atb00ker
diff --git a/‎CHANGELOG.md
+5 b/‎CHANGELOG.md
+5
diff --git a/‎configmap.tf renamed to ‎configurations.tf
+59-27 b/‎configmap.tf renamed to ‎configurations.tf
+59-27
diff --git a/‎docs/build/input.mdpp
+1-1 b/‎docs/build/input.mdpp
+1-1
diff --git a/‎docs/build/input/infrastructure_provider.mdpp renamed to ‎docs/build/input/infrastructure.mdpp
+11-1 b/‎docs/build/input/infrastructure_provider.mdpp renamed to ‎docs/build/input/infrastructure.mdpp
+11-1
diff --git a/‎docs/build/input/kubes_configmap.mdpp
+3-1 b/‎docs/build/input/kubes_configmap.mdpp
+3-1
diff --git a/‎docs/build/input/openwisp_deployments.mdpp
+5-5 b/‎docs/build/input/openwisp_deployments.mdpp
+5-5
diff --git a/‎docs/build/input/openwisp_services.mdpp
+2 b/‎docs/build/input/openwisp_services.mdpp
+2
diff --git a/‎docs/build/input/persistent_data.mdpp
+1-1 b/‎docs/build/input/persistent_data.mdpp
+1-1
diff --git a/‎docs/input.md
+24-10 b/‎docs/input.md
+24-10
@@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- openwisp-websocket container
+- pinned openwisp images to 'alpha.1'
+- support for external database
+- support for different sslmodes for database connections
 
 ## [0.1.0-alpha.2] - 2020-02-12
 ### Added
 
@@ -1,31 +1,9 @@
 # ConfigMap resources, find documentation in
 # official docker-openwisp repository.
 
