summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kud/demo/composite-firewall/sink/templates/_helpers.tpl11
-rw-r--r--kud/demo/composite-firewall/sink/templates/deployment.yaml1
-rw-r--r--kud/demo/composite-firewall/sink/templates/rolebinding.yaml14
-rw-r--r--kud/demo/composite-firewall/sink/templates/serviceaccount.yaml10
-rw-r--r--kud/demo/composite-firewall/sink/values.yaml17
-rw-r--r--kud/deployment_infra/helm/sdewan_cnf/.helmignore23
-rw-r--r--kud/deployment_infra/helm/sdewan_cnf/Chart.yaml21
-rw-r--r--kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl79
-rw-r--r--kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml80
-rw-r--r--kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml94
-rw-r--r--kud/deployment_infra/helm/sdewan_cnf/values.yaml54
-rw-r--r--kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml2
-rwxr-xr-xkud/hosting_providers/vagrant/installer.sh38
-rw-r--r--kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml2
14 files changed, 404 insertions, 42 deletions
diff --git a/kud/demo/composite-firewall/sink/templates/_helpers.tpl b/kud/demo/composite-firewall/sink/templates/_helpers.tpl
index 7d82d08d..f60b7ce6 100644
--- a/kud/demo/composite-firewall/sink/templates/_helpers.tpl
+++ b/kud/demo/composite-firewall/sink/templates/_helpers.tpl
@@ -30,3 +30,14 @@ Create chart name and version as used by the chart label.
{{- define "sink.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sink.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "sink.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kud/demo/composite-firewall/sink/templates/deployment.yaml b/kud/demo/composite-firewall/sink/templates/deployment.yaml
index f1f56b28..e65a64fb 100644
--- a/kud/demo/composite-firewall/sink/templates/deployment.yaml
+++ b/kud/demo/composite-firewall/sink/templates/deployment.yaml
@@ -18,6 +18,7 @@ spec:
app: {{ include "sink.name" . }}
release: {{ .Release.Name }}
spec:
+ serviceAccountName: {{ include "sink.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}"
diff --git a/kud/demo/composite-firewall/sink/templates/rolebinding.yaml b/kud/demo/composite-firewall/sink/templates/rolebinding.yaml
new file mode 100644
index 00000000..14c5b758
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/rolebinding.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "sink.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: psp:privileged
+subjects:
+- kind: ServiceAccount
+ name: {{ include "sink.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
diff --git a/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml b/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml
new file mode 100644
index 00000000..2dcd900c
--- /dev/null
+++ b/kud/demo/composite-firewall/sink/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "sink.serviceAccountName" . }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/kud/demo/composite-firewall/sink/values.yaml b/kud/demo/composite-firewall/sink/values.yaml
index 245c9dea..b7ba1913 100644
--- a/kud/demo/composite-firewall/sink/values.yaml
+++ b/kud/demo/composite-firewall/sink/values.yaml
@@ -59,3 +59,20 @@ global:
demoArtifactsVersion: 1.6.0
dcaeCollectorIp: 10.0.4.1
dcaeCollectorPort: 8081
+
+###
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+## RBAC parameteres
+## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+##
+rbac:
+ create: true
diff --git a/kud/deployment_infra/helm/sdewan_cnf/.helmignore b/kud/deployment_infra/helm/sdewan_cnf/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/kud/deployment_infra/helm/sdewan_cnf/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/deployment_infra/helm/sdewan_cnf/Chart.yaml b/kud/deployment_infra/helm/sdewan_cnf/Chart.yaml
new file mode 100644
index 00000000..a7221426
--- /dev/null
+++ b/kud/deployment_infra/helm/sdewan_cnf/Chart.yaml
@@ -0,0 +1,21 @@
+#/*
+# * Copyright 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+name: sdewan_cnf
+description: A Helm chart for Kubernetes - SDEWAN CNF
+version: 0.1.0
+appVersion: "1.0"
diff --git a/kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl b/kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl
new file mode 100644
index 00000000..d3e0f7c4
--- /dev/null
+++ b/kud/deployment_infra/helm/sdewan_cnf/templates/_helpers.tpl
@@ -0,0 +1,79 @@
+{{/*
+# * Copyright 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cnf.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cnf.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cnf.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cnf.labels" -}}
+helm.sh/chart: {{ include "cnf.chart" . }}
+{{ include "cnf.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cnf.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cnf.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cnf.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cnf.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml b/kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml
new file mode 100644
index 00000000..29660add
--- /dev/null
+++ b/kud/deployment_infra/helm/sdewan_cnf/templates/cm.yaml
@@ -0,0 +1,80 @@
+#/*
+# * Copyright 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+data:
+ entrypoint.sh: |-
+ #!/bin/bash
+ # Always exit on errors.
