-apiVersion: apps/v1
-kind: Deployment
+apiVersion: kubevirt.io/v1alpha3
+kind: VirtualMachine
metadata:
name: {{ include "firewall.fullname" . }}
labels:
app: {{ include "firewall.name" . }}
chart: {{ .Chart.Name }}
spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "firewall.name" . }}
- release: {{ .Release.Name }}
+ running: true
template:
metadata:
labels:
app: {{ include "firewall.name" . }}
release: {{ .Release.Name }}
- annotations:
- VirtletLibvirtCPUSetting: |
- mode: host-model
- VirtletCloudInitUserData: |
- ssh_pwauth: True
- users:
- - name: admin
- gecos: User
- primary-group: admin
- groups: users
- sudo: ALL=(ALL) NOPASSWD:ALL
- lock_passwd: false
- passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
- runcmd:
- - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
- - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
- - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
- - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
- - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
- - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
- - export protected_net_gw={{ .Values.global.protectedNetGw }}
- - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
- - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash
- VirtletRootVolumeSize: 5Gi
- kubernetes.io/target-runtime: virtlet.cloud
spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: extraRuntime
- operator: In
- values:
- - virtlet
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- tty: true
- stdin: true
+ domain:
+ cpu:
+ model: host-model
+ devices:
+ disks:
+ - name: containerdisk
+ disk:
+ bus: virtio
+ - name: cloudinitdisk
+ disk:
+ bus: virtio
+ interfaces:
+ - name: default
+ bridge: {}
+ - name: unprotected
+ macAddress: 52:57:2b:7b:e4:27
+ bridge: {}
+ - name: protected
+ macAddress: fa:d1:3a:a1:5c:67
+ bridge: {}
+ - name: emco
+ macAddress: 86:31:ea:6a:ce:75
+ bridge: {}
resources:
- limits:
+ requests:
memory: {{ .Values.resources.memory }}
+ networks:
+ - name: default
+ pod: {}
+ - name: unprotected
+ multus:
+ networkName: {{ .Values.global.unprotectedNetworkName }}
+ - name: protected
+ multus:
+ networkName: {{ .Values.global.protectedNetworkName }}
+ - name: emco
+ multus:
+ networkName: {{ .Values.global.emcoPrivateNetworkName }}
+ volumes:
+ - name: cloudinitdisk
+ cloudInitNoCloud:
+ networkData: |
+ version: 2
+ ethernets:
+ enp1s0:
+ dhcp4: true
+ eth1:
+ match:
+ macaddress: "52:57:2b:7b:e4:27"
+ set-name: eth1
+ dhcp4: true
+ eth2:
+ match:
+ macaddress: "fa:d1:3a:a1:5c:67"
+ set-name: eth2
+ dhcp4: true
+ eth3:
+ match:
+ macaddress: "86:31:ea:6a:ce:75"
+ set-name: eth3
+ dhcp4: true
+ userData: |
+ #cloud-config
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash
+ - name: containerdisk
+ containerDisk:
+ image: integratedcloudnative/ubuntu:16.04
+ imagePullPolicy: IfNotPresent
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
-replicaCount: 1
-
-image:
- repository: virtlet.cloud/ubuntu/16.04
- tag: latest
- pullPolicy: IfNotPresent
-
nameOverride: ""
fullnameOverride: ""
vfwPrivateIp2: 10.10.20.3
#Packetgen container
- vpgPrivateIp0: 192.168.10.200
- vpgPrivateIp1: 10.10.20.200
+ vpgPrivateIp0: 192.168.10.2
+ vpgPrivateIp1: 10.10.20.2
#Sink container
vsnPrivateIp0: 192.168.20.3
-apiVersion: apps/v1
-kind: Deployment
+apiVersion: kubevirt.io/v1alpha3
+kind: VirtualMachine
metadata:
name: {{ include "packetgen.fullname" . }}
labels:
app: {{ include "packetgen.name" . }}
chart: {{ .Chart.Name }}
spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "packetgen.name" .}}
- release: {{ .Release.Name }}
+ running: true
template:
metadata:
labels:
annotations:
app: {{ include "packetgen.name" . }}
release: {{ .Release.Name }}
- VirtletLibvirtCPUSetting: |
