--- /dev/null
+Demo directory structure:
+
+/templates/ #Base directory containing vFW resources
+ |- /base #Directory containing base payload of CSAR package, doesn't need further proceeding
+ |- /helm #Directory containing helm charts that need to be packaged and attached to csar package
+ \- /cba #Directory containing CBA content to be included to csar package
+/examples/ #Directory with context-specific overrides over general resources
--- /dev/null
+csar/
+vfw_k8s_demo.zip
--- /dev/null
+.PHONY: all clean helm base
+
+
+all: csar/ helm base
+ cd csar/ && zip -r vfw_k8s_demo.zip .
+ mv csar/vfw_k8s_demo.zip .
+
+helm: csar/
+ make -C helm
+ cp helm/*.tgz csar/
+
+base: csar/
+ cp base/* csar/
+
+csar/:
+ mkdir csar/
+
+clean:
+ rm -rf csar/
+ rm -f vfw_k8s_demo.zip
--- /dev/null
+{
+ "name": "virtualFirewall",
+ "description": "",
+ "data": [
+ {
+ "file": "base.yaml",
+ "type": "HEAT",
+ "isBase": "true",
+ "data": [
+ {
+ "file": "base.env",
+ "type": "HEAT_ENV"
+ }
+ ]
+ },
+ {
+ "file": "base_cloudtech_k8s_charts.tgz",
+ "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS"
+ },
+ {
+ "file": "firewall.yaml",
+ "type": "HEAT",
+ "isBase": "false",
+ "data": [
+ {
+ "file": "firewall.env",
+ "type": "HEAT_ENV"
+ }
+ ]
+ },
+ {
+ "file": "firewall_cloudtech_k8s_charts.tgz",
+ "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS"
+ },
+ {
+ "file": "packetgen.yaml",
+ "type": "HEAT",
+ "isBase": "false",
+ "data": [
+ {
+ "file": "packetgen.env",
+ "type": "HEAT_ENV"
+ }
+ ]
+ },
+ {
+ "file": "packetgen_cloudtech_k8s_charts.tgz",
+ "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS"
+ },
+ {
+ "file": "sink.yaml",
+ "type": "HEAT",
+ "isBase": "false",
+ "data": [
+ {
+ "file": "sink.env",
+ "type": "HEAT_ENV"
+ }
+ ]
+ },
+ {
+ "file": "sink_cloudtech_k8s_charts.tgz",
+ "type": "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACTS"
+ }
+ ]
+}
--- /dev/null
+parameters:
+ int_private1_net_cidr: 192.168.10.0/24
+ int_private2_net_cidr: 192.168.20.0/24
+ pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQXYJYYi3/OUZXUiCYWdtc7K0m5C0dJKVxPG0eI8EWZrEHYdfYe6WoTSDJCww+1qlBSpA5ac/Ba4Wn9vh+lR1vtUKkyIC/nrYb90ReUd385Glkgzrfh5HdR5y5S2cL/Frh86lAn9r6b3iWTJD8wBwXFyoe1S2nMTOIuG4RPNvfmyCTYVh8XTCCE8HPvh3xv2r4egawG1P4Q4UDwk+hDBXThY2KS8M5/8EMyxHV0ImpLbpYCTBA6KYDIRtqmgS6iKyy8v2D1aSY5mc9J0T5t9S2Gv+VZQNWQDDKNFnxqYaAo1uEoq/i1q63XC5AD3ckXb2VT6dp23BQMdDfbHyUWfJN
+ vnf_name: vFW_NextGen
\ No newline at end of file
--- /dev/null
+##########################################################################
+#
+#==================LICENSE_START==========================================
+#
+#
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#==================LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+##########################################################################
+
+heat_template_version: 2013-05-23
+
+description: Dummy base heat template for vFW usecase
+
+##############
+# #
+# PARAMETERS #
+# #
+##############
+
+parameters:
+ int_private1_net_cidr:
+ type: string
+ label: Unprotected private network CIDR
+ description: The CIDR of the unprotected private network
+ int_private2_net_cidr:
+ type: string
+ label: Protected private network CIDR
+ description: The CIDR of the protected private network
+ pub_key:
+ type: string
+ label: Public key
+ description: Public key to be installed on the compute instance
+ vnf_name:
+ type: string
+ description: VNF_NAME
+
+#############
+# #
+# RESOURCES #
+# #
+#############
+
+resources:
+ dummy:
+ type: OS::Heat::None
+ properties:
+ int_private1_net_cidr:
+ get_param: int_private1_net_cidr
+ int_private2_net_cidr:
+ get_param: int_private2_net_cidr
+ pub_key:
+ get_param: pub_key
+ vnf_name:
+ get_param: vnf_name
--- /dev/null
+parameters:
+ vfw_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404)
+ vfw_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested)
+ public_net_id: PUT THE PUBLIC NETWORK ID HERE
+ int_private1_net_id: zdfw1fwl01_unprotected
+ int_private1_subnet_id: zdfw1fwl01_unprotected_sub
+ int_private1_net_cidr: 192.168.10.0/24
+ int_private2_net_id: zdfw1fwl01_protected
+ int_private2_subnet_id: zdfw1fwl01_protected_sub
+ int_private2_net_cidr: 192.168.20.0/24
+ onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
+ onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
+ onap_private_net_cidr: 10.0.0.0/16
+ vfw_int_private1_ip_0: 192.168.10.100
+ vfw_int_private2_ip_0: 192.168.20.100
+ vfw_onap_private_ip_0: 10.0.100.1
+ #vpg_private_ip_0: 192.168.10.200
+ vfw_int_private2_floating_ip: 192.168.10.200
