The Docker repository where the adapter_coap image is stored. # Set this to your preferred image repository if you are using a custom image. @@ -113,6 +41,22 @@ adapter_coap: # Options are "Always", "IfNotPresent", or "Never". "IfNotPresent" is generally used to avoid unnecessary pulls. port: 5683 + # The primary port used by the CoAP adapter for communication. + # Default: 5683 (standard CoAP UDP port). + + jaegerTraceRatio: 1.0 + # Defines the fraction of requests to trace using Jaeger. Distributed tracing monitors requests across services. + # Value range: + # - 1.0: Trace all requests (100% sampling) + # - 0.5: Trace 50% of requests + # - 0.0: Disable tracing (0% sampling) + # Adjust this based on your observability needs and performance considerations. + + sendTelemetry: true + # Enables or disables telemetry data reporting. Telemetry collects metrics and events for monitoring. + # If true, the service will send telemetry data to the configured telemetry backend. + # Set to false if telemetry reporting is not required or should be disabled for privacy concerns. + # logLevel: "info" # The logging level for the adapter_coap service. Common options are "debug", "info", "warn", "error". # Adjust this based on the verbosity of logs you require. @@ -150,11 +94,11 @@ adapter_http: image: {} # pullSecrets: {} - # repository: "magistrala/adapter-http" + # repository: "supermq/adapter-http" # tag: "latest" # pullPolicy: "IfNotPresent" httpPort: 8008 - # logLevel: "info" + # logLevel: "error" # The logging level for the adapter_http service. Common options are "debug", "info", "warn", "error". # Adjust this based on the verbosity of logs you require. @@ -162,99 +106,39 @@ adapter_http: # affinity: {} # tolerations: {} -mqtt: - enabled: true - securityContext: - runAsUser: 10000 - runAsGroup: 10000 - fsGroup: 10000 - adapter: - image: - pullSecrets: {} - # repository: "magistrala/mqtt" - # tag: "latest" - # pullPolicy: "IfNotPresent" - mqttPort: 1884 - wsPort: 8081 - logLevel: "debug" - broker: - image: - repository: "magistrala/vernemq" - # tag: "latest" - # pullPolicy: "IfNotPresent" - mqttPort: 1883 - wsPort: 8080 - logLevel: "info" - persistentVolume: - size: 5Gi - redisESPort: 6379 - redisCachePort: 6379 - -spicedb: - # replicaCount: 1 +adapter_ws: image: - pullSecrets: {} - repository: authzed/spicedb - tag: latest + {} + # pullSecrets: {} + # repository: "supermq/ws" + # tag: "latest" # pullPolicy: "IfNotPresent" - grpc: - presharedKey: "helloworld" - port: 50051 - datastore: - ## engine can be any one of the two options: postgres (default) , memory - engine: postgres - dispatch: - port: 50053 - enabled: false - http: - enabled: false - port: 8443 - metrics: - enabled: true - port: 9090 - nodeSelector: {} - affinity: {} - tolerations: {} - -postgresqlspicedb: - ## If you want to use an external database, set this to false and change host & port - enabled: true - name: postgresql-spicedb - host: postgresql-spicedb - port: &postgresqlSpicedbPort 5432 - database: &postgresqlSpicedbDatabase spicedb - username: &postgresqlSpicedbUsername magistrala - password: &postgresqlSpicedbPassword magistrala - global: - postgresql: - auth: - postgresPassword: *postgresqlSpicedbPassword - username: *postgresqlSpicedbUsername - password: *postgresqlSpicedbPassword - database: *postgresqlSpicedbDatabase - service: - ports: - postgresql: *postgresqlSpicedbPort + # logLevel: "error" + httpPort: 8186 + # nodeSelector: {} + # affinity: {} + # tolerations: {} auth: - # logLevel: error image: {} # pullSecrets: {} - # rootRepository: "magistrala/auth" + # rootRepository: "supermq/auth" # tag: "latest" # pullPolicy: "IfNotPresent" - # Log level for the auth service. Common options are "debug", "info", "warn", "error". + # logLevel: error # jaegerTraceRatio: 1.0 # sendTelemetry: true - httpPort: 8189 - grpcPort: 8181 - secret: "supersecret" + httpPort: 9001 + grpcPort: 7001 + grpcTimeout: "300s" + secretKey: "supersecret" adminEmail: "admin@example.com" adminPassword: "12345678" accessTokenDuration: "1h" refreshTokenDuration: "24h" - invitationDuration: "168h" + grpcClientCert: "./ssl/certs/auth-grpc-client.crt" + grpcClientKey: "./ssl/certs/auth-grpc-client.key" nodeSelector: {} affinity: {} tolerations: {} @@ -266,8 +150,8 @@ postgresqlauth: host: postgresql-auth port: &postgresqlAuthPort 5432 database: &postgresqlAuthDatabase auth - username: &postgresqlAuthUsername magistrala - password: &postgresqlAuthPassword magistrala + username: &postgresqlAuthUsername supermq + password: &postgresqlAuthPassword supermq global: postgresql: auth: @@ -279,76 +163,123 @@ postgresqlauth: ports: postgresql: *postgresqlAuthPort -users: +certs: + enabled: true image: {} # pullSecrets: {} - # repository: "magistrala/users" + # repository: "supermq/certs" # tag: "latest" # pullPolicy: "IfNotPresent" # jaegerTraceRatio: 1.0 + # logLevel: error # sendTelemetry: true - # logLevel: "info" - httpPort: 9002 - grpcPort: 7001 - adminEmail: "admin@example.com" - adminPassword: "12345678" - secretKey: "secretKey" - passwordRegex: "^.{8,}$" - tokenResetEndpoint: "/reset-request" - allowSelfRegister: true - deleteInterval: "24h" - deleteAfter: "720h" - # nodeSelector: {} - # affinity: {} - # tolerations: {} + httpPort: 9019 + logLevel: "error" + signCAPath: "/etc/ssl/certs/ca.crt" + signCAKeyPath: "/etc/ssl/certs/ca.key" + sdkHost: "http://supermq-am-certs" + sdkCertsUrl: "${SMQ_CERTS_SDK_HOST}:9010" + sdkTlsVerification: "false" + vault: + url: "http://supermq-vault:8200" + approleRoleid: supermq + approleSecret: supermq + namespace: supermq + thingsCertsPkiPath: pki_int + thingsCertsPkiRoleName: supermq_things_certs -postgresqlusers: - ## If you want to use an external database, set this to false and change host & port +postgresqlcerts: + ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively enabled: true - name: postgresql-users - host: postgresql-users - port: &postgresqlUsersPort 5432 - database: &postgresqlUsersDatabase users - username: &postgresqlUsersUsername magistrala - password: &postgresqlUsersPassword magistrala + name: postgresql-certs + host: postgresql-certs + port: &postgresqlCertsPort 5432 + database: &postgresqlCertsDatabase certs + username: &postgresqlCertsUsername supermq + password: &postgresqlCertsPassword supermq global: postgresql: auth: - postgresPassword: *postgresqlUsersPassword - username: *postgresqlUsersUsername - password: *postgresqlUsersPassword - database: *postgresqlUsersDatabase + postgresPassword: *postgresqlCertsPassword + username: *postgresqlCertsUsername + password: *postgresqlCertsPassword + database: *postgresqlCertsDatabase service: ports: - postgresql: *postgresqlUsersPort + postgresql: *postgresqlCertsPort -things: +channels: image: {} # pullSecrets: {} - # repository: "magistrala/things" + # repository: "supermq/channels" # tag: "latest" # pullPolicy: "IfNotPresent" - httpPort: 9000 - authGrpcPort: 7000 + # sendTelemetry: true + # logLevel: error + # jaegerTraceRatio: 1.0 + httpPort: 9005 + grpcPort: 7005 + grpcTimeout: "1s" + grpcClientCert: "./ssl/certs/channels-grpc-client.crt" + grpcClientKey: "./ssl/certs/channels-grpc-client.key" + grpcServerCert: "./ssl/certs/channels-grpc-server.crt" + grpcServerKey: "./ssl/certs/channels-grpc-server.key" + grpcClientCaCerts: "./ssl/certs/ca.crt" + +postgresqlchannels: + enabled: true + name: postgresql-channels + host: channels-db + port: &postgresqlChannelsPort 5432 + database: &postgresqlChannelsDatabase channels + username: &postgresqlChannelsUsername supermq + password: &postgresqlChannelsPassword supermq + global: + postgresql: + auth: + postgresPassword: *postgresqlChannelsPassword + username: *postgresqlChannelsUsername + password: *postgresqlChannelsPassword + database: *postgresqlChannelsDatabase + service: + ports: + postgresql: *postgresqlChannelsPort + +clients: + image: + {} + # pullSecrets: {} + # repository: "supermq/clients" + # tag: "latest" + # pullPolicy: "IfNotPresent" + # logLevel: error + # sendTelemetry: true + # jaegerTraceRatio: 1.0 + httpPort: 9006 + authGrpcPort: 7006 + grpcTimeout: "1s" + grpcClientCert: "./ssl/certs/clients-grpc-client.crt" + grpcClientKey: "./ssl/certs/clients-grpc-client.key" authHttpPort: 9001 redisESPort: 6379 redisCachePort: 6379 - # logLevel: "info" + cacheKeyduration: "10m" + # logLevel: "error" # nodeSelector: {} # affinity: {} # tolerations: {} -postgresqlthings: +postgresqlclients: ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively enabled: true - name: postgresql-things - host: postgresql-things + name: postgresql-clients + host: postgresql-clients port: &postgresqlThingsPort 5432 - database: &postgresqlThingsDatabase things - username: &postgresqlThingsUsername magistrala - password: &postgresqlThingsPassword magistrala + database: &postgresqlThingsDatabase clients + username: &postgresqlThingsUsername supermq + password: &postgresqlThingsPassword supermq global: postgresql: auth: @@ -360,143 +291,206 @@ postgresqlthings: ports: postgresql: *postgresqlThingsPort -redis-things: +redis-clients: volumePermissions: enabled: true cluster: enabled: false usePassword: false -bootstrap: - enabled: true - image: {} - # pullSecrets: {} - # repository: "magistrala/bootstrap" - # tag: "latest" - # pullPolicy: "IfNotPresent" - # jaegerTraceRatio: 1.0 - # sendTelemetry: true - # logLevel: "info" - httpPort: 9013 - redisESPort: 6379 - encKey: "randomstring" - eventConsumerName: EventConsumerByBootstrap - # nodeSelector: {} - # affinity: {} - # tolerations: {} - -postgresqlbootstrap: - ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively - enabled: true - name: postgresql-bootstrap - host: postgresql-bootstrap - port: &postgresqlBootstrapPort 5432 - database: &postgresqlBootstrapDatabase bootstrap - username: &postgresqlBootstrapUsername magistrala - password: &postgresqlBootstrapPassword magistrala - global: - postgresql: - auth: - postgresPassword: *postgresqlBootstrapPassword - username: *postgresqlBootstrapUsername - password: *postgresqlBootstrapPassword - database: *postgresqlBootstrapDatabase - service: - ports: - postgresql: *postgresqlBootstrapPort - -certs: - enabled: true +domains: image: {} # pullSecrets: {} - # repository: "magistrala/certs" + # repository: "supermq/domains" # tag: "latest" # pullPolicy: "IfNotPresent" - # jaegerTraceRatio: 1.0 # sendTelemetry: true - httpPort: 9019 - logLevel: "info" - signCAPath: "/etc/ssl/certs/ca.crt" - signCAKeyPath: "/etc/ssl/certs/ca.key" - vault: - url: "http://magistrala-vault:8200" - approleRoleid: magistrala - approleSecret: magistrala - namespace: magistrala - thingsCertsPkiPath: pki_int - thingsCertsPkiRoleName: magistrala_things_certs - -vault: - enabled: false - -postgresqlcerts: - ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively + httpPort: 9003 + grpcPort: 7003 + redisTCPPort: 6379 + cacheKeyduration: "10m" + grpcTimeout: "300s" + grpcClientCert: "./ssl/certs/domains-grpc-client.crt" + grpcClientCaCerts: "./ssl/certs/ca.crt" + +postgresqldomains: + ## If you want to use an external database, set this to false and change host & port enabled: true - name: postgresql-certs - host: postgresql-certs - port: &postgresqlCertsPort 5432 - database: &postgresqlCertsDatabase certs - username: &postgresqlCertsUsername magistrala - password: &postgresqlCertsPassword magistrala + name: postgresql-domains + host: postgresql-domains + port: &postgresqlDomainsPort 5432 + database: &postgresqlDomainsDatabase domains + username: &postgresqlDomainsUsername supermq + password: &postgresqlDomainsPassword supermq global: postgresql: auth: - postgresPassword: *postgresqlCertsPassword - username: *postgresqlCertsUsername - password: *postgresqlCertsPassword - database: *postgresqlCertsDatabase + postgresPassword: *postgresqlDomainsPassword + username: *postgresqlDomainsUsername + password: *postgresqlDomainsPassword + database: *postgresqlDomainsDatabase service: ports: - postgresql: *postgresqlCertsPort + postgresql: *postgresqlDomainsPort -invitations: +envoy: + image: + pullPolicy: "IfNotPresent" + repository: "envoyproxy/envoy" + tag: "v1.31-latest" + +fluent-bit: enabled: true + serviceAccount: + create: true + config: + inputs: | + [INPUT] + Name tail + Path /var/log/containers/*.log + Read_from_head true + Tag kube.* + filters: | + [FILTER] + Name kubernetes + Match kube.* + k8s-logging.exclude off + Buffer_Size 256k + outputs: | + [OUTPUT] + Name loki + Match * + Host supermq-loki.loki + Port 3100 + Uri /loki/api/v1/push + Labels job=fluent-bit + Label_Keys $kubernetes['namespace_name'], $kubernetes['pod_name'] + Line_Format json + Auto_Kubernetes_Labels off + resources: {} + +groups: image: {} # pullSecrets: {} - # repository: "magistrala/invitations" + # rootRepository: "supermq/groups" # tag: "latest" # pullPolicy: "IfNotPresent" - # jaegerTraceRatio: 1.0 + # logLevel: "error" # sendTelemetry: true - # logLevel: "info" - httpPort: 9020 - # nodeSelector: {} - # affinity: {} - # tolerations: {} - -postgresqlinvitations: - ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively + # jaegerTraceRatio: 1.0 + httpPort: 9004 + grpcPort: 7004 + grpcTimeout: "300s" + grpcClientCert: "./ssl/certs/groups-grpc-client.crt" + grpcClientKey: "./ssl/certs/groups-grpc-client.key" + grpcClientCaCerts: "./ssl/certs/ca.crt" + grpcServerCert: "./ssl/certs/groups-grpc-server.crt" + grpcServerKey: "./ssl/certs/groups-grpc-server.key" + +postgresqlgroups: enabled: true - name: postgresql-invitations - host: postgresql-invitations - port: &postgresqlInvitationsPort 5432 - database: &postgresqlInvitationsDatabase invitations - username: &postgresqlInvitationsUsername magistrala - password: &postgresqlInvitationsPassword magistrala + name: postgresql-groups + host: postgresql-groups + port: &postgresqlGroupsPort 5432 + database: &postgresqlGroupsDatabase groups + username: &postgresqlGroupsUsername supermq + password: &postgresqlGroupsPassword supermq global: postgresql: auth: - postgresPassword: *postgresqlInvitationsPassword - username: *postgresqlInvitationsUsername - password: *postgresqlInvitationsPassword - database: *postgresqlInvitationsDatabase + postgresPassword: *postgresqlGroupsPassword + username: *postgresqlGroupsUsername + password: *postgresqlGroupsPassword + database: *postgresqlGroupsDatabase service: ports: - postgresql: *postgresqlInvitationsPort + postgresql: *postgresqlGroupsPort + +grafana: + enabled: true + adminUser: "admin" + adminPassword: "12345678" + service: + type: LoadBalancer + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://supermq-prometheus-server:9200 + isDefault: true + - name: Loki + type: loki + access: proxy + url: http://supermq-loki.loki:3100 + isDefault: false + +ingress: + enabled: true + annotations: {} + labels: {} + # Uncomment this block for TLS support in public ingress + # hostname: "" + # tls: + # hostname: "" + # secret: "supermq-server" + +jaeger: + fullnameOverride: supermq-jaeger + provisionDataStore: + cassandra: true + agent: + enabled: false + allInOne: + enabled: false + storage: + type: cassandra + cassandra: + persistence: + enabled: true + storageClass: "do-block-storage" + accessModes: + - ReadWriteOnce + size: 10Gi + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "8Gi" + cpu: "4" + extraEnv: + - name: MAX_HEAP_SIZE + value: "4G" + - name: HEAP_NEWSIZE + value: "800M" + - name: JVM_OPTS + value: "-XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:ConcGCThreads=2 -XX:InitiatingHeapOccupancyPercent=70" + collector: + service: + otlp: + grpc: + name: otlp-grpc + port: 4317 + http: + name: otlp-http + port: 4318 journal: enabled: true image: {} # pullSecrets: {} - # repository: "magistrala/journal" + # repository: "supermq/journal" # tag: "latest" # pullPolicy: "IfNotPresent" # jaegerTraceRatio: 1.0 # sendTelemetry: true - # logLevel: "info" + # logLevel: "error" httpPort: 9021 # nodeSelector: {} # affinity: {} @@ -509,8 +503,8 @@ postgresqljournal: host: postgresql-journal port: &postgresqlJournalPort 5432 database: &postgresqlJournalDatabase journal - username: &postgresqlJournalUsername magistrala - password: &postgresqlJournalPassword magistrala + username: &postgresqlJournalUsername supermq + password: &postgresqlJournalPassword supermq global: postgresql: auth: @@ -522,84 +516,324 @@ postgresqljournal: ports: postgresql: *postgresqlJournalPort -timescaledb: - ## If you want to use an external database, set this to false and change host & port to external postgresql server host & port respectively +mqtt: enabled: true - name: timescalerw - host: timescalerw - port: &messagesRwTimescalePort 5432 - database: &messagesRwTimescaleDatabase messages - username: &messagesRwTimescaleUsername magistrala - password: &messagesRwTimescalePassword magistrala - reader: + securityContext: + runAsUser: 10000 + runAsGroup: 10000 + fsGroup: 10000 + adapter: image: - {} - # pullSecrets: {} - # repository: "magistrala/timescale-reader" + pullSecrets: {} + # repository: "supermq/mqtt" # tag: "latest" # pullPolicy: "IfNotPresent" - # jaegerTraceRatio: 1.0 - # sendTelemetry: true - # logLevel: "info" - enabled: true - http: {port: 9011} - # nodeSelector: {} - # affinity: {} - # tolerations: {} - writer: + mqttPort: 1884 + wsPort: 8081 + logLevel: "error" + forwarderTimeout: "30s" + qos: "2" + broker: image: - {} - # pullSecrets: {} - # repository: "magistrala/timescale-writer" + repository: "supermq/vernemq" # tag: "latest" # pullPolicy: "IfNotPresent" - # jaegerTraceRatio: 1.0 - # sendTelemetry: true - # logLevel: "info" - # nodeSelector: {} - # affinity: {} - # tolerations: {} + mqttPort: 1883 + wsPort: 8080 + logLevel: "error" + persistentVolume: + size: 5Gi + redisESPort: 6379 + redisCachePort: 6379 + +nats: + config: + cluster: + enabled: false + replicas: 3 + jetstream: + enabled: true + fileStore: + enabled: true + pvc: + enabled: true + memoryStore: + enabled: true + maxSize: 2Gi + +nginxInternal: + image: + pullPolicy: "IfNotPresent" + repository: "nginx" + tag: "1.19.1-alpine" + mtls: + # By default mTLS is disabled. If you use mTLS, comment this block. + tls: "" + intermediateCrt: "" + # Uncomment this block for TLS and mTLS support. + # Use sh script from /secrets/secrets.sh to create config maps with your certs + # tls: "supermq-server" + # intermediateCrt: "ca" + +prometheus: + enabled: true + + pushgateway: + enabled: false + + rbac: + create: true + + serviceAccounts: + server: + create: true + name: "" + automountServiceAccountToken: true + annotations: {} + + configmapReload: + prometheus: + enabled: true + name: configmap-reload + image: + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.79.2 + pullPolicy: IfNotPresent + containerPort: 8080 + containerPortName: metrics + resources: {} + + server: + name: server + image: + repository: quay.io/prometheus/prometheus + # Specify a tag if you want a fixed version (e.g. "v2.42.0"). Using blank defaults to chart’s appVersion. + tag: "" + pullPolicy: IfNotPresent + extraFlags: + - web.enable-lifecycle + + resources: {} + + # SecurityContext: run as non-root + securityContext: + runAsUser: 65534 + runAsNonRoot: true + runAsGroup: 65534 + fsGroup: 65534 + + service: + enabled: true + type: ClusterIP + clusterIP: "" + port: 9200 + servicePort: 9200 + targetPort: 9090 + + portName: metrics + annotations: + prometheus.io/scrape: "true" + + persistentVolume: + enabled: true + accessModes: + - ReadWriteOnce + size: 8Gi + mountPath: /data + storageClass: "do-block-storage" + + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + scheme: HTTP + initialDelaySeconds: 5 + timeoutSeconds: 5 + + ingress: + enabled: true + ingressClassName: "nginx" + annotations: + kubernetes.io/ingress.class: "nginx" + hosts: + - prometheus.example.com + + nodeExporter: enabled: true - http: {port: 9012} - ## Configurations of Bitnami postgres + image: + repository: quay.io/prometheus/node-exporter + tag: v1.8.2 + pullPolicy: IfNotPresent + containerPort: 9100 + hostPort: 9100 + service: + enabled: true + type: ClusterIP + clusterIP: "" + port: 9100 + servicePort: 9100 + targetPort: 9100 + annotations: + prometheus.io/scrape: "true" + extraArgs: + - --web.listen-address=0.0.0.0:9100 + livenessProbe: + httpGet: + path: /metrics + port: 9100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /metrics + port: 9100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + hostPID: true + + alertmanager: + enabled: true + persistence: + size: 2Gi + + kubeStateMetrics: + enabled: true + + prometheusPushgateway: + enabled: false + +spicedb: + # replicaCount: 1 + image: + pullSecrets: {} + repository: authzed/spicedb + tag: latest + # pullPolicy: "IfNotPresent" + grpc: + presharedKey: "12345678" + port: 50051 + datastore: + ## engine can be any one of the two options: postgres (default) , memory + engine: postgres + dispatch: + port: 50053 + enabled: false + http: + enabled: false + port: 8443 + metrics: + enabled: true + port: 9090 + nodeSelector: {} + affinity: {} + tolerations: {} + +postgresqlspicedb: + ## If you want to use an external database, set this to false and change host & port + enabled: true + name: postgresql-spicedb + host: postgresql-spicedb + port: &postgresqlSpicedbPort 5432 + database: &postgresqlSpicedbDatabase spicedb + username: &postgresqlSpicedbUsername supermq + password: &postgresqlSpicedbPassword supermq