demo/sfc-setup/demo/slb-ngfw-sdewan-cnf-deployment.yaml

   1 apiVersion: apps/v1
   2 kind: Deployment
   3 metadata:
   4   name: slb
   5   labels:
   6     app: slb
   7 spec:
   8   replicas: 1
   9   selector:
  10     matchLabels:
  11       app: slb
  12   template:
  13     metadata:
  14       labels:
  15         app: slb
  16       annotations:
  17         k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "left-pnetwork", "interface": "net0" }, { "name": "dync-net1", "interface": "net1" }]}'
  18
  19     spec:
  20       containers:
  21       - name: slb
  22         image: rkamudhan/netshoot:v1.0
  23         imagePullPolicy: IfNotPresent
  24         stdin: true
  25         tty: true
  26         securityContext:
  27           privileged: true
  28           capabilities:
  29             add: ["NET_ADMIN"]
  30
  31 ---
  32
  33 apiVersion: apps/v1
  34 kind: Deployment
  35 metadata:
  36   name: ngfw
  37   labels:
  38     app: ngfw
  39 spec:
  40   replicas: 1
  41   selector:
  42     matchLabels:
  43       app: ngfw
  44   template:
  45     metadata:
  46       labels:
  47         app: ngfw
  48       annotations:
  49         k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dync-net1", "interface": "net0" }, { "name": "dync-net2", "interface": "net1" }]}'
  50
  51     spec:
  52       containers:
  53       - name: ngfw
  54         image: rkamudhan/netshoot:v1.0
  55         imagePullPolicy: IfNotPresent
  56         stdin: true
  57         tty: true
  58         securityContext:
  59           privileged: true
  60           capabilities:
  61             add: ["NET_ADMIN"]
  62
  63
  64 ---
  65
  66 apiVersion: v1
  67 data:
  68   entrypoint.sh: |-
  69     #!/bin/bash
  70     # Always exit on errors.
  71     set -ex
  72     echo "" > /etc/config/network
  73     cat > /etc/config/mwan3 <<EOF
  74     config globals 'globals'
  75         option mmx_mask '0x3F00'
  76         option local_source 'lan'
  77     EOF
  78     eval "networks=$(grep nfn-network /tmp/podinfo/annotations | awk  -F '=' '{print $2}')"
  79     for net in $(echo -e $networks | jq -c ".interface[]")
  80     do
  81       interface=$(echo $net | jq -r .interface)
  82       ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
  83       vif="$interface"
  84       cat >> /etc/config/network <<EOF
  85     config interface '$vif'
  86         option ifname '$interface'
  87         option proto 'static'
  88         option ipaddr '$ipaddr'
  89         option netmask '255.255.255.0'
  90     EOF
  91       cat >> /etc/config/mwan3 <<EOF
  92     config interface '$vif'
  93             option enabled '1'
  94             option family 'ipv4'
  95             option reliability '2'
  96             option count '1'
  97             option timeout '2'
  98             option failure_latency '1000'
  99             option recovery_latency '500'
 100             option failure_loss '20'
 101             option recovery_loss '5'
 102             option interval '5'
 103             option down '3'
 104             option up '8'
 105     EOF
 106     done
 107     /sbin/procd &
 108     /sbin/ubusd &
 109     iptables -t nat -L
 110     sleep 1
 111     /etc/init.d/rpcd start
 112     /etc/init.d/dnsmasq start
 113     /etc/init.d/network start
 114     /etc/init.d/odhcpd start
 115     /etc/init.d/uhttpd start
 116     /etc/init.d/log start
 117     /etc/init.d/dropbear start
 118     /etc/init.d/mwan3 restart
 119     /etc/init.d/firewall restart
 120     echo "Entering sleep... (success)"
 121     # Sleep forever.
 122     while true; do sleep 100; done
 123 kind: ConfigMap
 124 metadata:
 125   name: sdewan-sh
 126   namespace: default
 127 ...
 128
 129 ---
 130 apiVersion: apps/v1
 131 kind: Deployment
 132 metadata:
 133   name: sdwan
 134   namespace: default
 135   labels:
 136     app: sdwan
 137     sdewanPurpose: cnf1
 138 spec:
 139   progressDeadlineSeconds: 600
 140   replicas: 1
 141   selector:
 142     matchLabels:
 143       app: sdwan
 144       sdewanPurpose: cnf1
 145   strategy:
 146     rollingUpdate:
 147       maxSurge: 25%
 148       maxUnavailable: 25%
 149     type: RollingUpdate
 150   template:
 151     metadata:
 152       annotations:
 153         k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dync-net2", "interface": "net0" }, { "name": "right-pnetwork", "interface": "net1" }]}'
 154       labels:
 155         app: sdwan
 156         sdewanPurpose: cnf1
 157     spec:
 158       containers:
 159       - command:
 160               #- sleep
 161               #- "3600"
 162         - /bin/sh
 163         - /tmp/sdewan/entrypoint.sh
 164         image: integratedcloudnative/openwrt:0.3.0
 165         imagePullPolicy: IfNotPresent
 166         name: sdewan
 167         readinessProbe:
 168           failureThreshold: 5
 169           httpGet:
 170             path: /
 171             port: 80
 172             scheme: HTTP
 173           initialDelaySeconds: 5
 174           periodSeconds: 5
 175           successThreshold: 1
 176           timeoutSeconds: 1
 177         securityContext:
 178           privileged: true
 179           capabilities:
 180             add: ["NET_ADMIN"]
 181           procMount: Default
 182         volumeMounts:
 183         - mountPath: /tmp/sdewan
 184           name: sdewan-sh
 185           readOnly: true
 186         - mountPath: /tmp/podinfo
 187           name: podinfo
 188           readOnly: true
 189       restartPolicy: Always
 190       volumes:
 191       - configMap:
 192           defaultMode: 420
 193           name: sdewan-sh
 194         name: sdewan-sh
 195       - name: podinfo
 196         downwardAPI:
 197           items:
 198             - path: "annotations"
 199               fieldRef:
 200                 fieldPath: metadata.annotations