-resource "kubernetes_config_map" "kubernetes_postgres_configmap" {
-  depends_on = [var.ow_cluster_ready]
-  metadata { name = var.kubernetes_configmap.postgres_configmap_name }
-  data = {
-    POSTGRES_DB       = var.kubernetes_configmap.DB_NAME
-    POSTGRES_USER     = var.kubernetes_configmap.DB_USER
-    POSTGRES_PASSWORD = var.kubernetes_configmap.DB_PASS
-  }
-}
-
-resource "kubernetes_config_map" "kubernetes_nfs_configmap" {
-  depends_on = [var.ow_cluster_ready]
-  metadata {
-    name      = var.kubernetes_configmap.nfs_configmap_name
-    namespace = kubernetes_namespace.nfs_server.metadata[0].name
-  }
-  data = {
-    EXPORT_OPTS = var.kubernetes_configmap.EXPORT_OPTS
-    EXPORT_DIR  = var.kubernetes_configmap.EXPORT_DIR
-  }
-}
-
 resource "kubernetes_config_map" "kubernetes_common_configmap" {
   depends_on = [var.ow_cluster_ready]
-  metadata { name = var.kubernetes_configmap.common_configmap_name }
+  metadata { name = "openwisp-common-config" }
   data = {
     DASHBOARD_DOMAIN                  = var.kubernetes_configmap.DASHBOARD_DOMAIN
     CONTROLLER_DOMAIN                 = var.kubernetes_configmap.CONTROLLER_DOMAIN
@@ -39,11 +17,16 @@ resource "kubernetes_config_map" "kubernetes_common_configmap" {
     SSL_CERT_MODE                     = var.kubernetes_configmap.SSL_CERT_MODE
     SET_RADIUS_TASKS                  = var.kubernetes_configmap.SET_RADIUS_TASKS
     SET_TOPOLOGY_TASKS                = var.kubernetes_configmap.SET_TOPOLOGY_TASKS
-    DB_NAME                           = var.kubernetes_configmap.DB_NAME
-    DB_USER                           = var.kubernetes_configmap.DB_USER
-    DB_PASS                           = var.kubernetes_configmap.DB_PASS
+    DB_HOST                           = var.infrastructure.database.host
+    DB_NAME                           = var.infrastructure.database.name
+    DB_USER                           = var.infrastructure.database.username
+    DB_PASS                           = var.infrastructure.database.password
+    DB_SSLMODE                        = var.infrastructure.database.sslmode
     DB_ENGINE                         = var.kubernetes_configmap.DB_ENGINE
     DB_PORT                           = var.kubernetes_configmap.DB_PORT
+    DB_SSLKEY                         = "/var/lib/postgres/ssl/clientkey"
+    DB_SSLCERT                        = "/var/lib/postgres/ssl/clientcert"
+    DB_SSLROOTCERT                    = "/var/lib/postgres/ssl/rootcert"
     DB_OPTIONS                        = var.kubernetes_configmap.DB_OPTIONS
     DJANGO_X509_DEFAULT_CERT_VALIDITY = var.kubernetes_configmap.DJANGO_X509_DEFAULT_CERT_VALIDITY
     DJANGO_X509_DEFAULT_CA_VALIDITY   = var.kubernetes_configmap.DJANGO_X509_DEFAULT_CA_VALIDITY
@@ -53,6 +36,7 @@ resource "kubernetes_config_map" "kubernetes_common_configmap" {
     DJANGO_LEAFET_CENTER_X_AXIS       = var.kubernetes_configmap.DJANGO_LEAFET_CENTER_X_AXIS
     DJANGO_LEAFET_CENTER_Y_AXIS       = var.kubernetes_configmap.DJANGO_LEAFET_CENTER_Y_AXIS
     DJANGO_LEAFET_ZOOM                = var.kubernetes_configmap.DJANGO_LEAFET_ZOOM
+    DJANGO_LOG_LEVEL                  = var.kubernetes_configmap.DJANGO_LOG_LEVEL
     EMAIL_BACKEND                     = var.kubernetes_configmap.EMAIL_BACKEND
     EMAIL_HOST_PORT                   = var.kubernetes_configmap.EMAIL_HOST_PORT
     EMAIL_HOST_USER                   = var.kubernetes_configmap.EMAIL_HOST_USER
@@ -103,7 +87,6 @@ resource "kubernetes_config_map" "kubernetes_common_configmap" {
     X509_ORGANIZATION_UNIT_NAME       = var.kubernetes_configmap.X509_ORGANIZATION_UNIT_NAME
     X509_EMAIL                        = var.kubernetes_configmap.X509_EMAIL
     X509_COMMON_NAME                  = var.kubernetes_configmap.X509_COMMON_NAME
-    DB_HOST                           = var.kubernetes_configmap.DB_HOST
     EMAIL_HOST                        = var.kubernetes_configmap.EMAIL_HOST
     REDIS_HOST                        = var.kubernetes_configmap.REDIS_HOST
     DASHBOARD_APP_SERVICE             = var.kubernetes_configmap.DASHBOARD_APP_SERVICE
@@ -119,3 +102,52 @@ resource "kubernetes_config_map" "kubernetes_common_configmap" {
     POSTFIX_DEBUG_MYNETWORKS          = var.kubernetes_configmap.POSTFIX_DEBUG_MYNETWORKS
   }
 }
+
+resource "kubernetes_config_map" "kubernetes_openwisp_postgres_configmap" {
+  depends_on = [var.ow_cluster_ready]
+  metadata { name = "openwisp-postgres-config" }
+  data = {
+    POSTGRES_DB       = kubernetes_config_map.kubernetes_common_configmap.data.DB_NAME
+    POSTGRES_USER     = kubernetes_config_map.kubernetes_common_configmap.data.DB_USER
+    POSTGRES_PASSWORD = kubernetes_config_map.kubernetes_common_configmap.data.DB_PASS
+  }
+}
+
+resource "kubernetes_config_map" "kubernetes_postgres_configmap" {
+  depends_on = [var.ow_cluster_ready]
+  metadata { name = "postgres-config" }
+  data = {
+    PGDATABASE    = kubernetes_config_map.kubernetes_common_configmap.data.DB_NAME
+    PGUSER        = kubernetes_config_map.kubernetes_common_configmap.data.DB_USER
+    PGPASSWORD    = kubernetes_config_map.kubernetes_common_configmap.data.DB_PASS
+    PGHOST        = kubernetes_config_map.kubernetes_common_configmap.data.DB_HOST
+    PGPORT        = kubernetes_config_map.kubernetes_common_configmap.data.DB_PORT
+    PGSSLMODE     = kubernetes_config_map.kubernetes_common_configmap.data.DB_SSLMODE
+    PGSSLCERT     = kubernetes_config_map.kubernetes_common_configmap.data.DB_SSLCERT
+    PGSSLKEY      = kubernetes_config_map.kubernetes_common_configmap.data.DB_SSLKEY
+    PGSSLROOTCERT = kubernetes_config_map.kubernetes_common_configmap.data.DB_SSLROOTCERT
+  }
+}
+
+resource "kubernetes_config_map" "kubernetes_nfs_configmap" {
+  depends_on = [var.ow_cluster_ready]
+  metadata {
+    name      = "openwisp-nfs-config"
+    namespace = kubernetes_namespace.nfs_server.metadata[0].name
+  }
+  data = {
+    EXPORT_OPTS = var.kubernetes_configmap.EXPORT_OPTS
+    EXPORT_DIR  = var.kubernetes_configmap.EXPORT_DIR
+  }
+}
+
+resource "kubernetes_secret" "postgresql_certificates" {
+  metadata {
+    name = "postgresql-certificates"
+  }
+  data = {
+    clientcert = var.infrastructure.database.client_cert
+    clientkey  = var.infrastructure.database.client_key
+    rootcert   = var.infrastructure.database.ca_cert
+  }
+}
@@ -4,7 +4,7 @@ The `eight` input variables are docuemented below:
 
