Code Review / multicloud / k8s.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
vFW usecase update
[multicloud/k8s.git] / kud / tests / _common.sh
1 #!/bin/bash
2 # SPDX-license-identifier: Apache-2.0
3 ##############################################################################
4 # Copyright (c) 2018
5 # All rights reserved. This program and the accompanying materials
6 # are made available under the terms of the Apache License, Version 2.0
7 # which accompanies this distribution, and is available at
8 # http://www.apache.org/licenses/LICENSE-2.0
9 ##############################################################################
10
11 set -o errexit
12 set -o nounset
13 set -o pipefail
14
15 packetgen_deployment_name=packetgen
16 sink_deployment_name=sink
17 firewall_deployment_name=firewall
18 image_name=virtlet.cloud/ubuntu/16.04
19 multus_deployment_name=multus-deployment
20 virtlet_image=virtlet.cloud/fedora
21 virtlet_deployment_name=virtlet-deployment
22 plugin_deployment_name=plugin-deployment
23 plugin_service_name=plugin-service
24 ovn4nfv_deployment_name=ovn4nfv-deployment
25 onap_private_net=onap-private-net
26 unprotected_private_net=unprotected-private-net
27 protected_private_net=protected-private-net
28 ovn_multus_network_name=ovn-networkobj
29 rbd_metadata=rbd_metatada.json
30 rbd_content_tarball=vault-consul-dev.tar
31 rbp_metadata=rbp_metatada.json
32 rbp_instance=rbp_instance.json
33 rbp_content_tarball=profile.tar
34
35 # vFirewall vars
36 demo_artifacts_version=1.5.0
37 vfw_private_ip_0='192.168.10.3'
38 vfw_private_ip_1='192.168.20.2'
39 vfw_private_ip_2='10.10.100.3'
40 vpg_private_ip_0='192.168.10.2'
41 vpg_private_ip_1='10.0.100.2'
42 vsn_private_ip_0='192.168.20.3'
43 vsn_private_ip_1='10.10.100.4'
44 dcae_collector_ip='10.0.4.1'
45 dcae_collector_port='8081'
46 protected_net_gw='192.168.20.100'
47 protected_net_cidr='192.168.20.0/24'
48 protected_private_net_cidr='192.168.10.0/24'
49 onap_private_net_cidr='10.10.0.0/16'
50 sink_ipaddr='192.168.20.250'
51
52 # populate_CSAR_containers_vFW() - This function creates the content of CSAR file
53 # required for vFirewal using only containers
54 function populate_CSAR_containers_vFW {
55     local csar_id=$1
56
57     _checks_args $csar_id
58     pushd ${CSAR_DIR}/${csar_id}
59
60     cat << META > metadata.yaml
61 resources:
62   network:
63     - $unprotected_private_net.yaml
64     - $protected_private_net.yaml
65     - $onap_private_net.yaml
66   deployment:
67     - $packetgen_deployment_name.yaml
68     - $firewall_deployment_name.yaml
69     - $sink_deployment_name.yaml
70 META
71
72     cat << NET > $unprotected_private_net.yaml
73 apiVersion: "k8s.cni.cncf.io/v1"
74 kind: NetworkAttachmentDefinition
75 metadata:
76   name: $unprotected_private_net
77 spec:
78   config: '{
79     "name": "unprotected",
80     "type": "bridge",
81     "ipam": {
82         "type": "host-local",
83         "subnet": "$protected_private_net_cidr"
84     }
85 }'
86 NET
87
88     cat << NET > $protected_private_net.yaml
89 apiVersion: "k8s.cni.cncf.io/v1"
90 kind: NetworkAttachmentDefinition
91 metadata:
92   name: $protected_private_net
93 spec:
94   config: '{
95     "name": "protected",
96     "type": "bridge",
97     "ipam": {
98         "type": "host-local",
99         "subnet": "$protected_net_cidr"
100     }
101 }'
102 NET
103
104     cat << NET > $onap_private_net.yaml
105 apiVersion: "k8s.cni.cncf.io/v1"
106 kind: NetworkAttachmentDefinition
107 metadata:
108   name: $onap_private_net
109 spec:
110   config: '{
111     "name": "onap",
112     "type": "bridge",
113     "ipam": {
114         "type": "host-local",
115         "subnet": "$onap_private_net_cidr"
116     }
117 }'
118 NET
119
120     cat << DEPLOYMENT > $packetgen_deployment_name.yaml
121 apiVersion: apps/v1
122 kind: Deployment
123 metadata:
124   name: $packetgen_deployment_name
125   labels:
126     app: vFirewall
127 spec:
128   replicas: 1
129   selector:
130     matchLabels:
131       app: vFirewall
132   template:
133     metadata:
134       labels:
135         app: vFirewall
136       annotations:
137         k8s.v1.cni.cncf.io/networks: '[
138             { "name": "$unprotected_private_net", "interfaceRequest": "eth1" },
