aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAkhila Kishore <akhila.kishore@intel.com>2019-05-14 15:43:41 -0700
committerAkhila Kishore <akhila.kishore@intel.com>2019-05-22 12:20:08 -0700
commit69fe1e369c4afa19552179fe297778a6ca32e48d (patch)
tree1e6bd0c2fa081d2f2adc9291ec3d97fdc22f20cc
parent09433fb59e63a96a1e6d08fdd6061c59b3813e61 (diff)
Adding helm charts for vFirewall.
The charts are complete with templating and basic constructs. They need to be modified in terms of chart dependency and also address network configuration. Addressed comments, changed network config values and included subcharts. Removed redundent vars. Removed shell vars and updated sink. Updated vars. Removed escape chars from password which and removed comment in pod annotations. Removed comments from network files. Changed the deployment file lables for all 3 charts. Extricated some of the values addressed by comments. Set global vars. Updated sink-service labels. Change-Id: Id6fc2e066c8a6c5b33b65caae3a49637521c3133 Issue-ID: MULTICLOUD-628 Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
-rw-r--r--kud/demo/firewall/.helmignore22
-rw-r--r--kud/demo/firewall/Chart.yaml5
-rw-r--r--kud/demo/firewall/charts/packetgen/.helmignore22
-rw-r--r--kud/demo/firewall/charts/packetgen/Chart.yaml5
-rw-r--r--kud/demo/firewall/charts/packetgen/templates/_helpers.tpl32
-rw-r--r--kud/demo/firewall/charts/packetgen/templates/deployment.yaml70
-rw-r--r--kud/demo/firewall/charts/packetgen/values.yaml17
-rw-r--r--kud/demo/firewall/charts/sink/.helmignore22
-rw-r--r--kud/demo/firewall/charts/sink/Chart.yaml5
-rw-r--r--kud/demo/firewall/charts/sink/templates/_helpers.tpl32
-rw-r--r--kud/demo/firewall/charts/sink/templates/deployment.yaml41
-rw-r--r--kud/demo/firewall/charts/sink/templates/service.yaml16
-rw-r--r--kud/demo/firewall/charts/sink/values.yaml29
-rw-r--r--kud/demo/firewall/templates/_helpers.tpl32
-rw-r--r--kud/demo/firewall/templates/deployment.yaml69
-rw-r--r--kud/demo/firewall/templates/onap-private-net.yaml9
-rw-r--r--kud/demo/firewall/templates/protected-private-net.yaml9
-rw-r--r--kud/demo/firewall/templates/unprotected-private-net.yaml9
-rw-r--r--kud/demo/firewall/values.yaml41
19 files changed, 487 insertions, 0 deletions
diff --git a/kud/demo/firewall/.helmignore b/kud/demo/firewall/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/kud/demo/firewall/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/demo/firewall/Chart.yaml b/kud/demo/firewall/Chart.yaml
new file mode 100644
index 00000000..18201ddd
--- /dev/null
+++ b/kud/demo/firewall/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy Firewall app for vFirewall
+name: firewall
+version: 0.1.0
diff --git a/kud/demo/firewall/charts/packetgen/.helmignore b/kud/demo/firewall/charts/packetgen/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/kud/demo/firewall/charts/packetgen/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/demo/firewall/charts/packetgen/Chart.yaml b/kud/demo/firewall/charts/packetgen/Chart.yaml
new file mode 100644
index 00000000..d21cadec
--- /dev/null
+++ b/kud/demo/firewall/charts/packetgen/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy packet generator for vFirewall
+name: packetgen
+version: 0.1.0
diff --git a/kud/demo/firewall/charts/packetgen/templates/_helpers.tpl b/kud/demo/firewall/charts/packetgen/templates/_helpers.tpl
new file mode 100644
index 00000000..322b7c68
--- /dev/null
+++ b/kud/demo/firewall/charts/packetgen/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "packetgen.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "packetgen.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "packetgen.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/firewall/charts/packetgen/templates/deployment.yaml b/kud/demo/firewall/charts/packetgen/templates/deployment.yaml
new file mode 100644
index 00000000..a3aa165f
--- /dev/null
