Support The Things Network Registry (#4)

TheThingsIndustries · Sep 19, 2023 · 56c139d · 56c139d
1 parent 2f37db5
commit 56c139d
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 7 deletions.
diff --git a/aws/variables.tf b/aws/variables.tf
@@ -1,3 +1,13 @@
+variable "lorawan_client_source" {
+  type        = string
+  default     = "variables"
+  description = "Source of the LoRaWAN client: Network Servers and Application Servers. If 'variables', the LoRaWAN client is configured using the 'network_servers' and 'application_servers' variables. If 'external', The Things Join Server must be configured with an external source."
+  validation {
+    condition     = can(regex("^variables|external$", var.lorawan_client_source))
+    error_message = "The LoRaWAN client source must be either 'variables' or 'external'. When using 'external', the 'network_servers' and 'application_servers' variables must be empty."
+  }
+}
+
 variable "assume_role_principals" {
   type        = list(string)
   description = "Additional principals (users, roles) that can assume the role"
@@ -51,12 +61,7 @@ variable "network_servers" {
     name       = string
     truststore = string
   }))
-  default = {
-    "000013" = {
-      name       = "The Things Stack Cloud and Community Edition"
-      truststore = "truststores/the-things-industries.pem"
-    }
-  }
+  default = {}
   validation {
     condition = alltrue(
       [for id, network in var.network_servers : can(regex("^[0-9A-F]{6}(\\/[0-9A-F]{16})?$", id))],

diff --git a/helm-chart/README.md b/helm-chart/README.md
@@ -44,7 +44,7 @@ Install:
 $ helm upgrade --install ttjs -f aws.values.yaml .
 ```
 
-### Local
+### Local: Minikube
 
 Since The Things Join Server currently exclusively uses AWS backends, you can run The Things Join Server locally but it uses resources deployed in AWS. To proceed, make sure you deployed [The Things Join Server in AWS](../aws) for development.
 

diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml
@@ -37,6 +37,12 @@ spec:
             - name: http
               containerPort: 3000
               protocol: TCP
+          {{- if .Values.ttnr.enabled }}
+          volumeMounts:
+            - name: ttnr
+              mountPath: "/etc/ttjs/ttnr"
+              readOnly: true
+          {{- end }}
           env:
             {{- with .Values.aws.region }}
             - name: AWS_REGION
@@ -82,6 +88,18 @@ spec:
               value: {{ printf "%s://%s" $scheme .host | quote }}
             {{- end }}
             {{- end }}
+            {{- if .Values.ttnr.enabled }}
+            - name: JS_TTNR_ENABLED
+              value: "true"
+            - name: "JS_TTNR_URL"
+              value: {{ printf "https://%s" .Values.ttnr.address | quote }}
+            - name: "JS_TTNR_ROOT_CA_FILE"
+              value: "/etc/ttjs/ttnr/ca.crt"
+            - name: "JS_TTNR_CERT_FILE"
+              value: "/etc/ttjs/ttnr/tls.crt"
+            - name: "JS_TTNR_KEY_FILE"
+              value: "/etc/ttjs/ttnr/tls.key"
+            {{- end }}
           livenessProbe:
             httpGet:
               path: /livez
@@ -92,6 +110,12 @@ spec:
               port: 3000
           resources:
             {{- toYaml .Values.resources | nindent 12 }}            
+      {{- if .Values.ttnr.enabled }}
+      volumes:
+        - name: ttnr
+          secret:
+            secretName: {{ include "ttjs.fullname" . }}-ttnr-cert
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/helm-chart/templates/rules.yaml b/helm-chart/templates/rules.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.serviceMonitor.enabled  -}}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
@@ -20,3 +21,4 @@ spec:
           annotations:
             description: |-
               The Things Join Server {{ .Release.Namespace }}/{{ include "ttjs.fullname" . }} did not accept a join-request.
+{{- end }}
diff --git a/helm-chart/templates/ttnr.yaml b/helm-chart/templates/ttnr.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.ttnr.enabled -}}
+kind: Certificate
+apiVersion: cert-manager.io/v1
+metadata:
+  name: {{ include "ttjs.fullname" . }}-ttnr
+  labels:
+    {{- include "ttjs.labels" . | nindent 4 }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ include "ttjs.fullname" . }}-ttnr-cert
+  commonName: "The Things Join Server"
+  {{- with .Values.ingress.hosts }}
+  dnsNames:
+    {{- range . }}
+    - {{ .host }}
+    {{- end }}
+  {{- end }}
+  duration: 168h0m0s
+  issuerRef: {{ .Values.ttnr.certIssuerRef | toYaml | nindent 4 }}
+  renewBefore: 24h0m0s
+  usages:
+    - client auth
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+{{- end }}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
@@ -99,6 +99,15 @@ ingress:
   #    hosts:
   #      - ttjs.local
 
+# The Things Network Registry. Note: this is a The Things Industries internal service.
+ttnr:
+  enabled: false
+  address: "registry.thethings.industries:443"
+  # certIssuerRef:
+  #   group: ""
+  #   kind: ""
+  #   name: ""
+
 resources:
   {}
   # limits: