diff options
Diffstat (limited to 'heat/vFW_CNF_CDS')
42 files changed, 1470 insertions, 0 deletions
diff --git a/heat/vFW_CNF_CDS/README.txt b/heat/vFW_CNF_CDS/README.txt new file mode 100644 index 00000000..46a49e01 --- /dev/null +++ b/heat/vFW_CNF_CDS/README.txt @@ -0,0 +1,7 @@ +Demo directory structure: + +/templates/ #Base directory containing vFW resources + |- /base #Directory containing base payload of CSAR package, doesn't need further proceeding + |- /helm #Directory containing helm charts that need to be packaged and attached to csar package + \- /cba #Directory containing CBA content to be included to csar package +/examples/ #Directory with context-specific overrides over general resources diff --git a/heat/vFW_CNF_CDS/templates/.gitignore b/heat/vFW_CNF_CDS/templates/.gitignore new file mode 100644 index 00000000..a6967843 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/.gitignore @@ -0,0 +1,2 @@ +csar/ +vfw_k8s_demo.zip diff --git a/heat/vFW_CNF_CDS/templates/Makefile b/heat/vFW_CNF_CDS/templates/Makefile new file mode 100644 index 00000000..579f7249 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/Makefile @@ -0,0 +1,20 @@ +.PHONY: all clean helm base + + +all: csar/ helm base + cd csar/ && zip -r vfw_k8s_demo.zip . + mv csar/vfw_k8s_demo.zip . + +helm: csar/ + make -C helm + cp helm/*.tgz csar/ + +base: csar/ + cp base/* csar/ + +csar/: + mkdir csar/ + +clean: + rm -rf csar/ + rm -f vfw_k8s_demo.zip diff --git a/heat/vFW_CNF_CDS/templates/base/MANIFEST.json b/heat/vFW_CNF_CDS/templates/base/MANIFEST.json new file mode 100644 index 00000000..6d314d1d --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/MANIFEST.json @@ -0,0 +1,66 @@ +{ + "name": "virtualFirewall", + "description": "", + "data": [ + { + "file": "base.yaml", + "type": "HEAT", + "isBase": "true", + "data": [ + { + "file": "base.env", + "type": "HEAT_ENV" + } + ] + }, + { + "file": "base_cloudtech_k8s_charts.tgz", + "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS" + }, + { + "file": "firewall.yaml", + "type": "HEAT", + "isBase": "false", + "data": [ + { + "file": "firewall.env", + "type": "HEAT_ENV" + } + ] + }, + { + "file": "firewall_cloudtech_k8s_charts.tgz", + "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS" + }, + { + "file": "packetgen.yaml", + "type": "HEAT", + "isBase": "false", + "data": [ + { + "file": "packetgen.env", + "type": "HEAT_ENV" + } + ] + }, + { + "file": "packetgen_cloudtech_k8s_charts.tgz", + "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS" + }, + { + "file": "sink.yaml", + "type": "HEAT", + "isBase": "false", + "data": [ + { + "file": "sink.env", + "type": "HEAT_ENV" + } + ] + }, + { + "file": "sink_cloudtech_k8s_charts.tgz", + "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS" + } + ] +} diff --git a/heat/vFW_CNF_CDS/templates/base/base.env b/heat/vFW_CNF_CDS/templates/base/base.env new file mode 100644 index 00000000..0a69e08d --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/base.env @@ -0,0 +1,5 @@ +parameters: + int_private1_net_cidr: 192.168.10.0/24 + int_private2_net_cidr: 192.168.20.0/24 + pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN + vnf_name: vFW_NextGen
\ No newline at end of file diff --git a/heat/vFW_CNF_CDS/templates/base/base.yaml b/heat/vFW_CNF_CDS/templates/base/base.yaml new file mode 100644 index 00000000..7466f032 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/base.yaml @@ -0,0 +1,69 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Dummy base heat template for vFW usecase + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + int_private1_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + int_private2_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + pub_key: + type: string + label: Public key + description: Public key to be installed on the compute instance + vnf_name: + type: string + description: VNF_NAME + +############# +# # +# RESOURCES # +# # +############# + +resources: + dummy: + type: OS::Heat::None + properties: + int_private1_net_cidr: + get_param: int_private1_net_cidr + int_private2_net_cidr: + get_param: int_private2_net_cidr + pub_key: + get_param: pub_key + vnf_name: + get_param: vnf_name diff --git a/heat/vFW_CNF_CDS/templates/base/firewall.env b/heat/vFW_CNF_CDS/templates/base/firewall.env new file mode 100644 index 00000000..42dccf9c --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/firewall.env @@ -0,0 +1,30 @@ +parameters: + vfw_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vfw_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + public_net_id: PUT THE PUBLIC NETWORK ID HERE + int_private1_net_id: zdfw1fwl01_unprotected + int_private1_subnet_id: zdfw1fwl01_unprotected_sub + int_private1_net_cidr: 192.168.10.0/24 + int_private2_net_id: zdfw1fwl01_protected + int_private2_subnet_id: zdfw1fwl01_protected_sub + int_private2_net_cidr: 192.168.20.0/24 + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + vfw_int_private1_ip_0: 192.168.10.100 + vfw_int_private2_ip_0: 192.168.20.100 + vfw_onap_private_ip_0: 10.0.100.1 + #vpg_private_ip_0: 192.168.10.200 + vfw_int_private2_floating_ip: 192.168.10.200 + vfw_name_0: zdfw1fwl01fwl01 + vnf_id: vFirewall_demo_app + vnf_name: vFW_NextGen + vf_module_id: vFirewallCL + dcae_collector_ip: 10.0.4.1 + dcae_collector_port: 30235 + demo_artifacts_version: 1.6.0-SNAPSHOT + install_script_version: 1.6.0-SNAPSHOT + key_name: vfw_key + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org diff --git a/heat/vFW_CNF_CDS/templates/base/firewall.yaml b/heat/vFW_CNF_CDS/templates/base/firewall.yaml new file mode 100644 index 00000000..c21988db --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/firewall.yaml @@ -0,0 +1,214 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Dummy heat template for vFirewall + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vfw_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vfw_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + int_private1_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + int_private1_subnet_id: + type: string + label: Unprotected private subnetwork name or ID + description: Private subnetwork of the protected network + int_private1_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + int_private2_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + int_private2_subnet_id: + type: string + label: Protected private subnetwork name or ID + description: Private subnetwork of the unprotected network + int_private2_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_int_private1_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vfw_int_private2_ip_0: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vfw_onap_private_ip_0: + type: string + label: vFirewall private IP address towards the ONAP management network + description: Private IP address that is assigned to the vFirewall to communicate with ONAP components + vfw_int_private2_floating_ip: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vfw_name_0: + type: string + label: vFirewall name + description: Name of the vFirewall + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vnf_name: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: VF Module ID + description: The VF Module ID is provided by ONAP + dcae_collector_ip: + type: string + label: DCAE collector IP address + description: IP address of the DCAE collector + dcae_collector_port: + type: string + label: DCAE collector port + description: Port of the DCAE collector + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + # default: "https://nexus.onap.org" + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + + +############# +# # +# RESOURCES # +# # +############# + +resources: + dummy: + type: OS::Heat::None + properties: + vfw_image_name: + get_param: vfw_image_name + vfw_flavor_name: + get_param: vfw_flavor_name + public_net_id: + get_param: public_net_id + int_private1_net_id: + get_param: int_private1_net_id + int_private1_subnet_id: + get_param: int_private1_subnet_id + int_private1_net_cidr: + get_param: int_private1_net_cidr + int_private2_net_id: + get_param: int_private2_net_id + int_private2_subnet_id: + get_param: int_private2_subnet_id + int_private2_net_cidr: + get_param: int_private2_net_cidr + onap_private_net_id: + get_param: onap_private_net_id + onap_private_subnet_id: + get_param: onap_private_subnet_id + onap_private_net_cidr: + get_param: onap_private_net_cidr + vfw_int_private1_ip_0: + get_param: vfw_int_private1_ip_0 + vfw_int_private2_ip_0: + get_param: vfw_int_private2_ip_0 + vfw_onap_private_ip_0: + get_param: vfw_onap_private_ip_0 + vfw_int_private2_floating_ip: + get_param: vfw_int_private2_floating_ip + vfw_name_0: + get_param: vfw_name_0 + vnf_id: + get_param: vnf_id + vnf_name: + get_param: vnf_name + vf_module_id: + get_param: vf_module_id + dcae_collector_ip: + get_param: dcae_collector_ip + dcae_collector_port: + get_param: dcae_collector_port + key_name: + get_param: key_name + install_script_version: + get_param: install_script_version + demo_artifacts_version: + get_param: demo_artifacts_version + nexus_artifact_repo: + get_param: nexus_artifact_repo + cloud_env: + get_param: cloud_env + sec_group: + get_param: sec_group diff --git a/heat/vFW_CNF_CDS/templates/base/packetgen.env b/heat/vFW_CNF_CDS/templates/base/packetgen.env new file mode 100644 index 00000000..23f7817e --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/packetgen.env @@ -0,0 +1,25 @@ +parameters: + vpg_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vpg_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + public_net_id: PUT THE PUBLIC NETWORK ID HERE + int_private1_net_id: zdfw1fwl01_unprotected + int_private1_subnet_id: zdfw1fwl01_unprotected_sub + int_private1_net_cidr: 192.168.10.0/24 + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + int_private2_net_cidr: 192.168.20.0/24 + vfw_int_private1_ip_0: 192.168.10.100 + vpg_int_private1_ip_0: 192.168.10.200 + vpg_onap_private_ip_0: 10.0.100.2 + vsn_int_private2_ip_0: 192.168.20.250 + vpg_name_0: zdfw1fwl01pgn01 + vnf_name: vFW_NextGen + vnf_id: vPacketGen_demo_app + vf_module_id: vTrafficPNG + demo_artifacts_version: 1.6.0-SNAPSHOT + install_script_version: 1.6.0-SNAPSHOT + key_name: vfw_key + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org
