summaryrefslogtreecommitdiffstats
path: root/kud/demo/composite-firewall
diff options
context:
space:
mode:
authorEric Multanen <eric.w.multanen@intel.com>2020-06-23 12:39:26 -0700
committerEric Multanen <eric.w.multanen@intel.com>2020-06-29 11:01:23 -0700
commit6e1234913019ef0dd03f8c9d1547fbe22058af6a (patch)
tree57907a9b1215e5d5d478460acd60ebdb7490a82b /kud/demo/composite-firewall
parent7165b8294a820e00335067439086e792581e71a4 (diff)
Add composite vFW demo
Add demonstration files and test scripts to show the vFW use case as a composite application using network intents and ovnaction intents to deploy to multiple clusters. Issue-ID: MULTICLOUD-1095 Signed-off-by: Eric Multanen <eric.w.multanen@intel.com> Change-Id: I74b837f9f97747f1eefffbcd105a6630a7b3a374
Diffstat (limited to 'kud/demo/composite-firewall')
-rw-r--r--kud/demo/composite-firewall/firewall/.helmignore22
-rw-r--r--kud/demo/composite-firewall/firewall/Chart.yaml5
-rw-r--r--kud/demo/composite-firewall/firewall/templates/_helpers.tpl32
-rw-r--r--kud/demo/composite-firewall/firewall/templates/deployment.yaml63
-rw-r--r--kud/demo/composite-firewall/firewall/values.yaml50
-rw-r--r--kud/demo/composite-firewall/manifest.yaml4
-rw-r--r--kud/demo/composite-firewall/networks/emco-private-net.yaml18
-rw-r--r--kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml19
-rw-r--r--kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml19
-rw-r--r--kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml19
-rw-r--r--kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml19
-rw-r--r--kud/demo/composite-firewall/networks/protected-private-net.yaml18
-rw-r--r--kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml19
-rw-r--r--kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml19
-rw-r--r--kud/demo/composite-firewall/networks/unprotected-private-net.yaml18
-rw-r--r--kud/demo/composite-firewall/override_values.yaml1
-rw-r--r--kud/demo/composite-firewall/packetgen/.helmignore22
-rw-r--r--kud/demo/composite-firewall/packetgen/Chart.yaml5
-rw-r--r--kud/demo/composite-firewall/packetgen/templates/_helpers.tpl32
-rw-r--r--kud/demo/composite-firewall/packetgen/templates/deployment.yaml65
-rw-r--r--kud/demo/composite-firewall/packetgen/templates/service.yaml16
-rw-r--r--kud/demo/composite-firewall/packetgen/values.yaml57
-rw-r--r--kud/demo/composite-firewall/sink/.helmignore22
-rw-r--r--kud/demo/composite-firewall/sink/Chart.yaml5
-rw-r--r--kud/demo/composite-firewall/sink/templates/_helpers.tpl32
-rw-r--r--kud/demo/composite-firewall/sink/templates/configmap.yaml7
-rw-r--r--kud/demo/composite-firewall/sink/templates/deployment.yaml38
-rw-r--r--kud/demo/composite-firewall/sink/templates/service.yaml16
-rw-r--r--kud/demo/composite-firewall/sink/values.yaml61
29 files changed, 723 insertions, 0 deletions
diff --git a/kud/demo/composite-firewall/firewall/.helmignore b/kud/demo/composite-firewall/firewall/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/kud/demo/composite-firewall/firewall/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/demo/composite-firewall/firewall/Chart.yaml b/kud/demo/composite-firewall/firewall/Chart.yaml
new file mode 100644
index 00000000..18201ddd
--- /dev/null
+++ b/kud/demo/composite-firewall/firewall/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy Firewall app for vFirewall
+name: firewall
+version: 0.1.0
diff --git a/kud/demo/composite-firewall/firewall/templates/_helpers.tpl b/kud/demo/composite-firewall/firewall/templates/_helpers.tpl
new file mode 100644
index 00000000..7593e779
--- /dev/null
+++ b/kud/demo/composite-firewall/firewall/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "firewall.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "firewall.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "firewall.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/composite-firewall/firewall/templates/deployment.yaml b/kud/demo/composite-firewall/firewall/templates/deployment.yaml
new file mode 100644
index 00000000..632a50bf
--- /dev/null
+++ b/kud/demo/composite-firewall/firewall/templates/deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "firewall.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "firewall.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash
+ VirtletRootVolumeSize: 5Gi
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ resources:
+ limits:
+ memory: {{ .Values.resources.memory }}
diff --git a/kud/demo/composite-firewall/firewall/values.yaml b/kud/demo/composite-firewall/firewall/values.yaml
new file mode 100644
index 00000000..3a6c8983
--- /dev/null
+++ b/kud/demo/composite-firewall/firewall/values.yaml
@@ -0,0 +1,50 @@
+# Default values for firewall.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+resources:
+ memory: 4Gi
+
+#global vars for parent and subcharts.