139             { "name": "$onap_private_net", "interfaceRequest": "eth2" }
140         ]'
141     spec:
142       containers:
143       - name: $packetgen_deployment_name
144         image: electrocucaracha/packetgen
145         imagePullPolicy: IfNotPresent
146         tty: true
147         stdin: true
148         resources:
149           limits:
150             memory: 256Mi
151 DEPLOYMENT
152
153     cat << DEPLOYMENT > $firewall_deployment_name.yaml
154 apiVersion: apps/v1
155 kind: Deployment
156 metadata:
157   name: $firewall_deployment_name
158   labels:
159     app: vFirewall
160 spec:
161   replicas: 1
162   selector:
163     matchLabels:
164       app: vFirewall
165   template:
166     metadata:
167       labels:
168         app: vFirewall
169       annotations:
170         k8s.v1.cni.cncf.io/networks: '[
171             { "name": "$unprotected_private_net", "interfaceRequest": "eth1" },
172             { "name": "$protected_private_net", "interfaceRequest": "eth2" },
173             { "name": "$onap_private_net", "interfaceRequest": "eth3" }
174         ]'
175     spec:
176       containers:
177       - name: $firewall_deployment_name
178         image: electrocucaracha/firewall
179         imagePullPolicy: IfNotPresent
180         tty: true
181         stdin: true
182 DEPLOYMENT
183
184     cat << DEPLOYMENT > $sink_deployment_name.yaml
185 apiVersion: apps/v1
186 kind: Deployment
187 metadata:
188   name: $sink_deployment_name
189   labels:
190     app: vFirewall
191 spec:
192   replicas: 1
193   selector:
194     matchLabels:
195       app: vFirewall
196       context: darkstat
197   template:
198     metadata:
199       labels:
200         app: vFirewall
201         context: darkstat
202       annotations:
203         k8s.v1.cni.cncf.io/networks: '[
204             { "name": "$protected_private_net", "interfaceRequest": "eth1" },
205             { "name": "$onap_private_net", "interfaceRequest": "eth2" }
206         ]'
207     spec:
208       containers:
209       - name: $sink_deployment_name
210         image: electrocucaracha/sink
211         imagePullPolicy: IfNotPresent
212         tty: true
213         stdin: true
214         securityContext:
215           privileged: true
216       - name: darkstat
217         image: electrocucaracha/darkstat
218         imagePullPolicy: IfNotPresent
219         tty: true
220         stdin: true
221         ports:
222           - containerPort: 667
223 DEPLOYMENT
224     popd
225 }
226
227 # populate_CSAR_vms_containers_vFW() - This function creates the content of CSAR file
228 # required for vFirewal using an hybrid combination between virtual machines and
229 # cotainers
230 function populate_CSAR_vms_containers_vFW {
231     local csar_id=$1
232     ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
233
234     _checks_args $csar_id
235     pushd ${CSAR_DIR}/${csar_id}
236
237     cat << META > metadata.yaml
238 resources:
239   network:
240     - onap-ovn4nfvk8s-network.yaml
241   onapNetwork:
242     - $unprotected_private_net.yaml
243     - $protected_private_net.yaml
244     - $onap_private_net.yaml
245   deployment:
246     - $packetgen_deployment_name.yaml
247     - $firewall_deployment_name.yaml
248     - $sink_deployment_name.yaml
249   service:
250     - sink-service.yaml
251 META
252
253     cat << SERVICE > sink-service.yaml
254 apiVersion: v1
255 kind: Service
256 metadata:
257   name: sink-service
258 spec:
259   type: NodePort
260   ports:
261   - port: 667
262     nodePort: 30667
263   selector:
264     app: vFirewall
265     context: darkstat
266 SERVICE
267
268     cat << MULTUS_NET > onap-ovn4nfvk8s-network.yaml
269 apiVersion: "k8s.cni.cncf.io/v1"
270 kind: NetworkAttachmentDefinition
271 metadata:
272   name: $ovn_multus_network_name
273 spec:
274   config: '{
275       "cniVersion": "0.3.1",
276       "name": "ovn4nfv-k8s-plugin",
277       "type": "ovn4nfvk8s-cni"
278     }'
279 MULTUS_NET
280
281     cat << NET > $unprotected_private_net.yaml
282 apiVersion: v1
283 kind: onapNetwork
284 metadata:
285   name: $unprotected_private_net
286   cnitype : ovn4nfvk8s
287 spec:
288   name: $unprotected_private_net
289   subnet: $protected_private_net_cidr
