diff options
| author |   Akhila Kishore <akhila.kishore@intel.com> | 2019-05-14 15:43:41 -0700 |
|---|---|---|
| committer | Akhila Kishore <akhila.kishore@intel.com> | 2019-05-22 12:20:08 -0700 |
| commit | 69fe1e369c4afa19552179fe297778a6ca32e48d (patch) | |
| tree | 1e6bd0c2fa081d2f2adc9291ec3d97fdc22f20cc | |
| parent | 09433fb59e63a96a1e6d08fdd6061c59b3813e61 (diff) | |
Adding helm charts for vFirewall.
The charts are complete with templating and basic constructs.
They need to be modified in terms of chart dependency and also address
network configuration. Addressed comments, changed network config
values and included subcharts. Removed redundent vars. Removed
shell vars and updated sink. Updated vars. Removed escape
chars from password which and removed comment in pod annotations.
Removed comments from network files. Changed the deployment file
lables for all 3 charts. Extricated some of the values addressed by comments.
Set global vars. Updated sink-service labels.
Change-Id: Id6fc2e066c8a6c5b33b65caae3a49637521c3133
Issue-ID: MULTICLOUD-628
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
19 files changed, 487 insertions, 0 deletions
diff --git a/kud/demo/firewall/.helmignore b/kud/demo/firewall/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/kud/demo/firewall/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/demo/firewall/Chart.yaml b/kud/demo/firewall/Chart.yaml new file mode 100644 index 00000000..18201ddd --- /dev/null +++ b/kud/demo/firewall/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy Firewall app for vFirewall +name: firewall +version: 0.1.0 diff --git a/kud/demo/firewall/charts/packetgen/.helmignore b/kud/demo/firewall/charts/packetgen/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/kud/demo/firewall/charts/packetgen/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/demo/firewall/charts/packetgen/Chart.yaml b/kud/demo/firewall/charts/packetgen/Chart.yaml new file mode 100644 index 00000000..d21cadec --- /dev/null +++ b/kud/demo/firewall/charts/packetgen/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy packet generator for vFirewall +name: packetgen +version: 0.1.0 diff --git a/kud/demo/firewall/charts/packetgen/templates/_helpers.tpl b/kud/demo/firewall/charts/packetgen/templates/_helpers.tpl new file mode 100644 index 00000000..322b7c68 --- /dev/null +++ b/kud/demo/firewall/charts/packetgen/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "packetgen.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "packetgen.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "packetgen.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/firewall/charts/packetgen/templates/deployment.yaml b/kud/demo/firewall/charts/packetgen/templates/deployment.yaml new file mode 100644 index 00000000..a3aa165f --- /dev/null +++ b/kud/demo/firewall/charts/packetgen/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "packetgen.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "packetgen.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "packetgen.name" .}} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "packetgen.name" .}} + release: {{ .Release.Name }} + annotations: + app: {{ include "packetgen.name" . }} + release: {{ .Release.Name }} + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + runcmd: + - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }} + - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }} + - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }} + - export protected_net_cidr={{ .Values.global.protectedNetCidr }} + - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }} + - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }} + - export protected_net_gw={{ .Values.global.protectedNetGw }} + - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }} + - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash + VirtletRootVolumeSize: 5Gi + k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]' + ovnNetwork: '[ + { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vpgPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"}, + { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vpgPrivateIp1 | quote }}, "interface": "eth2" , "defaultGateway": "false"} + ]' + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + resources: + limits: + memory: {{ .Values.resources.limits.memory }} diff --git a/kud/demo/firewall/charts/packetgen/values.yaml b/kud/demo/firewall/charts/packetgen/values.yaml new file mode 100644 index 00000000..d79e5485 --- /dev/null +++ b/kud/demo/firewall/charts/packetgen/values.yaml @@ -0,0 +1,17 @@ +# Default values for packetgen. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: virtlet.cloud/ubuntu/16.04 + tag: latest + pullPolicy: Always + +nameOverride: "" +fullnameOverride: "" + +resources: + limits: + memory: 4Gi diff --git a/kud/demo/firewall/charts/sink/.helmignore b/kud/demo/firewall/charts/sink/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/kud/demo/firewall/charts/sink/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/demo/firewall/charts/sink/Chart.yaml b/kud/demo/firewall/charts/sink/Chart.yaml new file mode 100644 index 00000000..f83182e5 --- /dev/null +++ b/kud/demo/firewall/charts/sink/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy sink for vFirewall +name: sink +version: 0.1.0 diff --git a/kud/demo/firewall/charts/sink/templates/_helpers.tpl b/kud/demo/firewall/charts/sink/templates/_helpers.tpl new file mode 100644 index 00000000..7d82d08d --- /dev/null +++ b/kud/demo/firewall/charts/sink/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sink.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sink.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sink.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/firewall/charts/sink/templates/deployment.yaml b/kud/demo/firewall/charts/sink/templates/deployment.yaml new file mode 100644 index 00000000..f5ccdae9 --- /dev/null +++ b/kud/demo/firewall/charts/sink/templates/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sink.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "sink.