+ set -ex
+ echo "" > /etc/config/network
+ cat > /etc/config/mwan3 <<EOF
+ config globals 'globals'
+ option mmx_mask '0x3F00'
+ option local_source 'lan'
+ EOF
+ eval "networks=$(grep nfn-network /tmp/podinfo/annotations | awk -F '=' '{print $2}')"
+ for net in $(echo -e $networks | jq -c ".interface[]")
+ do
+ interface=$(echo $net | jq -r .interface)
+ ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
+ vif="$interface"
+ netmask=$(ifconfig $interface | awk '/inet/{print $4}'| cut -f2 -d ":" | head -1)
+ cat >> /etc/config/network <<EOF
+ config interface '$vif'
+ option ifname '$interface'
+ option proto 'static'
+ option ipaddr '$ipaddr'
+ option netmask '$netmask'
+ EOF
+ cat >> /etc/config/mwan3 <<EOF
+ config interface '$vif'
+ option enabled '1'
+ option family 'ipv4'
+ option reliability '2'
+ option count '1'
+ option timeout '2'
+ option failure_latency '1000'
+ option recovery_latency '500'
+ option failure_loss '20'
+ option recovery_loss '5'
+ option interval '5'
+ option down '3'
+ option up '8'
+ EOF
+ done
+ /sbin/procd &
+ /sbin/ubusd &
+ iptables -S
+ sleep 1
+ /etc/init.d/rpcd start
+ /etc/init.d/dnsmasq start
+ /etc/init.d/network start
+ /etc/init.d/odhcpd start
+ /etc/init.d/uhttpd start
+ /etc/init.d/log start
+ /etc/init.d/dropbear start
+ /etc/init.d/mwan3 restart
+ /etc/init.d/firewall restart
+ sysctl -w net.ipv4.conf.all.rp_filter=1
+ sysctl -w net.ipv4.ip_forward=1
+ echo "Entering sleep... (success)"
+ # Sleep forever.
+ while true; do sleep 100; done
+kind: ConfigMap
+metadata:
+ name: sdewan-sh
+ namespace: default
diff --git a/kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml b/kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml
new file mode 100644
index 00000000..90c81380
--- /dev/null
+++ b/kud/deployment_infra/helm/sdewan_cnf/templates/deployment.yaml
@@ -0,0 +1,94 @@
+#/*
+# * Copyright 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.metadata.name }}
+ namespace: {{ .Values.metadata.namespace }}
+ labels:
+ sdewanPurpose: {{ .Values.metadata.labels }}
+spec:
+ progressDeadlineSeconds: {{ .Values.spec.progressDeadlineSeconds }}
+ replicas: {{ .Values.spec.replicas }}
+ selector:
+ matchLabels:
+ sdewanPurpose: {{ .Values.metadata.labels }}
+ strategy:
+ rollingUpdate:
+ maxSurge: {{ .Values.strategy.maxSurge }}
+ maxUnavailable: {{ .Values.strategy.maxUnavailable }}
+ type: RollingUpdate
+ template:
+ metadata:
+ annotations:
+ k8s.plugin.opnfv.org/nfn-network: |-
+ { "type": "ovn4nfv", "interface": [
+ {{- range .Values.nfn }} {{- with . }}
+ {
+ "defaultGateway": "{{- .defaultGateway -}}",
+ "interface": "{{- .interface -}}",
+ "ipAddress": "{{- .ipAddress -}}",
+ "name": "{{- .name -}}"
+ } {{- .separate -}}
+ {{- end }} {{- end }}
+ ]}
+ k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]'
+ labels:
+ sdewanPurpose: {{ .Values.metadata.labels }}
+ spec:
+ containers:
+ - command:
+ - /usr/bin/sudo
+ - /bin/sh
+ - /tmp/sdewan/entrypoint.sh
+ image: {{ .Values.containers.image }}
+ imagePullPolicy: {{ .Values.containers.imagePullPolicy }}
+ name: {{ .Values.containers.name }}
+ readinessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /
+ port: 80
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 1
+ timeoutSeconds: 1
+ securityContext:
+ privileged: true
+ procMount: Default
+ volumeMounts:
+ - mountPath: /tmp/sdewan
+ name: sdewan-sh
+ readOnly: true
+ - mountPath: /tmp/podinfo
+ name: podinfo
+ readOnly: true
+ nodeSelector:
+ {{ .Values.labelName }}: "{{ .Values.labelValue }}"
+ restartPolicy: {{ .Values.restartPolicy }}
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: sdewan-sh
+ name: sdewan-sh
+ - name: podinfo
+ downwardAPI:
+ items:
+ - path: "annotations"
+ fieldRef:
+ fieldPath: metadata.annotations
diff --git a/kud/deployment_infra/helm/sdewan_cnf/values.yaml b/kud/deployment_infra/helm/sdewan_cnf/values.yaml
new file mode 100644
index 00000000..c882378e
--- /dev/null
+++ b/kud/deployment_infra/helm/sdewan_cnf/values.yaml
@@ -0,0 +1,54 @@
+#/*
+# * Copyright 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+# Default values for cnf.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+metadata:
+ name: sdewan-cnf
+ namespace: default
+ labels: sdewan-cnf
+
+spec:
+ progressDeadlineSeconds: 600
+ replicas: 1
+
+strategy:
+ maxSurge: 25%
+ maxUnavailable: 25%
+
+nfn:
+ - defaultGateway: false
+ interface: net2
+ ipAddress: 10.10.10.15
+ name: pnetwork
+ separate: ","
+ - defaultGateway: false
+ interface: net0
+ ipAddress: 172.16.30.10
+ name: ovn-network
+ separate: ""
+
+containers:
+ image: integratedcloudnative/openwrt:0.3.1
+ imagePullPolicy: IfNotPresent
+ name: sdewan
+
+labelName: "node-role.kubernetes.io/master"
+labelValue: ""
+
+restartPolicy: Always
diff --git a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
index 7d0404a5..498d0fb4 100644
--- a/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
+++ b/kud/hosting_providers/containerized/inventory/group_vars/k8s-cluster.yml
@@ -14,8 +14,6 @@
# Editing those values will almost surely break something.
system_namespace: kube-system
-docker_version: 'latest'
-
# Logging directory (sysvinit systems)
kube_log_dir: "/var/log/kubernetes"
diff --git a/kud/hosting_providers/vagrant/installer.sh b/kud/hosting_providers/vagrant/installer.sh
index c88dc9e6..463ac925 100755
--- a/kud/hosting_providers/vagrant/installer.sh
+++ b/kud/hosting_providers/vagrant/installer.sh
@@ -61,42 +61,6 @@ function _install_ansible {
sudo -E pip install --no-cache-dir ansible==$version
}
-# _install_docker() - Download and install docker-engine
-function _install_docker {
- local max_concurrent_downloads=${1:-3}
-
- if $(docker version &>/dev/null); then
- return
- fi
- sudo apt-get install -y apt-transport-https ca-certificates curl
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- sudo apt-get update
- sudo apt-get install -y docker-ce
-
- sudo mkdir -p /etc/systemd/system/docker.service.d
- if [ ${http_proxy:-} ]; then
- echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf
- echo "Environment=\"HTTP_PROXY=$http_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/http-proxy.conf
- fi
- if [ ${https_proxy:-} ]; then
- echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/https-proxy.conf
- echo "Environment=\"HTTPS_PROXY=$https_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/https-proxy.conf
- fi
- if [ ${no_proxy:-} ]; then
- echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/no-proxy.conf
- echo "Environment=\"NO_PROXY=$no_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/no-proxy.conf
- fi
- sudo systemctl daemon-reload
- echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" | sudo tee --append /etc/default/docker
- if [[ -z $(groups | grep docker) ]]; then
- sudo usermod -aG docker $USER
- fi
-
- sudo systemctl restart docker
- sleep 10
-}
-
function _set_environment_file {
# By default ovn central interface is the first active network interface on localhost. If other wanted, need to export this variable in aio.sh or Vagrant file.
OVN_CENTRAL_INTERFACE="${OVN_CENTRAL_INTERFACE:-$(ip addr show | awk '/inet.*brd/{print $NF; exit}')}"
@@ -116,7 +80,6 @@ function install_k8s {
local tarball=v$version.tar.gz
sudo apt-get install -y sshpass make unzip # install make to run mitogen target and unzip is mitogen playbook dependency
sudo apt-get install -y gnupg2 software-properties-common
- _install_docker
_install_ansible
wget https://github.com/kubernetes-incubator/kubespray/archive/$tarball
sudo tar -C $dest_folder -xzf $tarball
@@ -248,7 +211,6 @@ function install_addons {
# install_plugin() - Install ONAP Multicloud Kubernetes plugin
function install_plugin {
echo "Installing multicloud/k8s plugin"
- _install_docker
sudo -E pip install --no-cache-dir docker-compose
sudo mkdir -p /opt/{kubeconfig,consul/config}
diff --git a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
index 7803f27a..a9a7a933 100644
--- a/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
+++ b/kud/hosting_providers/vagrant/inventory/group_vars/k8s-cluster.yml
@@ -14,8 +14,6 @@
# Editing those values will almost surely break something.
system_namespace: kube-system
-docker_version: 'latest'
-
# Logging directory (sysvinit systems)
kube_log_dir: "/var/log/kubernetes"