290   gateway: 192.168.10.1/24
291 NET
292
293     cat << NET > $protected_private_net.yaml
294 apiVersion: v1
295 kind: onapNetwork
296 metadata:
297   name: $protected_private_net
298   cnitype : ovn4nfvk8s
299 spec:
300   name: $protected_private_net
301   subnet: $protected_net_cidr
302   gateway: $protected_net_gw/24
303 NET
304
305     cat << NET > $onap_private_net.yaml
306 apiVersion: v1
307 kind: onapNetwork
308 metadata:
309   name: $onap_private_net
310   cnitype : ovn4nfvk8s
311 spec:
312   name: $onap_private_net
313   subnet: $onap_private_net_cidr
314   gateway: 10.10.0.1/16
315 NET
316
317     proxy="apt:"
318     cloud_init_proxy="
319             - export demo_artifacts_version=$demo_artifacts_version
320             - export vfw_private_ip_0=$vfw_private_ip_0
321             - export vsn_private_ip_0=$vsn_private_ip_0
322             - export protected_net_cidr=$protected_net_cidr
323             - export dcae_collector_ip=$dcae_collector_ip
324             - export dcae_collector_port=$dcae_collector_port
325             - export protected_net_gw=$protected_net_gw
326             - export protected_private_net_cidr=$protected_private_net_cidr
327             - export sink_ipaddr=$sink_ipaddr
328 "
329     if [[ -n "${http_proxy+x}" ]]; then
330         proxy+="
331             http_proxy: $http_proxy"
332         cloud_init_proxy+="
333             - export http_proxy=$http_proxy"
334     fi
335     if [[ -n "${https_proxy+x}" ]]; then
336         proxy+="
337             https_proxy: $https_proxy"
338         cloud_init_proxy+="
339             - export https_proxy=$https_proxy"
340     fi
341     if [[ -n "${no_proxy+x}" ]]; then
342         cloud_init_proxy+="
343             - export no_proxy=$no_proxy"
344     fi
345
346     cat << DEPLOYMENT > $packetgen_deployment_name.yaml
347 apiVersion: apps/v1
348 kind: Deployment
349 metadata:
350   name: $packetgen_deployment_name
351   labels:
352     app: vFirewall
353 spec:
354   replicas: 1
355   selector:
356     matchLabels:
357       app: vFirewall
358   template:
359     metadata:
360       labels:
361         app: vFirewall
362       annotations:
363         VirtletLibvirtCPUSetting: |
364           mode: host-model
365         VirtletCloudInitUserData: |
366           ssh_pwauth: True
367           users:
368           - name: admin
369             gecos: User
370             primary-group: admin
371             groups: users
372             sudo: ALL=(ALL) NOPASSWD:ALL
373             lock_passwd: false
374             # the password is "admin"
375             passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
376             ssh_authorized_keys:
377               $ssh_key
378           $proxy
379           runcmd:
380           $cloud_init_proxy
381             - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/$packetgen_deployment_name | sudo -E bash
382         VirtletSSHKeys: |
383           $ssh_key
384         VirtletRootVolumeSize: 5Gi
385         k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]'
386         ovnNetwork: '[
387             { "name": "$unprotected_private_net", "ipAddress": "$vpg_private_ip_0", "interface": "eth1" , "defaultGateway": "false"},
388             { "name": "$onap_private_net", "ipAddress": "$vpg_private_ip_1", "interface": "eth2" , "defaultGateway": "false"}
389         ]'
390         kubernetes.io/target-runtime: virtlet.cloud
391     spec:
392       affinity:
393         nodeAffinity:
394           requiredDuringSchedulingIgnoredDuringExecution:
395             nodeSelectorTerms:
396             - matchExpressions:
397               - key: extraRuntime
398                 operator: In
399                 values:
400                 - virtlet
401       containers:
402       - name: $packetgen_deployment_name
403         image: $image_name
404         imagePullPolicy: IfNotPresent
405         tty: true
406         stdin: true
407         ports:
408           - containerPort: 8183
409         resources:
410           limits:
411             memory: 4Gi
412 DEPLOYMENT
413
414     cat << DEPLOYMENT > $firewall_deployment_name.yaml
415 apiVersion: apps/v1
416 kind: Deployment
417 metadata:
418   name: $firewall_deployment_name