+ vfw_name_0: zdfw1fwl01fwl01
+ vnf_id: vFirewall_demo_app
+ vnf_name: vFW_NextGen
+ vf_module_id: vFirewallCL
+ dcae_collector_ip: 10.0.4.1
+ dcae_collector_port: 30235
+ demo_artifacts_version: 1.6.0-SNAPSHOT
+ install_script_version: 1.6.0-SNAPSHOT
+ key_name: vfw_key
+ cloud_env: PUT openstack OR rackspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
+ nexus_artifact_repo: https://nexus.onap.org
--- /dev/null
+##########################################################################
+#
+#==================LICENSE_START==========================================
+#
+#
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#==================LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+##########################################################################
+
+heat_template_version: 2013-05-23
+
+description: Dummy heat template for vFirewall
+
+##############
+# #
+# PARAMETERS #
+# #
+##############
+
+parameters:
+ vfw_image_name:
+ type: string
+ label: Image name or ID
+ description: Image to be used for compute instance
+ vfw_flavor_name:
+ type: string
+ label: Flavor
+ description: Type of instance (flavor) to be used
+ public_net_id:
+ type: string
+ label: Public network name or ID
+ description: Public network that enables remote connection to VNF
+ int_private1_net_id:
+ type: string
+ label: Unprotected private network name or ID
+ description: Private network that connects vPacketGenerator with vFirewall
+ int_private1_subnet_id:
+ type: string
+ label: Unprotected private subnetwork name or ID
+ description: Private subnetwork of the protected network
+ int_private1_net_cidr:
+ type: string
+ label: Unprotected private network CIDR
+ description: The CIDR of the unprotected private network
+ int_private2_net_id:
+ type: string
+ label: Protected private network name or ID
+ description: Private network that connects vFirewall with vSink
+ int_private2_subnet_id:
+ type: string
+ label: Protected private subnetwork name or ID
+ description: Private subnetwork of the unprotected network
+ int_private2_net_cidr:
+ type: string
+ label: Protected private network CIDR
+ description: The CIDR of the protected private network
+ onap_private_net_id:
+ type: string
+ label: ONAP management network name or ID
+ description: Private network that connects ONAP components and the VNF
+ onap_private_subnet_id:
+ type: string
+ label: ONAP management sub-network name or ID
+ description: Private sub-network that connects ONAP components and the VNF
+ onap_private_net_cidr:
+ type: string
+ label: ONAP private network CIDR
+ description: The CIDR of the protected private network
+ vfw_int_private1_ip_0:
+ type: string
+ label: vFirewall private IP address towards the unprotected network
+ description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator
+ vfw_int_private2_ip_0:
+ type: string
+ label: vFirewall private IP address towards the protected network
+ description: Private IP address that is assigned to the vFirewall to communicate with the vSink
+ vfw_onap_private_ip_0:
+ type: string
+ label: vFirewall private IP address towards the ONAP management network
+ description: Private IP address that is assigned to the vFirewall to communicate with ONAP components
+ vfw_int_private2_floating_ip:
+ type: string
+ label: vPacketGenerator private IP address towards the unprotected network
+ description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall
+ vfw_name_0:
+ type: string
+ label: vFirewall name
+ description: Name of the vFirewall
+ vnf_id:
+ type: string
+ label: VNF ID
+ description: The VNF ID is provided by ONAP
+ vnf_name:
+ type: string
+ label: VNF ID
+ description: The VNF ID is provided by ONAP
+ vf_module_id:
+ type: string
+ label: VF Module ID
+ description: The VF Module ID is provided by ONAP
+ dcae_collector_ip:
+ type: string
+ label: DCAE collector IP address
+ description: IP address of the DCAE collector
+ dcae_collector_port:
+ type: string
+ label: DCAE collector port
+ description: Port of the DCAE collector
+ key_name:
+ type: string
+ label: Key pair name
+ description: Public/Private key pair name
+ install_script_version:
+ type: string
+ label: Installation script version number
+ description: Version number of the scripts that install the vFW demo app
+ demo_artifacts_version:
+ type: string
+ label: Artifacts version used in demo vnfs
+ description: Artifacts (jar, tar.gz) version used in demo vnfs
+ nexus_artifact_repo:
+ type: string
+ description: Root URL for the Nexus repository for Maven artifacts.
