From 6e1234913019ef0dd03f8c9d1547fbe22058af6a Mon Sep 17 00:00:00 2001 From: Eric Multanen Date: Tue, 23 Jun 2020 12:39:26 -0700 Subject: Add composite vFW demo Add demonstration files and test scripts to show the vFW use case as a composite application using network intents and ovnaction intents to deploy to multiple clusters. Issue-ID: MULTICLOUD-1095 Signed-off-by: Eric Multanen Change-Id: I74b837f9f97747f1eefffbcd105a6630a7b3a374 --- kud/demo/composite-firewall/firewall/.helmignore | 22 ++++++++ kud/demo/composite-firewall/firewall/Chart.yaml | 5 ++ .../firewall/templates/_helpers.tpl | 32 +++++++++++ .../firewall/templates/deployment.yaml | 63 +++++++++++++++++++++ kud/demo/composite-firewall/firewall/values.yaml | 50 +++++++++++++++++ kud/demo/composite-firewall/manifest.yaml | 4 ++ .../networks/emco-private-net.yaml | 18 ++++++ .../networks/onap-private-net-fwsink.yaml | 19 +++++++ .../networks/onap-private-net-pktgen.yaml | 19 +++++++ .../networks/protected-private-net-fwsink.yaml | 19 +++++++ .../networks/protected-private-net-pktgen.yaml | 19 +++++++ .../networks/protected-private-net.yaml | 18 ++++++ .../networks/unprotected-private-net-fwsink.yaml | 19 +++++++ .../networks/unprotected-private-net-pktgen.yaml | 19 +++++++ .../networks/unprotected-private-net.yaml | 18 ++++++ kud/demo/composite-firewall/override_values.yaml | 1 + kud/demo/composite-firewall/packetgen/.helmignore | 22 ++++++++ kud/demo/composite-firewall/packetgen/Chart.yaml | 5 ++ .../packetgen/templates/_helpers.tpl | 32 +++++++++++ .../packetgen/templates/deployment.yaml | 65 ++++++++++++++++++++++ .../packetgen/templates/service.yaml | 16 ++++++ kud/demo/composite-firewall/packetgen/values.yaml | 57 +++++++++++++++++++ kud/demo/composite-firewall/sink/.helmignore | 22 ++++++++ kud/demo/composite-firewall/sink/Chart.yaml | 5 ++ .../composite-firewall/sink/templates/_helpers.tpl | 32 +++++++++++ .../sink/templates/configmap.yaml | 7 +++ .../sink/templates/deployment.yaml | 38 +++++++++++++ .../composite-firewall/sink/templates/service.yaml | 16 ++++++ kud/demo/composite-firewall/sink/values.yaml | 61 ++++++++++++++++++++ 29 files changed, 723 insertions(+) create mode 100644 kud/demo/composite-firewall/firewall/.helmignore create mode 100644 kud/demo/composite-firewall/firewall/Chart.yaml create mode 100644 kud/demo/composite-firewall/firewall/templates/_helpers.tpl create mode 100644 kud/demo/composite-firewall/firewall/templates/deployment.yaml create mode 100644 kud/demo/composite-firewall/firewall/values.yaml create mode 100644 kud/demo/composite-firewall/manifest.yaml create mode 100644 kud/demo/composite-firewall/networks/emco-private-net.yaml create mode 100644 kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml create mode 100644 kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml create mode 100644 kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml create mode 100644 kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml create mode 100644 kud/demo/composite-firewall/networks/protected-private-net.yaml create mode 100644 kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml create mode 100644 kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml create mode 100644 kud/demo/composite-firewall/networks/unprotected-private-net.yaml create mode 100644 kud/demo/composite-firewall/override_values.yaml create mode 100644 kud/demo/composite-firewall/packetgen/.helmignore create mode 100644 kud/demo/composite-firewall/packetgen/Chart.yaml create mode 100644 kud/demo/composite-firewall/packetgen/templates/_helpers.tpl create mode 100644 kud/demo/composite-firewall/packetgen/templates/deployment.yaml create mode 100644 kud/demo/composite-firewall/packetgen/templates/service.yaml create mode 100644 kud/demo/composite-firewall/packetgen/values.yaml create mode 100644 kud/demo/composite-firewall/sink/.helmignore create mode 100644 kud/demo/composite-firewall/sink/Chart.yaml create mode 100644 kud/demo/composite-firewall/sink/templates/_helpers.tpl create mode 100644 kud/demo/composite-firewall/sink/templates/configmap.yaml create mode 100644 kud/demo/composite-firewall/sink/templates/deployment.yaml create mode 100644 kud/demo/composite-firewall/sink/templates/service.yaml create mode 100644 kud/demo/composite-firewall/sink/values.yaml (limited to 'kud/demo/composite-firewall') diff --git a/kud/demo/composite-firewall/firewall/.helmignore b/kud/demo/composite-firewall/firewall/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/kud/demo/composite-firewall/firewall/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/demo/composite-firewall/firewall/Chart.yaml b/kud/demo/composite-firewall/firewall/Chart.yaml new file mode 100644 index 00000000..18201ddd --- /dev/null +++ b/kud/demo/composite-firewall/firewall/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy Firewall app for vFirewall +name: firewall +version: 0.1.0 diff --git a/kud/demo/composite-firewall/firewall/templates/_helpers.tpl b/kud/demo/composite-firewall/firewall/templates/_helpers.tpl new file mode 100644 index 00000000..7593e779 --- /dev/null +++ b/kud/demo/composite-firewall/firewall/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "firewall.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "firewall.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "firewall.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/composite-firewall/firewall/templates/deployment.yaml b/kud/demo/composite-firewall/firewall/templates/deployment.yaml new file mode 100644 index 00000000..632a50bf --- /dev/null +++ b/kud/demo/composite-firewall/firewall/templates/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "firewall.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "firewall.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "firewall.name" . }} + release: {{ .Release.Name }} + annotations: + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + runcmd: + - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }} + - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }} + - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }} + - export protected_net_cidr={{ .Values.global.protectedNetCidr }} + - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }} + - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }} + - export protected_net_gw={{ .Values.global.protectedNetGw }} + - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }} + - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash + VirtletRootVolumeSize: 5Gi + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + resources: + limits: + memory: {{ .Values.resources.memory }} diff --git a/kud/demo/composite-firewall/firewall/values.yaml b/kud/demo/composite-firewall/firewall/values.yaml new file mode 100644 index 00000000..3a6c8983 --- /dev/null +++ b/kud/demo/composite-firewall/firewall/values.yaml @@ -0,0 +1,50 @@ +# Default values for firewall. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: virtlet.cloud/ubuntu/16.04 + tag: latest + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +resources: + memory: 4Gi + +#global vars for parent and subcharts. +global: + + #Networks + unprotectedNetworkName: unprotected-private-net + protectedPrivateNetCidr: 192.168.10.0/24 + + emcoPrivateNetworkName: emco-private-net + + protectedNetworkName: protected-private-net + protectedNetCidr: 192.168.20.0/24 + protectedNetGwIp: 192.168.20.100 + protectedNetGw: 192.168.20.100/24 + + #vFirewall container + vfwPrivateIp0: 192.168.10.3 + vfwPrivateIp1: 192.168.20.2 + vfwPrivateIp2: 10.10.20.3 + + #Packetgen container + vpgPrivateIp0: 192.168.10.200 + vpgPrivateIp1: 10.10.20.200 + + #Sink container + vsnPrivateIp0: 192.168.20.3 + vsnPrivateIp1: 10.10.20.4 + + ######### + ovnMultusNetworkName: ovn-networkobj + demoArtifactsVersion: 1.5.0 + dcaeCollectorIp: 10.0.4.1 + dcaeCollectorPort: 8081 + diff --git a/kud/demo/composite-firewall/manifest.yaml b/kud/demo/composite-firewall/manifest.yaml new file mode 100644 index 00000000..4d381d02 --- /dev/null +++ b/kud/demo/composite-firewall/manifest.yaml @@ -0,0 +1,4 @@ +--- +version: v1 +type: + values: "override_values.yaml" diff --git a/kud/demo/composite-firewall/networks/emco-private-net.yaml b/kud/demo/composite-firewall/networks/emco-private-net.yaml new file mode 100644 index 00000000..701ef54d --- /dev/null +++ b/kud/demo/composite-firewall/networks/emco-private-net.yaml @@ -0,0 +1,18 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: emco-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 10.10.20.0/24 + gateway: 10.10.20.1/24 + providerNetType: VLAN + vlan: + vlanId: "102" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.102 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml b/kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml new file mode 100644 index 00000000..c5135e93 --- /dev/null +++ b/kud/demo/composite-firewall/networks/onap-private-net-fwsink.