#!/bin/bash
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c) 2018
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
set -o errexit
set -o nounset
set -o pipefail
rm -f $HOME/*.yaml
packetgen_deployment_name=packetgen
sink_deployment_name=sink
firewall_deployment_name=firewall
image_name=virtlet.cloud/ubuntu/16.04
if [[ ! -f $HOME/.ssh/id_rsa.pub ]]; then
echo -e "\n\n\n" | ssh-keygen -t rsa -N ""
fi
ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
cat << NET > $HOME/unprotected-private-net-cidr-network.yaml
apiVersion: "kubernetes.cni.cncf.io/v1"
kind: Network
metadata:
name: unprotected-private-net-cidr
spec:
config: '{
"name": "unprotected",
"type": "bridge",
"ipam": {
"type": "host-local",
"subnet": "192.168.10.0/24"
}
}'
NET
cat << NET > $HOME/protected-private-net-cidr-network.yaml
apiVersion: "kubernetes.cni.cncf.io/v1"
kind: Network
metadata:
name: protected-private-net-cidr
spec:
config: '{
"name": "protected",
"type": "bridge",
"ipam": {
"type": "host-local",
"subnet": "192.168.20.0/24"
}
}'
NET
cat << NET > $HOME/onap-private-net-cidr-network.yaml
apiVersion: "kubernetes.cni.cncf.io/v1"
kind: Network
metadata:
name: onap-private-net-cidr
spec:
config: '{
"name": "onap",
"type": "bridge",
"ipam": {
"type": "host-local",
"subnet": "10.10.0.0/16"
}
}'
NET
proxy="#!/bin/bash"
if [[ -n "${http_proxy+x}" ]]; then
proxy+="
export http_proxy=$http_proxy
echo \"Acquire::http::Proxy \\\"$http_proxy\\\";\" | sudo tee --append /etc/apt/apt.conf.d/01proxy
"
fi
if [[ -n "${https_proxy+x}" ]]; then
proxy+="
export https_proxy=$https_proxy
echo \"Acquire::https::Proxy \\\"$https_proxy\\\";\" | sudo tee --append /etc/apt/apt.conf.d/01proxy
"
fi
if [[ -n "${no_proxy+x}" ]]; then
proxy+="
export no_proxy=$no_proxy"
fi
cat << DEPLOYMENT > $HOME/$packetgen_deployment_name.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: $packetgen_deployment_name
labels:
app: vFirewall
spec:
replicas: 1
selector:
matchLabels:
app: vFirewall
template:
metadata:
labels:
app: vFirewall
annotations:
VirtletCloudInitUserData: |
users:
- default
- name: admin
sudo: ALL=(ALL) NOPASSWD:ALL
plain_text_passwd: secret
groups: sudo
ssh_authorized_keys:
- $ssh_key
VirtletCloudInitUserDataScript: |
$proxy
wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$packetgen_deployment_name | sudo -E bash
kubernetes.v1.cni.cncf.io/networks: '[
{ "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
{ "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
]'
kubernetes.io/target-runtime: virtlet.cloud
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: extraRuntime
operator: In
values:
- virtlet
containers:
- name: $packetgen_deployment_name
image: $image_name
imagePullPolicy: IfNotPresent
tty: true
stdin: true
resources:
limits:
memory: 256Mi
DEPLOYMENT
cat << DEPLOYMENT > $HOME/$firewall_deployment_name.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: $firewall_deployment_name
labels:
app: vFirewall
spec:
replicas: 1
selector:
matchLabels:
app: vFirewall
template:
metadata:
labels:
app: vFirewall
annotations:
VirtletCloudInitUserData: |
users:
- default
- name: admin
sudo: ALL=(ALL) NOPASSWD:ALL
plain_text_passwd: secret
groups: sudo
ssh_authorized_keys:
- $ssh_key
VirtletCloudInitUserDataScript: |
$proxy
wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$firewall_deployment_name | sudo -E bash
kubernetes.v1.cni.cncf.io/networks: '[
{ "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" },
{ "name": "protected-private-net-cidr", "interfaceRequest": "eth2" },
{ "name": "onap-private-net-cidr", "interfaceRequest": "eth3" }
]'
kubernetes.io/target-runtime: virtlet.cloud
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: extraRuntime
operator: In
values:
- virtlet
containers:
- name: $firewall_deployment_name
image: $image_name
imagePullPolicy: IfNotPresent
tty: true
stdin: true
resources:
limits:
memory: 160Mi
DEPLOYMENT
cat << DEPLOYMENT > $HOME/$sink_deployment_name.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: $sink_deployment_name
labels:
app: vFirewall
spec:
replicas: 1
selector:
matchLabels:
app: vFirewall
template:
metadata:
labels:
app: vFirewall
annotations:
VirtletCloudInitUserData: |
users:
- default
- name: admin
sudo: ALL=(ALL) NOPASSWD:ALL
plain_text_passwd: secret
groups: sudo
ssh_authorized_keys:
- $ssh_key
VirtletCloudInitUserDataScript: |
$proxy
wget -O - https://raw.githubusercontent.com/electrocucaracha/vFW-demo/master/$sink_deployment_name | sudo -E bash
kubernetes.v1.cni.cncf.io/networks: '[
{ "name": "protected-private-net-cidr", "interfaceRequest": "eth1" },
{ "name": "onap-private-net-cidr", "interfaceRequest": "eth2" }
]'
kubernetes.io/target-runtime: virtlet.cloud
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: extraRuntime
operator: In
values:
- virtlet
containers:
- name: $sink_deployment_name
image: $image_name
imagePullPolicy: IfNotPresent
tty: true
stdin: true
resources:
limits:
memory: 160Mi
DEPLOYMENT
if $(kubectl version &>/dev/null); then
kubectl apply -f $HOME/unprotected-private-net-cidr-network.yaml
kubectl apply -f $HOME/protected-private-net-cidr-network.yaml
kubectl apply -f $HOME/onap-private-net-cidr-network.yaml
for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do
kubectl delete deployment $deployment_name --ignore-not-found=true --now
while kubectl get deployment $deployment_name &>/dev/null; do
sleep 5
done
kubectl create -f $HOME/$deployment_name.yaml
done
for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do
status_phase=""
while [[ $status_phase != "Running" ]]; do
new_phase=$(kubectl get pods | grep $deployment_name | awk '{print $3}')
if [[ $new_phase != $status_phase ]]; then
echo "$(date +%H:%M:%S) - $deployment_name : $new_phase"
status_phase=$new_phase
fi
if [[ $new_phase == "Err"* ]]; then
exit 1
fi
done
done
for deployment_name in $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name; do
pod_name=$(kubectl get pods | grep $deployment_name | awk '{print $1}')
vm=$(kubectl plugin virt virsh list | grep ".*$deployment_name" | awk '{print $2}')
echo "Pod name: $pod_name Virsh domain: $vm"
echo "ssh -i ~/.ssh/id_rsa.pub admin@$(kubectl get pods $pod_name -o jsonpath="{.status.podIP}")"
echo "=== Virtlet details ===="
echo "$(kubectl plugin virt virsh dumpxml $vm | grep VIRTLET_)\n"
done
fi