aboutsummaryrefslogtreecommitdiffstats
path: root/heat/vFW_CNF_CDS/templates/helm
diff options
context:
space:
mode:
Diffstat (limited to 'heat/vFW_CNF_CDS/templates/helm')
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/.gitignore1
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/Makefile16
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/README.txt7
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/.helmignore1
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml5
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa27
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub1
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml11
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml10
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml10
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml7
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml10
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/base/values.yaml22
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore22
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml5
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml16
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml86
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml55
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore22
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml5
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml15
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml77
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml16
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml33
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/sink/.helmignore22
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml5
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml11
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml63
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml16
-rw-r--r--heat/vFW_CNF_CDS/templates/helm/sink/values.yaml36
30 files changed, 633 insertions, 0 deletions
diff --git a/heat/vFW_CNF_CDS/templates/helm/.gitignore b/heat/vFW_CNF_CDS/templates/helm/.gitignore
new file mode 100644
index 00000000..17d6b367
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/.gitignore
@@ -0,0 +1 @@
+/*.tgz
diff --git a/heat/vFW_CNF_CDS/templates/helm/Makefile b/heat/vFW_CNF_CDS/templates/helm/Makefile
new file mode 100644
index 00000000..12d2d52f
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/Makefile
@@ -0,0 +1,16 @@
+vf-modules = base firewall packetgen sink
+.PHONY: build clean $(vf-modules:=-build) $(vf-modules:-clean) $(vf-modules:=-package)
+
+package: $(vf-modules:=-package)
+build: $(vf-modules:=-build)
+clean: $(vf-modules:=-clean)
+ rm -f *_cloudtech_k8s_charts.tgz
+
+$(vf-modules:=-package): %-package: %-build
+ mv $(@:package=)*.tgz $(@:-package=)_cloudtech_k8s_charts.tgz
+
+$(vf-modules:=-build): %-build: %-clean
+ helm package $(@:-build=)
+
+$(vf-modules:=-clean):
+ rm -f $(@:-clean=)-*.tgz
diff --git a/heat/vFW_CNF_CDS/templates/helm/README.txt b/heat/vFW_CNF_CDS/templates/helm/README.txt
new file mode 100644
index 00000000..bd7626b4
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/README.txt
@@ -0,0 +1,7 @@
+Helm content of csar package
+
+To create necessary archives, please ensure you have [helm] and [make] installed first.
+
+In case it's your first time you're using helm, please issue `helm init -c` command to initialize your helm client
+
+To create necessary artifacts, issue `make` command
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/.helmignore b/heat/vFW_CNF_CDS/templates/helm/base/.helmignore
new file mode 100644
index 00000000..646736a7