\ No newline at end of file diff --git a/heat/vFW_CNF_CDS/templates/base/packetgen.yaml b/heat/vFW_CNF_CDS/templates/base/packetgen.yaml new file mode 100644 index 00000000..6a23da0a --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/packetgen.yaml @@ -0,0 +1,190 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Dummy heat template for vPacketgen + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vpg_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vpg_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + int_private1_net_id: + type: string + label: Unprotected private network name or ID + description: Private network that connects vPacketGenerator with vFirewall + int_private1_subnet_id: + type: string + label: Unprotected private sub-network name or ID + description: Private subnetwork for the unprotected network + int_private1_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + int_private2_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_int_private1_ip_0: + type: string + label: vFirewall private IP address towards the unprotected network + description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator + vsn_int_private2_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vpg_int_private1_ip_0: + type: string + label: vPacketGenerator private IP address towards the unprotected network + description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall + vpg_onap_private_ip_0: + type: string + label: vPacketGenerator private IP address towards the ONAP management network + description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components + vpg_name_0: + type: string + label: vPacketGenerator name + description: Name of the vPacketGenerator + vnf_name: + type: string + label: VNF NAME + description: The VNF NAME is provided by ONAP + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vf_module_id: + type: string + label: VF Module ID + description: The VF Module ID is provided by ONAP + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + demo_artifacts_version: + type: string + label: Artifacts version used in demo vnfs + description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + # default: "https://nexus.onap.org" + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + + +############# +# # +# RESOURCES # +# # +############# + +resources: + dummy: + type: OS::Heat::None + properties: + vpg_image_name: + get_param: vpg_image_name + vpg_flavor_name: + get_param: vpg_flavor_name + public_net_id: + get_param: public_net_id + int_private1_net_id: + get_param: int_private1_net_id + int_private1_subnet_id: + get_param: int_private1_subnet_id + int_private1_net_cidr: + get_param: int_private1_net_cidr + int_private2_net_cidr: + get_param: int_private2_net_cidr + onap_private_net_id: + get_param: onap_private_net_id + onap_private_subnet_id: + get_param: onap_private_subnet_id + onap_private_net_cidr: + get_param: onap_private_net_cidr + vfw_int_private1_ip_0: + get_param: vfw_int_private1_ip_0 + vsn_int_private2_ip_0: + get_param: vsn_int_private2_ip_0 + vpg_int_private1_ip_0: + get_param: vpg_int_private1_ip_0 + vpg_onap_private_ip_0: + get_param: vpg_onap_private_ip_0 + vpg_name_0: + get_param: vpg_name_0 + vnf_name: + get_param: vnf_name + vnf_id: + get_param: vnf_id + vf_module_id: + get_param: vf_module_id + key_name: + get_param: key_name + install_script_version: + get_param: install_script_version + demo_artifacts_version: + get_param: demo_artifacts_version + nexus_artifact_repo: + get_param: nexus_artifact_repo + cloud_env: + get_param: cloud_env + sec_group: + get_param: sec_group diff --git a/heat/vFW_CNF_CDS/templates/base/sink.env b/heat/vFW_CNF_CDS/templates/base/sink.env new file mode 100644 index 00000000..a0b2ec9c --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/sink.env @@ -0,0 +1,24 @@ +parameters: + vsn_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404) + vsn_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested) + public_net_id: PUT THE PUBLIC NETWORK ID HERE + int_private1_net_cidr: 192.168.10.0/24 + int_private2_net_id: zdfw1fwl01_protected + int_private2_subnet_id: zdfw1fwl01_protected_sub + int_private2_net_cidr: 192.168.20.0/24 + onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE + onap_private_net_cidr: 10.0.0.0/16 + vfw_int_private2_ip_0: 192.168.20.100 + vsn_int_private2_ip_0: 192.168.20.250 + vsn_onap_private_ip_0: 10.0.100.3 + vsn_name_0: zdfw1fwl01snk01 + vnf_id: vSink_demo_app + vf_module_id: vFirewallCL + vnf_name: vFW_NextGen + #demo_artifacts_version: 1.6.0-SNAPSHOT + install_script_version: 1.6.0-SNAPSHOT + key_name: vfw_key + cloud_env: PUT openstack OR rackspace HERE + sec_group: PUT THE ONAP SECURITY GROUP HERE + nexus_artifact_repo: https://nexus.onap.org