+ # default: "https://nexus.onap.org"
+ cloud_env:
+ type: string
+ label: Cloud environment
+ description: Cloud environment (e.g., openstack, rackspace)
+ sec_group:
+ type: string
+ description: ONAP Security Group
+
+
+#############
+# #
+# RESOURCES #
+# #
+#############
+
+resources:
+ dummy:
+ type: OS::Heat::None
+ properties:
+ vfw_image_name:
+ get_param: vfw_image_name
+ vfw_flavor_name:
+ get_param: vfw_flavor_name
+ public_net_id:
+ get_param: public_net_id
+ int_private1_net_id:
+ get_param: int_private1_net_id
+ int_private1_subnet_id:
+ get_param: int_private1_subnet_id
+ int_private1_net_cidr:
+ get_param: int_private1_net_cidr
+ int_private2_net_id:
+ get_param: int_private2_net_id
+ int_private2_subnet_id:
+ get_param: int_private2_subnet_id
+ int_private2_net_cidr:
+ get_param: int_private2_net_cidr
+ onap_private_net_id:
+ get_param: onap_private_net_id
+ onap_private_subnet_id:
+ get_param: onap_private_subnet_id
+ onap_private_net_cidr:
+ get_param: onap_private_net_cidr
+ vfw_int_private1_ip_0:
+ get_param: vfw_int_private1_ip_0
+ vfw_int_private2_ip_0:
+ get_param: vfw_int_private2_ip_0
+ vfw_onap_private_ip_0:
+ get_param: vfw_onap_private_ip_0
+ vfw_int_private2_floating_ip:
+ get_param: vfw_int_private2_floating_ip
+ vfw_name_0:
+ get_param: vfw_name_0
+ vnf_id:
+ get_param: vnf_id
+ vnf_name:
+ get_param: vnf_name
+ vf_module_id:
+ get_param: vf_module_id
+ dcae_collector_ip:
+ get_param: dcae_collector_ip
+ dcae_collector_port:
+ get_param: dcae_collector_port
+ key_name:
+ get_param: key_name
+ install_script_version:
+ get_param: install_script_version
+ demo_artifacts_version:
+ get_param: demo_artifacts_version
+ nexus_artifact_repo:
+ get_param: nexus_artifact_repo
+ cloud_env:
+ get_param: cloud_env
+ sec_group:
+ get_param: sec_group
--- /dev/null
+parameters:
+ vpg_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404)
+ vpg_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested)
+ public_net_id: PUT THE PUBLIC NETWORK ID HERE
+ int_private1_net_id: zdfw1fwl01_unprotected
+ int_private1_subnet_id: zdfw1fwl01_unprotected_sub
+ int_private1_net_cidr: 192.168.10.0/24
+ onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
+ onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
+ onap_private_net_cidr: 10.0.0.0/16
+ int_private2_net_cidr: 192.168.20.0/24
+ vfw_int_private1_ip_0: 192.168.10.100
+ vpg_int_private1_ip_0: 192.168.10.200
+ vpg_onap_private_ip_0: 10.0.100.2
+ vsn_int_private2_ip_0: 192.168.20.250
+ vpg_name_0: zdfw1fwl01pgn01
+ vnf_name: vFW_NextGen
+ vnf_id: vPacketGen_demo_app
+ vf_module_id: vTrafficPNG
+ demo_artifacts_version: 1.6.0-SNAPSHOT
+ install_script_version: 1.6.0-SNAPSHOT
+ key_name: vfw_key
+ cloud_env: PUT openstack OR rackspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
+ nexus_artifact_repo: https://nexus.onap.org
\ No newline at end of file
--- /dev/null
+##########################################################################
+#
+#==================LICENSE_START==========================================
+#
+#
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#==================LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+##########################################################################
+
+heat_template_version: 2013-05-23
+
+description: Dummy heat template for vPacketgen
+
+##############
+# #
+# PARAMETERS #
+# #
+##############
+
+parameters:
+ vpg_image_name:
+ type: string
+ label: Image name or ID
+ description: Image to be used for compute instance
+ vpg_flavor_name:
+ type: string
+ label: Flavor
+ description: Type of instance (flavor) to be used
+ public_net_id:
+ type: string
+ label: Public network name or ID
+ description: Public network that enables remote connection to VNF
+ int_private1_net_id:
+ type: string
+ label: Unprotected private network name or ID
+ description: Private network that connects vPacketGenerator with vFirewall
+ int_private1_subnet_id:
+ type: string
+ label: Unprotected private sub-network name or ID
+ description: Private subnetwork for the unprotected network
+ int_private1_net_cidr:
+ type: string
+ label: Unprotected private network CIDR
+ description: The CIDR of the unprotected private network
+ int_private2_net_cidr:
+ type: string
+ label: Protected private network CIDR
+ description: The CIDR of the protected private network
+ onap_private_net_id:
+ type: string
+ label: ONAP management network name or ID
+ description: Private network that connects ONAP components and the VNF
+ onap_private_subnet_id:
+ type: string
+ label: ONAP management sub-network name or ID
+ description: Private sub-network that connects ONAP components and the VNF
+ onap_private_net_cidr:
+ type: string
+ label: ONAP private network CIDR
+ description: The CIDR of the protected private network
+ vfw_int_private1_ip_0:
+ type: string
+ label: vFirewall private IP address towards the unprotected network
+ description: Private IP address that is assigned to the vFirewall to communicate with the vPacketGenerator
+ vsn_int_private2_ip_0:
+ type: string
+ label: vSink private IP address towards the protected network
+ description: Private IP address that is assigned to the vSink to communicate with the vFirewall
+ vpg_int_private1_ip_0:
+ type: string
+ label: vPacketGenerator private IP address towards the unprotected network
+ description: Private IP address that is assigned to the vPacketGenerator to communicate with the vFirewall
+ vpg_onap_private_ip_0:
+ type: string
+ label: vPacketGenerator private IP address towards the ONAP management network
+ description: Private IP address that is assigned to the vPacketGenerator to communicate with ONAP components
+ vpg_name_0:
+ type: string
+ label: vPacketGenerator name
+ description: Name of the vPacketGenerator
+ vnf_name:
+ type: string
+ label: VNF NAME
+ description: The VNF NAME is provided by ONAP
+ vnf_id:
+ type: string
+ label: VNF ID
+ description: The VNF ID is provided by ONAP
+ vf_module_id:
+ type: string
+ label: VF Module ID
+ description: The VF Module ID is provided by ONAP
+ key_name:
+ type: string
+ label: Key pair name
+ description: Public/Private key pair name
+ install_script_version:
+ type: string
+ label: Installation script version number
+ description: Version number of the scripts that install the vFW demo app
+ demo_artifacts_version:
+ type: string
+ label: Artifacts version used in demo vnfs
+ description: Artifacts (jar, tar.gz) version used in demo vnfs
+ nexus_artifact_repo:
+ type: string
+ description: Root URL for the Nexus repository for Maven artifacts.