+global:
+
+ #Networks
+ unprotectedNetworkName: unprotected-private-net
+ protectedPrivateNetCidr: 192.168.10.0/24
+
+ emcoPrivateNetworkName: emco-private-net
+
+ protectedNetworkName: protected-private-net
+ protectedNetCidr: 192.168.20.0/24
+ protectedNetGwIp: 192.168.20.100
+ protectedNetGw: 192.168.20.100/24
+
+ #vFirewall container
+ vfwPrivateIp0: 192.168.10.3
+ vfwPrivateIp1: 192.168.20.2
+ vfwPrivateIp2: 10.10.20.3
+
+ #Packetgen container
+ vpgPrivateIp0: 192.168.10.200
+ vpgPrivateIp1: 10.10.20.200
+
+ #Sink container
+ vsnPrivateIp0: 192.168.20.3
+ vsnPrivateIp1: 10.10.20.4
+
+ #########
+ ovnMultusNetworkName: ovn-networkobj
+ demoArtifactsVersion: 1.5.0
+ dcaeCollectorIp: 10.0.4.1
+ dcaeCollectorPort: 8081
+
diff --git a/kud/demo/composite-firewall/manifest.yaml b/kud/demo/composite-firewall/manifest.yaml
new file mode 100644
index 00000000..4d381d02
--- /dev/null
+++ b/kud/demo/composite-firewall/manifest.yaml
@@ -0,0 +1,4 @@
+---
+version: v1
+type:
+ values: "override_values.yaml"
diff --git a/kud/demo/composite-firewall/networks/emco-private-net.yaml b/kud/demo/composite-firewall/networks/emco-private-net.yaml
new file mode 100644
index 00000000..701ef54d
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/emco-private-net.yaml
@@ -0,0 +1,18 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: emco-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 10.10.20.0/24
+ gateway: 10.10.20.1/24
+ providerNetType: VLAN
+ vlan:
+ vlanId: "102"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.102
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml b/kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml
new file mode 100644
index 00000000..c5135e93
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: emco-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 10.10.20.0/24
+ gateway: 10.10.20.1/24
+ excludeIps: 10.10.20.100..10.10.20.255
+ providerNetType: VLAN
+ vlan:
+ vlanId: "102"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.102
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml b/kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml
new file mode 100644
index 00000000..18fafcc7
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: emco-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 10.10.20.0/24
+ gateway: 10.10.20.1/24
+ excludeIps: 10.10.20.2..10.10.20.99
+ providerNetType: VLAN
+ vlan:
+ vlanId: "102"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.102
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml b/kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml
new file mode 100644
index 00000000..fce66313
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: protected-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 192.168.20.0/24
+ gateway: 192.168.20.100/24
+ excludeIps: 192.168.20.101..192.168.20.255
+ providerNetType: VLAN
+ vlan:
+ vlanId: "101"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.101
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml b/kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml
new file mode 100644
index 00000000..58909de1
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: protected-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 192.168.20.0/24
+ gateway: 192.168.20.100/24
+ excludeIps: 192.168.20.1..192.168.20.99
+ providerNetType: VLAN
+ vlan:
+ vlanId: "101"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.101
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/protected-private-net.yaml b/kud/demo/composite-firewall/networks/protected-private-net.yaml
new file mode 100644
index 00000000..213b3541
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/protected-private-net.yaml
@@ -0,0 +1,18 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: protected-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 192.168.20.0/24
+ gateway: 192.168.20.100/24
+ providerNetType: VLAN
+ vlan:
+ vlanId: "101"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.101
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml b/kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml
new file mode 100644
index 00000000..5ab730b5
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: unprotected-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 192.168.10.0/24
+ gateway: 192.168.10.1/24
+ excludeIps: 192.168.10.101..192.168.10.255
+ providerNetType: VLAN
+ vlan:
+ vlanId: "100"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.100
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml b/kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml
new file mode 100644
index 00000000..388eeb0d
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: unprotected-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 192.168.10.0/24
+ gateway: 192.168.10.1/24
+ excludeIps: 192.168.10.2..192.168.10.100
+ providerNetType: VLAN
+ vlan:
+ vlanId: "100"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.100
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/networks/unprotected-private-net.yaml b/kud/demo/composite-firewall/networks/unprotected-private-net.yaml
new file mode 100644
index 00000000..f09f7608
--- /dev/null
+++ b/kud/demo/composite-firewall/networks/unprotected-private-net.yaml
@@ -0,0 +1,18 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: unprotected-private-net
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: subnet1
+ subnet: 192.168.10.0/24
+ gateway: 192.168.10.1/24
+ providerNetType: VLAN
+ vlan:
+ vlanId: "100"
+ providerInterfaceName: eth1
+ logicalInterfaceName: eth1.100
+ vlanNodeSelector: specific
+ nodeLabelList:
+ - kubernetes.io/hostname=localhost
diff --git a/kud/demo/composite-firewall/override_values.yaml b/kud/demo/composite-firewall/override_values.yaml
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/kud/demo/composite-firewall/override_values.yaml
@@ -0,0 +1 @@
+
diff --git a/kud/demo/composite-firewall/packetgen/.helmignore b/kud/demo/composite-firewall/packetgen/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/kud/demo/composite-firewall/packetgen/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/demo/composite-firewall/packetgen/Chart.yaml b/kud/demo/composite-firewall/packetgen/Chart.yaml
new file mode 100644
index 00000000..d21cadec
--- /dev/null
+++ b/kud/demo/composite-firewall/packetgen/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy packet generator for vFirewall
+name: packetgen
+version: 0.1.0
diff --git a/kud/demo/composite-firewall/packetgen/templates/_helpers.tpl b/kud/demo/composite-firewall/packetgen/templates/_helpers.tpl
new file mode 100644
index 00000000..322b7c68
--- /dev/null
+++ b/kud/demo/composite-firewall/packetgen/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "packetgen.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "packetgen.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "packetgen.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/composite-firewall/packetgen/templates/deployment.yaml b/kud/demo/composite-firewall/packetgen/templates/deployment.yaml
new file mode 100644
index 00000000..827d2838
--- /dev/null
+++ b/kud/demo/composite-firewall/packetgen/templates/deployment.yaml
@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "packetgen.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "packetgen.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "packetgen.name" .}}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "packetgen.name" .}}
+ release: {{ .Release.Name }}
+ annotations:
+ app: {{ include "packetgen.name" . }}
+ release: {{ .Release.Name }}
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash
+ VirtletRootVolumeSize: 5Gi
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ resources:
+ limits:
+ memory: {{ .Values.resources.limits.memory }}
diff --git a/kud/demo/composite-firewall/packetgen/templates/service.yaml b/kud/demo/composite-firewall/packetgen/templates/service.yaml
new file mode 100644
index 00000000..7b8fd9db
--- /dev/null
+++ b/kud/demo/composite-firewall/packetgen/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: packetgen-service
+ labels:
+ app: {{ include "packetgen.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ include "packetgen.name" . }}
+ release: {{ .Release.Name }}
diff --git a/kud/demo/composite-firewall/packetgen/values.yaml b/kud/demo/composite-firewall/packetgen/values.yaml
new file mode 100644
index 00000000..300947d5
--- /dev/null
+++ b/kud/demo/composite-firewall/packetgen/values.yaml
@@ -0,0 +1,57 @@
+# Default values for packetgen.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+#serivce port value for packetgen service
+ type: NodePort
+ ports:
+ port: 2831
+ nodePort: 30831
+
+resources:
+ limits:
+ memory: 4Gi
+
+#global vars for parent and subcharts.