\ No newline at end of file diff --git a/heat/vFW_CNF_CDS/templates/base/sink.yaml b/heat/vFW_CNF_CDS/templates/base/sink.yaml new file mode 100644 index 00000000..de898a96 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/base/sink.yaml @@ -0,0 +1,185 @@ +########################################################################## +# +#==================LICENSE_START========================================== +# +# +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#==================LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +########################################################################## + +heat_template_version: 2013-05-23 + +description: Dummy heat template for vSink + +############## +# # +# PARAMETERS # +# # +############## + +parameters: + vsn_image_name: + type: string + label: Image name or ID + description: Image to be used for compute instance + vsn_flavor_name: + type: string + label: Flavor + description: Type of instance (flavor) to be used + public_net_id: + type: string + label: Public network name or ID + description: Public network that enables remote connection to VNF + int_private1_net_cidr: + type: string + label: Unprotected private network CIDR + description: The CIDR of the unprotected private network + int_private2_net_id: + type: string + label: Protected private network name or ID + description: Private network that connects vFirewall with vSink + int_private2_subnet_id: + type: string + label: Protected private subnetwork name or ID + description: Private subnetwork of the unprotected network + int_private2_net_cidr: + type: string + label: Protected private network CIDR + description: The CIDR of the protected private network + onap_private_net_id: + type: string + label: ONAP management network name or ID + description: Private network that connects ONAP components and the VNF + onap_private_subnet_id: + type: string + label: ONAP management sub-network name or ID + description: Private sub-network that connects ONAP components and the VNF + onap_private_net_cidr: + type: string + label: ONAP private network CIDR + description: The CIDR of the protected private network + vfw_int_private2_ip_0: + type: string + label: vFirewall private IP address towards the protected network + description: Private IP address that is assigned to the vFirewall to communicate with the vSink + vsn_int_private2_ip_0: + type: string + label: vSink private IP address towards the protected network + description: Private IP address that is assigned to the vSink to communicate with the vFirewall + vsn_onap_private_ip_0: + type: string + label: vSink private IP address towards the ONAP management network + description: Private IP address that is assigned to the vSink to communicate with ONAP components + vsn_name_0: + type: string + label: vSink name + description: Name of the vSink + vnf_id: + type: string + label: VNF ID + description: The VNF ID is provided by ONAP + vnf_name: + type: string + label: VNF NAME + description: The VNF NAME is provided by ONAP + vf_module_id: + type: string + label: VF Module ID + description: The VF Module ID is provided by ONAP + key_name: + type: string + label: Key pair name + description: Public/Private key pair name + install_script_version: + type: string + label: Installation script version number + description: Version number of the scripts that install the vFW demo app + #demo_artifacts_version: + # type: string + # label: Artifacts version used in demo vnfs + # description: Artifacts (jar, tar.gz) version used in demo vnfs + nexus_artifact_repo: + type: string + description: Root URL for the Nexus repository for Maven artifacts. + # default: "https://nexus.onap.org" + cloud_env: + type: string + label: Cloud environment + description: Cloud environment (e.g., openstack, rackspace) + sec_group: + type: string + description: ONAP Security Group + + +############# +# # +# RESOURCES # +# # +############# + +resources: + + dummy: + type: OS::Heat::None + properties: + vsn_image_name: + get_param: vsn_image_name + vsn_flavor_name: + get_param: vsn_flavor_name + public_net_id: + get_param: public_net_id + int_private1_net_cidr: + get_param: int_private1_net_cidr + int_private2_net_id: + get_param: int_private2_net_id + int_private2_subnet_id: + get_param: int_private2_subnet_id + int_private2_net_cidr: + get_param: int_private2_net_cidr + onap_private_net_id: + get_param: onap_private_net_id + onap_private_subnet_id: + get_param: onap_private_subnet_id + onap_private_net_cidr: + get_param: onap_private_net_cidr + vfw_int_private2_ip_0: + get_param: vfw_int_private2_ip_0 + vsn_int_private2_ip_0: + get_param: vsn_int_private2_ip_0 + vsn_onap_private_ip_0: + get_param: vsn_onap_private_ip_0 + vsn_name_0: + get_param: vsn_name_0 + vnf_id: + get_param: vnf_id + vnf_name: + get_param: vnf_name + vf_module_id: + get_param: vf_module_id + key_name: + get_param: key_name + install_script_version: + get_param: install_script_version + #demo_artifacts_version: + # get_param: demo_artifacts_version + nexus_artifact_repo: + get_param: nexus_artifact_repo + cloud_env: + get_param: cloud_env + sec_group: + get_param: sec_group diff --git