+++ b/kud/demo/firewall/charts/packetgen/templates/deployment.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "packetgen.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "packetgen.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "packetgen.name" .}}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "packetgen.name" .}}
+ release: {{ .Release.Name }}
+ annotations:
+ app: {{ include "packetgen.name" . }}
+ release: {{ .Release.Name }}
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]'
+ ovnNetwork: '[
+ { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vpgPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"},
+ { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vpgPrivateIp1 | quote }}, "interface": "eth2" , "defaultGateway": "false"}
+ ]'
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ resources:
+ limits:
+ memory: {{ .Values.resources.limits.memory }}
diff --git a/kud/demo/firewall/charts/packetgen/values.yaml b/kud/demo/firewall/charts/packetgen/values.yaml
new file mode 100644
index 00000000..d79e5485
--- /dev/null
+++ b/kud/demo/firewall/charts/packetgen/values.yaml
@@ -0,0 +1,17 @@
+# Default values for packetgen.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: Always
+
+nameOverride: ""
+fullnameOverride: ""
+
+resources:
+ limits:
+ memory: 4Gi
diff --git a/kud/demo/firewall/charts/sink/.helmignore b/kud/demo/firewall/charts/sink/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/kud/demo/firewall/charts/sink/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/demo/firewall/charts/sink/Chart.yaml b/kud/demo/firewall/charts/sink/Chart.yaml
new file mode 100644
index 00000000..f83182e5
--- /dev/null
+++ b/kud/demo/firewall/charts/sink/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy sink for vFirewall
+name: sink
+version: 0.1.0
diff --git a/kud/demo/firewall/charts/sink/templates/_helpers.tpl b/kud/demo/firewall/charts/sink/templates/_helpers.tpl
new file mode 100644
index 00000000..7d82d08d
--- /dev/null
+++ b/kud/demo/firewall/charts/sink/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sink.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sink.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sink.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/firewall/charts/sink/templates/deployment.yaml b/kud/demo/firewall/charts/sink/templates/deployment.yaml
new file mode 100644
index 00000000..f5ccdae9
--- /dev/null
+++ b/kud/demo/firewall/charts/sink/templates/deployment.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "sink.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "sink.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+ k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]'
+ ovnNetwork: '[
+ { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vsnPrivateIp0 | quote }}, "interface": "eth1", "defaultGateway": "false" },
+ { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vsnPrivateIp1 | quote }}, "interface": "eth2" , "defaultGateway": "false"}
+ ]'
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ securityContext:
+ privileged: true
+ - name: darkstat
+ image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ ports:
+ - containerPort: {{ .Values.service.ports.port }}
diff --git a/kud/demo/firewall/charts/sink/templates/service.yaml b/kud/demo/firewall/charts/sink/templates/service.yaml
new file mode 100644
index 00000000..99da7de7
--- /dev/null
+++ b/kud/demo/firewall/charts/sink/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: sink-service
+ labels:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
diff --git a/kud/demo/firewall/charts/sink/values.yaml b/kud/demo/firewall/charts/sink/values.yaml
new file mode 100644
index 00000000..1ac6f08d
--- /dev/null
+++ b/kud/demo/firewall/charts/sink/values.yaml
@@ -0,0 +1,29 @@
+# Default values for sink.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: akhilak/sink
+ tag: latest
+ pullPolicy: IfNotPresent
+ repo: akhilak/darkstat
+ tag: latest
+ pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+#serivce port value for sink service
+ type: NodePort
+ ports:
+ port: 667
+ nodePort: 30667
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/kud/demo/firewall/templates/_helpers.tpl b/kud/demo/firewall/templates/_helpers.tpl
new file mode 100644
index 00000000..7593e779
--- /dev/null
+++ b/kud/demo/firewall/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "firewall.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "firewall.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "firewall.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/firewall/templates/deployment.yaml b/kud/demo/firewall/templates/deployment.yaml
new file mode 100644
index 00000000..41362a75
--- /dev/null
+++ b/kud/demo/firewall/templates/deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "firewall.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "firewall.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]'
+ ovnNetwork: '[
+ { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"},
+ { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp1 | quote }}, "interface": "eth2", "defaultGateway": "false" },
+ { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp2 | quote }}, "interface": "eth3" , "defaultGateway": "false"}
+ ]'
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ resources:
+ limits:
+ memory: {{ .Values.resources.memory }}
diff --git a/kud/demo/firewall/templates/onap-private-net.yaml b/kud/demo/firewall/templates/onap-private-net.yaml
new file mode 100644
index 00000000..5b7e9ee7
--- /dev/null
+++ b/kud/demo/firewall/templates/onap-private-net.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Network
+metadata:
+ name: {{ .Values.global.onapPrivateNetworkName }}
+spec:
+ cnitype : ovn4nfvk8s
+ name: {{ .Values.global.onapPrivateNetworkName }}
+ subnet: {{ .Values.global.onapPrivateNetCidr }}
+ gateway: {{ .Values.global.protectedPrivateGateway }}
diff --git a/kud/demo/firewall/templates/protected-private-net.yaml b/kud/demo/firewall/templates/protected-private-net.yaml
new file mode 100644
index 00000000..43cb9233
--- /dev/null
+++ b/kud/demo/firewall/templates/protected-private-net.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Network
+metadata:
+ name: {{ .Values.global.protectedNetworkName }}
+spec:
+ cnitype : ovn4nfvk8s
+ name: {{ .Values.global.protectedNetworkName }}
+ subnet: {{ .Values.global.protectedNetCidr }}
+ gateway: {{ .Values.global.protectedNetGw }}/{{ .Values.global.gatewayVariable }}
diff --git a/kud/demo/firewall/templates/unprotected-private-net.yaml b/kud/demo/firewall/templates/unprotected-private-net.yaml
new file mode 100644
index 00000000..8f45eded
--- /dev/null
+++ b/kud/demo/firewall/templates/unprotected-private-net.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Network
+metadata:
+ name: {{ .Values.global.unprotectedNetworkName }}
+spec:
+ cnitype : ovn4nfvk8s
+ name: {{ .Values.global.unprotectedNetworkName }}
+ subnet: {{ .Values.global.protectedNetCidr }}
+ gateway: 192.168.10.1/24
diff --git a/kud/demo/firewall/values.yaml b/kud/demo/firewall/values.yaml
new file mode 100644
index 00000000..7935828f
--- /dev/null
+++ b/kud/demo/firewall/values.yaml
@@ -0,0 +1,41 @@
+# Default values for firewall.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: Always
+
+nameOverride: ""
+fullnameOverride: ""
+
+resources:
+ memory: 4Gi
+
+#global vars for parent and subcharts.
+global:
+ demoArtifactsVersion: 1.5.0
+ vfwPrivateIp0: 192.168.10.3
+ vfwPrivateIp1: 192.168.20.2
+ vfwPrivateIp2: 10.10.100.3
+ vpgPrivateIp0: 192.168.10.2
+ vpgPrivateIp1: 10.0.100.2
+ vsnPrivateIp0: 192.168.20.3
+ vsnPrivateIp1: 10.10.100.4
+ dcaeCollectorIp: 10.0.4.1
+ dcaeCollectorPort: 8081
+ protectedNetGw: 192.168.20.100
+ protectedNetCidr: 192.168.20.0/24
+ protectedPrivateNetCidr: 192.168.10.0/24
+ onapPrivateNetCidr: 10.10.0.0/16
+ protectedNetGw: 192.168.20.100
+ protectedNetworkName: protected-private-net
+ unprotectedNetworkName: unprotected-private-net
+ ovnMultusNetworkName: ovn-networkobj
+ onapPrivateNetworkName: onap-private-net
+ protectedPrivateGateway: 10.10.0.1/16
+ gatewayVariable: 24
+