+global:
+
+ #Networks
+ unprotectedNetworkName: unprotected-private-net
+ protectedPrivateNetCidr: 192.168.10.0/24
+
+ emcoPrivateNetworkName: emco-private-net
+
+ protectedNetworkName: protected-private-net
+ protectedNetCidr: 192.168.20.0/24
+ protectedNetGwIp: 192.168.20.100
+ protectedNetGw: 192.168.20.100/24
+
+ #vFirewall container
+ vfwPrivateIp0: 192.168.10.3
+ vfwPrivateIp1: 192.168.20.2
+ vfwPrivateIp2: 10.10.20.3
+
+ #Packetgen container
+ vpgPrivateIp0: 192.168.10.200
+ vpgPrivateIp1: 10.10.20.200
+
+ #Sink container
+ vsnPrivateIp0: 192.168.20.3
+ vsnPrivateIp1: 10.10.20.4
+
+ #########
+ ovnMultusNetworkName: ovn-networkobj
+ demoArtifactsVersion: 1.5.0
+ dcaeCollectorIp: 10.0.4.1
+ dcaeCollectorPort: 8081
diff --git a/kud/demo/composite-firewall/sink/.helmignore b/kud/demo/composite-firewall/sink/.helmignore
new file mode 100644
index 00000000..50af0317
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/demo/composite-firewall/sink/Chart.yaml b/kud/demo/composite-firewall/sink/Chart.yaml
new file mode 100644
index 00000000..f83182e5
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy sink for vFirewall
+name: sink
+version: 0.1.0
diff --git a/kud/demo/composite-firewall/sink/templates/_helpers.tpl b/kud/demo/composite-firewall/sink/templates/_helpers.tpl
new file mode 100644
index 00000000..7d82d08d
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sink.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sink.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sink.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/composite-firewall/sink/templates/configmap.yaml b/kud/demo/composite-firewall/sink/templates/configmap.yaml
new file mode 100644
index 00000000..89be1f77
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "sink.name" .}}-configmap
+data:
+ protected_net_gw: {{ .Values.global.protectedNetGwIp }}
+ protected_private_net_cidr: {{ .Values.global.protectedPrivateNetCidr }}
diff --git a/kud/demo/composite-firewall/sink/templates/deployment.yaml b/kud/demo/composite-firewall/sink/templates/deployment.yaml
new file mode 100644
index 00000000..f1f56b28
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "sink.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "sink.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}"
+ envFrom:
+ - configMapRef:
+ name: {{ include "sink.name" . }}-configmap
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ securityContext:
+ privileged: true
+ - name: darkstat
+ image: "{{ .Values.image.darkstatrepo }}:{{ .Values.image.darkstattag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ ports:
+ - containerPort: {{ .Values.service.ports.port }}
diff --git a/kud/demo/composite-firewall/sink/templates/service.yaml b/kud/demo/composite-firewall/sink/templates/service.yaml
new file mode 100644
index 00000000..99da7de7
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: sink-service
+ labels:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ include "sink.name" . }}
+ release: {{ .Release.Name }}
diff --git a/kud/demo/composite-firewall/sink/values.yaml b/kud/demo/composite-firewall/sink/values.yaml
new file mode 100644
index 00000000..a6fa1c46
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/values.yaml
@@ -0,0 +1,61 @@
+# Default values for sink.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ sinkrepo: rtsood/onap-vfw-demo-sink
+ sinktag: 0.2.0
+ pullPolicy: IfNotPresent
+ darkstatrepo: electrocucaracha/darkstat
+ darkstattag: latest
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+#serivce port value for sink service
+ type: NodePort
+ ports:
+ port: 667
+ nodePort: 30667
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+#global vars for parent and subcharts.
+global:
+
+ #Networks
+ unprotectedNetworkName: unprotected-private-net
+ protectedPrivateNetCidr: 192.168.10.0/24
+
+ emcoPrivateNetworkName: emco-private-net
+
+ protectedNetworkName: protected-private-net
+ protectedNetCidr: 192.168.20.0/24
+ protectedNetGwIp: 192.168.20.100
+ protectedNetGw: 192.168.20.100/24
+
+ #vFirewall container
+ vfwPrivateIp0: 192.168.10.3
+ vfwPrivateIp1: 192.168.20.2
+ vfwPrivateIp2: 10.10.20.3
+
+ #Packetgen container
+ vpgPrivateIp0: 192.168.10.200
+ vpgPrivateIp1: 10.10.20.200
+
+ #Sink container
+ vsnPrivateIp0: 192.168.20.3
+ vsnPrivateIp1: 10.10.20.4
+
+ #########
+ ovnMultusNetworkName: ovn-networkobj
+ demoArtifactsVersion: 1.5.0
+ dcaeCollectorIp: 10.0.4.1
+ dcaeCollectorPort: 8081