a/heat/vFW_CNF_CDS/templates/helm/.gitignore b/heat/vFW_CNF_CDS/templates/helm/.gitignore new file mode 100644 index 00000000..17d6b367 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/.gitignore @@ -0,0 +1 @@ +/*.tgz diff --git a/heat/vFW_CNF_CDS/templates/helm/Makefile b/heat/vFW_CNF_CDS/templates/helm/Makefile new file mode 100644 index 00000000..12d2d52f --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/Makefile @@ -0,0 +1,16 @@ +vf-modules = base firewall packetgen sink +.PHONY: build clean $(vf-modules:=-build) $(vf-modules:-clean) $(vf-modules:=-package) + +package: $(vf-modules:=-package) +build: $(vf-modules:=-build) +clean: $(vf-modules:=-clean) + rm -f *_cloudtech_k8s_charts.tgz + +$(vf-modules:=-package): %-package: %-build + mv $(@:package=)*.tgz $(@:-package=)_cloudtech_k8s_charts.tgz + +$(vf-modules:=-build): %-build: %-clean + helm package $(@:-build=) + +$(vf-modules:=-clean): + rm -f $(@:-clean=)-*.tgz diff --git a/heat/vFW_CNF_CDS/templates/helm/README.txt b/heat/vFW_CNF_CDS/templates/helm/README.txt new file mode 100644 index 00000000..bd7626b4 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/README.txt @@ -0,0 +1,7 @@ +Helm content of csar package + +To create necessary archives, please ensure you have [helm] and [make] installed first. + +In case it's your first time you're using helm, please issue `helm init -c` command to initialize your helm client + +To create necessary artifacts, issue `make` command diff --git a/heat/vFW_CNF_CDS/templates/helm/base/.helmignore b/heat/vFW_CNF_CDS/templates/helm/base/.helmignore new file mode 100644 index 00000000..646736a7 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/.helmignore @@ -0,0 +1 @@ +resources/id_rsa diff --git a/heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml new file mode 100644 index 00000000..d68b46bb --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy shared resources for vFirewall +name: base +version: 0.2.0 diff --git a/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa new file mode 100644 index 00000000..4ab7bb35 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1ozecYX4HaEu0iGuGHcsiSVZe0EnuwGYIOxIK7GKsauMAlXh +ZsAadnkzsf3QYEmScVJc6gdBg2eyevS5Z55/8tWQmp21lyvZIJi6n+JDuNea/PLm +41sGtfw/hZ/NonEESBb5kv1A0isqJyfZNrQ6w9HF1C9a+JfPCxD7wK19Pbp7m3gL +qsagoMewnY7cTpiDbwNOgAml6Ec+uYLVnmcW2dsnqBrTYXwv585oK+f1Ajg5UgIt +SJNhcPHZ9fDbs8mDMV5GtZIzquJ/QYJg0joGd8NqikT0OhoIdUorb+IlmH6/3T/t +cpxc71V+Dm88eVCeb4DUukpvhha2KvmwAny/eQIDAQABAoIBAQCOWtGNSXKjVjsW +ubomCYzHQrzohwaxkhE6ZwxL0XVRBZ3UPt9bqcLlMO4X/2yvNqGwBxIXRdE2Oyu1 +YYNTOVtz6DgWHuZJ85IRisTpKNv+XTA8/X4tBEyjm0cahjmOuqY4nuXhnZ/Q00sY +x9vb7CHBpAI7E2Cs6S07Dn28DmC2/znYPyp/UMnoQ6/Ba+RXtyvPfe/3pIvlii0i +TAzSweT/OmVPPVLGPWLoDD0L0+F7h8Sua5B3kryZoZvO6Vg2nlviCo9ae48C+NbF +b7WMeg863UP16atHZ0XESsqYhA0lPrIh9WJBKCnj+hUimVxvrqyzJl/GTeOaXVeC +MQlAnFQBAoGBAOyicvykcoJtkYHJuI0Hev2d30nU7S8qB8Lf4v5n/VTAevB25sgA ++SIaaRFjNILD2/GpTniWTephAohc+tyMWM2OyL34l3CbJBGHQHFNT5cdLueH2K54 +/vkj/1g2r8p96asBroC87in4ozUr1G9N6RL8NB655c//ZpoldZQeIdVZAoGBAOgb +v5jLb9/6SNtpKamRCcSbLg2hmCs7rkP9RTrOzjgem3Yg9m2+SF0DKbr16MzjAcfA +iDGs6CnR2NIx53jg5W04SyiU+fPXA/VPBlznF+jcVOO6xxHquaGVEA25EzzuGXQV +5snCjCcqMrC1TjPcMPTGGl6nmpwKFc5cLDpOt1chAoGBAM5wMkyB0nxCxkwqBVzT +h9K15dRtc7ZPvpGd7FPxuKo1eYtKz67wWmgMDlli6K6j27+J6rF8vuCYXTNFmnzJ +27cIt8wzkTplviOkkO3HeoXkqcTHWJttZ1NGuj7lBptrGW1cfDZHnKb1CL0cTaoE +mC894uJjX0AEGiikQV1EpFORAoGAYFNTuleDQFKgdd442hRFF4DHJgUQH7EO60xq +tLMqxgN9xRJ88qJraZ5sbRis2orDLGDspKD7YI+kCeeIBpRe4mrgViEtclKjY+S9 +4UROmecGm9Ph1b+x9irklK1gHIM7sP993fGNNJvAmbFEmSUidBLa0rl/4o4U6qU5 +/aC5WcECgYBTN08VCf3yiDq3D9yd1Iyes3+njXwaejsr/VT8fPTHP4K8dzyOAX9Y +xqhK7hFS5KM/beFuLYmfdSXQvOzayzEKQqzpLURAy5S5Notq3aWdxtl283qUoPNq +0RMSzBiyXgqYef4qY8jA632SX4jB3EDQ3P3tf45VpYaFomn6mRO76w== +-----END RSA PRIVATE KEY----- diff --git a/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub new file mode 100644 index 00000000..a78b36c2 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/resources/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWjN5xhfgdoS7SIa4YdyyJJVl7QSe7AZgg7EgrsYqxq4wCVeFmwBp2eTOx/dBgSZJxUlzqB0GDZ7J69Llnnn/y1ZCanbWXK9kgmLqf4kO415r88ubjWwa1/D+Fn82icQRIFvmS/UDSKyonJ9k2tDrD0cXUL1r4l88LEPvArX09unubeAuqxqCgx7CdjtxOmINvA06ACaXoRz65gtWeZxbZ2yeoGtNhfC/nzmgr5/UCODlSAi1Ik2Fw8dn18NuzyYMxXka1kjOq4n9BgmDSOgZ3w2qKRPQ6Ggh1Sitv4iWYfr/dP+1ynFzvVX4Obzx5UJ5vgNS6Sm+GFrYq+bACfL95 k.banka@localhost diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml new file mode 100644 index 00000000..5cc01caa --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/network_attachment_definition.yaml @@ -0,0 +1,11 @@ +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: {{ .Values.vnf_name }}-ovn-attachment +spec: + config: | + { + "cniVersion": "0.3.1", + "name": "ovn4nfv-k8s-plugin", + "type": "ovn4nfvk8s-cni" + } diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml new file mode 100644 index 00000000..e7afc35a --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/onap-private-net.yaml @@ -0,0 +1,10 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: Network +metadata: + name: {{ .Values.int_private2_net_id }} +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: {{ .Values.int_private2_subnet_id }} + subnet: {{ .Values.int_private2_net_cidr }} + gateway: {{ .Values.int_private2_gw_ip }} diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml new file mode 100644 index 00000000..d0c04d9d --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/protected-private-net.yaml @@ -0,0 +1,10 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: Network +metadata: + name: {{ .Values.int_private1_net_id }} +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: {{ .Values.int_private1_subnet_id }} + subnet: {{ .Values.int_private1_net_cidr }} + gateway: {{ .Values.int_private1_gw_ip }} diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml new file mode 100644 index 00000000..648a1793 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/pubkey.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.key_name }} +type: Opaque +stringData: + authorized_keys: {{ .Values.pub_key }} diff --git a/heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml b/heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml new file mode 100644 index 00000000..96eab476 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/templates/unprotected-private-net.yaml @@ -0,0 +1,10 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: Network +metadata: + name: {{ .Values.onap_private_net_id }} +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: {{ .Values.onap_private_subnet_id }} + subnet: {{ .Values.onap_private_net_cidr }} + gateway: {{ .Values.onap_private_gw_ip }} diff --git a/heat/vFW_CNF_CDS/templates/helm/base/values.yaml b/heat/vFW_CNF_CDS/templates/helm/base/values.yaml new file mode 100644 index 00000000..00b990c0 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/base/values.yaml @@ -0,0 +1,22 @@ +# OPENSTACK PARAMETERS +#unprotected +int_private1_net_cidr: 192.168.10.0/24 +int_private1_gw_ip: 192.168.10.1/24 #No typo here +int_private1_net_id: unprotected-net +int_private1_subnet_id: unprotected-subnet-1 +#protected +int_private2_net_cidr: 192.168.20.0/24 +int_private2_gw_ip: 192.168.20.1/24 #No typo here +int_private2_net_id: protected-net +int_private2_subnet_id: protected-subnet-1 +#onap mgmt net +onap_private_net_cidr: 10.10.0.0/16 +onap_private_gw_ip: 10.10.0.1/16 #No typo here +onap_private_net_id: onap-private-net +onap_private_subnet_id: onap-subnet-1 +#public key +key_name: ssh-pub-key +pub_key: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWjN5xhfgdoS7SIa4YdyyJJVl7QSe7AZgg7EgrsYqxq4wCVeFmwBp2eTOx/dBgSZJxUlzqB0GDZ7J69Llnnn/y1ZCanbWXK9kgmLqf4kO415r88ubjWwa1/D+Fn82icQRIFvmS/UDSKyonJ9k2tDrD0cXUL1r4l88LEPvArX09unubeAuqxqCgx7CdjtxOmINvA06ACaXoRz65gtWeZxbZ2yeoGtNhfC/nzmgr5/UCODlSAi1Ik2Fw8dn18NuzyYMxXka1kjOq4n9BgmDSOgZ3w2qKRPQ6Ggh1Sitv4iWYfr/dP+1ynFzvVX4Obzx5UJ5vgNS6Sm+GFrYq+bACfL95 k.banka@localhost +#vnf name +vnf_name: test-vnf diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore b/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/firewall/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml new file mode 100644 index 00000000..b43068e1 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/firewall/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy Firewall app for vFirewall +name: firewall +version: 0.2.0 diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml new file mode 100644 index 00000000..2a9c3500 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.vfw_name_0 }}-configmap + labels: + release: {{ .Release.Name }} + app: {{ .Values.vnf_name }} + chart: {{ .Chart.Name }} +data: + demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }} + dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }} + dcae_collector_port: {{ .Values.dcae_collector_port | quote }} + vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }} + vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }} + protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }} + diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml new file mode 100644 index 00000000..8de03e18 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/firewall/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.vfw_name_0 }} + labels: + release: {{ .Release.Name }} + app: {{ .Values.vnf_name }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletSSHKeySource: "secret/{{ .Values.key_name }}" + VirtletCloudInitUserData: | + ssh_pwauth: True #FIXME Remove after troubleshooting + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + # FIXME Remove after troubleshooting + # Password is "testuser" + passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w." + lock_passwd: False + runcmd: + #FIXME DEBUG START + - echo "ENV:" + - env + - echo "/etc/cloud/environment:" + - cat /etc/cloud/environment + #FIXME DEBUG END + - wget -O firewall.