5 files changed, 184 insertions, 0 deletions
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore b/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml
new file mode 100644
index 00000000..b43068e1
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy Firewall app for vFirewall
+name: firewall
+version: 0.2.0
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml
new file mode 100644
index 00000000..2a9c3500
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.vfw_name_0 }}-configmap
+  labels:
+    release: {{ .Release.Name }}
+    app: {{ .Values.vnf_name }}
+    chart: {{ .Chart.Name }}
+data:
+  demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }}
+  dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }}
+  dcae_collector_port: {{ .Values.dcae_collector_port | quote }}
+  vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }}
+  vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }}
+  protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }}
+
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml
new file mode 100644
index 00000000..8de03e18
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.vfw_name_0 }}
+  labels:
+    release: {{ .Release.Name }}
+    app: {{ .Values.vnf_name }}
+    chart: {{ .Chart.Name }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Values.vnf_name }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.vnf_name }}
+        release: {{ .Release.Name }}
+      annotations:
+        VirtletLibvirtCPUSetting: |
+          mode: host-model
+        VirtletSSHKeySource: "secret/{{ .Values.key_name }}"
+        VirtletCloudInitUserData: |
+          ssh_pwauth: True #FIXME Remove after troubleshooting
+          users:
+          - name: admin
+            gecos: User
+            primary-group: admin
+            groups: users
+            sudo: ALL=(ALL) NOPASSWD:ALL
+            # FIXME Remove after troubleshooting
+            # Password is "testuser"
+            passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w."
+            lock_passwd: False
+          runcmd:
+            #FIXME DEBUG START
+            - echo "ENV:"
+            - env
+            - echo "/etc/cloud/environment:"
+            - cat /etc/cloud/environment
+            #FIXME DEBUG END
+            - wget -O firewall.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall
+            - bash -c 'set -a; . /etc/cloud/environment; bash firewall.sh'
+        VirtletRootVolumeSize: 5Gi
+        k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+        k8s.plugin.opnfv.org/nfn-network: | 
+            { "type": "ovn4nfv",
+              "interface": [
+                { "name": {{ .Values.int_private1_net_id | quote }},
+                  "ipAddress": {{ .Values.vfw_int_private1_ip_0 | quote }},
+                  "interface": "eth1",
+                  "defaultGateway": "false" },
+                { "name": {{ .Values.int_private2_net_id | quote }},
+                  "ipAddress": {{ .Values.vfw_int_private2_ip_0 | quote }},
+                  "interface": "eth2",
+                  "defaultGateway": "false" },
+                { "name": {{ .Values.onap_private_net_id | quote }},
+                  "ipAddress": {{ .Values.vfw_onap_private_ip_0 | quote }},
+                  "interface": "eth3",
+                  "defaultGateway": "false" }
+              ]
+            }
+        kubernetes.io/target-runtime: virtlet.cloud
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: extraRuntime
+                operator: In
+                values:
+                - virtlet
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        tty: true
+        stdin: true
+        envFrom:
+        - configMapRef:
+            name: {{ .Values.vfw_name_0 }}-configmap
+        resources:
+          limits:
+            memory: {{ .Values.resources.limits.memory }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml
new file mode 100644
index 00000000..c7082f05
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml
@@ -0,0 +1,55 @@
+# global:
+# 
+#   #Networks
+#   unprotectedNetworkName: unprotected-private-net
+#   protectedPrivateNetCidr: 192.168.10.0/24
+#   protectedPrivateNetGw: 192.168.10.1/24
+# 
+#   onapPrivateNetworkName: onap-private-net
+#   onapPrivateNetCidr: 10.10.0.0/16
+#   onapPrivateNetGw: 10.10.0.1/16
+# 
+#   protectedNetworkName: protected-private-net
+#   protectedNetCidr: 192.168.20.0/24
+#   protectedNetGwIp: 192.168.20.100
+#   protectedNetGw: 192.168.20.100/24
+# 
+#   #vFirewall container
+#   vfwPrivateIp0: 192.168.10.3
+#   vfwPrivateIp1: 192.168.20.2
+#   vfwPrivateIp2: 10.10.100.3
+#   #Packetgen container
+#   vpgPrivateIp0: 192.168.10.2
+#   vpgPrivateIp1: 10.0.100.2
+#   #Sink container
+#   vsnPrivateIp0: 192.168.20.3
+#   vsnPrivateIp1: 10.10.100.4
+
+# Static Defaults
+replicaCount: 1
+image:
+  repository: virtlet.cloud/ubuntu/16.04
+  tag: latest
+  pullPolicy: IfNotPresent
+resources:
+  limits:
+    memory: 4Gi
+
+# OPENSTACK PARAMETERS
+# Names
+vnf_name: test-vnf
+vfw_name_0: test-vnf-vfw
+key_name: ssh-pub-key
+int_private1_net_id: unprotected-net
+int_private2_net_id: protected-net
+onap_private_net_id: onap-private-net
+# OWN Addresses
+vfw_int_private1_ip_0: 192.168.10.3
+vfw_int_private2_ip_0: 192.168.20.2
+vfw_onap_private_ip_0: 10.10.100.3
+# Env variables
+dcae_collector_port: 8081 #FIXME set to 30235?
+dcae_collector_ip: 10.0.4.1 #Placeholder
+demo_artifacts_version: 1.5.0
+int_private2_net_cidr: 192.168.20.0/24
+vsn_int_private2_ip_0: 192.168.20.3