+ # default: "https://nexus.onap.org"
+ cloud_env:
+ type: string
+ label: Cloud environment
+ description: Cloud environment (e.g., openstack, rackspace)
+ sec_group:
+ type: string
+ description: ONAP Security Group
+
+
+#############
+# #
+# RESOURCES #
+# #
+#############
+
+resources:
+ dummy:
+ type: OS::Heat::None
+ properties:
+ vpg_image_name:
+ get_param: vpg_image_name
+ vpg_flavor_name:
+ get_param: vpg_flavor_name
+ public_net_id:
+ get_param: public_net_id
+ int_private1_net_id:
+ get_param: int_private1_net_id
+ int_private1_subnet_id:
+ get_param: int_private1_subnet_id
+ int_private1_net_cidr:
+ get_param: int_private1_net_cidr
+ int_private2_net_cidr:
+ get_param: int_private2_net_cidr
+ onap_private_net_id:
+ get_param: onap_private_net_id
+ onap_private_subnet_id:
+ get_param: onap_private_subnet_id
+ onap_private_net_cidr:
+ get_param: onap_private_net_cidr
+ vfw_int_private1_ip_0:
+ get_param: vfw_int_private1_ip_0
+ vsn_int_private2_ip_0:
+ get_param: vsn_int_private2_ip_0
+ vpg_int_private1_ip_0:
+ get_param: vpg_int_private1_ip_0
+ vpg_onap_private_ip_0:
+ get_param: vpg_onap_private_ip_0
+ vpg_name_0:
+ get_param: vpg_name_0
+ vnf_name:
+ get_param: vnf_name
+ vnf_id:
+ get_param: vnf_id
+ vf_module_id:
+ get_param: vf_module_id
+ key_name:
+ get_param: key_name
+ install_script_version:
+ get_param: install_script_version
+ demo_artifacts_version:
+ get_param: demo_artifacts_version
+ nexus_artifact_repo:
+ get_param: nexus_artifact_repo
+ cloud_env:
+ get_param: cloud_env
+ sec_group:
+ get_param: sec_group
--- /dev/null
+parameters:
+ vsn_image_name: PUT THE VM IMAGE NAME HERE (UBUNTU 1404)
+ vsn_flavor_name: PUT THE VM FLAVOR NAME HERE (m1.medium suggested)
+ public_net_id: PUT THE PUBLIC NETWORK ID HERE
+ int_private1_net_cidr: 192.168.10.0/24
+ int_private2_net_id: zdfw1fwl01_protected
+ int_private2_subnet_id: zdfw1fwl01_protected_sub
+ int_private2_net_cidr: 192.168.20.0/24
+ onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
+ onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME HERE
+ onap_private_net_cidr: 10.0.0.0/16
+ vfw_int_private2_ip_0: 192.168.20.100
+ vsn_int_private2_ip_0: 192.168.20.250
+ vsn_onap_private_ip_0: 10.0.100.3
+ vsn_name_0: zdfw1fwl01snk01
+ vnf_id: vSink_demo_app
+ vf_module_id: vFirewallCL
+ vnf_name: vFW_NextGen
+ #demo_artifacts_version: 1.6.0-SNAPSHOT
+ install_script_version: 1.6.0-SNAPSHOT
+ key_name: vfw_key
+ cloud_env: PUT openstack OR rackspace HERE
+ sec_group: PUT THE ONAP SECURITY GROUP HERE
+ nexus_artifact_repo: https://nexus.onap.org
\ No newline at end of file
--- /dev/null
+##########################################################################
+#
+#==================LICENSE_START==========================================
+#
+#
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#==================LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+##########################################################################
+
+heat_template_version: 2013-05-23
+
+description: Dummy heat template for vSink
+
+##############
+# #
+# PARAMETERS #
+# #
+##############
+
+parameters:
+ vsn_image_name:
+ type: string
+ label: Image name or ID
+ description: Image to be used for compute instance
+ vsn_flavor_name:
+ type: string
+ label: Flavor
+ description: Type of instance (flavor) to be used
+ public_net_id:
+ type: string
+ label: Public network name or ID
+ description: Public network that enables remote connection to VNF
+ int_private1_net_cidr:
+ type: string
+ label: Unprotected private network CIDR
+ description: The CIDR of the unprotected private network
+ int_private2_net_id:
+ type: string
+ label: Protected private network name or ID
+ description: Private network that connects vFirewall with vSink
+ int_private2_subnet_id:
+ type: string
+ label: Protected private subnetwork name or ID
+ description: Private subnetwork of the unprotected network
+ int_private2_net_cidr:
+ type: string
+ label: Protected private network CIDR
+ description: The CIDR of the protected private network
+ onap_private_net_id:
+ type: string
+ label: ONAP management network name or ID
+ description: Private network that connects ONAP components and the VNF
+ onap_private_subnet_id:
+ type: string
+ label: ONAP management sub-network name or ID
+ description: Private sub-network that connects ONAP components and the VNF
+ onap_private_net_cidr:
+ type: string
+ label: ONAP private network CIDR
+ description: The CIDR of the protected private network
+ vfw_int_private2_ip_0:
+ type: string
+ label: vFirewall private IP address towards the protected network
+ description: Private IP address that is assigned to the vFirewall to communicate with the vSink
+ vsn_int_private2_ip_0:
+ type: string
+ label: vSink private IP address towards the protected network
+ description: Private IP address that is assigned to the vSink to communicate with the vFirewall
+ vsn_onap_private_ip_0:
+ type: string
+ label: vSink private IP address towards the ONAP management network
+ description: Private IP address that is assigned to the vSink to communicate with ONAP components
+ vsn_name_0:
+ type: string
+ label: vSink name
+ description: Name of the vSink
+ vnf_id:
+ type: string
+ label: VNF ID
+ description: The VNF ID is provided by ONAP
+ vnf_name:
+ type: string
+ label: VNF NAME
+ description: The VNF NAME is provided by ONAP
+ vf_module_id:
+ type: string
+ label: VF Module ID
+ description: The VF Module ID is provided by ONAP
+ key_name:
+ type: string
+ label: Key pair name
+ description: Public/Private key pair name
+ install_script_version:
+ type: string
+ label: Installation script version number
+ description: Version number of the scripts that install the vFW demo app
+ #demo_artifacts_version:
+ # type: string
+ # label: Artifacts version used in demo vnfs
+ # description: Artifacts (jar, tar.gz) version used in demo vnfs
+ nexus_artifact_repo:
+ type: string
+ description: Root URL for the Nexus repository for Maven artifacts.
