fixing the sfc-setup readme.md

Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: Ib5e9b6f3564e9ab3f71433a98c5438f11e1f9cb0
author: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> 2020-09-23 08:12:58 -0700
committer: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> 2020-09-23 08:12:58 -0700
commit: e974c0cdfdcc5a16ccbffbbf3f7f4a01a06c5be5 (patch)
tree: efbb349409cc77cb2d1b0cd3e905cf7c7cc69898 /demo/sfc-setup/deploy
parent: e6a24cfca33c68b7000ff6198f51561cbfc69920 (diff)
7 files changed, 368 insertions, 0 deletions
diff --git a/demo/sfc-setup/deploy/firewall-dyn-net-2.yaml b/demo/sfc-setup/deploy/firewall-dyn-net-2.yaml
new file mode 100644
index 0000000..4ceac59
--- /dev/null
+++ b/demo/sfc-setup/deploy/firewall-dyn-net-2.yaml
@@ -0,0 +1,14 @@
+apiVersion: batch.sdewan.akraino.org/v1alpha1
+kind: FirewallZone
+metadata:
+  name: dynnet2
+  namespace: default
+  labels:
+    sdewanPurpose: cnf1
+
+spec:
+  network:
+    - dync-net2
+  input: ACCEPT
+  output: ACCEPT
+  forward: ACCEPT
diff --git a/demo/sfc-setup/deploy/firewall-right-pnetwork.yaml b/demo/sfc-setup/deploy/firewall-right-pnetwork.yaml
new file mode 100644
index 0000000..f7e3283
--- /dev/null
+++ b/demo/sfc-setup/deploy/firewall-right-pnetwork.yaml
@@ -0,0 +1,16 @@
+apiVersion: batch.sdewan.akraino.org/v1alpha1
+kind: FirewallZone
+metadata:
+  name: rpnetwork
+  namespace: default
+  labels:
+    sdewanPurpose: cnf1
+
+spec:
+  network:
+    - right-pnetwork
+  input: ACCEPT
+  output: ACCEPT
+  forward: ACCEPT
+  masq: "0"
+  mtu_fix: "1"
diff --git a/demo/sfc-setup/deploy/firewall-rule-reject-icmp-right-pnetwork.yaml b/demo/sfc-setup/deploy/firewall-rule-reject-icmp-right-pnetwork.yaml
new file mode 100644
index 0000000..3493bb6
--- /dev/null
+++ b/demo/sfc-setup/deploy/firewall-rule-reject-icmp-right-pnetwork.yaml
@@ -0,0 +1,13 @@
+apiVersion: batch.sdewan.akraino.org/v1alpha1
+kind: FirewallRule
+metadata:
+  name: firewallrule-icmp-right-pnetwork
+  namespace: default
+  labels:
+    sdewanPurpose: cnf1
+
+spec:
+  src: dynnet2
+  dest: rpnetwork
+  proto: icmp
+  target: REJECT
diff --git a/demo/sfc-setup/deploy/ms1.yaml b/demo/sfc-setup/deploy/ms1.yaml
new file mode 100644
index 0000000..d910257
--- /dev/null
+++ b/demo/sfc-setup/deploy/ms1.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ms1
+  labels:
+    app: ms1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ms1
+  template:
+    metadata:
+      labels:
+        app: ms1
+      annotations:
+        k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "left-pnetwork", "interface": "net0", "defaultgateway": "true", "gwipaddress": "172.30.10.3" }]}'
+
+    spec:
+      containers:
+      - name: ms1
+        image: rkamudhan/netshoot:v1.0
+        imagePullPolicy: IfNotPresent
+        stdin: true
+        tty: true
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["NET_ADMIN"]
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 8.8.8.8
+        searches:
+          - default.svc.cluster.local
+          - svc.cluster.local
+          - cluster.local
+        options:
+          - name: ndots
+            value: "5"
diff --git a/demo/sfc-setup/deploy/sfc-network.yaml b/demo/sfc-setup/deploy/sfc-network.yaml
new file mode 100644
index 0000000..9a6aa2c
--- /dev/null
+++ b/demo/sfc-setup/deploy/sfc-network.yaml
@@ -0,0 +1,67 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+  name: dync-net1
+spec:
+  cniType : ovn4nfv
+  ipv4Subnets:
