diff options
14 files changed, 404 insertions, 42 deletions
diff --git a/kud/demo/composite-firewall/sink/templates/_helpers.tpl b/kud/demo/composite-firewall/sink/templates/_helpers.tpl index 7d82d08d..f60b7ce6 100644 --- a/kud/demo/composite-firewall/sink/templates/_helpers.tpl +++ b/kud/demo/composite-firewall/sink/templates/_helpers.tpl @@ -30,3 +30,14 @@ Create chart name and version as used by the chart label. {{- define "sink.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sink.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "sink.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kud/demo/composite-firewall/sink/templates/deployment.yaml b/kud/demo/composite-firewall/sink/templates/deployment.yaml index f1f56b28..e65a64fb 100644 --- a/kud/demo/composite-firewall/sink/templates/deployment.yaml +++ b/kud/demo/composite-firewall/sink/templates/deployment.yaml @@ -18,6 +18,7 @@ spec: app: {{ include "sink.name" . }} release: {{ .Release.Name }} spec: + serviceAccountName: {{ include "sink.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}" diff --git a/kud/demo/composite-firewall/sink/templates/rolebinding.yaml b/kud/demo/composite-firewall/sink/templates/rolebinding.yaml new file mode 100644 index 00000000..14c5b758 --- /dev/null +++ b/kud/demo/composite-firewall/sink/templates/rolebinding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sink.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp:privileged +subjects: +- kind: ServiceAccount + name: {{ include "sink.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +{{- end }} diff --git a/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml b/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml new file mode 100644 index 00000000..2dcd900c --- /dev/null +++ b/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sink.serviceAccountName" . }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/kud/demo/composite-firewall/sink/values.yaml b/kud/demo/composite-firewall/sink/values.yaml index 245c9dea..b7ba1913 100644 --- a/kud/demo/composite-firewall/sink/values.yaml +++ b/kud/demo/composite-firewall/sink/values.yaml @@ -59,3 +59,20 @@ global: demoArtifactsVersion: 1.6.0 dcaeCollectorIp: 10.0.4.1 dcaeCollectorPort: 8081 + +### + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +## RBAC parameteres +## https://kubernetes.io/docs/reference/access-authn-authz/rbac/ +## +rbac: + create: true diff --git a/kud/deployment_infra/helm/sdewan_cnf/.helmignore b/kud/deployment_infra/helm/sdewan_cnf/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_cnf/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/deployment_infra/helm/sdewan_cnf/Chart.yaml b/kud/deployment_infra/helm/sdewan_cnf/Chart.yaml new file mode 100644 index 00000000..a7221426 --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_cnf/Chart.yaml @@ -0,0 +1,21 @@ +#/* +# * Copyright 2021 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +apiVersion: v1 +name: sdewan_cnf +description: A Helm chart for Kubernetes - SDEWAN CNF +version: 0.1.0 +appVersion: "1.0" diff --git a/kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl b/kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl new file mode 100644 index 00000000..d3e0f7c4 --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* +# * Copyright 2021 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cnf.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cnf.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cnf.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cnf.labels" -}} +helm.sh/chart: {{ include "cnf.chart" . }} +{{ include "cnf.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cnf.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cnf.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cnf.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cnf.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml b/kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml new file mode 100644 index 00000000..29660add --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml @@ -0,0 +1,80 @@ +#/* +# * Copyright 2021 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +apiVersion: v1 +data: + entrypoint.sh: |- + #!/bin/bash + # Always exit on errors. + set -ex + echo "" > /etc/config/network + cat > /etc/config/mwan3 <<EOF + config globals 'globals' + option mmx_mask '0x3F00' + option local_source 'lan' + EOF + eval "networks=$(grep nfn-network /tmp/podinfo/annotations | awk -F '=' '{print $2}')" + for net in $(echo -e $networks | jq -c ".interface[]") + do + interface=$(echo $net | jq -r .interface) + ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}') + vif="$interface" + netmask=$(ifconfig $interface | awk '/inet/{print $4}'| cut -f2 -d ":" | head -1) + cat >> /etc/config/network <<EOF + config interface '$vif' + option ifname '$interface' + option proto 'static' + option ipaddr '$ipaddr' + option netmask '$netmask' + EOF + cat >> /etc/config/mwan3 <<EOF + config interface '$vif' + option enabled '1' + option family 'ipv4' + option reliability '2' + option count '1' + option timeout '2' + option failure_latency '1000' + option recovery_latency '500' + option failure_loss '20' + option recovery_loss '5' + option interval '5' + option down '3' + option up '8' + EOF + done + /sbin/procd & + /sbin/ubusd & + iptables -S + sleep 1 + /etc/init.d/rpcd start + /etc/init.d/dnsmasq start + /etc/init.d/network start + /etc/init.d/odhcpd start + /etc/init.d/uhttpd start + /etc/init.d/log start + /etc/init.d/dropbear start + /etc/init.d/mwan3 restart + /etc/init.d/firewall restart + sysctl -w net.ipv4.conf.all.rp_filter=1 + sysctl -w net.ipv4.ip_forward=1 + echo "Entering sleep... (success)" + # Sleep forever. + while true; do sleep 100; done +kind: ConfigMap +metadata: + name: sdewan-sh + namespace: default diff --git a/kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml b/kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml new file mode 100644 index 00000000..90c81380 --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml @@ -0,0 +1,94 @@ +#/* +# * Copyright 2021 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.metadata.name }} + namespace: {{ .Values.metadata.namespace }} + labels: + sdewanPurpose: {{ .Values.metadata.labels }} +spec: + progressDeadlineSeconds: {{ .Values.spec.progressDeadlineSeconds }} + replicas: {{ .Values.spec.replicas }} + selector: + matchLabels: + sdewanPurpose: {{ .Values.metadata.labels }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.strategy.maxSurge }} + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + type: RollingUpdate + template: + metadata: + annotations: + k8s.plugin.opnfv.org/nfn-network: |- + { "type": "ovn4nfv", "interface": [ + {{- range .Values.nfn }} {{- with . }} + { + "defaultGateway": "{{- .defaultGateway -}}", + "interface": "{{- .interface -}}", + "ipAddress": "{{- .ipAddress -}}", + "name": "{{- .name -}}" + } {{- .separate -}} + {{- end }} {{- end }} + ]} + k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]' + labels: + sdewanPurpose: {{ .Values.metadata.labels }} + spec: + containers: + - command: + - /usr/bin/sudo + - /bin/sh + - /tmp/sdewan/entrypoint.sh + image: {{ .Values.containers.image }} + imagePullPolicy: {{ .Values.containers.imagePullPolicy }} + name: {{ .Values.containers.name }} + readinessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + privileged: true + procMount: Default + volumeMounts: + - mountPath: /tmp/sdewan + name: sdewan-sh + readOnly: true + - mountPath: /tmp/podinfo + name: podinfo + readOnly: true + nodeSelector: + {{ .Values.labelName }}: "{{ .Values.labelValue }}" + restartPolicy: {{ .Values.restartPolicy }} + volumes: + - configMap: + defaultMode: 420 + name: sdewan-sh + name: sdewan-sh + - name: podinfo + downwardAPI: + items: + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations diff --git a/kud/deployment_infra/helm/sdewan_cnf/values.yaml b/kud/deployment_infra/helm/sdewan_cnf/values.yaml new file mode 100644 index 00000000..c882378e --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_cnf/values.yaml @@ -0,0 +1,54 @@ +#/* +# * Copyright 2021 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +# Default values for cnf. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +metadata: + name: sdewan-cnf + namespace: default + labels: sdewan-cnf + +spec: + progressDeadlineSeconds: 600 + replicas: 1 + +strategy: + maxSurge: 25% + maxUnavailable: 25% + +nfn: + - defaultGateway: false + interface: net2 + ipAddress: 10.10.10.15 + name: pnetwork + separate: "," + - defaultGateway: false + interface: net0 + ipAddress: 172.16.30.10 + name: ovn-network + separate: "" + +containers: + image: integratedcloudnative/openwrt:0.3.1 + imagePullPolicy: IfNotPresent + name: sdewan + +labelName: "node-role.kubernetes.io/master" +labelValue: "" + +restartPolicy: Always diff --git a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml index 7d0404a5..498d0fb4 100644 --- a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml +++ b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml @@ -14,8 +14,6 @@ # Editing those values will almost surely break something. system_namespace: kube-system -docker_version: 'latest' - # Logging directory (sysvinit systems) kube_log_dir: "/var/log/kubernetes" diff --git a/kud/hosting_providers/vagrant/installer.sh b/kud/hosting_providers/vagrant/installer.sh index c88dc9e6..463ac925 100755 --- a/kud/hosting_providers/vagrant/installer.sh +++ b/kud/hosting_providers/vagrant/installer.sh @@ -61,42 +61,6 @@ function _install_ansible { sudo -E pip install --no-cache-dir ansible==$version } -# _install_docker() - Download and install docker-engine -function _install_docker { - local max_concurrent_downloads=${1:-3} - - if $(docker version &>/dev/null); then - return - fi - sudo apt-get install -y apt-transport-https ca-certificates curl - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - sudo apt-get update - sudo apt-get install -y docker-ce - - sudo mkdir -p /etc/systemd/system/docker.service.d - if [ ${http_proxy:-} ]; then - echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf - echo "Environment=\"HTTP_PROXY=$http_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/http-proxy.conf - fi - if [ ${https_proxy:-} ]; then - echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/https-proxy.conf - echo "Environment=\"HTTPS_PROXY=$https_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/https-proxy.conf - fi - if [ ${no_proxy:-} ]; then - echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/no-proxy.conf - echo "Environment=\"NO_PROXY=$no_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/no-proxy.conf - fi - sudo systemctl daemon-reload - echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" | sudo tee --append /etc/default/docker - if [[ -z $(groups | grep docker) ]]; then - sudo usermod -aG docker $USER - fi - - sudo systemctl restart docker - sleep 10 -} - function _set_environment_file { # By default ovn central interface is the first active network interface on localhost. If other wanted, need to export this variable in aio.sh or Vagrant file. OVN_CENTRAL_INTERFACE="${OVN_CENTRAL_INTERFACE:-$(ip addr show | awk '/inet.*brd/{print $NF; exit}')}" @@ -116,7 +80,6 @@ function install_k8s { local tarball=v$version.tar.gz sudo apt-get install -y sshpass make unzip # install make to run mitogen target and unzip is mitogen playbook dependency sudo apt-get install -y gnupg2 software-properties-common - _install_docker _install_ansible wget https://github.com/kubernetes-incubator/kubespray/archive/$tarball sudo tar -C $dest_folder -xzf $tarball @@ -248,7 +211,6 @@ function install_addons { # install_plugin() - Install ONAP Multicloud Kubernetes plugin function install_plugin { echo "Installing multicloud/k8s plugin" - _install_docker sudo -E pip install --no-cache-dir docker-compose sudo mkdir -p /opt/{kubeconfig,consul/config} diff --git a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml index 7803f27a..a9a7a933 100644 --- a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml +++ b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml @@ -14,8 +14,6 @@ # Editing those values will almost surely break something. system_namespace: kube-system -docker_version: 'latest' - # Logging directory (sysvinit systems) kube_log_dir: "/var/log/kubernetes" |