#!/bin/bash # SPDX-license-identifier: Apache-2.0 ############################################################################## # Copyright (c) 2018 # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## set -o errexit set -o nounset set -o pipefail rm -f $HOME/*.yaml packetgen_deployment_name=packetgen sink_deployment_name=sink firewall_deployment_name=firewall image_name=virtlet.cloud/ubuntu/16.04 if [[ ! -f $HOME/.ssh/id_rsa.pub ]]; then echo -e "\n\n\n" | ssh-keygen -t rsa -N "" fi ssh_key=$(cat $HOME/.ssh/id_rsa.pub) cat << NET > $HOME/unprotected-private-net-cidr-network.yaml apiVersion: "kubernetes.cni.cncf.io/v1" kind: Network metadata: name: unprotected-private-net-cidr spec: config: '{ "name": "unprotected", "type": "bridge", "ipam": { "type": "host-local", "subnet": "192.168.10.0/24" } }' NET cat << NET > $HOME/protected-private-net-cidr-network.yaml apiVersion: "kubernetes.cni.cncf.io/v1" kind: Network metadata: name: protected-private-net-cidr spec: config: '{ "name": "protected", "type": "bridge", "ipam": { "type": "host-local", "subnet": "192.168.20.0/24" } }' NET cat << NET > $HOME/onap-private-net-cidr-network.yaml apiVersion: "kubernetes.cni.cncf.io/v1" kind: Network metadata: name: onap-private-net-cidr spec: config: '{ "name": "onap", "type": "bridge", "ipam": { "type": "host-local", "subnet": "10.10.0.0/16" } }' NET proxy="#!/bin/bash" if [[ -n "${http_proxy+x}" ]]; then proxy+=" export http_proxy=$http_proxy echo \"Acquire::http::Proxy \\\"$http_proxy\\\";\" | sudo tee --append /etc/apt/apt.conf.d/01proxy " fi if [[ -n "${https_proxy+x}" ]]; then proxy+=" export https_proxy=$https_proxy echo \"Acquire::https::Proxy \\\"$https_proxy\\\";\" | sudo tee --append /etc/apt/apt.conf.d/01proxy " fi if [[ -n "${no_proxy+x}" ]]; then proxy+=" export no_proxy=$no_proxy" fi cat << DEPLOYMENT > $HOME/$packetgen_deployment_name.yaml apiVersion: apps/v1 kind: Deployment metadata: name: $packetgen_deployment_name labels: app: vFirewall spec: replicas: 1 selector: matchLabels: app: vFirewall template: metadata: labels: app: vFirewall annotations: VirtletCloudInitUserData: | users: - default - name: admin sudo: ALL=(ALL) NOPASSWD:ALL plain_text_passwd: secret groups: sudo ssh_authorized_keys: - $ssh_key VirtletCloudInitUserDataScript: | $proxy wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash kubernetes.v1.cni.cncf.io/networks: '[ { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: extraRuntime operator: In values: - virtlet containers: - name: $packetgen_deployment_name image: $image_name imagePullPolicy: IfNotPresent tty: true stdin: true resources: limits: memory: 256Mi DEPLOYMENT cat << DEPLOYMENT > $HOME/$firewall_deployment_name.yaml apiVersion: apps/v1 kind: Deployment metadata: name: $firewall_deployment_name labels: app: vFirewall spec: replicas: 1 selector: matchLabels: app: vFirewall template: metadata: labels: app: vFirewall annotations: VirtletCloudInitUserData: | users: - default - name: admin sudo: ALL=(ALL) NOPASSWD:ALL plain_text_passwd: secret groups: sudo ssh_authorized_keys: - $ssh_key VirtletCloudInitUserDataScript: | $proxy wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash kubernetes.v1.cni.cncf.io/networks: '[ { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: extraRuntime operator: In values: - virtlet containers: - name: $firewall_deployment_name image: $image_name imagePullPolicy: IfNotPresent tty: true stdin: true resources: limits: memory: 160Mi DEPLOYMENT cat << DEPLOYMENT > $HOME/$sink_deployment_name.yaml apiVersion: apps/v1 kind: Deployment metadata: name: $sink_deployment_name labels: app: vFirewall spec: replicas: 1 selector: matchLabels: app: vFirewall template: metadata: labels: app: vFirewall annotations: VirtletCloudInitUserData: | users: - default - name: admin sudo: ALL=(ALL) NOPASSWD:ALL plain_text_passwd: secret groups: sudo ssh_authorized_keys: - $ssh_key VirtletCloudInitUserDataScript: | $proxy wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$sink_deployment_name | sudo -E bash kubernetes.v1.cni.cncf.io/networks: '[ { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: extraRuntime operator: In values: - virtlet containers: - name: $sink_deployment_name image: $image_name imagePullPolicy: IfNotPresent tty: true stdin: true resources: limits: memory: 160Mi DEPLOYMENT if $(kubectl version &>/dev/null); then kubectl apply -f $HOME/unprotected-private-net-cidr-network.yaml kubectl apply -f $HOME/protected-private-net-cidr-network.yaml kubectl apply -f $HOME/onap-private-net-cidr-network.yaml for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do kubectl delete deployment $deployment_name --ignore-not-found=true --now while kubectl get deployment $deployment_name &>/dev/null; do sleep 5 done kubectl create -f $HOME/$deployment_name.yaml done for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do status_phase="" while [[ $status_phase != "Running" ]]; do new_phase=$(kubectl get pods | grep $deployment_name | awk '{print $3}') if [[ $new_phase != $status_phase ]]; then echo "$(date +%H:%M:%S) - $deployment_name : $new_phase" status_phase=$new_phase fi if [[ $new_phase == "Err"* ]]; then exit 1 fi done done for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do pod_name=$(kubectl get pods | grep $deployment_name | awk '{print $1}') vm=$(kubectl plugin virt virsh list | grep ".*$deployment_name" | awk '{print $2}') echo "Pod name: $pod_name Virsh domain: $vm" echo "ssh -i ~/.ssh/id_rsa.pub admin@$(kubectl get pods $pod_name -o jsonpath="{.status.podIP}")" echo "=== Virtlet details ====" echo "$(kubectl plugin virt virsh dumpxml $vm | grep VIRTLET_)\n" done fi