diff options
| author |   Akhila Kishore <akhila.kishore@intel.com> | 2019-05-14 15:43:41 -0700 |
|---|---|---|
| committer | Akhila Kishore <akhila.kishore@intel.com> | 2019-05-22 12:20:08 -0700 |
| commit | 69fe1e369c4afa19552179fe297778a6ca32e48d (patch) | |
| tree | 1e6bd0c2fa081d2f2adc9291ec3d97fdc22f20cc /kud/demo/firewall/templates | |
| parent | 09433fb59e63a96a1e6d08fdd6061c59b3813e61 (diff) | |
Adding helm charts for vFirewall.
The charts are complete with templating and basic constructs.
They need to be modified in terms of chart dependency and also address
network configuration. Addressed comments, changed network config
values and included subcharts. Removed redundent vars. Removed
shell vars and updated sink. Updated vars. Removed escape
chars from password which and removed comment in pod annotations.
Removed comments from network files. Changed the deployment file
lables for all 3 charts. Extricated some of the values addressed by comments.
Set global vars. Updated sink-service labels.
Change-Id: Id6fc2e066c8a6c5b33b65caae3a49637521c3133
Issue-ID: MULTICLOUD-628
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Diffstat (limited to 'kud/demo/firewall/templates')
| -rw-r--r-- | kud/demo/firewall/templates/_helpers.tpl | 32 | ||||
| -rw-r--r-- | kud/demo/firewall/templates/deployment.yaml | 69 | ||||
| -rw-r--r-- | kud/demo/firewall/templates/onap-private-net.yaml | 9 | ||||
| -rw-r--r-- | kud/demo/firewall/templates/protected-private-net.yaml | 9 | ||||
| -rw-r--r-- | kud/demo/firewall/templates/unprotected-private-net.yaml | 9 |
5 files changed, 128 insertions, 0 deletions
diff --git a/kud/demo/firewall/templates/_helpers.tpl b/kud/demo/firewall/templates/_helpers.tpl new file mode 100644 index 00000000..7593e779 --- /dev/null +++ b/kud/demo/firewall/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "firewall.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "firewall.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "firewall.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/firewall/templates/deployment.yaml b/kud/demo/firewall/templates/deployment.yaml new file mode 100644 index 00000000..41362a75 --- /dev/null +++ b/kud/demo/firewall/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "firewall.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "firewall.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + runcmd: + - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }} + - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }} + - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }} + - export protected_net_cidr={{ .Values.global.protectedNetCidr }} + - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }} + - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }} + - export protected_net_gw={{ .Values.global.protectedNetGw }} + - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }} + - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash + VirtletRootVolumeSize: 5Gi + k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]' + ovnNetwork: '[ + { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"}, + { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp1 | quote }}, "interface": "eth2", "defaultGateway": "false" }, + { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp2 | quote }}, "interface": "eth3" , "defaultGateway": "false"} + ]' + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + resources: + limits: + memory: {{ .Values.resources.memory }} diff --git a/kud/demo/firewall/templates/onap-private-net.yaml b/kud/demo/firewall/templates/onap-private-net.yaml new file mode 100644 index 00000000..5b7e9ee7 --- /dev/null +++ b/kud/demo/firewall/templates/onap-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.onapPrivateNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.onapPrivateNetworkName }} + subnet: {{ .Values.global.onapPrivateNetCidr }} + gateway: {{ .Values.global.protectedPrivateGateway }} diff --git a/kud/demo/firewall/templates/protected-private-net.yaml b/kud/demo/firewall/templates/protected-private-net.yaml new file mode 100644 index 00000000..43cb9233 --- /dev/null +++ b/kud/demo/firewall/templates/protected-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.protectedNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.protectedNetworkName }} + subnet: {{ .Values.global.protectedNetCidr }} + gateway: {{ .Values.global.protectedNetGw }}/{{ .Values.global.gatewayVariable }} diff --git a/kud/demo/firewall/templates/unprotected-private-net.yaml b/kud/demo/firewall/templates/unprotected-private-net.yaml new file mode 100644 index 00000000..8f45eded --- /dev/null +++ b/kud/demo/firewall/templates/unprotected-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.unprotectedNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.unprotectedNetworkName }} + subnet: {{ .Values.global.protectedNetCidr }} + gateway: 192.168.10.1/24 |