+  - subnet: 172.30.33.0/24
+    name: subnet1
+    gateway: 172.30.33.1/24
+
+---
+
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+  name: dync-net2
+spec:
+  cniType : ovn4nfv
+  ipv4Subnets:
+  - subnet: 172.30.44.0/24
+    name: subnet1
+    gateway: 172.30.44.1/24
+
+---
+
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+  name: left-pnetwork
+spec:
+  cniType: ovn4nfv
+  ipv4Subnets:
+  - subnet: 172.30.10.0/24
+    name: subnet1
+    gateway: 172.30.10.1/24
+    excludeIps: 172.30.10.2
+  providerNetType: VLAN
+  vlan:
+    vlanId: "100"
+    providerInterfaceName: eth1
+    logicalInterfaceName: eth1.100
+    vlanNodeSelector: specific
+    nodeLabelList:
+    - kubernetes.io/os=linux
+
+---
+
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+  name: right-pnetwork
+spec:
+  cniType: ovn4nfv
+  ipv4Subnets:
+  - subnet: 172.30.20.0/24
+    name: subnet1
+    gateway: 172.30.20.1/24
+    excludeIps: 172.30.20.2
+  providerNetType: VLAN
+  vlan:
+    vlanId: "200"
+    providerInterfaceName: eth1
+    logicalInterfaceName: eth1.200
+    vlanNodeSelector: specific
+    nodeLabelList:
+    - kubernetes.io/os=linux
diff --git a/demo/sfc-setup/deploy/sfc.yaml b/demo/sfc-setup/deploy/sfc.yaml
new file mode 100644
index 0000000..98af02a
--- /dev/null
+++ b/demo/sfc-setup/deploy/sfc.yaml
@@ -0,0 +1,18 @@
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: NetworkChaining
+metadata:
+  name: example-networkchaining
+spec:
+  # Add fields here
+  chainType: "Routing"
+  routingSpec:
+    namespace: "default"
+    networkChain: "app=slb,dync-net1,app=ngfw,dync-net2,app=sdwan"
+    leftNetwork:
+    - networkName: "right-pnetwork"
+      gatewayIp: "172.30.10.2"
+      subnet: "172.30.10.0/24"
+    rightNetwork:
+    - networkName: "left-pnetwork"
+      gatewayIp: "172.30.20.2"
+      subnet: "172.30.20.0/24"
diff --git a/demo/sfc-setup/deploy/slb-ngfw-sdewan-cnf-deployment.yaml b/demo/sfc-setup/deploy/slb-ngfw-sdewan-cnf-deployment.yaml
new file mode 100644
index 0000000..4a1a9cd
--- /dev/null
+++ b/demo/sfc-setup/deploy/slb-ngfw-sdewan-cnf-deployment.yaml
@@ -0,0 +1,200 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: slb
+  labels:
+    app: slb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: slb
+  template:
+    metadata:
+      labels:
+        app: slb
+      annotations:
+        k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "left-pnetwork", "interface": "net0" }, { "name": "dync-net1", "interface": "net1" }]}'
+
+    spec:
+      containers:
+      - name: slb
+        image: rkamudhan/netshoot:v1.0
+        imagePullPolicy: IfNotPresent
+        stdin: true
+        tty: true
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["NET_ADMIN"]
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ngfw
+  labels:
+    app: ngfw
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ngfw
+  template:
+    metadata:
+      labels:
+        app: ngfw
+      annotations:
+        k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dync-net1", "interface": "net0" }, { "name": "dync-net2", "interface": "net1" }]}'
+
+    spec:
+      containers:
+      - name: ngfw
+        image: rkamudhan/netshoot:v1.0
+        imagePullPolicy: IfNotPresent
+        stdin: true
+        tty: true
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["NET_ADMIN"]
+
+
+---
+
+apiVersion: v1
+data:
+  entrypoint.sh: |-
+    #!/bin/bash
+    # Always exit on errors.
