From 56c139d3d1b74eea91316a154fea2d85ab20df95 Mon Sep 17 00:00:00 2001 From: Johan Stokking Date: Tue, 19 Sep 2023 10:42:22 +0200 Subject: [PATCH] Support The Things Network Registry (#4) --- aws/variables.tf | 17 ++++++++++------ helm-chart/README.md | 2 +- helm-chart/templates/deployment.yaml | 24 +++++++++++++++++++++++ helm-chart/templates/rules.yaml | 2 ++ helm-chart/templates/ttnr.yaml | 29 ++++++++++++++++++++++++++++ helm-chart/values.yaml | 9 +++++++++ 6 files changed, 76 insertions(+), 7 deletions(-) create mode 100644 helm-chart/templates/ttnr.yaml diff --git a/aws/variables.tf b/aws/variables.tf index b05fd47..14ef8fe 100644 --- a/aws/variables.tf +++ b/aws/variables.tf @@ -1,3 +1,13 @@ +variable "lorawan_client_source" { + type = string + default = "variables" + description = "Source of the LoRaWAN client: Network Servers and Application Servers. If 'variables', the LoRaWAN client is configured using the 'network_servers' and 'application_servers' variables. If 'external', The Things Join Server must be configured with an external source." + validation { + condition = can(regex("^variables|external$", var.lorawan_client_source)) + error_message = "The LoRaWAN client source must be either 'variables' or 'external'. When using 'external', the 'network_servers' and 'application_servers' variables must be empty." + } +} + variable "assume_role_principals" { type = list(string) description = "Additional principals (users, roles) that can assume the role" @@ -51,12 +61,7 @@ variable "network_servers" { name = string truststore = string })) - default = { - "000013" = { - name = "The Things Stack Cloud and Community Edition" - truststore = "truststores/the-things-industries.pem" - } - } + default = {} validation { condition = alltrue( [for id, network in var.network_servers : can(regex("^[0-9A-F]{6}(\\/[0-9A-F]{16})?$", id))], diff --git a/helm-chart/README.md b/helm-chart/README.md index 346ec5b..22c3ec2 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -44,7 +44,7 @@ Install: $ helm upgrade --install ttjs -f aws.values.yaml . ``` -### Local +### Local: Minikube Since The Things Join Server currently exclusively uses AWS backends, you can run The Things Join Server locally but it uses resources deployed in AWS. To proceed, make sure you deployed [The Things Join Server in AWS](../aws) for development. diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml index 5fef9fc..bba1795 100644 --- a/helm-chart/templates/deployment.yaml +++ b/helm-chart/templates/deployment.yaml @@ -37,6 +37,12 @@ spec: - name: http containerPort: 3000 protocol: TCP + {{- if .Values.ttnr.enabled }} + volumeMounts: + - name: ttnr + mountPath: "/etc/ttjs/ttnr" + readOnly: true + {{- end }} env: {{- with .Values.aws.region }} - name: AWS_REGION @@ -82,6 +88,18 @@ spec: value: {{ printf "%s://%s" $scheme .host | quote }} {{- end }} {{- end }} + {{- if .Values.ttnr.enabled }} + - name: JS_TTNR_ENABLED + value: "true" + - name: "JS_TTNR_URL" + value: {{ printf "https://%s" .Values.ttnr.address | quote }} + - name: "JS_TTNR_ROOT_CA_FILE" + value: "/etc/ttjs/ttnr/ca.crt" + - name: "JS_TTNR_CERT_FILE" + value: "/etc/ttjs/ttnr/tls.crt" + - name: "JS_TTNR_KEY_FILE" + value: "/etc/ttjs/ttnr/tls.key" + {{- end }} livenessProbe: httpGet: path: /livez @@ -92,6 +110,12 @@ spec: port: 3000 resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.ttnr.enabled }} + volumes: + - name: ttnr + secret: + secretName: {{ include "ttjs.fullname" . }}-ttnr-cert + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/helm-chart/templates/rules.yaml b/helm-chart/templates/rules.yaml index 21109cd..f74e16d 100644 --- a/helm-chart/templates/rules.yaml +++ b/helm-chart/templates/rules.yaml @@ -1,3 +1,4 @@ +{{- if .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -20,3 +21,4 @@ spec: annotations: description: |- The Things Join Server {{ .Release.Namespace }}/{{ include "ttjs.fullname" . }} did not accept a join-request. +{{- end }} \ No newline at end of file diff --git a/helm-chart/templates/ttnr.yaml b/helm-chart/templates/ttnr.yaml new file mode 100644 index 0000000..2a01e4e --- /dev/null +++ b/helm-chart/templates/ttnr.yaml @@ -0,0 +1,29 @@ +{{- if .Values.ttnr.enabled -}} +kind: Certificate +apiVersion: cert-manager.io/v1 +metadata: + name: {{ include "ttjs.fullname" . }}-ttnr + labels: + {{- include "ttjs.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + secretName: {{ include "ttjs.fullname" . }}-ttnr-cert + commonName: "The Things Join Server" + {{- with .Values.ingress.hosts }} + dnsNames: + {{- range . }} + - {{ .host }} + {{- end }} + {{- end }} + duration: 168h0m0s + issuerRef: {{ .Values.ttnr.certIssuerRef | toYaml | nindent 4 }} + renewBefore: 24h0m0s + usages: + - client auth + privateKey: + algorithm: ECDSA + size: 256 +{{- end }} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 608f8b7..ecfce48 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -99,6 +99,15 @@ ingress: # hosts: # - ttjs.local +# The Things Network Registry. Note: this is a The Things Industries internal service. +ttnr: + enabled: false + address: "registry.thethings.industries:443" + # certIssuerRef: + # group: "" + # kind: "" + # name: "" + resources: {} # limits: