summaryrefslogtreecommitdiffstats
path: root/starlingx/demo/firewall-host-netdevice/templates
diff options
context:
space:
mode:
Diffstat (limited to 'starlingx/demo/firewall-host-netdevice/templates')
-rw-r--r--starlingx/demo/firewall-host-netdevice/templates/_helpers.tpl32
-rw-r--r--starlingx/demo/firewall-host-netdevice/templates/configmap.yaml27
-rw-r--r--starlingx/demo/firewall-host-netdevice/templates/deployment.yaml98
-rw-r--r--starlingx/demo/firewall-host-netdevice/templates/protected-private-net.yaml23
-rw-r--r--starlingx/demo/firewall-host-netdevice/templates/unprotected-private-net.yaml23
5 files changed, 203 insertions, 0 deletions
diff --git a/starlingx/demo/firewall-host-netdevice/templates/_helpers.tpl b/starlingx/demo/firewall-host-netdevice/templates/_helpers.tpl
new file mode 100644
index 00000000..7593e779
--- /dev/null
+++ b/starlingx/demo/firewall-host-netdevice/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "firewall.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "firewall.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "firewall.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/starlingx/demo/firewall-host-netdevice/templates/configmap.yaml b/starlingx/demo/firewall-host-netdevice/templates/configmap.yaml
new file mode 100644
index 00000000..731fabb0
--- /dev/null
+++ b/starlingx/demo/firewall-host-netdevice/templates/configmap.yaml
@@ -0,0 +1,27 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-scripts-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "firewall.name" . }}
+ chart: {{ .Chart.Name }}
+data:
+{{ tpl (.Files.Glob "resources/scripts/init/*").AsConfig . | indent 2 }} \ No newline at end of file
diff --git a/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml
new file mode 100644
index 00000000..e93e9da2
--- /dev/null
+++ b/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml
@@ -0,0 +1,98 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "firewall.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "firewall.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+ k8s.v1.cni.cncf.io/networks: '[
+ { "name": "host-device-{{ .Values.global.unprotectedNetPortVfw }}",
+ "interface": "veth12" },
+ { "name": "host-device-{{ .Values.global.protectedNetPortVfw }}",
+ "interface": "veth21" }
+ ]'
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ env:
+ - name: unprotectedNetCidr
+ value: "{{.Values.global.unprotectedNetCidr}}"
+ - name: unprotectedNetGwIp
+ value: "{{.Values.global.unprotectedNetGwIp}}"
+ - name: protectedNetCidr
+ value: "{{.Values.global.protectedNetCidr}}"
+ - name: protectedNetGwIp
+ value: "{{.Values.global.protectedNetGwIp}}"
+ - name: dcaeCollectorIp
+ value: "{{.Values.global.dcaeCollectorIp}}"
+ - name: dcaeCollectorPort
+ value: "{{.Values.global.dcaeCollectorPort}}"
+ command: ["/bin/bash", "/opt/vfw_start.sh"]
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - CAP_SYS_ADMIN
+ volumeMounts:
+ - mountPath: /hugepages
+ name: hugepage
+ - name: lib-modules
+ mountPath: /lib/modules
+ - name: src
+ mountPath: /usr/src
+ - name: scripts
+ mountPath: /opt
+ resources:
+ requests:
+ cpu: {{ .Values.resources.cpu }}
+ memory: {{ .Values.resources.memory }}
+ hugepages-2Mi: {{ .Values.resources.hugepage }}
+ limits:
+ cpu: {{ .Values.resources.cpu }}
+ memory: {{ .Values.resources.memory }}
+ hugepages-2Mi: {{ .Values.resources.hugepage }}
+ volumes:
+ - name: hugepage
+ emptyDir:
+ medium: HugePages
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ - name: src
+ hostPath:
+ path: /usr/src
+ - name: scripts
+ configMap:
+ name: {{ .Chart.Name }}-scripts-configmap
+ imagePullSecrets:
+ - name: admin-registry-secret
diff --git a/starlingx/demo/firewall-host-netdevice/templates/protected-private-net.yaml b/starlingx/demo/firewall-host-netdevice/templates/protected-private-net.yaml
new file mode 100644
index 00000000..590d3f69
--- /dev/null
+++ b/starlingx/demo/firewall-host-netdevice/templates/protected-private-net.yaml
@@ -0,0 +1,23 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: host-device-{{ .Values.global.protectedNetPortVfw }}
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "host-device",
+ "device": "{{ .Values.global.protectedNetPortVfw }}"
+ }'
+
+---
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: host-device-{{ .Values.global.protectedNetPortVsn }}
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "host-device",
+ "device": "{{ .Values.global.protectedNetPortVsn }}"
+ }'
diff --git a/starlingx/demo/firewall-host-netdevice/templates/unprotected-private-net.yaml b/starlingx/demo/firewall-host-netdevice/templates/unprotected-private-net.yaml
new file mode 100644
index 00000000..79b47579
--- /dev/null
+++ b/starlingx/demo/firewall-host-netdevice/templates/unprotected-private-net.yaml
@@ -0,0 +1,23 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: host-device-{{ .Values.global.unprotectedNetPortVfw }}
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "host-device",
+ "device": "{{ .Values.global.unprotectedNetPortVfw }}"
+ }'
+
+---
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: host-device-{{ .Values.global.unprotectedNetPortVpg }}
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "host-device",
+ "device": "{{ .Values.global.unprotectedNetPortVpg }}"
+ }'