summaryrefslogtreecommitdiffstats
path: root/kud/demo/firewall/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kud/demo/firewall/templates')
-rw-r--r--kud/demo/firewall/templates/_helpers.tpl32
-rw-r--r--kud/demo/firewall/templates/deployment.yaml69
-rw-r--r--kud/demo/firewall/templates/onap-private-net.yaml9
-rw-r--r--kud/demo/firewall/templates/protected-private-net.yaml9
-rw-r--r--kud/demo/firewall/templates/unprotected-private-net.yaml9
5 files changed, 128 insertions, 0 deletions
diff --git a/kud/demo/firewall/templates/_helpers.tpl b/kud/demo/firewall/templates/_helpers.tpl
new file mode 100644
index 00000000..7593e779
--- /dev/null
+++ b/kud/demo/firewall/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "firewall.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "firewall.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "firewall.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/kud/demo/firewall/templates/deployment.yaml b/kud/demo/firewall/templates/deployment.yaml
new file mode 100644
index 00000000..41362a75
--- /dev/null
+++ b/kud/demo/firewall/templates/deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "firewall.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "firewall.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]'
+ ovnNetwork: '[
+ { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"},
+ { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp1 | quote }}, "interface": "eth2", "defaultGateway": "false" },
+ { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp2 | quote }}, "interface": "eth3" , "defaultGateway": "false"}
+ ]'
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ resources:
+ limits:
+ memory: {{ .Values.resources.memory }}
diff --git a/kud/demo/firewall/templates/onap-private-net.yaml b/kud/demo/firewall/templates/onap-private-net.yaml
new file mode 100644
index 00000000..5b7e9ee7
--- /dev/null
+++ b/kud/demo/firewall/templates/onap-private-net.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Network
+metadata:
+ name: {{ .Values.global.onapPrivateNetworkName }}
+spec:
+ cnitype : ovn4nfvk8s
+ name: {{ .Values.global.onapPrivateNetworkName }}
+ subnet: {{ .Values.global.onapPrivateNetCidr }}
+ gateway: {{ .Values.global.protectedPrivateGateway }}
diff --git a/kud/demo/firewall/templates/protected-private-net.yaml b/kud/demo/firewall/templates/protected-private-net.yaml
new file mode 100644
index 00000000..43cb9233
--- /dev/null
+++ b/kud/demo/firewall/templates/protected-private-net.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Network
+metadata:
+ name: {{ .Values.global.protectedNetworkName }}
+spec:
+ cnitype : ovn4nfvk8s
+ name: {{ .Values.global.protectedNetworkName }}
+ subnet: {{ .Values.global.protectedNetCidr }}
+ gateway: {{ .Values.global.protectedNetGw }}/{{ .Values.global.gatewayVariable }}
diff --git a/kud/demo/firewall/templates/unprotected-private-net.yaml b/kud/demo/firewall/templates/unprotected-private-net.yaml
new file mode 100644
index 00000000..8f45eded
--- /dev/null
+++ b/kud/demo/firewall/templates/unprotected-private-net.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Network
+metadata:
+ name: {{ .Values.global.unprotectedNetworkName }}
+spec:
+ cnitype : ovn4nfvk8s
+ name: {{ .Values.global.unprotectedNetworkName }}
+ subnet: {{ .Values.global.protectedNetCidr }}
+ gateway: 192.168.10.1/24