--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+#/*
+# * Copyright 2019 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+name: controllers
+description: A Helm chart for Kubernetes
+version: 0.1.0
+appVersion: "1.0"
--- /dev/null
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "controllers.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "controllers.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "controllers.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "controllers.labels" -}}
+helm.sh/chart: {{ include "controllers.chart" . }}
+{{ include "controllers.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "controllers.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "controllers.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "controllers.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "controllers.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+ name: sdewan-serving-cert
+ namespace: {{ .Values.namespace }}
+spec:
+ dnsNames:
+ - sdewan-webhook-service.sdewan-system.svc
+ - sdewan-webhook-service.sdewan-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: sdewan-selfsigned-issuer
+ secretName: webhook-server-cert
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewalldnats.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallDNAT
+ listKind: FirewallDNATList
+ plural: firewalldnats
+ singular: firewalldnat
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallDNAT is the Schema for the firewalldnats API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallDNATSpec defines the desired state of FirewallDNAT
+ properties:
+ dest:
+ type: string
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ family:
+ type: string
+ mark:
+ type: string
+ name:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ proto:
+ type: string
+ src:
+ type: string
+ src_dip:
+ type: string
+ src_dport:
+ type: string
+ src_ip:
+ type: string
+ src_mac:
+ type: string
+ src_port:
+ type: string
+ target:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallforwardings.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallForwarding
+ listKind: FirewallForwardingList
+ plural: firewallforwardings
+ singular: firewallforwarding
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallForwarding is the Schema for the firewallforwardings API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallForwardingSpec defines the desired state of FirewallForwarding
+ properties:
+ dest:
+ type: string
+ family:
+ type: string
+ name:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ src:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallrules.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallRule
+ listKind: FirewallRuleList
+ plural: firewallrules
+ singular: firewallrule
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallRule is the Schema for the firewallrules API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallRuleSpec defines the desired state of FirewallRule
+ properties:
+ dest:
+ type: string
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ extra:
+ type: string
+ family:
+ type: string
+ icmp_type:
+ items:
+ type: string
+ type: array
+ mark:
+ type: string
+ name:
+ description: Foo is an example field of FirewallRule. Edit FirewallRule_types.go
+ to remove/update
+ type: string
+ proto:
+ type: string
+ set_mark:
+ type: string
+ set_xmark:
+ type: string
+ src:
+ type: string
+ src_ip:
+ type: string
+ src_mac:
+ type: string
+ src_port:
+ type: string
+ target:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallsnats.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallSNAT
+ listKind: FirewallSNATList
+ plural: firewallsnats
+ singular: firewallsnat
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallSNAT is the Schema for the firewallsnats API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallSNATSpec defines the desired state of FirewallSNAT
+ properties:
+ dest:
+ type: string
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ family:
+ type: string
+ mark:
+ type: string
+ name:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+ Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ proto:
+ type: string
+ src:
+ type: string
+ src_dip:
+ type: string
+ src_dport:
+ type: string
+ src_ip:
+ type: string
+ src_mac:
+ type: string
+ src_port:
+ type: string
+ target:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallzones.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallZone
+ listKind: FirewallZoneList
+ plural: firewallzones
+ singular: firewallzone
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallZone is the Schema for the firewallzones API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallZoneSpec defines the desired state of FirewallZone
+ properties:
+ etra_dest:
+ type: string
+ extra_src:
+ type: string
+ family:
+ type: string
+ forward:
+ type: string
+ input:
+ type: string
+ masq:
+ type: string
+ masq_allow_invalid:
+ type: string
+ masq_dest:
+ items:
+ type: string
+ type: array
+ masq_src:
+ items:
+ type: string
+ type: array
+ mtu_fix:
+ type: string
+ name:
+ description: Foo is an example field of FirewallZone. Edit FirewallZone_types.go
+ to remove/update
+ type: string
+ network:
+ items:
+ type: string
+ type: array
+ output:
+ type: string
+ subnet:
+ items:
+ type: string
+ type: array
+ required:
+ - network
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: ipsechosts.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: IpsecHost
+ listKind: IpsecHostList
+ plural: ipsechosts
+ singular: ipsechost
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: IpsecHost is the Schema for the ipsechosts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ authentication_method:
+ type: string
+ connections:
+ items:
+ properties:
+ conn_type:
+ type: string
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ if_id:
+ type: string
+ local_firewall:
+ type: string
+ local_sourceip:
+ type: string
+ local_updown:
+ type: string
+ mark:
+ type: string
+ mode:
+ type: string
+ name:
+ type: string
+ remote_firewall:
+ type: string
+ remote_sourceip:
+ type: string
+ remote_subnet:
+ type: string
+ remote_updown:
+ type: string
+ required:
+ - conn_type
+ - mode
+ - name
+ type: object
+ type: array
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ force_crypto_proposal:
+ type: string
+ local_identifier:
+ type: string
+ local_private_cert:
+ type: string
+ local_public_cert:
+ type: string
+ name:
+ type: string
+ pre_shared_key:
+ type: string
+ remote:
+ type: string
+ remote_identifier:
+ type: string
+ shared_ca:
+ type: string
+ type:
+ type: string
+ required:
+ - authentication_method
+ - connections
+ - crypto_proposal
+ - remote
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: ipsecproposals.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: IpsecProposal
+ listKind: IpsecProposalList
+ plural: ipsecproposals
+ singular: ipsecproposal
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: IpsecProposal is the Schema for the ipsecproposals API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IpsecProposalSpec defines the desired state of IpsecProposal
+ properties:
+ dh_group:
+ type: string
+ encryption_algorithm:
+ type: string
+ hash_algorithm:
+ type: string
+ name:
+ type: string
+ required:
+ - dh_group
+ - encryption_algorithm
+ - hash_algorithm
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: ipsecsites.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: IpsecSite
+ listKind: IpsecSiteList
+ plural: ipsecsites
+ singular: ipsecsite
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: IpsecSite is the Schema for the ipsecsites API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IpsecSiteSpec defines the desired state of IpsecSite
+ properties:
+ authentication_method:
+ type: string
+ connections:
+ items:
+ properties:
+ conn_type:
+ type: string
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ if_id:
+ type: string
+ local_firewall:
+ type: string
+ local_subnet:
+ type: string
+ local_updown:
+ type: string
+ mark:
+ type: string
+ mode:
+ type: string
+ name:
+ type: string
+ remote_firewall:
+ type: string
+ remote_sourceip:
+ type: string
+ remote_subnet:
+ type: string
+ remote_updown:
+ type: string
+ required:
+ - conn_type
+ - local_subnet
+ - mode
+ - name
+ type: object
+ type: array
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ force_crypto_proposal:
+ type: string
+ local_identifier:
+ type: string
+ local_private_cert:
+ type: string
+ local_public_cert:
+ type: string
+ name:
+ type: string
+ pre_shared_key:
+ type: string
+ remote:
+ type: string
+ remote_identifier:
+ type: string
+ shared_ca:
+ type: string
+ type:
+ type: string
+ required:
+ - authentication_method
+ - connections
+ - crypto_proposal
+ - remote
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: mwan3policies.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: Mwan3Policy
+ listKind: Mwan3PolicyList
+ plural: mwan3policies
+ singular: mwan3policy
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Mwan3Policy is the Schema for the mwan3policies API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ members:
+ items:
+ description: Mwan3PolicySpec defines the desired state of Mwan3Policy
+ properties:
+ metric:
+ type: integer
+ network:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of
+ cluster Important: Run "make" to regenerate code after modifying
+ this file'
+ type: string
+ weight:
+ type: integer
+ required:
+ - metric
+ - network
+ - weight
+ type: object
+ type: array
+ required:
+ - members
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: mwan3rules.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: Mwan3Rule
+ listKind: Mwan3RuleList
+ plural: mwan3rules
+ singular: mwan3rule
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Mwan3Rule is the Schema for the mwan3rules API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ family:
+ type: string
+ policy:
+ type: string
+ proto:
+ type: string
+ src_ip:
+ type: string
+ src_port:
+ type: string
+ sticky:
+ type: string
+ timeout:
+ type: string
+ required:
+ - dest_ip
+ - dest_port
+ - family
+ - policy
+ - proto
+ - src_ip
+ - src_port
+ - sticky
+ - timeout
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: {{ .Values.spec.label }}
+ name: {{ .Values.spec.name }}
+ namespace: {{ .Values.namespace }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: {{ .Values.spec.label }}