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/.helmignore
@@ -0,0 +1 @@
+resources/id_rsa
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml
new file mode 100644
index 00000000..d68b46bb
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy shared resources for vFirewall
+name: base
+version: 0.2.0
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa
new file mode 100644
index 00000000..4ab7bb35
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1ozecYX4HaEu0iGuGHcsiSVZe0EnuwGYIOxIK7GKsauMAlXh
+ZsAadnkzsf3QYEmScVJc6gdBg2eyevS5Z55/8tWQmp21lyvZIJi6n+JDuNea/PLm
+41sGtfw/hZ/NonEESBb5kv1A0isqJyfZNrQ6w9HF1C9a+JfPCxD7wK19Pbp7m3gL
+qsagoMewnY7cTpiDbwNOgAml6Ec+uYLVnmcW2dsnqBrTYXwv585oK+f1Ajg5UgIt
+SJNhcPHZ9fDbs8mDMV5GtZIzquJ/QYJg0joGd8NqikT0OhoIdUorb+IlmH6/3T/t
+cpxc71V+Dm88eVCeb4DUukpvhha2KvmwAny/eQIDAQABAoIBAQCOWtGNSXKjVjsW
+ubomCYzHQrzohwaxkhE6ZwxL0XVRBZ3UPt9bqcLlMO4X/2yvNqGwBxIXRdE2Oyu1
+YYNTOVtz6DgWHuZJ85IRisTpKNv+XTA8/X4tBEyjm0cahjmOuqY4nuXhnZ/Q00sY
+x9vb7CHBpAI7E2Cs6S07Dn28DmC2/znYPyp/UMnoQ6/Ba+RXtyvPfe/3pIvlii0i
+TAzSweT/OmVPPVLGPWLoDD0L0+F7h8Sua5B3kryZoZvO6Vg2nlviCo9ae48C+NbF
+b7WMeg863UP16atHZ0XESsqYhA0lPrIh9WJBKCnj+hUimVxvrqyzJl/GTeOaXVeC
+MQlAnFQBAoGBAOyicvykcoJtkYHJuI0Hev2d30nU7S8qB8Lf4v5n/VTAevB25sgA
++SIaaRFjNILD2/GpTniWTephAohc+tyMWM2OyL34l3CbJBGHQHFNT5cdLueH2K54
+/vkj/1g2r8p96asBroC87in4ozUr1G9N6RL8NB655c//ZpoldZQeIdVZAoGBAOgb
+v5jLb9/6SNtpKamRCcSbLg2hmCs7rkP9RTrOzjgem3Yg9m2+SF0DKbr16MzjAcfA
+iDGs6CnR2NIx53jg5W04SyiU+fPXA/VPBlznF+jcVOO6xxHquaGVEA25EzzuGXQV
+5snCjCcqMrC1TjPcMPTGGl6nmpwKFc5cLDpOt1chAoGBAM5wMkyB0nxCxkwqBVzT
+h9K15dRtc7ZPvpGd7FPxuKo1eYtKz67wWmgMDlli6K6j27+J6rF8vuCYXTNFmnzJ
+27cIt8wzkTplviOkkO3HeoXkqcTHWJttZ1NGuj7lBptrGW1cfDZHnKb1CL0cTaoE
+mC894uJjX0AEGiikQV1EpFORAoGAYFNTuleDQFKgdd442hRFF4DHJgUQH7EO60xq
+tLMqxgN9xRJ88qJraZ5sbRis2orDLGDspKD7YI+kCeeIBpRe4mrgViEtclKjY+S9
+4UROmecGm9Ph1b+x9irklK1gHIM7sP993fGNNJvAmbFEmSUidBLa0rl/4o4U6qU5
+/aC5WcECgYBTN08VCf3yiDq3D9yd1Iyes3+njXwaejsr/VT8fPTHP4K8dzyOAX9Y
+xqhK7hFS5KM/beFuLYmfdSXQvOzayzEKQqzpLURAy5S5Notq3aWdxtl283qUoPNq
+0RMSzBiyXgqYef4qY8jA632SX4jB3EDQ3P3tf45VpYaFomn6mRO76w==
+-----END RSA PRIVATE KEY-----
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub
new file mode 100644
index 00000000..a78b36c2
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWjN5xhfgdoS7SIa4YdyyJJVl7QSe7AZgg7EgrsYqxq4wCVeFmwBp2eTOx/dBgSZJxUlzqB0GDZ7J69Llnnn/y1ZCanbWXK9kgmLqf4kO415r88ubjWwa1/D+Fn82icQRIFvmS/UDSKyonJ9k2tDrD0cXUL1r4l88LEPvArX09unubeAuqxqCgx7CdjtxOmINvA06ACaXoRz65gtWeZxbZ2yeoGtNhfC/nzmgr5/UCODlSAi1Ik2Fw8dn18NuzyYMxXka1kjOq4n9BgmDSOgZ3w2qKRPQ6Ggh1Sitv4iWYfr/dP+1ynFzvVX4Obzx5UJ5vgNS6Sm+GFrYq+bACfL95 k.banka@localhost
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml
new file mode 100644
index 00000000..5cc01caa
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml
@@ -0,0 +1,11 @@
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ name: {{ .Values.vnf_name }}-ovn-attachment
+spec:
+ config: |
+ {
+ "cniVersion": "0.3.1",
+ "name": "ovn4nfv-k8s-plugin",
+ "type": "ovn4nfvk8s-cni"
+ }
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml
new file mode 100644
index 00000000..e7afc35a
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml
@@ -0,0 +1,10 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: {{ .Values.int_private2_net_id }}
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: {{ .Values.int_private2_subnet_id }}
+ subnet: {{ .Values.int_private2_net_cidr }}
+ gateway: {{ .Values.int_private2_gw_ip }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml
new file mode 100644
index 00000000..d0c04d9d
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml
@@ -0,0 +1,10 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: {{ .Values.int_private1_net_id }}
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: {{ .Values.int_private1_subnet_id }}
+ subnet: {{ .Values.int_private1_net_cidr }}
+ gateway: {{ .Values.int_private1_gw_ip }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml
new file mode 100644
index 00000000..648a1793
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.key_name }}
+type: Opaque
+stringData:
+ authorized_keys: {{ .Values.pub_key }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml
new file mode 100644
index 00000000..96eab476
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml
@@ -0,0 +1,10 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: {{ .Values.onap_private_net_id }}
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: {{ .Values.onap_private_subnet_id }}
+ subnet: {{ .Values.onap_private_net_cidr }}
+ gateway: {{ .Values.onap_private_gw_ip }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/base/values.yaml b/heat/vFW_CNF_CDS/templates/helm/base/values.yaml
new file mode 100644
index 00000000..00b990c0
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/base/values.yaml
@@ -0,0 +1,22 @@
+# OPENSTACK PARAMETERS
+#unprotected
+int_private1_net_cidr: 192.168.10.0/24
+int_private1_gw_ip: 192.168.10.1/24 #No typo here
+int_private1_net_id: unprotected-net
+int_private1_subnet_id: unprotected-subnet-1
+#protected
+int_private2_net_cidr: 192.168.20.0/24
+int_private2_gw_ip: 192.168.20.1/24 #No typo here
+int_private2_net_id: protected-net
+int_private2_subnet_id: protected-subnet-1
+#onap mgmt net
+onap_private_net_cidr: 10.10.0.0/16
+onap_private_gw_ip: 10.10.0.1/16 #No typo here
+onap_private_net_id: onap-private-net
+onap_private_subnet_id: onap-subnet-1
+#public key
+key_name: ssh-pub-key
+pub_key: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWjN5xhfgdoS7SIa4YdyyJJVl7QSe7AZgg7EgrsYqxq4wCVeFmwBp2eTOx/dBgSZJxUlzqB0GDZ7J69Llnnn/y1ZCanbWXK9kgmLqf4kO415r88ubjWwa1/D+Fn82icQRIFvmS/UDSKyonJ9k2tDrD0cXUL1r4l88LEPvArX09unubeAuqxqCgx7CdjtxOmINvA06ACaXoRz65gtWeZxbZ2yeoGtNhfC/nzmgr5/UCODlSAi1Ik2Fw8dn18NuzyYMxXka1kjOq4n9BgmDSOgZ3w2qKRPQ6Ggh1Sitv4iWYfr/dP+1ynFzvVX4Obzx5UJ5vgNS6Sm+GFrYq+bACfL95 k.banka@localhost
+#vnf name
+vnf_name: test-vnf
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore b/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml
new file mode 100644
index 00000000..b43068e1
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy Firewall app for vFirewall
+name: firewall
+version: 0.2.0
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml
new file mode 100644
index 00000000..2a9c3500
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.vfw_name_0 }}-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+data:
+ demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }}
+ dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }}
+ dcae_collector_port: {{ .Values.dcae_collector_port | quote }}
+ vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }}
+ vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }}
+ protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }}
+
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml
new file mode 100644
index 00000000..8de03e18
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.vfw_name_0 }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletSSHKeySource: "secret/{{ .Values.key_name }}"
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True #FIXME Remove after troubleshooting
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ # FIXME Remove after troubleshooting
+ # Password is "testuser"
+ passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w."
