diff options
Diffstat (limited to 'kud/demo/firewall/templates')
-rw-r--r-- | kud/demo/firewall/templates/_helpers.tpl | 32 | ||||
-rw-r--r-- | kud/demo/firewall/templates/deployment.yaml | 69 | ||||
-rw-r--r-- | kud/demo/firewall/templates/onap-private-net.yaml | 9 | ||||
-rw-r--r-- | kud/demo/firewall/templates/protected-private-net.yaml | 9 | ||||
-rw-r--r-- | kud/demo/firewall/templates/unprotected-private-net.yaml | 9 |
5 files changed, 128 insertions, 0 deletions
diff --git a/kud/demo/firewall/templates/_helpers.tpl b/kud/demo/firewall/templates/_helpers.tpl new file mode 100644 index 00000000..7593e779 --- /dev/null +++ b/kud/demo/firewall/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "firewall.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "firewall.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "firewall.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/firewall/templates/deployment.yaml b/kud/demo/firewall/templates/deployment.yaml new file mode 100644 index 00000000..41362a75 --- /dev/null +++ b/kud/demo/firewall/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "firewall.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "firewall.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + runcmd: + - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }} + - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }} + - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }} + - export protected_net_cidr={{ .Values.global.protectedNetCidr }} + - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }} + - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }} + - export protected_net_gw={{ .Values.global.protectedNetGw }} + - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }} + - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash + VirtletRootVolumeSize: 5Gi + k8s.v1.cni.cncf.io/networks: '[{"name": {{ .Values.global.ovnMultusNetworkName | quote }}}]' + ovnNetwork: '[ + { "name": {{ .Values.global.unprotectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp0 | quote }}, "interface": "eth1" , "defaultGateway": "false"}, + { "name": {{ .Values.global.protectedNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp1 | quote }}, "interface": "eth2", "defaultGateway": "false" }, + { "name": {{ .Values.global.onapPrivateNetworkName | quote }}, "ipAddress": {{ .Values.global.vfwPrivateIp2 | quote }}, "interface": "eth3" , "defaultGateway": "false"} + ]' + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + resources: + limits: + memory: {{ .Values.resources.memory }} diff --git a/kud/demo/firewall/templates/onap-private-net.yaml b/kud/demo/firewall/templates/onap-private-net.yaml new file mode 100644 index 00000000..5b7e9ee7 --- /dev/null +++ b/kud/demo/firewall/templates/onap-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.onapPrivateNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.onapPrivateNetworkName }} + subnet: {{ .Values.global.onapPrivateNetCidr }} + gateway: {{ .Values.global.protectedPrivateGateway }} diff --git a/kud/demo/firewall/templates/protected-private-net.yaml b/kud/demo/firewall/templates/protected-private-net.yaml new file mode 100644 index 00000000..43cb9233 --- /dev/null +++ b/kud/demo/firewall/templates/protected-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.protectedNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.protectedNetworkName }} + subnet: {{ .Values.global.protectedNetCidr }} + gateway: {{ .Values.global.protectedNetGw }}/{{ .Values.global.gatewayVariable }} diff --git a/kud/demo/firewall/templates/unprotected-private-net.yaml b/kud/demo/firewall/templates/unprotected-private-net.yaml new file mode 100644 index 00000000..8f45eded --- /dev/null +++ b/kud/demo/firewall/templates/unprotected-private-net.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Network +metadata: + name: {{ .Values.global.unprotectedNetworkName }} +spec: + cnitype : ovn4nfvk8s + name: {{ .Values.global.unprotectedNetworkName }} + subnet: {{ .Values.global.protectedNetCidr }} + gateway: 192.168.10.1/24 |