+ # default: "https://nexus.onap.org"
+ cloud_env:
+ type: string
+ label: Cloud environment
+ description: Cloud environment (e.g., openstack, rackspace)
+ sec_group:
+ type: string
+ description: ONAP Security Group
+
+
+#############
+# #
+# RESOURCES #
+# #
+#############
+
+resources:
+
+ dummy:
+ type: OS::Heat::None
+ properties:
+ vsn_image_name:
+ get_param: vsn_image_name
+ vsn_flavor_name:
+ get_param: vsn_flavor_name
+ public_net_id:
+ get_param: public_net_id
+ int_private1_net_cidr:
+ get_param: int_private1_net_cidr
+ int_private2_net_id:
+ get_param: int_private2_net_id
+ int_private2_subnet_id:
+ get_param: int_private2_subnet_id
+ int_private2_net_cidr:
+ get_param: int_private2_net_cidr
+ onap_private_net_id:
+ get_param: onap_private_net_id
+ onap_private_subnet_id:
+ get_param: onap_private_subnet_id
+ onap_private_net_cidr:
+ get_param: onap_private_net_cidr
+ vfw_int_private2_ip_0:
+ get_param: vfw_int_private2_ip_0
+ vsn_int_private2_ip_0:
+ get_param: vsn_int_private2_ip_0
+ vsn_onap_private_ip_0:
+ get_param: vsn_onap_private_ip_0
+ vsn_name_0:
+ get_param: vsn_name_0
+ vnf_id:
+ get_param: vnf_id
+ vnf_name:
+ get_param: vnf_name
+ vf_module_id:
+ get_param: vf_module_id
+ key_name:
+ get_param: key_name
+ install_script_version:
+ get_param: install_script_version
+ #demo_artifacts_version:
+ # get_param: demo_artifacts_version
+ nexus_artifact_repo:
+ get_param: nexus_artifact_repo
+ cloud_env:
+ get_param: cloud_env
+ sec_group:
+ get_param: sec_group
--- /dev/null
+vf-modules = base firewall packetgen sink
+.PHONY: build clean $(vf-modules:=-build) $(vf-modules:-clean) $(vf-modules:=-package)
+
+package: $(vf-modules:=-package)
+build: $(vf-modules:=-build)
+clean: $(vf-modules:=-clean)
+ rm -f *_cloudtech_k8s_charts.tgz
+
+$(vf-modules:=-package): %-package: %-build
+ mv $(@:package=)*.tgz $(@:-package=)_cloudtech_k8s_charts.tgz
+
+$(vf-modules:=-build): %-build: %-clean
+ helm package $(@:-build=)
+
+$(vf-modules:=-clean):
+ rm -f $(@:-clean=)-*.tgz
--- /dev/null
+Helm content of csar package
+
+To create necessary archives, please ensure you have [helm] and [make] installed first.
+
+In case it's your first time you're using helm, please issue `helm init -c` command to initialize your helm client
+
+To create necessary artifacts, issue `make` command
--- /dev/null
+resources/id_rsa
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy shared resources for vFirewall
+name: base
+version: 0.2.0
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA1ozecYX4HaEu0iGuGHcsiSVZe0EnuwGYIOxIK7GKsauMAlXh
+ZsAadnkzsf3QYEmScVJc6gdBg2eyevS5Z55/8tWQmp21lyvZIJi6n+JDuNea/PLm
+41sGtfw/hZ/NonEESBb5kv1A0isqJyfZNrQ6w9HF1C9a+JfPCxD7wK19Pbp7m3gL
+qsagoMewnY7cTpiDbwNOgAml6Ec+uYLVnmcW2dsnqBrTYXwv585oK+f1Ajg5UgIt
+SJNhcPHZ9fDbs8mDMV5GtZIzquJ/QYJg0joGd8NqikT0OhoIdUorb+IlmH6/3T/t
+cpxc71V+Dm88eVCeb4DUukpvhha2KvmwAny/eQIDAQABAoIBAQCOWtGNSXKjVjsW
+ubomCYzHQrzohwaxkhE6ZwxL0XVRBZ3UPt9bqcLlMO4X/2yvNqGwBxIXRdE2Oyu1
+YYNTOVtz6DgWHuZJ85IRisTpKNv+XTA8/X4tBEyjm0cahjmOuqY4nuXhnZ/Q00sY
+x9vb7CHBpAI7E2Cs6S07Dn28DmC2/znYPyp/UMnoQ6/Ba+RXtyvPfe/3pIvlii0i
+TAzSweT/OmVPPVLGPWLoDD0L0+F7h8Sua5B3kryZoZvO6Vg2nlviCo9ae48C+NbF
+b7WMeg863UP16atHZ0XESsqYhA0lPrIh9WJBKCnj+hUimVxvrqyzJl/GTeOaXVeC
+MQlAnFQBAoGBAOyicvykcoJtkYHJuI0Hev2d30nU7S8qB8Lf4v5n/VTAevB25sgA
++SIaaRFjNILD2/GpTniWTephAohc+tyMWM2OyL34l3CbJBGHQHFNT5cdLueH2K54
+/vkj/1g2r8p96asBroC87in4ozUr1G9N6RL8NB655c//ZpoldZQeIdVZAoGBAOgb
+v5jLb9/6SNtpKamRCcSbLg2hmCs7rkP9RTrOzjgem3Yg9m2+SF0DKbr16MzjAcfA
+iDGs6CnR2NIx53jg5W04SyiU+fPXA/VPBlznF+jcVOO6xxHquaGVEA25EzzuGXQV
+5snCjCcqMrC1TjPcMPTGGl6nmpwKFc5cLDpOt1chAoGBAM5wMkyB0nxCxkwqBVzT
+h9K15dRtc7ZPvpGd7FPxuKo1eYtKz67wWmgMDlli6K6j27+J6rF8vuCYXTNFmnzJ
+27cIt8wzkTplviOkkO3HeoXkqcTHWJttZ1NGuj7lBptrGW1cfDZHnKb1CL0cTaoE
+mC894uJjX0AEGiikQV1EpFORAoGAYFNTuleDQFKgdd442hRFF4DHJgUQH7EO60xq
+tLMqxgN9xRJ88qJraZ5sbRis2orDLGDspKD7YI+kCeeIBpRe4mrgViEtclKjY+S9
+4UROmecGm9Ph1b+x9irklK1gHIM7sP993fGNNJvAmbFEmSUidBLa0rl/4o4U6qU5
