diff options
author | Bin Yang <bin.yang@windriver.com> | 2020-02-23 20:18:41 +0800 |
---|---|---|
committer | Bin Yang <bin.yang@windriver.com> | 2020-02-23 23:52:21 +0800 |
commit | 6547e45fd9f60437811ef35b9d101cdaef494542 (patch) | |
tree | 593f7a67769e9b5806a7bd7174c8858783d61d70 /starlingx/demo/firewall-sriov/charts/sink-sriov | |
parent | 0a13e91612de5fa590bdecb7b17ef79e7f220131 (diff) |
Add cnf for firewall with network of sriov
sriov driver can be either netdevice or vfio
start scripts support netdevice only yet
Change-Id: Ifa1e9acc558387d38245bd99669225fbf5fb8d05
Issue-ID: MULTICLOUD-999
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Diffstat (limited to 'starlingx/demo/firewall-sriov/charts/sink-sriov')
8 files changed, 208 insertions, 0 deletions
diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/.helmignore b/starlingx/demo/firewall-sriov/charts/sink-sriov/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/Chart.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/Chart.yaml new file mode 100644 index 00000000..90ac47ea --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy sink for vFirewall +name: sink-sriov +version: 0.1.0 diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/resources/scripts/init/vsn_start.sh b/starlingx/demo/firewall-sriov/charts/sink-sriov/resources/scripts/init/vsn_start.sh new file mode 100644 index 00000000..63acfff1 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/resources/scripts/init/vsn_start.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +apt-get update +apt-get install -y sudo curl net-tools iproute2 inetutils-ping wget darkstat unzip + +echo "provision interfaces" + +ifconfig veth22 10.10.2.2/24 + +echo "add route entries" +ip route add 10.10.1.0/24 via 10.10.2.1 + +echo "update darkstat configuration" +sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g;s/INTERFACE=.*/INTERFACE=\"-i veth22\"/g" /etc/darkstat/init.cfg + +echo "start darkstat" + +darkstat -i veth22 + +echo "done" +sleep infinity
\ No newline at end of file diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/_helpers.tpl b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/_helpers.tpl new file mode 100644 index 00000000..7d82d08d --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sink.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sink.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sink.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/configmap.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/configmap.yaml new file mode 100644 index 00000000..1d4b755d --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-scripts-configmap + labels: + release: {{ .Release.Name }} + app: {{ include "firewall.name" . }} + chart: {{ .Chart.Name }} +data: +{{ tpl (.Files.Glob "resources/scripts/init/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml new file mode 100644 index 00000000..f3c29f05 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sink.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "sink.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + annotations: + k8s.v1.cni.cncf.io/networks: '[ + { "name": "sriov-device-{{ .Values.global.protectedNetName }}", + "interface": "veth22" } + ]' + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + env: + - name: unprotectedNetCidr + value: "{{.Values.global.unprotectedNetCidr}}" + - name: unprotectedNetGwIp + value: "{{.Values.global.unprotectedNetGwIp}}" + - name: protectedNetCidr + value: "{{.Values.global.protectedNetCidr}}" + - name: protectedNetGwIp + value: "{{.Values.global.protectedNetGwIp}}" + - name: dcaeCollectorIp + value: "{{.Values.global.dcaeCollectorIp}}" + - name: dcaeCollectorPort + value: "{{.Values.global.dcaeCollectorPort}}" + - name: unprotectedNetProviderDriver + value: "{{.Values.global.unprotectedNetProviderDriver}}" + - name: protectedNetProviderDriver + value: "{{.Values.global.protectedNetProviderDriver}}" + command: ["/bin/bash", "/opt/vsn_start.sh"] + securityContext: + privileged: true + capabilities: + add: + - CAP_SYS_ADMIN + volumeMounts: + - name: scripts + mountPath: /opt + resources: + requests: + cpu: {{ .Values.resources.cpu }} + memory: {{ .Values.resources.memory }} + intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '1' + limits: + cpu: {{ .Values.resources.cpu }} + memory: {{ .Values.resources.memory }} + intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '1' + volumes: + - name: scripts + configMap: + name: {{ .Chart.Name }}-scripts-configmap + imagePullSecrets: + - name: admin-registry-secret diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/service.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/service.yaml new file mode 100644 index 00000000..99da7de7 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: sink-service + labels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/values.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/values.yaml new file mode 100644 index 00000000..3e379cc4 --- /dev/null +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/values.yaml @@ -0,0 +1,30 @@ +# Default values for sink. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ubuntu + tag: latest + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +resources: + cpu: 1 + memory: 4Gi + +service: +#serivce port value for sink service + type: NodePort + ports: + port: 667 + nodePort: 30667 + +nodeSelector: {} + +tolerations: [] + +affinity: {} |