 !TOC
 
-!INCLUDE "docs/build/input/infrastructure_provider.mdpp"
+!INCLUDE "docs/build/input/infrastructure.mdpp"
 !INCLUDE "docs/build/input/kubernetes_services.mdpp"
 !INCLUDE "docs/build/input/ow_cluster_ready.mdpp"
 !INCLUDE "docs/build/input/ow_kubectl_ready.mdpp"
 
@@ -1,4 +1,4 @@
-### infrastructure_provider
+### infrastructure
 
 Details about the infrastructure.
 
@@ -16,4 +16,14 @@ services_cidr_range             : Address range for ClusterIP services.
 endpoint                        : Kubernetes cluster endpoint IP address. (example: 192.168.2.25)
 ca_certificate                  : ca_certificate of the cluster that needs to be decoded in base64 for authentication.
 access_token                    : Access token required for authentication to perform actions in the cluster.
+database:
+enabled                         : Flag for cloud provided database being used. (Like Google Cloud SQL)
+sslmode                         : [PSQL database sslmodes](https://www.postgresql.org/docs/9.1/libpq-ssl.html)
+ca_cert                         : Contents of the server certificate file
+client_cert                     : Contents of the client certificate file
+client_key                      : Contents of the client private key
+username                        : Username to login to database
+password                        : Password to login to database
+name                            : Name of the database to be used by openwisp
+host                            : IP address of the database server
 ```
@@ -1,3 +1,5 @@
 ### kubernetes_configmap
 
-Options for common configmap avaiable in the docker-openwisp repository documentation.
+Options for configmaps are the same as the one available for docker-openwisp image [environment options](https://github.com/openwisp/docker-openwisp/blob/master/docs/ENV.md)
+
+However, some database options are set in the infrastructure variable.
@@ -15,13 +15,13 @@ dashboard:
 controller:  **Same as dashboard options
 radius:      **Same as dashboard options
 topology:    **Same as dashboard options
+celery:      **Same as dashboard options
+celerybeat:  **Same as dashboard options
 nginx:       **Same as dashboard options
-postgres:    **Same as dashboard options
-postfix:     **Same as dashboard options
+websocket:   **Same as dashboard options
 freeradius:  **Same as dashboard options
 openvpn:     **Same as dashboard options
-openvpn:     **Same as dashboard options
-celery:      **Same as dashboard options
-celerybeat:  **Same as dashboard options
+postfix:     **Same as dashboard options
+postgres:    **Same as dashboard options
 redis:       **Same as dashboard options
 ```
@@ -8,4 +8,6 @@ use_freeradius : (Boolean) Setup freeradius inside cluster.
 setup_database : (Boolean) Setup database inside cluster. You would want to
                     set this as false when you have your own database server or
                     you are using cloud SQL.
+setup_fresh    : (Boolean) Flag to initial setup of openwisp. Only required when you
+                    are setting up openwisp & openwisp-database for the first time.
 ```
@@ -8,7 +8,7 @@ type                         : https://www.terraform.io/docs/providers/google/r/
 size                         : https://www.terraform.io/docs/providers/google/r/compute_disk.html#size
 reclaim_policy               : https://www.terraform.io/docs/providers/kubernetes/r/storage_class.html#reclaim_policy
 postgres_storage_size        : Disk size portion to be allocated for postgres database.
-postfix_sslcert_storage_size : Disk size portion to be allocated for storing postfix data.
+sslcert_storage_size         : Disk size portion to be allocated for storing postfix sslcert data.
 media_storage_size           : Disk size portion to be allocated for user uploaded media (like floor plan).
 static_storage_size          : Disk size portion to be allocated for static data of the website.
 html_storage_size            : Disk size portion to be allocated for maintaince HTML.
 
@@ -2,7 +2,7 @@
 
 The `eight` input variables are docuemented below:
 
-1\.  [infrastructure_provider](#infrastructure_provider)  
+1\.  [infrastructure](#infrastructure)  
 2\.  [kubernetes_services](#kubernetes_services)  
 3\.  [ow_cluster_ready](#ow_cluster_ready)  
 4\.  [ow_kubectl_ready](#ow_kubectl_ready)  
@@ -11,9 +11,9 @@ The `eight` input variables are docuemented below:
 7\.  [kubernetes_configmap](#kubernetes_configmap)  
 8\.  [openwisp_deployments](#openwisp_deployments)  
 
-<a name="infrastructure_provider"></a>
+<a name="infrastructure"></a>
 
-### 1\. infrastructure_provider
+### 1\. infrastructure
 
 Details about the infrastructure.
 
@@ -31,6 +31,16 @@ services_cidr_range             : Address range for ClusterIP services.
 endpoint                        : Kubernetes cluster endpoint IP address. (example: 192.168.2.25)
 ca_certificate                  : ca_certificate of the cluster that needs to be decoded in base64 for authentication.
 access_token                    : Access token required for authentication to perform actions in the cluster.
+database:
+enabled                         : Flag for cloud provided database being used. (Like Google Cloud SQL)
+sslmode                         : [PSQL database sslmodes](https://www.postgresql.org/docs/9.1/libpq-ssl.html)
+ca_cert                         : Contents of the server certificate file
+client_cert                     : Contents of the client certificate file
+client_key                      : Contents of the client private key
+username                        : Username to login to database
+password                        : Password to login to database
+name                            : Name of the database to be used by openwisp
+host                            : IP address of the database server
 ```
 <a name="kubernetes_services"></a>
 