+ lock_passwd: False
+ runcmd:
+ #FIXME DEBUG START
+ - echo "ENV:"
+ - env
+ - echo "/etc/cloud/environment:"
+ - cat /etc/cloud/environment
+ #FIXME DEBUG END
+ - wget -O firewall.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall
+ - bash -c 'set -a; . /etc/cloud/environment; bash firewall.sh'
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+ k8s.plugin.opnfv.org/nfn-network: |
+ { "type": "ovn4nfv",
+ "interface": [
+ { "name": {{ .Values.int_private1_net_id | quote }},
+ "ipAddress": {{ .Values.vfw_int_private1_ip_0 | quote }},
+ "interface": "eth1",
+ "defaultGateway": "false" },
+ { "name": {{ .Values.int_private2_net_id | quote }},
+ "ipAddress": {{ .Values.vfw_int_private2_ip_0 | quote }},
+ "interface": "eth2",
+ "defaultGateway": "false" },
+ { "name": {{ .Values.onap_private_net_id | quote }},
+ "ipAddress": {{ .Values.vfw_onap_private_ip_0 | quote }},
+ "interface": "eth3",
+ "defaultGateway": "false" }
+ ]
+ }
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vfw_name_0 }}-configmap
+ resources:
+ limits:
+ memory: {{ .Values.resources.limits.memory }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml
new file mode 100644
index 00000000..c7082f05
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml
@@ -0,0 +1,55 @@
+# global:
+#
+# #Networks
+# unprotectedNetworkName: unprotected-private-net
+# protectedPrivateNetCidr: 192.168.10.0/24
+# protectedPrivateNetGw: 192.168.10.1/24
+#
+# onapPrivateNetworkName: onap-private-net
+# onapPrivateNetCidr: 10.10.0.0/16
+# onapPrivateNetGw: 10.10.0.1/16
+#
+# protectedNetworkName: protected-private-net
+# protectedNetCidr: 192.168.20.0/24
+# protectedNetGwIp: 192.168.20.100
+# protectedNetGw: 192.168.20.100/24
+#
+# #vFirewall container
+# vfwPrivateIp0: 192.168.10.3
+# vfwPrivateIp1: 192.168.20.2
+# vfwPrivateIp2: 10.10.100.3
+# #Packetgen container
+# vpgPrivateIp0: 192.168.10.2
+# vpgPrivateIp1: 10.0.100.2
+# #Sink container
+# vsnPrivateIp0: 192.168.20.3
+# vsnPrivateIp1: 10.10.100.4
+
+# Static Defaults
+replicaCount: 1
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: IfNotPresent
+resources:
+ limits:
+ memory: 4Gi
+
+# OPENSTACK PARAMETERS
+# Names
+vnf_name: test-vnf
+vfw_name_0: test-vnf-vfw
+key_name: ssh-pub-key
+int_private1_net_id: unprotected-net
+int_private2_net_id: protected-net
+onap_private_net_id: onap-private-net
+# OWN Addresses
+vfw_int_private1_ip_0: 192.168.10.3
+vfw_int_private2_ip_0: 192.168.20.2
+vfw_onap_private_ip_0: 10.10.100.3
+# Env variables
+dcae_collector_port: 8081 #FIXME set to 30235?
+dcae_collector_ip: 10.0.4.1 #Placeholder
+demo_artifacts_version: 1.5.0
+int_private2_net_cidr: 192.168.20.0/24
+vsn_int_private2_ip_0: 192.168.20.3
diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore b/heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml
new file mode 100644
index 00000000..a9cdca1f
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy packet generator for vFirewall
+name: packetgen
+version: 0.2.0
diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml
new file mode 100644
index 00000000..5dd1a2df
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.vpg_name_0 }}-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+data:
+ vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }}
+ vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }}
+ protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }}
+ demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }}
+ dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }}
+ dcae_collector_port: {{ .Values.dcae_collector_port | quote }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml
new file mode 100644
index 00000000..0f1ced50
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml
@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.vpg_name_0 }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletSSHKeySource: "secret/{{ .Values.key_name }}"
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True #FIXME Remove after troubleshooting
+ users:
+ #- default #FIXME Check working key auth or remove
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ # FIXME Remove after troubleshooting
+ # Password is "testuser"
+ passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w."