+    set -ex
+    echo "" > /etc/config/network
+    cat > /etc/config/mwan3 <<EOF
+    config globals 'globals'
+        option mmx_mask '0x3F00'
+        option local_source 'lan'
+    EOF
+    eval "networks=$(grep nfn-network /tmp/podinfo/annotations | awk  -F '=' '{print $2}')"
+    for net in $(echo -e $networks | jq -c ".interface[]")
+    do
+      interface=$(echo $net | jq -r .interface)
+      ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
+      vif="$interface"
+      cat >> /etc/config/network <<EOF
+    config interface '$vif'
+        option ifname '$interface'
+        option proto 'static'
+        option ipaddr '$ipaddr'
+        option netmask '255.255.255.0'
+    EOF
+      cat >> /etc/config/mwan3 <<EOF
+    config interface '$vif'
+            option enabled '1'
+            option family 'ipv4'
+            option reliability '2'
+            option count '1'
+            option timeout '2'
+            option failure_latency '1000'
+            option recovery_latency '500'
+            option failure_loss '20'
+            option recovery_loss '5'
+            option interval '5'
+            option down '3'
+            option up '8'
+    EOF
+    done
+    /sbin/procd &
+    /sbin/ubusd &
+    iptables -t nat -L
+    sleep 1
+    /etc/init.d/rpcd start
+    /etc/init.d/dnsmasq start
+    /etc/init.d/network start
+    /etc/init.d/odhcpd start
+    /etc/init.d/uhttpd start
+    /etc/init.d/log start
+    /etc/init.d/dropbear start
+    /etc/init.d/mwan3 restart
+    /etc/init.d/firewall restart
+    echo "Entering sleep... (success)"
+    # Sleep forever.
+    while true; do sleep 100; done
+kind: ConfigMap
+metadata:
+  name: sdewan-sh
+  namespace: default
+...
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sdwan
+  namespace: default
+  labels:
+    app: sdwan
+    sdewanPurpose: cnf1
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sdwan
+      sdewanPurpose: cnf1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dync-net2", "interface": "net0" }, { "name": "right-pnetwork", "interface": "net1" }]}'
+      labels:
+        app: sdwan
+        sdewanPurpose: cnf1
+    spec:
+      containers:
+      - command:
+              #- sleep
+              #- "3600"
+        - /bin/sh
+        - /tmp/sdewan/entrypoint.sh
+        image: integratedcloudnative/openwrt:0.3.0
+        imagePullPolicy: IfNotPresent
+        name: sdewan
+        readinessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /
+            port: 80
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 1
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["NET_ADMIN"]
+          procMount: Default
+        volumeMounts:
+        - mountPath: /tmp/sdewan
+          name: sdewan-sh
+          readOnly: true
+        - mountPath: /tmp/podinfo
+          name: podinfo
+          readOnly: true
+      restartPolicy: Always
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: sdewan-sh
+        name: sdewan-sh
+      - name: podinfo
+        downwardAPI:
+          items:
+            - path: "annotations"
+              fieldRef:
+                fieldPath: metadata.annotations
author	Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>	2020-09-23 08:12:58 -0700
committer	Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>	2020-09-23 08:12:58 -0700
commit	e974c0cdfdcc5a16ccbffbbf3f7f4a01a06c5be5 (patch)
tree	efbb349409cc77cb2d1b0cd3e905cf7c7cc69898 /demo/sfc-setup/deploy
parent	e6a24cfca33c68b7000ff6198f51561cbfc69920 (diff)