- mode: host-model
- VirtletCloudInitUserData: |
- ssh_pwauth: True
- users:
- - name: admin
- gecos: User
- primary-group: admin
- groups: users
- sudo: ALL=(ALL) NOPASSWD:ALL
- lock_passwd: false
- passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
- runcmd:
- - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
- - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
- - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
- - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
- - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
- - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
- - export protected_net_gw={{ .Values.global.protectedNetGw }}
- - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
- - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash
- VirtletRootVolumeSize: 5Gi
- kubernetes.io/target-runtime: virtlet.cloud
spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: extraRuntime
- operator: In
- values:
- - virtlet
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- tty: true
- stdin: true
+ domain:
+ cpu:
+ model: host-model
+ devices:
+ disks:
+ - name: containerdisk
+ disk:
+ bus: virtio
+ - name: cloudinitdisk
+ disk:
+ bus: virtio
+ interfaces:
+ - name: default
+ bridge: {}
+ - name: unprotected
+ macAddress: ee:f0:75:e0:b6:26
+ bridge: {}
+ - name: emco
+ macAddress: 0a:c0:37:55:f5:ab
+ bridge: {}
resources:
- limits:
+ requests:
memory: {{ .Values.resources.limits.memory }}
+ networks:
+ - name: default
+ pod: {}
+ - name: unprotected
+ multus:
+ networkName: {{ .Values.global.unprotectedNetworkName }}
+ - name: emco
+ multus:
+ networkName: {{ .Values.global.emcoPrivateNetworkName }}
+ volumes:
+ - name: cloudinitdisk
+ cloudInitNoCloud:
+ networkData: |
+ version: 2
+ ethernets:
+ enp1s0:
+ dhcp4: true
+ eth1:
+ match:
+ macaddress: "ee:f0:75:e0:b6:26"
+ set-name: eth1
+ dhcp4: true
+ eth2:
+ match:
+ macaddress: "0a:c0:37:55:f5:ab"
+ set-name: eth2
+ dhcp4: true
+ userData: |
+ #cloud-config
+ ssh_pwauth: True
+ users:
+ - name: admin
+ gecos: User
+ primary-group: admin
+ groups: users
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ lock_passwd: false
+ passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/"
+ runcmd:
+ - export demo_artifacts_version={{ .Values.global.demoArtifactsVersion }}
+ - export vfw_private_ip_0={{ .Values.global.vfwPrivateIp0 }}
+ - export vsn_private_ip_0={{ .Values.global.vsnPrivateIp0 }}
+ - export protected_net_cidr={{ .Values.global.protectedNetCidr }}
+ - export dcae_collector_ip={{ .Values.global.dcaeCollectorIp }}
+ - export dcae_collector_port={{ .Values.global.dcaeCollectorPort }}
+ - export protected_net_gw={{ .Values.global.protectedNetGw }}
+ - export protected_private_net_cidr={{ .Values.global.protectedPrivateNetCidr }}
+ - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash
+ - name: containerdisk
+ containerDisk:
+ image: integratedcloudnative/ubuntu:16.04
+ imagePullPolicy: IfNotPresent
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
-replicaCount: 1
-
-image:
- repository: virtlet.cloud/ubuntu/16.04
- tag: latest
- pullPolicy: IfNotPresent
-
nameOverride: ""
fullnameOverride: ""
vfwPrivateIp2: 10.10.20.3
#Packetgen container
- vpgPrivateIp0: 192.168.10.200
- vpgPrivateIp1: 10.10.20.200
+ vpgPrivateIp0: 192.168.10.2
+ vpgPrivateIp1: 10.10.20.2
#Sink container
vsnPrivateIp0: 192.168.20.3
vfwPrivateIp2: 10.10.20.3
#Packetgen container
- vpgPrivateIp0: 192.168.10.200
- vpgPrivateIp1: 10.10.20.200
+ vpgPrivateIp0: 192.168.10.2
+ vpgPrivateIp1: 10.10.20.2
#Sink container
vsnPrivateIp0: 192.168.20.3
for test in _common _common_test _functions topology-manager-sriov kubevirt multus ovn4nfv nfd sriov-network qat cmk; do
cp ${kud_tests}/${test}.sh ${host_addons_dir}/tests