+ lock_passwd: False
+ runcmd:
+ - wget -O packetgen.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen
+ - bash -c 'set -a; . /etc/cloud/environment; bash packetgen.sh'
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+ k8s.plugin.opnfv.org/nfn-network: |
+ { "type": "ovn4nfv",
+ "interface": [
+ { "name": {{ .Values.int_private1_net_id | quote }},
+ "ipAddress": {{ .Values.vpg_int_private1_ip_0 | quote }},
+ "interface": "eth1" ,
+ "defaultGateway": "false"},
+ { "name": {{ .Values.onap_private_net_id | quote }},
+ "ipAddress": {{ .Values.vpg_onap_private_ip_0 | quote }},
+ "interface": "eth2",
+ "defaultGateway": "false" }
+ ]
+ }
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vpg_name_0 }}-configmap
+ resources:
+ limits:
+ memory: {{ .Values.resources.limits.memory }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml
new file mode 100644
index 00000000..51237692
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.vpg_name_0 }}-service"
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml
new file mode 100644
index 00000000..de106fab
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml
@@ -0,0 +1,33 @@
+# Static Defaults
+replicaCount: 1
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: IfNotPresent
+resources:
+ limits:
+ memory: 4Gi
+service:
+#service port value for packetgen service
+ type: NodePort
+ ports:
+ port: 2831
+ nodePort: 30831
+
+# OPENSTACK PARAMETERS
+# Names
+vpg_name_0: test-vnf-vpg
+vnf_name: test-vnf
+key_name: ssh-pub-key
+int_private1_net_id: unprotected-net
+onap_private_net_id: onap-private-net
+# Own Addresses
+vpg_int_private1_ip_0: 192.168.10.2
+vpg_onap_private_ip_0: 10.10.100.2
+# Env variables
+dcae_collector_ip: 10.0.4.1 #Placeholder
+dcae_collector_port: 8081 #FIXME set to 30235?
+demo_artifacts_version: 1.5.0
+vfw_int_private1_ip_0: 192.168.10.3
+vsn_int_private2_ip_0: 192.168.20.3
+int_private2_net_cidr: 192.168.20.0/24
diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/.helmignore b/heat/vFW_CNF_CDS/templates/helm/sink/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/sink/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml
new file mode 100644
index 00000000..2feffe0c
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy sink for vFirewall
+name: sink
+version: 0.2.0
diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml
new file mode 100644
index 00000000..85fbfc8e
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.vsn_name_0 }}-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+data:
+ protected_net_gw: {{ (splitn "/" 2 .Values.int_private2_gw_ip)._0 | quote }} #FIXME maybe?
+ protected_private_net_cidr: {{ .Values.int_private1_net_cidr | quote }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml
new file mode 100644
index 00000000..578f02f0
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.vsn_name_0 }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }} #FIXME Should vnf_name be replaced with v*_name_0 for labels?
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ annotations:
+ k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+ k8s.plugin.opnfv.org/nfn-network: |
+ { "type": "ovn4nfv",
+ "interface": [
+ { "name": {{ .Values.int_private2_net_id | quote }},
+ "ipAddress": {{ .Values.vsn_int_private2_ip_0 | quote }},
+ "interface": "eth1",
+ "defaultGateway": "false" },
+ { "name": {{ .Values.onap_private_net_id | quote }},
+ "ipAddress": {{ .Values.vsn_onap_private_ip_0 | quote }},
+ "interface": "eth2" ,
+ "defaultGateway": "false" }
+ ]
+ }
+ spec:
+ #FIXME DEBUG START
+ initContainers:
+ - name: init-test
+ image: busybox
+ command:
+ - env
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vsn_name_0 }}-configmap
+ #FIXME DEBUG END
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}"
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vsn_name_0 }}-configmap
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ securityContext:
+ privileged: true
+ - name: darkstat
+ image: "{{ .Values.image.darkstatrepo }}:{{ .Values.image.darkstattag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ ports:
+ - containerPort: {{ .Values.service.ports.port }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml
new file mode 100644
index 00000000..8949e7d1
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.vsn_name_0 }}-service"
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/values.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/values.yaml
new file mode 100644
index 00000000..978323ab
--- /dev/null
+++ b/heat/vFW_CNF_CDS/templates/helm/sink/values.yaml
@@ -0,0 +1,36 @@
+# Default values for sink.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ sinkrepo: rtsood/onap-vfw-demo-sink
+ sinktag: 0.2.0
+ pullPolicy: IfNotPresent
+ darkstatrepo: electrocucaracha/darkstat
+ darkstattag: latest
+
+service:
+#serivce port value for sink service
+ type: NodePort
+ ports:
+ port: 667
+ nodePort: 30667
+
+
+# Static Defaults
+#
+# OPENSTACK PARAMETERS
+# Names
+vnf_name: test-vnf
+vsn_name_0: test-vnf-vsn
+int_private2_net_id: protected-net
+onap_private_net_id: onap-private-net
+
+# OWN Addresses
+vsn_int_private2_ip_0: 192.168.20.3
+vsn_onap_private_ip_0: 10.10.100.4
+# Env Variables
+int_private2_gw_ip: 192.168.20.1/24
+int_private1_net_cidr: 192.168.10.0/24