+/aC5WcECgYBTN08VCf3yiDq3D9yd1Iyes3+njXwaejsr/VT8fPTHP4K8dzyOAX9Y
+xqhK7hFS5KM/beFuLYmfdSXQvOzayzEKQqzpLURAy5S5Notq3aWdxtl283qUoPNq
+0RMSzBiyXgqYef4qY8jA632SX4jB3EDQ3P3tf45VpYaFomn6mRO76w==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWjN5xhfgdoS7SIa4YdyyJJVl7QSe7AZgg7EgrsYqxq4wCVeFmwBp2eTOx/dBgSZJxUlzqB0GDZ7J69Llnnn/y1ZCanbWXK9kgmLqf4kO415r88ubjWwa1/D+Fn82icQRIFvmS/UDSKyonJ9k2tDrD0cXUL1r4l88LEPvArX09unubeAuqxqCgx7CdjtxOmINvA06ACaXoRz65gtWeZxbZ2yeoGtNhfC/nzmgr5/UCODlSAi1Ik2Fw8dn18NuzyYMxXka1kjOq4n9BgmDSOgZ3w2qKRPQ6Ggh1Sitv4iWYfr/dP+1ynFzvVX4Obzx5UJ5vgNS6Sm+GFrYq+bACfL95 k.banka@localhost
--- /dev/null
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+ name: {{ .Values.vnf_name }}-ovn-attachment
+spec:
+ config: |
+ {
+ "cniVersion": "0.3.1",
+ "name": "ovn4nfv-k8s-plugin",
+ "type": "ovn4nfvk8s-cni"
+ }
--- /dev/null
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: {{ .Values.int_private2_net_id }}
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: {{ .Values.int_private2_subnet_id }}
+ subnet: {{ .Values.int_private2_net_cidr }}
+ gateway: {{ .Values.int_private2_gw_ip }}
--- /dev/null
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: {{ .Values.int_private1_net_id }}
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: {{ .Values.int_private1_subnet_id }}
+ subnet: {{ .Values.int_private1_net_cidr }}
+ gateway: {{ .Values.int_private1_gw_ip }}
--- /dev/null
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.key_name }}
+type: Opaque
+stringData:
+ authorized_keys: {{ .Values.pub_key }}
--- /dev/null
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: {{ .Values.onap_private_net_id }}
+spec:
+ cniType : ovn4nfv
+ ipv4Subnets:
+ - name: {{ .Values.onap_private_subnet_id }}
+ subnet: {{ .Values.onap_private_net_cidr }}
+ gateway: {{ .Values.onap_private_gw_ip }}
--- /dev/null
+# OPENSTACK PARAMETERS
+#unprotected
+int_private1_net_cidr: 192.168.10.0/24
+int_private1_gw_ip: 192.168.10.1/24 #No typo here
+int_private1_net_id: unprotected-net
+int_private1_subnet_id: unprotected-subnet-1
+#protected
+int_private2_net_cidr: 192.168.20.0/24
+int_private2_gw_ip: 192.168.20.1/24 #No typo here
+int_private2_net_id: protected-net
+int_private2_subnet_id: protected-subnet-1
+#onap mgmt net
+onap_private_net_cidr: 10.10.0.0/16
+onap_private_gw_ip: 10.10.0.1/16 #No typo here
+onap_private_net_id: onap-private-net
+onap_private_subnet_id: onap-subnet-1
+#public key
+key_name: ssh-pub-key
+pub_key: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWjN5xhfgdoS7SIa4YdyyJJVl7QSe7AZgg7EgrsYqxq4wCVeFmwBp2eTOx/dBgSZJxUlzqB0GDZ7J69Llnnn/y1ZCanbWXK9kgmLqf4kO415r88ubjWwa1/D+Fn82icQRIFvmS/UDSKyonJ9k2tDrD0cXUL1r4l88LEPvArX09unubeAuqxqCgx7CdjtxOmINvA06ACaXoRz65gtWeZxbZ2yeoGtNhfC/nzmgr5/UCODlSAi1Ik2Fw8dn18NuzyYMxXka1kjOq4n9BgmDSOgZ3w2qKRPQ6Ggh1Sitv4iWYfr/dP+1ynFzvVX4Obzx5UJ5vgNS6Sm+GFrYq+bACfL95 k.banka@localhost
+#vnf name
+vnf_name: test-vnf
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy Firewall app for vFirewall
+name: firewall
+version: 0.2.0
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.vfw_name_0 }}-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+data:
+ demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }}
+ dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }}
+ dcae_collector_port: {{ .Values.dcae_collector_port | quote }}
+ vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }}
+ vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }}
+ protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }}
+
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.vfw_name_0 }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletSSHKeySource: "secret/{{ .Values.key_name }}"
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True #FIXME Remove after troubleshooting
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ # FIXME Remove after troubleshooting
+ # Password is "testuser"
+ passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w."