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall + - bash -c 'set -a; . /etc/cloud/environment; bash firewall.sh' + VirtletRootVolumeSize: 5Gi + k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment" + k8s.plugin.opnfv.org/nfn-network: | + { "type": "ovn4nfv", + "interface": [ + { "name": {{ .Values.int_private1_net_id | quote }}, + "ipAddress": {{ .Values.vfw_int_private1_ip_0 | quote }}, + "interface": "eth1", + "defaultGateway": "false" }, + { "name": {{ .Values.int_private2_net_id | quote }}, + "ipAddress": {{ .Values.vfw_int_private2_ip_0 | quote }}, + "interface": "eth2", + "defaultGateway": "false" }, + { "name": {{ .Values.onap_private_net_id | quote }}, + "ipAddress": {{ .Values.vfw_onap_private_ip_0 | quote }}, + "interface": "eth3", + "defaultGateway": "false" } + ] + } + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + envFrom: + - configMapRef: + name: {{ .Values.vfw_name_0 }}-configmap + resources: + limits: + memory: {{ .Values.resources.limits.memory }} diff --git a/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml b/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml new file mode 100644 index 00000000..c7082f05 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/firewall/values.yaml @@ -0,0 +1,55 @@ +# global: +# +# #Networks +# unprotectedNetworkName: unprotected-private-net +# protectedPrivateNetCidr: 192.168.10.0/24 +# protectedPrivateNetGw: 192.168.10.1/24 +# +# onapPrivateNetworkName: onap-private-net +# onapPrivateNetCidr: 10.10.0.0/16 +# onapPrivateNetGw: 10.10.0.1/16 +# +# protectedNetworkName: protected-private-net +# protectedNetCidr: 192.168.20.0/24 +# protectedNetGwIp: 192.168.20.100 +# protectedNetGw: 192.168.20.100/24 +# +# #vFirewall container +# vfwPrivateIp0: 192.168.10.3 +# vfwPrivateIp1: 192.168.20.2 +# vfwPrivateIp2: 10.10.100.3 +# #Packetgen container +# vpgPrivateIp0: 192.168.10.2 +# vpgPrivateIp1: 10.0.100.2 +# #Sink container +# vsnPrivateIp0: 192.168.20.3 +# vsnPrivateIp1: 10.10.100.4 + +# Static Defaults +replicaCount: 1 +image: + repository: virtlet.cloud/ubuntu/16.04 + tag: latest + pullPolicy: IfNotPresent +resources: + limits: + memory: 4Gi + +# OPENSTACK PARAMETERS +# Names +vnf_name: test-vnf +vfw_name_0: test-vnf-vfw +key_name: ssh-pub-key +int_private1_net_id: unprotected-net +int_private2_net_id: protected-net +onap_private_net_id: onap-private-net +# OWN Addresses +vfw_int_private1_ip_0: 192.168.10.3 +vfw_int_private2_ip_0: 192.168.20.2 +vfw_onap_private_ip_0: 10.10.100.3 +# Env variables +dcae_collector_port: 8081 #FIXME set to 30235? +dcae_collector_ip: 10.0.4.1 #Placeholder +demo_artifacts_version: 1.5.0 +int_private2_net_cidr: 192.168.20.0/24 +vsn_int_private2_ip_0: 192.168.20.3 diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore b/heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml new file mode 100644 index 00000000..a9cdca1f --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy packet generator for vFirewall +name: packetgen +version: 0.2.0 diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml new file mode 100644 index 00000000..5dd1a2df --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.vpg_name_0 }}-configmap + labels: + release: {{ .Release.Name }} + app: {{ .Values.vnf_name }} + chart: {{ .Chart.Name }} +data: + vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }} + vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }} + protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }} + demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }} + dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }} + dcae_collector_port: {{ .Values.dcae_collector_port | quote }} diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml new file mode 100644 index 00000000..0f1ced50 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.vpg_name_0 }} + labels: + release: {{ .Release.Name }} + app: {{ .Values.vnf_name }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletSSHKeySource: "secret/{{ .Values.key_name }}" + VirtletCloudInitUserData: | + ssh_pwauth: True #FIXME Remove after troubleshooting + users: + #- default #FIXME Check working key auth or remove + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + # FIXME Remove after troubleshooting + # Password is "testuser" + passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w." + lock_passwd: False + runcmd: + - wget -O packetgen.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen + - bash -c 'set -a; . /etc/cloud/environment; bash packetgen.sh' + VirtletRootVolumeSize: 5Gi + k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment" + k8s.plugin.opnfv.org/nfn-network: | + { "type": "ovn4nfv", + "interface": [ + { "name": {{ .Values.int_private1_net_id | quote }}, + "ipAddress": {{ .Values.vpg_int_private1_ip_0 | quote }}, + "interface": "eth1" , + "defaultGateway": "false"}, + { "name": {{ .Values.onap_private_net_id | quote }}, + "ipAddress": {{ .Values.vpg_onap_private_ip_0 | quote }}, + "interface": "eth2", + "defaultGateway": "false" } + ] + } + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + envFrom: + - configMapRef: + name: {{ .Values.vpg_name_0 }}-configmap + resources: + limits: + memory: {{ .Values.resources.limits.memory }} diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml new file