global: postgresql: auth: - postgresPassword: *messagesRwTimescalePassword - username: *messagesRwTimescaleUsername - password: *messagesRwTimescalePassword - database: *messagesRwTimescaleDatabase + postgresPassword: *postgresqlSpicedbPassword + username: *postgresqlSpicedbUsername + password: *postgresqlSpicedbPassword + database: *postgresqlSpicedbDatabase service: ports: - postgresql: *messagesRwTimescalePort + postgresql: *postgresqlSpicedbPort + +users: image: - registry: docker.io - repository: timescale/timescaledb - tag: latest-pg12 + {} + # pullSecrets: {} + # repository: "supermq/users" + # tag: "latest" + # pullPolicy: "IfNotPresent" + # jaegerTraceRatio: 1.0 + # sendTelemetry: true + # logLevel: "error" + httpPort: 9002 + admin: + email: "admin@example.com" + password: "12345678" + username: "admin" + firstname: "super" + lastname: "admin" + secretKey: "supersecret" + accessTokenDuration: "15m" + refreshTokenDuration: "24h" + passwordRegex: "^.{8,}$" + tokenResetEndpoint: "/reset-request" + allowSelfRegister: true + deleteInterval: "24h" + deleteAfter: "720h" + # nodeSelector: {} + # affinity: {} + # tolerations: {} + +postgresqlusers: + ## If you want to use an external database, set this to false and change host & port + enabled: true + name: postgresql-users + host: postgresql-users + port: &postgresqlUsersPort 5432 + database: &postgresqlUsersDatabase users + username: &postgresqlUsersUsername supermq + password: &postgresqlUsersPassword supermq + global: + postgresql: + auth: + postgresPassword: *postgresqlUsersPassword + username: *postgresqlUsersUsername + password: *postgresqlUsersPassword + database: *postgresqlUsersDatabase + service: + ports: + postgresql: *postgresqlUsersPort ui: enabled: true image: {} # pullSecrets: {} - # repository: "magistrala/ui" + # repository: "supermq/ui" # tag: "latest" # pullPolicy: "IfNotPresent" - # logLevel: "info" + # logLevel: "error" # hostname: "" # contentTypes: "application/senml+json" port: 9095 pathPrefix: "/ui" # hostUrl: "https://domain-name" - # httpAdapterUrl: "http://magistrala-adapter-http:8008" - # usersUrl: "http://magistrala-users:9002" - # authUrl: "http://magistrala-auth:8189" - # bootstrapUrl: "http://magistrala-bootstrap:9013" - # thingsUrl: "http://magistrala-things:9000" - # readerUrl: "http://magistrala-timescale-reader:9011" - # invitationsUrl: "http:///magistrala-auth:9020" - # journalUrl: "http:///magistrala-auth:9021" - # domainsUrl: "http://magistrala-auth:8189" + # httpAdapterUrl: "http://supermq-adapter-http:8008" + # usersUrl: "http://supermq-users:9002" + # authUrl: "http://supermq-auth:8189" + # clientsUrl: "http://supermq-clients:9000" + # journalUrl: "http:///supermq-auth:9021" + # domainsUrl: "http://supermq-auth:8189" googleClientID: "" googleClientSecret: "" googleRedirectHostname: "https://stage-domain-name" @@ -616,8 +850,8 @@ postgresqlui: host: postgresql-ui port: &postgresqlUIPort 5432 database: &postgresqlUIDatabase ui - username: &postgresqlUIUsername magistrala - password: &postgresqlUIPassword magistrala + username: &postgresqlUIUsername supermq + password: &postgresqlUIPassword supermq global: postgresql: auth: @@ -628,3 +862,6 @@ postgresqlui: service: ports: postgresql: *postgresqlUIPort + +vault: + enabled: false diff --git a/scripts/vault/magistrala_things_certs_issue.template.hcl b/scripts/vault/supermq_clients_certs_issue.template.hcl similarity index 100% rename from scripts/vault/magistrala_things_certs_issue.template.hcl rename to scripts/vault/supermq_clients_certs_issue.template.hcl