419   labels:
420     app: vFirewall
421 spec:
422   replicas: 1
423   selector:
424     matchLabels:
425       app: vFirewall
426   template:
427     metadata:
428       labels:
429         app: vFirewall
430       annotations:
431         VirtletLibvirtCPUSetting: |
432           mode: host-model
433         VirtletCloudInitUserData: |
434           ssh_pwauth: True
435           users:
436           - name: admin
437             gecos: User
438             primary-group: admin
439             groups: users
440             sudo: ALL=(ALL) NOPASSWD:ALL
441             lock_passwd: false
442             # the password is "admin"
443             passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
444             ssh_authorized_keys:
445               $ssh_key
446           $proxy
447           runcmd:
448             $cloud_init_proxy
449             - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/$firewall_deployment_name | sudo -E bash
450         VirtletSSHKeys: |
451           $ssh_key
452         VirtletRootVolumeSize: 5Gi
453         k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]'
454         ovnNetwork: '[
455             { "name": "$unprotected_private_net", "ipAddress": "$vfw_private_ip_0", "interface": "eth1" , "defaultGateway": "false"},
456             { "name": "$protected_private_net", "ipAddress": "$vfw_private_ip_1", "interface": "eth2", "defaultGateway": "false" },
457             { "name": "$onap_private_net", "ipAddress": "$vfw_private_ip_2", "interface": "eth3" , "defaultGateway": "false"}
458         ]'
459         kubernetes.io/target-runtime: virtlet.cloud
460     spec:
461       affinity:
462         nodeAffinity:
463           requiredDuringSchedulingIgnoredDuringExecution:
464             nodeSelectorTerms:
465             - matchExpressions:
466               - key: extraRuntime
467                 operator: In
468                 values:
469                 - virtlet
470       containers:
471       - name: $firewall_deployment_name
472         image: $image_name
473         imagePullPolicy: IfNotPresent
474         tty: true
475         stdin: true
476         resources:
477           limits:
478             memory: 4Gi
479 DEPLOYMENT
480
481     cat << CONFIGMAP > sink_configmap.yaml
482 apiVersion: v1
483 kind: ConfigMap
484 metadata:
485   name: sink-configmap
486 data:
487   protected_net_gw: $protected_net_gw
488   protected_private_net_cidr: $protected_private_net_cidr
489 CONFIGMAP
490
491     cat << DEPLOYMENT > $sink_deployment_name.yaml
492 apiVersion: apps/v1
493 kind: Deployment
494 metadata:
495   name: $sink_deployment_name
496   labels:
497     app: vFirewall
498 spec:
499   replicas: 1
500   selector:
501     matchLabels:
502       app: vFirewall
503       context: darkstat
504   template:
505     metadata:
506       labels:
507         app: vFirewall
508         context: darkstat
509       annotations:
510         k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]'
511         ovnNetwork: '[
512             { "name": "$protected_private_net", "ipAddress": "$vsn_private_ip_0", "interface": "eth1", "defaultGateway": "false" },
513             { "name": "$onap_private_net", "ipAddress": "$vsn_private_ip_1", "interface": "eth2" , "defaultGateway": "false"}
514         ]'
515     spec:
516       containers:
517       - name: $sink_deployment_name
518         image: rtsood/onap-vfw-demo-sink:0.2.0
519         envFrom:
520         - configMapRef:
521             name: sink-configmap
522         imagePullPolicy: Always
523         tty: true
524         stdin: true
525         securityContext:
526           privileged: true
527
528       - name: darkstat
529         image: electrocucaracha/darkstat
530         imagePullPolicy: IfNotPresent
531         tty: true
532         stdin: true
533         ports:
534           - containerPort: 667
535 DEPLOYMENT
536     popd
537 }
538
539 # populate_CSAR_vms_vFW() - This function creates the content of CSAR file
540 # required for vFirewal using only virtual machines
541 function populate_CSAR_vms_vFW {
542     local csar_id=$1
543     ssh_key=$(cat $HOME/.ssh/id_rsa.pub)
544
545     _checks_args $csar_id
546     pushd ${CSAR_DIR}/${csar_id}
547
548     cat << META > metadata.yaml
549 resources:
550   network:
551     - $unprotected_private_net.yaml
552     - $protected_private_net.yaml
553     - $onap_private_net.yaml
554   deployment:
555     - $packetgen_deployment_name.yaml
556     - $firewall_deployment_name.yaml
557     - $sink_deployment_name.yaml
558 META
559
560     cat << NET > $unprotected_private_net.yaml
561 apiVersion: "k8s.cni.cncf.io/v1"
562 kind: NetworkAttachmentDefinition
563 metadata:
564   name: $unprotected_private_net
565 spec:
566   config: '{
567     "name": "unprotected",
568     "type": "bridge",
569     "ipam": {
570         "type": "host-local",
571         "subnet": "$protected_private_net_cidr"
572     }
573 }'
574 NET
575
576     cat << NET > $protected_private_net.yaml
577 apiVersion: "k8s.cni.cncf.io/v1"
578 kind: NetworkAttachmentDefinition
579 metadata:
580   name: $protected_private_net
581 spec:
582   config: '{
583     "name": "protected",
584     "type": "bridge",
585     "ipam": {
586         "type": "host-local",
587         "subnet": "$protected_net_cidr"
588     }
589 }'
590 NET
591
592     cat << NET > $onap_private_net.yaml
593 apiVersion: "k8s.cni.cncf.io/v1"
594 kind: NetworkAttachmentDefinition
595 metadata:
596   name: $onap_private_net
597 spec:
598   config: '{
599     "name": "onap",
600     "type": "bridge",
601     "ipam": {
602         "type": "host-local",
603         "subnet": "$onap_private_net_cidr"
604     }
605 }'
606 NET
607
608     proxy="apt:"
609     cloud_init_proxy="
610             - export demo_artifacts_version=$demo_artifacts_version
611             - export vfw_private_ip_0=$vfw_private_ip_0
612             - export vsn_private_ip_0=$vsn_private_ip_0
613             - export protected_net_cidr=$protected_net_cidr
614             - export dcae_collector_ip=$dcae_collector_ip
615             - export dcae_collector_port=$dcae_collector_port
616             - export protected_net_gw=$protected_net_gw
617             - export protected_private_net_cidr=$protected_private_net_cidr
618 "
619     if [[ -n "${http_proxy+x}" ]]; then
620         proxy+="
621             http_proxy: $http_proxy"
622         cloud_init_proxy+="
623             - export http_proxy=$http_proxy"
624     fi
625     if [[ -n "${https_proxy+x}" ]]; then
626         proxy+="
627             https_proxy: $https_proxy"
628         cloud_init_proxy+="
629             - export https_proxy=$https_proxy"
630     fi
631     if [[ -n "${no_proxy+x}" ]]; then
632         cloud_init_proxy+="
633             - export no_proxy=$no_proxy"
634     fi
635
636     cat << DEPLOYMENT > $packetgen_deployment_name.yaml
637 apiVersion: apps/v1
638 kind: Deployment
639 metadata:
640   name: $packetgen_deployment_name
641   labels:
642     app: vFirewall
643 spec:
644   replicas: 1
645   selector:
646     matchLabels:
647       app: vFirewall
648   template:
649     metadata:
650       labels:
651         app: vFirewall
652       annotations:
653         VirtletLibvirtCPUSetting: |
654           mode: host-model
655         VirtletCloudInitUserData: |
656           ssh_pwauth: True
657           users:
658           - name: admin
659             gecos: User
660             primary-group: admin
661             groups: users
662             sudo: ALL=(ALL) NOPASSWD:ALL
663             lock_passwd: false
664             # the password is "admin"
665             passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
666             ssh_authorized_keys:
667               $ssh_key
668           $proxy
669           runcmd:
670           $cloud_init_proxy
671             - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/$packetgen_deployment_name | sudo -E bash
672         VirtletSSHKeys: |
673           $ssh_key
674         VirtletRootVolumeSize: 5Gi
675         k8s.v1.cni.cncf.io/networks: '[
676             { "name": "$unprotected_private_net", "interfaceRequest": "eth1" },
677             { "name": "$onap_private_net", "interfaceRequest": "eth2" }
678         ]'
679         kubernetes.io/target-runtime: virtlet.cloud
680     spec:
681       affinity:
682         nodeAffinity:
683           requiredDuringSchedulingIgnoredDuringExecution:
684             nodeSelectorTerms:
685             - matchExpressions:
686               - key: extraRuntime
687                 operator: In
688                 values:
689                 - virtlet
690       containers:
691       - name: $packetgen_deployment_name
692         image: $image_name
693         imagePullPolicy: IfNotPresent
694         tty: true
695         stdin: true
696         ports:
697           - containerPort: 8183
698         resources:
699           limits:
700             memory: 4Gi
701 DEPLOYMENT
702
703     cat << DEPLOYMENT > $firewall_deployment_name.yaml
704 apiVersion: apps/v1
705 kind: Deployment
706 metadata:
707   name: $firewall_deployment_name
708   labels:
709     app: vFirewall
710 spec:
711   replicas: 1
712   selector:
713     matchLabels:
714       app: vFirewall
715   template:
716     metadata:
717       labels:
718         app: vFirewall
719       annotations:
720         VirtletLibvirtCPUSetting: |
721           mode: host-model
722         VirtletCloudInitUserData: |
723           ssh_pwauth: True
724           users:
725           - name: admin
726             gecos: User
727             primary-group: admin
728             groups: users
729             sudo: ALL=(ALL) NOPASSWD:ALL
730             lock_passwd: false
731             # the password is "admin"
732             passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
733             ssh_authorized_keys:
734               $ssh_key
735           $proxy
736           runcmd:
737             $cloud_init_proxy
738             - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/$firewall_deployment_name | sudo -E bash
739         VirtletSSHKeys: |
740           $ssh_key
741         VirtletRootVolumeSize: 5Gi
742         k8s.v1.cni.cncf.io/networks: '[
743             { "name": "$unprotected_private_net", "interfaceRequest": "eth1" },
744             { "name": "$protected_private_net", "interfaceRequest": "eth2" },
745             { "name": "$onap_private_net", "interfaceRequest": "eth3" }
746         ]'
747         kubernetes.io/target-runtime: virtlet.cloud
748     spec:
749       affinity:
750         nodeAffinity:
751           requiredDuringSchedulingIgnoredDuringExecution:
752             nodeSelectorTerms:
753             - matchExpressions:
754               - key: extraRuntime
755                 operator: In
756                 values:
757                 - virtlet
758       containers:
759       - name: $firewall_deployment_name
760         image: $image_name
761         imagePullPolicy: IfNotPresent
762         tty: true
763         stdin: true
764         resources:
765           limits:
766             memory: 4Gi
767 DEPLOYMENT
768
769     cat << DEPLOYMENT > $sink_deployment_name.yaml
770 apiVersion: apps/v1
771 kind: Deployment
772 metadata:
773   name: $sink_deployment_name
774   labels:
775     app: vFirewall
776 spec:
777   replicas: 1
778   selector:
779     matchLabels:
780       app: vFirewall
781   template:
782     metadata:
783       labels:
784         app: vFirewall
785       annotations:
786         VirtletLibvirtCPUSetting: |
787           mode: host-model
788         VirtletCloudInitUserData: |
789           ssh_pwauth: True
790           users:
791           - name: admin
792             gecos: User
793             primary-group: admin
794             groups: users
795             sudo: ALL=(ALL) NOPASSWD:ALL
796             lock_passwd: false
797             # the password is "admin"
798             passwd: "\$6\$rounds=4096\$QA5OCKHTE41\$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
799             ssh_authorized_keys:
800               $ssh_key
801           $proxy
802           runcmd:
803             $cloud_init_proxy
804             - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/$sink_deployment_name | sudo -E bash
805         VirtletSSHKeys: |
806           $ssh_key
807         VirtletRootVolumeSize: 5Gi
808         k8s.v1.cni.cncf.io/networks: '[
809             { "name": "$protected_private_net", "interfaceRequest": "eth1" },
810             { "name": "$onap_private_net", "interfaceRequest": "eth2" }
811         ]'
812         kubernetes.io/target-runtime: virtlet.cloud
813     spec:
814       affinity:
815         nodeAffinity:
816           requiredDuringSchedulingIgnoredDuringExecution:
817             nodeSelectorTerms:
818             - matchExpressions:
819               - key: extraRuntime
820                 operator: In
821                 values:
822                 - virtlet
823       containers:
824       - name: $sink_deployment_name
825         image: $image_name
826         imagePullPolicy: IfNotPresent
827         tty: true
828         stdin: true
829         ports:
830           - containerPort: 667
831         resources:
832           limits:
833             memory: 4Gi
834 DEPLOYMENT
835     popd
836 }
837
838 # populate_CSAR_multus() - This function creates the content of CSAR file
839 # required for testing Multus feature
840 function populate_CSAR_multus {
841     local csar_id=$1
842
843     _checks_args $csar_id
844     pushd ${CSAR_DIR}/${csar_id}
845
846     cat << META > metadata.yaml
847 resources:
848   network:
849     - bridge-network.yaml
850   deployment:
851     - $multus_deployment_name.yaml
852 META
853
854     cat << NET > bridge-network.yaml
855 apiVersion: "k8s.cni.cncf.io/v1"
856 kind: NetworkAttachmentDefinition
857 metadata:
858   name: bridge-conf
859 spec:
860   config: '{
861     "cniVersion": "0.3.0",
862     "name": "mynet",
863     "type": "bridge",
864     "ipam": {
865         "type": "host-local",
866         "subnet": "$onap_private_net_cidr"
867     }
868 }'
869 NET
870
871     cat << DEPLOYMENT > $multus_deployment_name.yaml
872 apiVersion: apps/v1
873 kind: Deployment
874 metadata:
875   name: $multus_deployment_name
876   labels:
877     app: multus
878 spec:
879   replicas: 1
880   selector:
881     matchLabels:
882       app: multus
883   template:
884     metadata:
885       labels:
886         app: multus
887       annotations:
888         k8s.v1.cni.cncf.io/networks: '[
889           { "name": "bridge-conf", "interfaceRequest": "eth1" },
890           { "name": "bridge-conf", "interfaceRequest": "eth2" }
891         ]'
892     spec:
893       containers:
894       - name: $multus_deployment_name
895         image: "busybox"
896         command: ["top"]
897         stdin: true
898         tty: true
899 DEPLOYMENT
900     popd
901 }
902
903 # populate_CSAR_virtlet() - This function creates the content of CSAR file
904 # required for testing Virtlet feature
905 function populate_CSAR_virtlet {
906     local csar_id=$1
907
908     _checks_args $csar_id
909     pushd ${CSAR_DIR}/${csar_id}
910
911     cat << META > metadata.yaml
912 resources:
913   deployment:
914     - $virtlet_deployment_name.yaml
915 META
916
917     cat << DEPLOYMENT > $virtlet_deployment_name.yaml
918 apiVersion: apps/v1
919 kind: Deployment
920 metadata:
921   name: $virtlet_deployment_name
922   labels:
923     app: virtlet
924 spec:
925   replicas: 1
926   selector:
927     matchLabels:
928       app: virtlet
929   template:
930     metadata:
931       labels:
932         app: virtlet
933       annotations:
934         VirtletLibvirtCPUSetting: |
935           mode: host-passthrough
936         # This tells CRI Proxy that this pod belongs to Virtlet runtime
937         kubernetes.io/target-runtime: virtlet.cloud
938         VirtletCloudInitUserData: |
939           ssh_pwauth: True
940           users:
941           - name: testuser
942             gecos: User
943             primary-group: testuser
944             groups: users
945             lock_passwd: false
946             shell: /bin/bash
947             # the password is "testuser"
948             passwd: "\$6\$rounds=4096\$wPs4Hz4tfs\$a8ssMnlvH.3GX88yxXKF2cKMlVULsnydoOKgkuStTErTq2dzKZiIx9R/pPWWh5JLxzoZEx7lsSX5T2jW5WISi1"
949             sudo: ALL=(ALL) NOPASSWD:ALL
950           runcmd:
951             - echo hello world
952     spec:
953       affinity:
954         nodeAffinity:
955           requiredDuringSchedulingIgnoredDuringExecution:
956             nodeSelectorTerms:
957             - matchExpressions:
958               - key: extraRuntime
959                 operator: In
960                 values:
961                 - virtlet
962       containers:
963       - name: $virtlet_deployment_name
964         # This specifies the image to use.
965         # virtlet.cloud/ prefix is used by CRI proxy, the remaining part
966         # of the image name is prepended with https:// and used to download the image
967         image: $virtlet_image
968         imagePullPolicy: IfNotPresent
969         # tty and stdin required for "kubectl attach -t" to work
970         tty: true
971         stdin: true
972         resources:
973           limits:
974             # This memory limit is applied to the libvirt domain definition
975             memory: 160Mi
976 DEPLOYMENT
977     popd
978 }
979
980 # populate_CSAR_plugin()- Creates content used for Plugin functional tests
981 function populate_CSAR_plugin {
982     local csar_id=$1
983
984     _checks_args $csar_id
985     pushd ${CSAR_DIR}/${csar_id}
986
987     cat << META > metadata.yaml
988 resources:
989   deployment:
990     - $plugin_deployment_name.yaml
991   service:
992     - service.yaml
993 META
994
995     cat << DEPLOYMENT > $plugin_deployment_name.yaml
996 apiVersion: apps/v1
997 kind: Deployment
998 metadata:
999   name: $plugin_deployment_name
1000 spec:
1001   replicas: 1
1002   selector:
1003     matchLabels:
1004       app: plugin
1005   template:
1006     metadata:
1007       labels:
1008         app: plugin
1009     spec:
1010       containers:
1011       - name: $plugin_deployment_name
1012         image: "busybox"
1013         command: ["top"]
1014         stdin: true
1015         tty: true
1016 DEPLOYMENT
1017
1018     cat << SERVICE > service.yaml
1019 apiVersion: v1
1020 kind: Service
1021 metadata:
1022   name: $plugin_service_name
1023 spec:
1024   ports:
1025   - port: 80
1026     protocol: TCP
1027   selector:
1028     app: sise
1029 SERVICE
1030     popd
1031 }
1032
1033 # populate_CSAR_ovn4nfv() - Create content used for OVN4NFV functional test
1034 function populate_CSAR_ovn4nfv {
1035     local csar_id=$1
1036
1037     _checks_args $csar_id
1038     pushd ${CSAR_DIR}/${csar_id}
1039
1040     cat << META > metadata.yaml
1041 resources:
1042   onap_network:
1043     - ovn-port-net.yaml
1044     - ovn-priv-net.yaml
1045   network:
1046     - onap-ovn4nfvk8s-network.yaml
1047   deployment:
1048     - $ovn4nfv_deployment_name.yaml
1049 META
1050
1051     cat << MULTUS_NET > onap-ovn4nfvk8s-network.yaml
1052 apiVersion: "k8s.cni.cncf.io/v1"
1053 kind: NetworkAttachmentDefinition
1054 metadata:
1055   name: $ovn_multus_network_name
1056 spec:
1057   config: '{
1058       "cniVersion": "0.3.1",
1059       "name": "ovn4nfv-k8s-plugin",
1060       "type": "ovn4nfvk8s-cni"
1061     }'
1062 MULTUS_NET
1063
1064     cat << NETWORK > ovn-port-net.yaml
1065 apiVersion: v1
1066 kind: onapNetwork
1067 metadata:
1068   name: ovn-port-net
1069   cnitype : ovn4nfvk8s
1070 spec:
1071   name: ovn-port-net
1072   subnet: 172.16.33.0/24
1073   gateway: 172.16.33.1/24
1074 NETWORK
1075
1076     cat << NETWORK > ovn-priv-net.yaml
1077 apiVersion: v1
1078 kind: onapNetwork
1079 metadata:
1080   name: ovn-priv-net
1081   cnitype : ovn4nfvk8s
1082 spec:
1083   name: ovn-priv-net
1084   subnet: 172.16.44.0/24
1085   gateway: 172.16.44.1/24
1086 NETWORK
1087
1088     cat << DEPLOYMENT > $ovn4nfv_deployment_name.yaml
1089 apiVersion: apps/v1
1090 kind: Deployment
1091 metadata:
1092   name: $ovn4nfv_deployment_name
1093   labels:
1094     app: ovn4nfv
1095 spec:
1096   replicas: 1
1097   selector:
1098     matchLabels:
1099       app: ovn4nfv
1100   template:
1101     metadata:
1102       labels:
1103         app: ovn4nfv
1104       annotations:
1105         k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]'
1106         ovnNetwork: '[{ "name": "ovn-port-net", "interface": "net0" , "defaultGateway": "false"},
1107                       { "name": "ovn-priv-net", "interface": "net1" , "defaultGateway": "false"}]'
1108     spec:
1109       containers:
1110       - name: $ovn4nfv_deployment_name
1111         image: "busybox"
1112         command: ["top"]
1113         stdin: true
1114         tty: true
1115 DEPLOYMENT
1116     popd
1117 }
1118
1119 # populate_CSAR_rbdefinition() - Function that populates CSAR folder
1120 # for testing resource bundle definition
1121 function populate_CSAR_rbdefinition {
1122     local csar_id=$1
1123
1124     _checks_args $csar_id
1125     pushd ${CSAR_DIR}/${csar_id}
1126     print_msg "Create Helm Chart Archives"
1127     rm -f ${rbd_content_tarball}.gz
1128     rm -f ${rbp_content_tarball}.gz
1129     tar -cf $rbd_content_tarball -C $test_folder/vnfs/testrb/helm vault-consul-dev
1130     tar -cf $rbp_content_tarball -C $test_folder/vnfs/testrb/helm/profile .
1131     gzip $rbp_content_tarball
1132     gzip $rbd_content_tarball
1133     popd
1134 }
To contain a POC for Kubernetes plugin