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + annotations: + k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]' + ovnNetwork: '[ + { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vsnPrivateIp0 | quote }}, "interface": "eth1", "defaultGateway": "false" }, + { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vsnPrivateIp1 | quote }}, "interface": "eth2" , "defaultGateway": "false"} + ]' + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + securityContext: + privileged: true + - name: darkstat + image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + ports: + - containerPort: {{ .Values.service.ports.port }} diff --git a/kud/demo/firewall/charts/sink/templates/service.yaml b/kud/demo/firewall/charts/sink/templates/service.yaml new file mode 100644 index 00000000..99da7de7 --- /dev/null +++ b/kud/demo/firewall/charts/sink/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: sink-service + labels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} diff --git a/kud/demo/firewall/charts/sink/values.yaml b/kud/demo/firewall/charts/sink/values.yaml new file mode 100644 index 00000000..1ac6f08d --- /dev/null +++ b/kud/demo/firewall/charts/sink/values.yaml @@ -0,0 +1,29 @@ +# Default values for sink. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: akhilak/sink + tag: latest + pullPolicy: IfNotPresent + repo: akhilak/darkstat + tag: latest + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: +#serivce port value for sink service + type: NodePort + ports: + port: 667 + nodePort: 30667 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/kud/demo/firewall/templates/_helpers.tpl b/kud/demo/firewall/templates/_helpers.tpl new file mode 100644 index 00000000..7593e779 --- /dev/null +++ b/kud/demo/firewall/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "firewall.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "firewall.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "firewall.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/firewall/templates/deployment.yaml b/kud/demo/firewall/templates/deployment.yaml new file mode 100644 index 00000000..41362a75 --- /dev/null +++ b/kud/demo/firewall/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "firewall.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "firewall.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + runcmd: + - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }} + - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }} + - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }} + - export protected_net_cidr={{ .Values.global.protectedNetCidr }} + - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }} + - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }} + - export protected_net_gw={{ .Values.global.protectedNetGw }} + - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }} + - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash + VirtletRootVolumeSize: 5Gi + k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]' + ovnNetwork: '[ + { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"}, + { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp1 | quote }}, "interface": "eth2", "defaultGateway": "false" }, + { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp2 | quote }}, "interface": "eth3" , "defaultGateway": "false"} + ]' + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + resources: + limits: + memory: {{ .Values.resources.memory }} diff --git a/kud/demo/firewall/templates/onap-private-net.yaml b/kud/demo/firewall/templates/onap-private-net.yaml new file mode 100644 index 00000000..5b7e9ee7 --- /dev/null +++ b/kud/demo/firewall/templates/onap-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.onapPrivateNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.onapPrivateNetworkName }} + subnet: {{ .Values.global.onapPrivateNetCidr }} + gateway: {{ .Values.global.protectedPrivateGateway }} diff --git a/kud/demo/firewall/templates/protected-private-net.yaml b/kud/demo/firewall/templates/protected-private-net.yaml new file mode 100644 index 00000000..43cb9233 --- /dev/null +++ b/kud/demo/firewall/templates/protected-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.protectedNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.protectedNetworkName }} + subnet: {{ .Values.global.protectedNetCidr }} + gateway: {{ .Values.global.protectedNetGw }}/{{ .Values.global.gatewayVariable }} diff --git a/kud/demo/firewall/templates/unprotected-private-net.yaml b/kud/demo/firewall/templates/unprotected-private-net.yaml new file mode 100644 index 00000000..8f45eded --- /dev/null +++ b/kud/demo/firewall/templates/unprotected-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.unprotectedNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.unprotectedNetworkName }} + subnet: {{ .Values.global.protectedNetCidr }} + gateway: 192.168.10.1/24 diff --git a/kud/demo/firewall/values.yaml b/kud/demo/firewall/values.yaml new file mode 100644 index 00000000..7935828f --- /dev/null +++ b/kud/demo/firewall/values.yaml @@ -0,0 +1,41 @@ +# Default values for firewall. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: virtlet.cloud/ubuntu/16.04 + tag: latest + pullPolicy: Always + +nameOverride: "" +fullnameOverride: "" + +resources: + memory: 4Gi + +#global vars for parent and subcharts. +global: + demoArtifactsVersion: 1.5.0 + vfwPrivateIp0: 192.168.10.3 + vfwPrivateIp1: 192.168.20.2 + vfwPrivateIp2: 10.10.100.3 + vpgPrivateIp0: 192.168.10.2 + vpgPrivateIp1: 10.0.100.2 + vsnPrivateIp0: 192.168.20.3 + vsnPrivateIp1: 10.10.100.4 + dcaeCollectorIp: 10.0.4.1 + dcaeCollectorPort: 8081 + protectedNetGw: 192.168.20.100 + protectedNetCidr: 192.168.20.0/24 + protectedPrivateNetCidr: 192.168.10.0/24 + onapPrivateNetCidr: 10.10.0.0/16 + protectedNetGw: 192.168.20.100 + protectedNetworkName: protected-private-net + unprotectedNetworkName: unprotected-private-net + ovnMultusNetworkName: ovn-networkobj + onapPrivateNetworkName: onap-private-net + protectedPrivateGateway: 10.10.0.1/16 + gatewayVariable: 24 + |