rbp_content_tarball=profile.tar
# vFirewall vars
-demo_artifacts_version=1.3.1
+demo_artifacts_version=1.5.0
vfw_private_ip_0='192.168.10.3'
vfw_private_ip_1='192.168.20.2'
vfw_private_ip_2='10.10.100.3'
protected_net_cidr='192.168.20.0/24'
protected_private_net_cidr='192.168.10.0/24'
onap_private_net_cidr='10.10.0.0/16'
+sink_ipaddr='192.168.20.250'
# populate_CSAR_containers_vFW() - This function creates the content of CSAR file
# required for vFirewal using only containers
- export dcae_collector_port=$dcae_collector_port
- export protected_net_gw=$protected_net_gw
- export protected_private_net_cidr=$protected_private_net_cidr
+ - export sink_ipaddr=$sink_ipaddr
"
if [[ -n "${http_proxy+x}" ]]; then
proxy+="
memory: 4Gi
DEPLOYMENT
+ cat << CONFIGMAP > sink_configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: sink-configmap
+data:
+ protected_net_gw: $protected_net_gw
+ protected_private_net_cidr: $protected_private_net_cidr
+CONFIGMAP
+
cat << DEPLOYMENT > $sink_deployment_name.yaml
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: $sink_deployment_name
- image: electrocucaracha/sink
- imagePullPolicy: IfNotPresent
+ image: rtsood/onap-vfw-demo-sink:0.2.0
+ envFrom:
+ - configMapRef:
+ name: sink-configmap
+ imagePullPolicy: Always
tty: true
stdin: true
securityContext:
privileged: true
+
- name: darkstat
image: electrocucaracha/darkstat
imagePullPolicy: IfNotPresent
FROM ubuntu:16.04
-MAINTAINER Victor Morales <electrocucaracha@gmail.com>
+MAINTAINER Ritu Sood <ritu.sood@intel.com>
ARG HTTP_PROXY=${HTTP_PROXY}
ARG HTTPS_PROXY=${HTTPS_PROXY}
ENV http_proxy $HTTP_PROXY
ENV https_proxy $HTTPS_PROXY
-ENV protected_net_cidr "192.168.20.0/24"
-ENV fw_ipaddr "192.168.10.100"
-ENV sink_ipaddr "192.168.20.250"
-ENV demo_artifacts_version "1.3.0"
-ENV protected_net_gw "192.168.20.100"
-ENV unprotected_net "192.168.10.0/24"
+ENV repo_url "https://nexus.onap.org/content/repositories/staging/org/onap/demo/vnf"
+ENV demo_artifacts_version "1.5.0"
-RUN apt-get update && apt-get install -y -qq wget net-tools
+RUN apt-get update && apt-get install -y -qq wget net-tools unzip
WORKDIR /opt
-RUN wget "https://git.onap.org/demo/plain/vnfs/vFW/scripts/v_sink_init.sh" \
- && chmod +x v_sink_init.sh
+RUN wget "${repo_url}/vfw/vfw-scripts/${demo_artifacts_version}/vfw-scripts-${demo_artifacts_version}.zip" \
+ && unzip "vfw-scripts-${demo_artifacts_version}.zip" \
+ && chmod +x v_sink_init.sh
-RUN mkdir -p config/ \
- && echo $protected_net_cidr > config/protected_net_cidr.txt \
- && echo $fw_ipaddr > config/fw_ipaddr.txt \
- && echo $sink_ipaddr > config/sink_ipaddr.txt \
- && echo $demo_artifacts_version > config/demo_artifacts_version.txt \
- && echo $protected_net_gw > config/protected_net_gw.txt \
- && echo $unprotected_net > config/unprotected_net.txt
+COPY wrapper_v_sink_init.sh .
+RUN chmod +x wrapper_v_sink_init.sh
-# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100
-# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists
-CMD ["./v_sink_init.sh"]
+CMD ["./wrapper_v_sink_init.sh"]
--- /dev/null
+#!/bin/bash
+
+mkdir -p /opt/config/
+echo "$protected_net_gw" > /opt/config/protected_net_gw.txt
+echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt
+
+# NOTE: this script executes $ route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.100
+# which results in this error if doesn't have all nics required -> SIOCADDRT: File exists
+./v_sink_init.sh
+sleep infinity
echo "Create OVN Network $net network"
init_network $net.yaml
done
-for resource in onap-ovn4nfvk8s-network sink-service; do
+for resource in onap-ovn4nfvk8s-network sink-service sink_configmap; do
kubectl apply -f $resource.yaml
done
setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name
Code Review / multicloud / k8s.git / commitdiff