+ template:
+ metadata:
+ labels:
+ control-plane: {{ .Values.spec.label }}
+ spec:
+ containers:
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ image: {{ .Values.spec.proxy.image }}
+ name: {{ .Values.spec.proxy.name }}
+ ports:
+ - containerPort: 8443
+ name: https
+ - args:
+ - --metrics-addr=127.0.0.1:8080
+ - --enable-leader-election
+ command:
+ - /manager
+ image: {{ .Values.spec.sdewan.image }}
+ name: {{ .Values.spec.sdewan.name }}
+ nodeSelector:
+ node-role.kubernetes.io/master: ""
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 100m
+ memory: 30Mi
+ requests:
+ cpu: 100m
+ memory: 20Mi
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+ name: sdewan-selfsigned-issuer
+ namespace: {{ .Values.namespace }}
+spec:
+ selfSigned: {}
+
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: sdewan-system
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: sdewan-leader-election-role
+ namespace: {{ .Values.namespace }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ annotations:
+ sdewan-bucket-type-permission: '{ "*": ["*"]}'
+ creationTimestamp: null
+ name: sdewan-manager-role
+rules:
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewalldnats
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewalldnats/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallforwardings
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallforwardings/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallrules
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallrules/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallsnats
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallsnats/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallzones
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallzones/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsechosts
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsechosts/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecproposals
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecproposals/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecsites
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecsites/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3policies
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3policies/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3rules
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3rules/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ - clusterroles
+ - rolebindings
+ - roles
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: sdewan-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: sdewan-leader-election-rolebinding
+ namespace: {{ .Values.namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: sdewan-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: sdewan-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: sdewan-manager-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: sdewan-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: sdewan-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Values.namespace }}
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ control-plane: {{ .Values.spec.label }}
+ name: sdewan-controller-manager-metrics-service
+ namespace: {{ .Values.namespace }}
+spec:
+ ports:
+ - name: https
+ port: 8443
+ targetPort: https
+ selector:
+ control-plane: {{ .Values.spec.label }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: sdewan-webhook-service
+ namespace: {{ .Values.namespace }}
+spec:
+ ports:
+ - port: 443
+ targetPort: 9443
+ selector:
+ control-plane: {{ .Values.spec.label }}
--- /dev/null
+#/* Copyright 2020 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: sdewan-system/sdewan-serving-cert
+ creationTimestamp: null
+ name: sdewan-validating-webhook-configuration
+webhooks:
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: sdewan-webhook-service
+ namespace: {{ .Values.namespace }}
+ path: /validate-sdewan-bucket-permission
+ failurePolicy: Fail
+ name: validate-sdewan-bucket.akraino.org
+ rules:
+ - apiGroups:
+ - batch.sdewan.akraino.org
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - mwan3policies
+ - mwan3rules
+ - firewallzones
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewalldnats
+ - ipsecproposals
+ - ipsechosts
+ - ipsecsites
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: sdewan-webhook-service
+ namespace: {{ .Values.namespace }}
+ path: /validate-label
+ failurePolicy: Fail
+ name: validate-label.akraino.org
+ rules:
+ - apiGroups:
+ - apps
+ - batch.sdewan.akraino.org
+ apiVersions:
+ - v1
+ - v1alpha1
+ operations:
+ - UPDATE
+ resources:
+ - deployments
+ - mwan3policies
+ - mwan3rules
+ - firewallzones
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewalldnats
+ - ipsecproposals
+ - ipsechosts
--- /dev/null
+# Default values for controllers.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+namespace: "sdewan-system"
+
+spec:
+ name: "sdewan-controller-manager"
+ label: "controller-manager"
+ replicas: 1
+ proxy:
+ image: "gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1"
+ name: "kube-rbac-proxy"
+ sdewan:
+ image: "integratedcloudnative/sdewan-controller:dev"
+ name: "manager"
+
+
+
Code Review / multicloud / k8s.git / commitdiff