#creating controller entries version: emco/v2 resourceContext: anchor: controllers metadata : name: rsync spec: host: "192.168.121.6" port: 30546 --- #creating controller entries version: emco/v2 resourceContext: anchor: controllers metadata : name: ovnaction spec: host: "ovnaction" port: 9053 type: "action" priority: 1 --- #creating cluster provider version: emco/v2 resourceContext: anchor: cluster-providers metadata : name: vfw-cluster-provider --- #creating cluster version: emco/v2 resourceContext: anchor: cluster-providers/vfw-cluster-provider/clusters metadata : name: edge01 file: /home/otc/.kube/config --- #Add label cluster version: emco/v2 resourceContext: anchor: cluster-providers/vfw-cluster-provider/clusters/edge01/labels label-name: LabelA --- version: emco/v2 resourceContext: anchor: cluster-providers/vfw-cluster-provider/clusters/edge01/networks metadata: name: emco-private-net spec: cniType: ovn4nfv ipv4Subnets: - subnet: 10.10.20.0/24 name: subnet1 gateway: 10.10.20.1/24 --- version: emco/v2 resourceContext: anchor: cluster-providers/vfw-cluster-provider/clusters/edge01/networks metadata: name: unprotected-private-net spec: cniType: ovn4nfv ipv4Subnets: - subnet: 192.168.10.0/24 name: subnet1 gateway: 192.168.10.1/24 --- version: emco/v2 resourceContext: anchor: cluster-providers/vfw-cluster-provider/clusters/edge01/networks metadata: name: protected-private-net spec: cniType: ovn4nfv ipv4Subnets: - subnet: 192.168.20.0/24 name: subnet1 gateway: 192.168.20.1/24 --- version: emco/v2 resourceContext: anchor: cluster-providers/vfw-cluster-provider/clusters/edge01/apply --- #create project version: emco/v2 resourceContext: anchor: projects metadata : name: testvfw --- #creating vfw composite app entry version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps metadata : name: compositevfw spec: version: v1 --- #adding packetgen app to the composite app version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/apps metadata : name: packetgen file: /opt/csar/cb009bfe-bbee-11e8-9766-525400435678/packetgen.tar.gz --- #adding firewall app to the composite app version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/apps metadata : name: firewall file: /opt/csar/cb009bfe-bbee-11e8-9766-525400435678/firewall.tar.gz --- #adding sink app to the composite app version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/apps metadata : name: sink file: /opt/csar/cb009bfe-bbee-11e8-9766-525400435678/sink.tar.gz --- #creating vfw composite profile entry version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/composite-profiles metadata : name: vfw_composite-profile --- #adding packetgen app profiles to the composite profile version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/composite-profiles/vfw_composite-profile/profiles metadata : name: packetgen-profile spec: app-name: packetgen file: /opt/csar/cb009bfe-bbee-11e8-9766-525400435678/profile.tar.gz --- #adding firewall app profiles to the composite profile version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/composite-profiles/vfw_composite-profile/profiles metadata : name: firewall-profile spec: app-name: firewall file: /opt/csar/cb009bfe-bbee-11e8-9766-525400435678/profile.tar.gz --- #adding firewall app profiles to the composite profile version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/composite-profiles/vfw_composite-profile/profiles metadata : name: sink-profile spec: app-name: sink file: /opt/csar/cb009bfe-bbee-11e8-9766-525400435678/profile.tar.gz --- #create deployment intent group version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups metadata : name: vfw_deployment_intent_group spec: profile: vfw_composite-profile version: r1 logical-cloud: NA override-values: - app-name: packetgen values: ".Values.service.ports.nodePort": '30888' - app-name: firewall values: ".Values.global.dcaeCollectorIp": 1.2.3.4 ".Values.global.dcaeCollectorPort": '8888' - app-name: sink values: ".Values.service.ports.nodePort": '30677' --- version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/intents metadata : name: fw-deployment-intent spec: intent: genericPlacementIntent: fw-placement-intent ovnaction: vfw_ovnaction_intent --- #create the generic placement intent version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/generic-placement-intents metadata : name: fw-placement-intent --- #add the packetgen app placement intent to the generic placement intent version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/generic-placement-intents/fw-placement-intent/app-intents metadata: name: packetgen-placement-intent spec: app-name: packetgen intent: allOf: - provider-name: vfw-cluster-provider cluster-label-name: LabelA --- #add the firewall app placement intent to the generic placement intent version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/generic-placement-intents/fw-placement-intent/app-intents metadata: name: firewall-placement-intent spec: app-name: firewall intent: allOf: - provider-name: vfw-cluster-provider cluster-label-name: LabelA --- #add the sink app placement intent to the generic placement intent version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/generic-placement-intents/fw-placement-intent/app-intents metadata: name: sink-placement-intent spec: app-name: sink intent: allOf: - provider-name: vfw-cluster-provider cluster-label-name: LabelA --- #creating network intents version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent metadata : name: vfw_ovnaction_intent --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents metadata : name: packetgen_workload_intent spec: application-name: packetgen workload-resource: r1-packetgen type: Deployment --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents metadata : name: firewall_workload_intent spec: application-name: firewall workload-resource: r1-firewall type: Deployment --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents metadata : name: sink_workload_intent spec: application-name: sink workload-resource: r1-sink type: Deployment --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/packetgen_workload_intent/interfaces metadata : name: packetgen_unprotected_if spec: interface: eth1 name: unprotected-private-net defaultGateway: "false" ipAddress: 192.168.10.2 --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/packetgen_workload_intent/interfaces metadata : name: packetgen_emco_if spec: interface: eth2 name: emco-private-net defaultGateway: "false" ipAddress: 10.10.20.2 --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/firewall_workload_intent/interfaces metadata : name: firewall_emco_if spec: interface: eth3 name: emco-private-net defaultGateway: "false" ipAddress: 10.10.20.3 --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/firewall_workload_intent/interfaces metadata : name: firewall_unprotected_if spec: interface: eth1 name: unprotected-private-net defaultGateway: "false" ipAddress: 192.168.10.3 --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/firewall_workload_intent/interfaces metadata : name: firewall_protected_if spec: interface: eth2 name: protected-private-net defaultGateway: "false" ipAddress: 192.168.20.2 --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/sink_workload_intent/interfaces metadata : name: sink_protected_if spec: interface: eth1 name: protected-private-net defaultGateway: "false" ipAddress: 192.168.20.3 --- # version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/network-controller-intent/vfw_ovnaction_intent/workload-intents/sink_workload_intent/interfaces metadata : name: sink_emco_if spec: interface: eth2 name: emco-private-net defaultGateway: "false" ipAddress: 10.10.20.4 --- version: emco/v2 resourceContext: anchor: projects/testvfw/composite-apps/compositevfw/v1/deployment-intent-groups/vfw_deployment_intent_group/approve