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: emco-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 10.10.20.0/24 + gateway: 10.10.20.1/24 + excludeIps: 10.10.20.100..10.10.20.255 + providerNetType: VLAN + vlan: + vlanId: "102" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.102 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml b/kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml new file mode 100644 index 00000000..18fafcc7 --- /dev/null +++ b/kud/demo/composite-firewall/networks/onap-private-net-pktgen.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: emco-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 10.10.20.0/24 + gateway: 10.10.20.1/24 + excludeIps: 10.10.20.2..10.10.20.99 + providerNetType: VLAN + vlan: + vlanId: "102" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.102 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml b/kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml new file mode 100644 index 00000000..fce66313 --- /dev/null +++ b/kud/demo/composite-firewall/networks/protected-private-net-fwsink.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: protected-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 192.168.20.0/24 + gateway: 192.168.20.100/24 + excludeIps: 192.168.20.101..192.168.20.255 + providerNetType: VLAN + vlan: + vlanId: "101" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.101 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml b/kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml new file mode 100644 index 00000000..58909de1 --- /dev/null +++ b/kud/demo/composite-firewall/networks/protected-private-net-pktgen.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: protected-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 192.168.20.0/24 + gateway: 192.168.20.100/24 + excludeIps: 192.168.20.1..192.168.20.99 + providerNetType: VLAN + vlan: + vlanId: "101" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.101 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/protected-private-net.yaml b/kud/demo/composite-firewall/networks/protected-private-net.yaml new file mode 100644 index 00000000..213b3541 --- /dev/null +++ b/kud/demo/composite-firewall/networks/protected-private-net.yaml @@ -0,0 +1,18 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: protected-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 192.168.20.0/24 + gateway: 192.168.20.100/24 + providerNetType: VLAN + vlan: + vlanId: "101" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.101 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml b/kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml new file mode 100644 index 00000000..5ab730b5 --- /dev/null +++ b/kud/demo/composite-firewall/networks/unprotected-private-net-fwsink.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: unprotected-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 192.168.10.0/24 + gateway: 192.168.10.1/24 + excludeIps: 192.168.10.101..192.168.10.255 + providerNetType: VLAN + vlan: + vlanId: "100" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.100 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml b/kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml new file mode 100644 index 00000000..388eeb0d --- /dev/null +++ b/kud/demo/composite-firewall/networks/unprotected-private-net-pktgen.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: unprotected-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 192.168.10.0/24 + gateway: 192.168.10.1/24 + excludeIps: 192.168.10.2..192.168.10.100 + providerNetType: VLAN + vlan: + vlanId: "100" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.100 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/networks/unprotected-private-net.yaml b/kud/demo/composite-firewall/networks/unprotected-private-net.yaml new file mode 100644 index 00000000..f09f7608 --- /dev/null +++ b/kud/demo/composite-firewall/networks/unprotected-private-net.yaml @@ -0,0 +1,18 @@ +apiVersion: k8s.plugin.opnfv.org/v1alpha1 +kind: ProviderNetwork +metadata: + name: unprotected-private-net +spec: + cniType : ovn4nfv + ipv4Subnets: + - name: subnet1 + subnet: 192.168.10.0/24 + gateway: 192.168.10.1/24 + providerNetType: VLAN + vlan: + vlanId: "100" + providerInterfaceName: eth1 + logicalInterfaceName: eth1.100 + vlanNodeSelector: specific + nodeLabelList: + - kubernetes.io/hostname=localhost diff --git a/kud/demo/composite-firewall/override_values.yaml b/kud/demo/composite-firewall/override_values.yaml