+ lock_passwd: False
+ runcmd:
+ #FIXME DEBUG START
+ - echo "ENV:"
+ - env
+ - echo "/etc/cloud/environment:"
+ - cat /etc/cloud/environment
+ #FIXME DEBUG END
+ - wget -O firewall.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall
+ - bash -c 'set -a; . /etc/cloud/environment; bash firewall.sh'
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+ k8s.plugin.opnfv.org/nfn-network: |
+ { "type": "ovn4nfv",
+ "interface": [
+ { "name": {{ .Values.int_private1_net_id | quote }},
+ "ipAddress": {{ .Values.vfw_int_private1_ip_0 | quote }},
+ "interface": "eth1",
+ "defaultGateway": "false" },
+ { "name": {{ .Values.int_private2_net_id | quote }},
+ "ipAddress": {{ .Values.vfw_int_private2_ip_0 | quote }},
+ "interface": "eth2",
+ "defaultGateway": "false" },
+ { "name": {{ .Values.onap_private_net_id | quote }},
+ "ipAddress": {{ .Values.vfw_onap_private_ip_0 | quote }},
+ "interface": "eth3",
+ "defaultGateway": "false" }
+ ]
+ }
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vfw_name_0 }}-configmap
+ resources:
+ limits:
+ memory: {{ .Values.resources.limits.memory }}
--- /dev/null
+# global:
+#
+# #Networks
+# unprotectedNetworkName: unprotected-private-net
+# protectedPrivateNetCidr: 192.168.10.0/24
+# protectedPrivateNetGw: 192.168.10.1/24
+#
+# onapPrivateNetworkName: onap-private-net
+# onapPrivateNetCidr: 10.10.0.0/16
+# onapPrivateNetGw: 10.10.0.1/16
+#
+# protectedNetworkName: protected-private-net
+# protectedNetCidr: 192.168.20.0/24
+# protectedNetGwIp: 192.168.20.100
+# protectedNetGw: 192.168.20.100/24
+#
+# #vFirewall container
+# vfwPrivateIp0: 192.168.10.3
+# vfwPrivateIp1: 192.168.20.2
+# vfwPrivateIp2: 10.10.100.3
+# #Packetgen container
+# vpgPrivateIp0: 192.168.10.2
+# vpgPrivateIp1: 10.0.100.2
+# #Sink container
+# vsnPrivateIp0: 192.168.20.3
+# vsnPrivateIp1: 10.10.100.4
+
+# Static Defaults
+replicaCount: 1
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: IfNotPresent
+resources:
+ limits:
+ memory: 4Gi
+
+# OPENSTACK PARAMETERS
+# Names
+vnf_name: test-vnf
+vfw_name_0: test-vnf-vfw
+key_name: ssh-pub-key
+int_private1_net_id: unprotected-net
+int_private2_net_id: protected-net
+onap_private_net_id: onap-private-net
+# OWN Addresses
+vfw_int_private1_ip_0: 192.168.10.3
+vfw_int_private2_ip_0: 192.168.20.2
+vfw_onap_private_ip_0: 10.10.100.3
+# Env variables
+dcae_collector_port: 8081 #FIXME set to 30235?
+dcae_collector_ip: 10.0.4.1 #Placeholder
+demo_artifacts_version: 1.5.0
+int_private2_net_cidr: 192.168.20.0/24
+vsn_int_private2_ip_0: 192.168.20.3
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy packet generator for vFirewall
+name: packetgen
+version: 0.2.0
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.vpg_name_0 }}-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+data:
+ vfw_private_ip_0: {{ .Values.vfw_int_private1_ip_0 | quote }}
+ vsn_private_ip_0: {{ .Values.vsn_int_private2_ip_0 | quote }}
+ protected_net_cidr: {{ .Values.int_private2_net_cidr | quote }}
+ demo_artifacts_version: {{ .Values.demo_artifacts_version | quote }}
+ dcae_collector_ip: {{ .Values.dcae_collector_ip | quote }}
+ dcae_collector_port: {{ .Values.dcae_collector_port | quote }}
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.vpg_name_0 }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ annotations:
+ VirtletLibvirtCPUSetting: |
+ mode: host-model
+ VirtletSSHKeySource: "secret/{{ .Values.key_name }}"
+ VirtletCloudInitUserData: |
+ ssh_pwauth: True #FIXME Remove after troubleshooting
+ users:
+ #- default #FIXME Check working key auth or remove
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ # FIXME Remove after troubleshooting
+ # Password is "testuser"
+ passwd: "$6$rounds=4096$D6cf92nq$cgBveQHTP7IK3CIYTNkVJyzd0Vze6l1QlV9sWSXiTma2hOCTl7bFSh4nvK5qPMvNlnDtlIm03arG5Uh866E9w."