mode 100644 index 00000000..51237692 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.vpg_name_0 }}-service" + labels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} diff --git a/heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml b/heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml new file mode 100644 index 00000000..de106fab --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/packetgen/values.yaml @@ -0,0 +1,33 @@ +# Static Defaults +replicaCount: 1 +image: + repository: virtlet.cloud/ubuntu/16.04 + tag: latest + pullPolicy: IfNotPresent +resources: + limits: + memory: 4Gi +service: +#service port value for packetgen service + type: NodePort + ports: + port: 2831 + nodePort: 30831 + +# OPENSTACK PARAMETERS +# Names +vpg_name_0: test-vnf-vpg +vnf_name: test-vnf +key_name: ssh-pub-key +int_private1_net_id: unprotected-net +onap_private_net_id: onap-private-net +# Own Addresses +vpg_int_private1_ip_0: 192.168.10.2 +vpg_onap_private_ip_0: 10.10.100.2 +# Env variables +dcae_collector_ip: 10.0.4.1 #Placeholder +dcae_collector_port: 8081 #FIXME set to 30235? +demo_artifacts_version: 1.5.0 +vfw_int_private1_ip_0: 192.168.10.3 +vsn_int_private2_ip_0: 192.168.20.3 +int_private2_net_cidr: 192.168.20.0/24 diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/.helmignore b/heat/vFW_CNF_CDS/templates/helm/sink/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/sink/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml new file mode 100644 index 00000000..2feffe0c --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/sink/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy sink for vFirewall +name: sink +version: 0.2.0 diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml new file mode 100644 index 00000000..85fbfc8e --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/sink/templates/configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.vsn_name_0 }}-configmap + labels: + release: {{ .Release.Name }} + app: {{ .Values.vnf_name }} + chart: {{ .Chart.Name }} +data: + protected_net_gw: {{ (splitn "/" 2 .Values.int_private2_gw_ip)._0 | quote }} #FIXME maybe? + protected_private_net_cidr: {{ .Values.int_private1_net_cidr | quote }} diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml new file mode 100644 index 00000000..578f02f0 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/sink/templates/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.vsn_name_0 }} + labels: + release: {{ .Release.Name }} + app: {{ .Values.vnf_name }} #FIXME Should vnf_name be replaced with v*_name_0 for labels? + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + annotations: + k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment" + k8s.plugin.opnfv.org/nfn-network: | + { "type": "ovn4nfv", + "interface": [ + { "name": {{ .Values.int_private2_net_id | quote }}, + "ipAddress": {{ .Values.vsn_int_private2_ip_0 | quote }}, + "interface": "eth1", + "defaultGateway": "false" }, + { "name": {{ .Values.onap_private_net_id | quote }}, + "ipAddress": {{ .Values.vsn_onap_private_ip_0 | quote }}, + "interface": "eth2" , + "defaultGateway": "false" } + ] + } + spec: + #FIXME DEBUG START + initContainers: + - name: init-test + image: busybox + command: + - env + envFrom: + - configMapRef: + name: {{ .Values.vsn_name_0 }}-configmap + #FIXME DEBUG END + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}" + envFrom: + - configMapRef: + name: {{ .Values.vsn_name_0 }}-configmap + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + securityContext: + privileged: true + - name: darkstat + image: "{{ .Values.image.darkstatrepo }}:{{ .Values.image.darkstattag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + ports: + - containerPort: {{ .Values.service.ports.port }} diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml new file mode 100644 index 00000000..8949e7d1 --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/sink/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.vsn_name_0 }}-service" + labels: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ .Values.vnf_name }} + release: {{ .Release.Name }} diff --git a/heat/vFW_CNF_CDS/templates/helm/sink/values.yaml b/heat/vFW_CNF_CDS/templates/helm/sink/values.yaml new file mode 100644 index 00000000..978323ab --- /dev/null +++ b/heat/vFW_CNF_CDS/templates/helm/sink/values.yaml @@ -0,0 +1,36 @@ +# Default values for sink. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + sinkrepo: rtsood/onap-vfw-demo-sink + sinktag: 0.2.0 + pullPolicy: IfNotPresent + darkstatrepo: electrocucaracha/darkstat + darkstattag: latest + +service: +#serivce port value for sink service + type: NodePort + ports: + port: 667 + nodePort: 30667 + + +# Static Defaults +# +# OPENSTACK PARAMETERS +# Names +vnf_name: test-vnf +vsn_name_0: test-vnf-vsn +int_private2_net_id: protected-net +onap_private_net_id: onap-private-net + +# OWN Addresses +vsn_int_private2_ip_0: 192.168.20.3 +vsn_onap_private_ip_0: 10.10.100.4 +# Env Variables +int_private2_gw_ip: 192.168.20.1/24 +int_private1_net_cidr: 192.168.10.0/24 |