done
+ cp ${kud_tests}/plugin_fw_v2.sh ${host_addons_dir}/tests
+ cp ${kud_tests}/plugin_fw_v2.yaml ${host_addons_dir}/tests
+ cp -r ${kud_tests}/../demo/composite-firewall ${host_addons_dir}/tests
mkdir -p ${host_artifacts_dir}
cp -rf ${kud_inventory_folder}/artifacts/* ${host_artifacts_dir}
FUNCTIONS_DIR="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")"
+# Do not overwrite any user modifications to PATH when sourcing
+# /etc/environment
+USER_PATH=$PATH
source /etc/environment
+PATH=$USER_PATH:$PATH
source $FUNCTIONS_DIR/_common_test.sh
function print_msg {
source _common_test.sh
source _functions.sh
-source _functions.sh
# TODO KUBECONFIG may be a list of paths
-kubeconfig_path="${KUBECONFIG:-$HOME/.kube/config}"
+KUBECONFIG_PATH="${KUBECONFIG:-$HOME/.kube/config}"
+DEMO_FOLDER="${DEMO_FOLDER:-$test_folder/../demo}"
clusters="${KUD_PLUGIN_FW_CLUSTERS:-$(cat <<EOF
[
"userData1": "edge01 user data 1",
"userData2": "edge01 user data 2"
},
- "file": "$kubeconfig_path"
+ "file": "$KUBECONFIG_PATH"
}
]
EOF
CSAR_DIR="/opt/csar"
csar_id="4bf66240-a0be-4ce2-aebd-a01df7725f16"
-demo_folder=$test_folder/../demo
-
function populate_CSAR_compositevfw_helm {
_checks_args "$1"
pushd "${CSAR_DIR}/$1"
print_msg "Create Helm Chart Archives for compositevfw"
rm -f *.tar.gz
- tar -czf packetgen.tar.gz -C $demo_folder/composite-firewall packetgen
- tar -czf firewall.tar.gz -C $demo_folder/composite-firewall firewall
- tar -czf sink.tar.gz -C $demo_folder/composite-firewall sink
- tar -czf profile.tar.gz -C $demo_folder/composite-firewall manifest.yaml override_values.yaml
+ tar -czf packetgen.tar.gz -C $DEMO_FOLDER/composite-firewall packetgen
+ tar -czf firewall.tar.gz -C $DEMO_FOLDER/composite-firewall firewall
+ tar -czf sink.tar.gz -C $DEMO_FOLDER/composite-firewall sink
+ tar -czf profile.tar.gz -C $DEMO_FOLDER/composite-firewall manifest.yaml override_values.yaml
popd
}
for name in $(cluster_names); do
print_msg "Wait for all pods to start on cluster $name"
file=$(cluster_file "$name")
- KUBECONFIG=$file kubectl wait pod -l release=fw0 --for=condition=Ready
+ KUBECONFIG=$file kubectl wait pod -l release=fw0 --for=condition=Ready --timeout=5m
done
# TODO: Provide some health check to verify vFW work
print_msg "Not waiting for vFW to fully install as no further checks are implemented in testcase"
spec:
application-name: packetgen
workload-resource: {{.Release}}-packetgen
- type: Deployment
+ type: VirtualMachine
---
version: emco/v2
spec:
application-name: firewall
workload-resource: {{.Release}}-firewall
- type: Deployment
+ type: VirtualMachine
---
version: emco/v2
metadata:
name: packetgen_unprotected_if
spec:
- interface: eth1
+ interface: net1
name: {{.UnprotectedProviderNetwork}}
defaultGateway: "false"
ipAddress: 192.168.10.2
+ macAddress: ee:f0:75:e0:b6:26
---
version: emco/v2
metadata:
name: packetgen_emco_if
spec:
- interface: eth2
+ interface: net2
name: {{.EmcoProviderNetwork}}
defaultGateway: "false"
ipAddress: 10.10.20.2
+ macAddress: 0a:c0:37:55:f5:ab
---
version: emco/v2
metadata:
name: firewall_unprotected_if
spec:
- interface: eth1
+ interface: net1
name: {{.UnprotectedProviderNetwork}}
defaultGateway: "false"
ipAddress: 192.168.10.3
+ macAddress: 52:57:2b:7b:e4:27
---
version: emco/v2
metadata:
name: firewall_protected_if
spec:
- interface: eth2
+ interface: net2
name: {{.ProtectedNetwork}}
defaultGateway: "false"
ipAddress: 192.168.20.2
+ macAddress: fa:d1:3a:a1:5c:67
---
version: emco/v2
metadata:
name: firewall_emco_if
spec:
- interface: eth3
+ interface: net3
name: {{.EmcoProviderNetwork}}
defaultGateway: "false"
ipAddress: 10.10.20.3
+ macAddress: 86:31:ea:6a:ce:75
---
version: emco/v2
Code Review / multicloud / k8s.git / commitdiff