+ lock_passwd: False
+ runcmd:
+ - wget -O packetgen.sh https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen
+ - bash -c 'set -a; . /etc/cloud/environment; bash packetgen.sh'
+ VirtletRootVolumeSize: 5Gi
+ k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+ k8s.plugin.opnfv.org/nfn-network: |
+ { "type": "ovn4nfv",
+ "interface": [
+ { "name": {{ .Values.int_private1_net_id | quote }},
+ "ipAddress": {{ .Values.vpg_int_private1_ip_0 | quote }},
+ "interface": "eth1" ,
+ "defaultGateway": "false"},
+ { "name": {{ .Values.onap_private_net_id | quote }},
+ "ipAddress": {{ .Values.vpg_onap_private_ip_0 | quote }},
+ "interface": "eth2",
+ "defaultGateway": "false" }
+ ]
+ }
+ kubernetes.io/target-runtime: virtlet.cloud
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: extraRuntime
+ operator: In
+ values:
+ - virtlet
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vpg_name_0 }}-configmap
+ resources:
+ limits:
+ memory: {{ .Values.resources.limits.memory }}
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.vpg_name_0 }}-service"
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Static Defaults
+replicaCount: 1
+image:
+ repository: virtlet.cloud/ubuntu/16.04
+ tag: latest
+ pullPolicy: IfNotPresent
+resources:
+ limits:
+ memory: 4Gi
+service:
+#service port value for packetgen service
+ type: NodePort
+ ports:
+ port: 2831
+ nodePort: 30831
+
+# OPENSTACK PARAMETERS
+# Names
+vpg_name_0: test-vnf-vpg
+vnf_name: test-vnf
+key_name: ssh-pub-key
+int_private1_net_id: unprotected-net
+onap_private_net_id: onap-private-net
+# Own Addresses
+vpg_int_private1_ip_0: 192.168.10.2
+vpg_onap_private_ip_0: 10.10.100.2
+# Env variables
+dcae_collector_ip: 10.0.4.1 #Placeholder
+dcae_collector_port: 8081 #FIXME set to 30235?
+demo_artifacts_version: 1.5.0
+vfw_int_private1_ip_0: 192.168.10.3
+vsn_int_private2_ip_0: 192.168.20.3
+int_private2_net_cidr: 192.168.20.0/24
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart to deploy sink for vFirewall
+name: sink
+version: 0.2.0
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.vsn_name_0 }}-configmap
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }}
+ chart: {{ .Chart.Name }}
+data:
+ protected_net_gw: {{ (splitn "/" 2 .Values.int_private2_gw_ip)._0 | quote }} #FIXME maybe?
+ protected_private_net_cidr: {{ .Values.int_private1_net_cidr | quote }}
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.vsn_name_0 }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ .Values.vnf_name }} #FIXME Should vnf_name be replaced with v*_name_0 for labels?
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ annotations:
+ k8s.v1.cni.cncf.io/networks: "{{ .Values.vnf_name }}-ovn-attachment"
+ k8s.plugin.opnfv.org/nfn-network: |
+ { "type": "ovn4nfv",
+ "interface": [
+ { "name": {{ .Values.int_private2_net_id | quote }},
+ "ipAddress": {{ .Values.vsn_int_private2_ip_0 | quote }},
+ "interface": "eth1",
+ "defaultGateway": "false" },
+ { "name": {{ .Values.onap_private_net_id | quote }},
+ "ipAddress": {{ .Values.vsn_onap_private_ip_0 | quote }},
+ "interface": "eth2" ,
+ "defaultGateway": "false" }
+ ]
+ }
+ spec:
+ #FIXME DEBUG START
+ initContainers:
+ - name: init-test
+ image: busybox
+ command:
+ - env
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vsn_name_0 }}-configmap
+ #FIXME DEBUG END
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.sinkrepo }}:{{ .Values.image.sinktag }}"
+ envFrom:
+ - configMapRef:
+ name: {{ .Values.vsn_name_0 }}-configmap
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ securityContext:
+ privileged: true
+ - name: darkstat
+ image: "{{ .Values.image.darkstatrepo }}:{{ .Values.image.darkstattag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ ports:
+ - containerPort: {{ .Values.service.ports.port }}
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.vsn_name_0 }}-service"
+ labels:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ selector:
+ app: {{ .Values.vnf_name }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Default values for sink.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ sinkrepo: rtsood/onap-vfw-demo-sink
+ sinktag: 0.2.0
+ pullPolicy: IfNotPresent
+ darkstatrepo: electrocucaracha/darkstat
+ darkstattag: latest
+
+service:
+#serivce port value for sink service
+ type: NodePort
+ ports:
+ port: 667
+ nodePort: 30667
+
+
+# Static Defaults
+#
+# OPENSTACK PARAMETERS
+# Names
+vnf_name: test-vnf
+vsn_name_0: test-vnf-vsn
+int_private2_net_id: protected-net
+onap_private_net_id: onap-private-net
+
+# OWN Addresses
+vsn_int_private2_ip_0: 192.168.20.3
+vsn_onap_private_ip_0: 10.10.100.4
+# Env Variables
+int_private2_gw_ip: 192.168.20.1/24
+int_private1_net_cidr: 192.168.10.0/24
Code Review / demo.git / commitdiff