new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/kud/demo/composite-firewall/override_values.yaml @@ -0,0 +1 @@ + diff --git a/kud/demo/composite-firewall/packetgen/.helmignore b/kud/demo/composite-firewall/packetgen/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/kud/demo/composite-firewall/packetgen/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/demo/composite-firewall/packetgen/Chart.yaml b/kud/demo/composite-firewall/packetgen/Chart.yaml new file mode 100644 index 00000000..d21cadec --- /dev/null +++ b/kud/demo/composite-firewall/packetgen/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy packet generator for vFirewall +name: packetgen +version: 0.1.0 diff --git a/kud/demo/composite-firewall/packetgen/templates/_helpers.tpl b/kud/demo/composite-firewall/packetgen/templates/_helpers.tpl new file mode 100644 index 00000000..322b7c68 --- /dev/null +++ b/kud/demo/composite-firewall/packetgen/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "packetgen.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "packetgen.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "packetgen.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/composite-firewall/packetgen/templates/deployment.yaml b/kud/demo/composite-firewall/packetgen/templates/deployment.yaml new file mode 100644 index 00000000..827d2838 --- /dev/null +++ b/kud/demo/composite-firewall/packetgen/templates/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "packetgen.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "packetgen.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "packetgen.name" .}} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "packetgen.name" .}} + release: {{ .Release.Name }} + annotations: + app: {{ include "packetgen.name" . }} + release: {{ .Release.Name }} + VirtletLibvirtCPUSetting: | + mode: host-model + VirtletCloudInitUserData: | + ssh_pwauth: True + users: + - name: admin + gecos: User + primary-group: admin + groups: users + sudo: ALL=(ALL) NOPASSWD:ALL + lock_passwd: false + passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" + runcmd: + - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }} + - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }} + - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }} + - export protected_net_cidr={{ .Values.global.protectedNetCidr }} + - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }} + - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }} + - export protected_net_gw={{ .Values.global.protectedNetGw }} + - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }} + - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash + VirtletRootVolumeSize: 5Gi + kubernetes.io/target-runtime: virtlet.cloud + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: extraRuntime + operator: In + values: + - virtlet + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + resources: + limits: + memory: {{ .Values.resources.limits.memory }} diff --git a/kud/demo/composite-firewall/packetgen/templates/service.yaml b/kud/demo/composite-firewall/packetgen/templates/service.yaml new file mode 100644 index 00000000..7b8fd9db --- /dev/null +++ b/kud/demo/composite-firewall/packetgen/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: packetgen-service + labels: + app: {{ include "packetgen.name" . }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ include "packetgen.name" . }} + release: {{ .Release.Name }} diff --git a/kud/demo/composite-firewall/packetgen/values.yaml b/kud/demo/composite-firewall/packetgen/values.yaml new file mode 100644 index 00000000..300947d5 --- /dev/null +++ b/kud/demo/composite-firewall/packetgen/values.yaml @@ -0,0 +1,57 @@ +# Default values for packetgen. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: virtlet.cloud/ubuntu/16.04 + tag: latest + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: +#serivce port value for packetgen service + type: NodePort + ports: + port: 2831 + nodePort: 30831 + +resources: + limits: + memory: 4Gi + +#global vars for parent and subcharts. +global: + + #Networks + unprotectedNetworkName: unprotected-private-net + protectedPrivateNetCidr: 192.168.10.0/24 + + emcoPrivateNetworkName: emco-private-net + + protectedNetworkName: protected-private-net + protectedNetCidr: 192.168.20.0/24 + protectedNetGwIp: 192.168.20.100 + protectedNetGw: 192.168.20.100/24 + + #vFirewall container + vfwPrivateIp0: 192.168.10.3 + vfwPrivateIp1: 192.168.20.2 + vfwPrivateIp2: 10.10.20.3 + + #Packetgen container + vpgPrivateIp0: 192.168.10.200 + vpgPrivateIp1: 10.10.20.200 + + #Sink container + vsnPrivateIp0: 192.168.20.3 + vsnPrivateIp1: 10.10.20.4 + + ######### + ovnMultusNetworkName: ovn-networkobj + demoArtifactsVersion: 1.5.0 + dcaeCollectorIp: 10.0.4.1 + dcaeCollectorPort: 8081 diff --git a/kud/demo/composite-firewall/sink/.helmignore b/kud/demo/composite-firewall/sink/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/kud/demo/composite-firewall/sink/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/demo/composite-firewall/sink/Chart.yaml b/kud/demo/composite-firewall/sink/Chart.yaml new file mode 100644 index 00000000..f83182e5 --- /dev/null +++ b/kud/demo/composite-firewall/sink/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart to deploy sink for vFirewall +name: sink +version: 0.1.0 diff --git a/kud/demo/composite-firewall/sink/templates/_helpers.tpl b/kud/demo/composite-firewall/sink/templates/_helpers.tpl new file mode 100644 index 00000000..7d82d08d --- /dev/null +++ b/kud/demo/composite-firewall/sink/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sink.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sink.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sink.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kud/demo/composite-firewall/sink/templates/configmap.yaml b/kud/demo/composite-firewall/sink/templates/configmap.yaml new file mode 100644 index 00000000..89be1f77 --- /dev/null +++ b/kud/demo/composite-firewall/sink/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "sink.name" .}}-configmap +data: + protected_net_gw: {{ .Values.global.protectedNetGwIp }} + protected_private_net_cidr: {{ .Values.global.protectedPrivateNetCidr }} diff --git a/kud/demo/composite-firewall/sink/templates/deployment.yaml b/kud/demo/composite-firewall/sink/templates/deployment.yaml new file mode 100644 index 00000000..f1f56b28 --- /dev/null +++ b/kud/demo/composite-firewall/sink/templates/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sink.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ include "sink.name" . }} + chart: {{ .Chart.Name }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}" + envFrom: + - configMapRef: + name: {{ include "sink.name" . }}-configmap + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + securityContext: + privileged: true + - name: darkstat + image: "{{ .Values.image.darkstatrepo }}:{{ .Values.image.darkstattag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + tty: true + stdin: true + ports: + - containerPort: {{ .Values.service.ports.port }} diff --git a/kud/demo/composite-firewall/sink/templates/service.yaml b/kud/demo/composite-firewall/sink/templates/service.yaml new file mode 100644 index 00000000..99da7de7 --- /dev/null +++ b/kud/demo/composite-firewall/sink/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: sink-service + labels: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.ports.port }} + nodePort: {{ .Values.service.ports.nodePort }} + selector: + app: {{ include "sink.name" . }} + release: {{ .Release.Name }} diff --git a/kud/demo/composite-firewall/sink/values.yaml b/kud/demo/composite-firewall/sink/values.yaml new file mode 100644 index 00000000..a6fa1c46 --- /dev/null +++ b/kud/demo/composite-firewall/sink/values.yaml @@ -0,0 +1,61 @@ +# Default values for sink. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + sinkrepo: rtsood/onap-vfw-demo-sink + sinktag: 0.2.0 + pullPolicy: IfNotPresent + darkstatrepo: electrocucaracha/darkstat + darkstattag: latest + +nameOverride: "" +fullnameOverride: "" + +service: +#serivce port value for sink service + type: NodePort + ports: + port: 667 + nodePort: 30667 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +#global vars for parent and subcharts. +global: + + #Networks + unprotectedNetworkName: unprotected-private-net + protectedPrivateNetCidr: 192.168.10.0/24 + + emcoPrivateNetworkName: emco-private-net + + protectedNetworkName: protected-private-net + protectedNetCidr: 192.168.20.0/24 + protectedNetGwIp: 192.168.20.100 + protectedNetGw: 192.168.20.100/24 + + #vFirewall container + vfwPrivateIp0: 192.168.10.3 + vfwPrivateIp1: 192.168.20.2 + vfwPrivateIp2: 10.10.20.3 + + #Packetgen container + vpgPrivateIp0: 192.168.10.200 + vpgPrivateIp1: 10.10.20.200 + + #Sink container + vsnPrivateIp0: 192.168.20.3 + vsnPrivateIp1: 10.10.20.4 + + ######### + ovnMultusNetworkName: ovn-networkobj + demoArtifactsVersion: 1.5.0 + dcaeCollectorIp: 10.0.4.1 + dcaeCollectorPort: 8081 -- cgit 1.2.3-korg