@@ -67,6 +77,8 @@ use_freeradius : (Boolean) Setup freeradius inside cluster.
 setup_database : (Boolean) Setup database inside cluster. You would want to
                     set this as false when you have your own database server or
                     you are using cloud SQL.
+setup_fresh    : (Boolean) Flag to initial setup of openwisp. Only required when you
+                    are setting up openwisp & openwisp-database for the first time.
 ```
 <a name="persistent_data"></a>
 
@@ -80,7 +92,7 @@ type                         : https://www.terraform.io/docs/providers/google/r/
 size                         : https://www.terraform.io/docs/providers/google/r/compute_disk.html#size
 reclaim_policy               : https://www.terraform.io/docs/providers/kubernetes/r/storage_class.html#reclaim_policy
 postgres_storage_size        : Disk size portion to be allocated for postgres database.
-postfix_sslcert_storage_size : Disk size portion to be allocated for storing postfix data.
+sslcert_storage_size         : Disk size portion to be allocated for storing postfix sslcert data.
 media_storage_size           : Disk size portion to be allocated for user uploaded media (like floor plan).
 static_storage_size          : Disk size portion to be allocated for static data of the website.
 html_storage_size            : Disk size portion to be allocated for maintaince HTML.
@@ -95,7 +107,9 @@ requests_memory              : Minimum memory requirement for the pod
 
 ### 7\. kubernetes_configmap
 
-Options for common configmap avaiable in the docker-openwisp repository documentation.
+Options for configmaps are the same as the one available for docker-openwisp image [environment options](https://github.com/openwisp/docker-openwisp/blob/master/docs/ENV.md)
+
+However, some database options are set in the infrastructure variable.
 <a name="openwisp_deployments"></a>
 
 ### 8\. openwisp_deployments
@@ -115,13 +129,13 @@ dashboard:
 controller:  **Same as dashboard options
 radius:      **Same as dashboard options
 topology:    **Same as dashboard options
+celery:      **Same as dashboard options
+celerybeat:  **Same as dashboard options
 nginx:       **Same as dashboard options
-postgres:    **Same as dashboard options
-postfix:     **Same as dashboard options
+websocket:   **Same as dashboard options
 freeradius:  **Same as dashboard options
 openvpn:     **Same as dashboard options
-openvpn:     **Same as dashboard options
-celery:      **Same as dashboard options
-celerybeat:  **Same as dashboard options
+postfix:     **Same as dashboard options
+postgres:    **Same as dashboard options
 redis:       **Same as dashboard options
 ```