Create helm chart for CNF and CRD controller.
Add example configuration file for deployment.
Guide to deploy the helm.
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I3982a4c17ed5f1d4fa00de865fefdda83f2a7470
--- /dev/null
+# Helm Chart for cnf and controller
+
+## Pre-condition
+**1.Install cert-manager**
+
+`kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml`
+
+**2.Label the node**
+
+```
+nodename=$(kubectl get node -o jsonpath='{.items[0].metadata.name}')
+kubectl taint node $nodename node-role.kubernetes.io/master:NoSchedule-
+kubectl label --overwrite node $nodename ovn4nfv-k8s-plugin=ovn-control-plane
+```
+
+**3.Install network**
+
+For the network configuration, the helm charts of CNF and Controller need integrate Multus CNI with Calico as default network and icn-nodus. So you can refer to the [guide](https://github.com/akraino-edge-stack/icn-nodus/blob/master/doc/how-to-use.md#testing-with-cni-proxy) to setup your environment.
+
+**4.Apply provide network**
+
+- Create ovn-network and provider-network, e.g.
+```
+---
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: ProviderNetwork
+metadata:
+ name: pnetwork
+spec:
+ cniType: ovn4nfv
+ ipv4Subnets:
+ - subnet: 10.10.20.1/24
+ name: subnet
+ gateway: 10.10.20.1/24
+ excludeIps: 10.10.20.2..10.10.20.9
+ providerNetType: VLAN
+ vlan:
+ logicalInterfaceName: eno1.100 // Change to your interface name
+ providerInterfaceName: eno1
+ vlanId: "100"
+ vlanNodeSelector: all
+
+---
+apiVersion: k8s.plugin.opnfv.org/v1alpha1
+kind: Network
+metadata:
+ name: ovn-network
+spec:
+ # Add fields here
+ cniType: ovn4nfv
+ ipv4Subnets:
+ - subnet: 172.16.30.1/24
+ name: subnet1
+ gateway: 172.16.30.1/24
+```
+- Update `helm/sdewan_cnf/values.yaml` to configure the network information
+
+**5.Install helm**
+
+```
+curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
+sudo apt-get install apt-transport-https --yes
+echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+sudo apt-get update
+sudo apt-get install helm
+```
+
+## Steps to install CNF and CRD Controller
+
+Please locate your directory to `./helm`.
+
+**1.Create namespace for SDEWAN Central Controller v1Microservices**
+
+`kubectl create namespace sdewan-system`
+
+**2.Generate certificate for cnf**
+
+`kubectl apply -f cert/cnf_cert.yaml`
+
+**3.Install CNF**
+
+```
+helm package sdewan_cnf
+helm install ./cnf-0.1.0.tgz --generate-name
+```
+
+**4.Install CRD controller**
+
+```
+helm package sdewan_controllers
+helm install ./controllers-0.1.0.tgz --generate-name
+```
+
--- /dev/null
+# Example to verify
+This is an example which you can test your SDEWAN deployment environment.
+
+## Pre-condition
+**1.Install a simple nginx deployment and service**
+
+`kubectl apply -f nginx-dp-svc.yaml`
+
+**2.Apply the cnf service CR**
+
+`kubectl apply -f cnfservice.yaml`
+
+**3.Verify**
+
+```
+# From host, you can get the nginx response from cnf
+curl <cnf_ip>:8866
+
+# login to the cnf pod and see the iptables
+kubectl exec -ti <cnf-pod-name> -n <namespace> -- sudo bash
+iptable -L -t nat
+# DNAT tcp -- anywhere anywhere tcp dpt:8866 to:<nginx-svc-ip>:80
+```
--- /dev/null
+apiVersion: batch.sdewan.akraino.org/v1alpha1
+kind: CNFService
+metadata:
+ name: cnfservice-sample
+ labels:
+ sdewanPurpose: sdewan-safe
+spec:
+ fullname: nginx.default.svc.cluster.local
+ port: "8866"
+ dport: "80"
+
--- /dev/null
+---
+apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
+kind: Deployment
+metadata:
+ name: nginx
+spec:
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ app: nginx
+ replicas: 3
+ template: # create pods using pod definition in this template
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx
+ ports:
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx
+ namespace: default
+ labels:
+ app: nginx
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+spec:
+ externalTrafficPolicy: Local
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: nginx
+ type: LoadBalancer
--- /dev/null
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: cnf-root-issuer
+spec:
+ selfSigned: {}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: cnf-root-cert
+ namespace: default
+spec:
+ commonName: "sdwan"
+ duration: 17520h
+ isCA: true
+ issuerRef:
+ kind: ClusterIssuer
+ name: cnf-root-issuer
+ secretName: cnf-root-cert
+
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: cnf-default-issuer
+ namespace: default
+spec:
+ ca:
+ secretName: cnf-root-cert
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: cnf-default-cert
+ namespace: default
+spec:
+ commonName: "*.default.pod.cluster.local"
+ duration: 17520h
+ isCA: false
+ issuerRef:
+ kind: Issuer
+ name: cnf-default-issuer
+ secretName: cnf-default-cert
+ commonName: "*.default.pod.cluster.local"
+ dnsNames:
+ - "*.default.pod.cluster.local"
--- /dev/null
+#/*
+# * Copyright (c) 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+name: cnf
+description: A Helm chart for Kubernetes
+version: 0.1.0
+appVersion: "1.0"
--- /dev/null
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cnf.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cnf.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cnf.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cnf.labels" -}}
+helm.sh/chart: {{ include "cnf.chart" . }}
+{{ include "cnf.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cnf.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cnf.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cnf.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cnf.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
--- /dev/null
+#/* Copyright (c) 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+data:
+ entrypoint.sh: |-
+ #!/bin/bash
+ # Always exit on errors.
+ set -ex
+ echo "" > /etc/config/network
+ cat > /etc/config/mwan3 <<EOF
+ config globals 'globals'
+ option mmx_mask '0x3F00'
+ option local_source 'lan'
+ EOF
+
+ defaultip=$(grep "\podIP\b" /tmp/podinfo/annotations | cut -d/ -f2 | cut -d'"' -f2)
+ providerip=$(echo {{ .Values.providerCIDR }} | cut -d/ -f1)
+ sep="."
+ suf="0"
+
+ eval "networks=$(grep nfn-network /tmp/podinfo/annotations | awk -F '=' '{print $2}')"
+ for net in $(echo -e $networks | jq -c ".interface[]")
+ do
+ interface=$(echo $net | jq -r .interface)
+ ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
+ vif="$interface"
+ netmask=$(ifconfig $interface | awk '/inet/{print $4}'| cut -f2 -d ":" | head -1)
+ cat >> /etc/config/network <<EOF
+ config interface '$vif'
+ option ifname '$interface'
+ option proto 'static'
+ option ipaddr '$ipaddr'
+ option netmask '$netmask'
+ EOF
+ done
+
+ if [ -f "/tmp/sdewan/account/password" ]; then
+ echo "Changing password ..."
+ pass=$(cat /tmp/sdewan/account/password)
+ echo root:$pass | chpasswd
+ fi
+
+ if [ -d "/tmp/sdewan/serving-certs/" ]; then
+ echo "Configuration certificates ..."
+ cp /tmp/sdewan/serving-certs/tls.crt /etc/uhttpd.crt
+ cp /tmp/sdewan/serving-certs/tls.key /etc/uhttpd.key
+ fi
+
+ /sbin/procd &
+ /sbin/ubusd &
+ iptables -t nat -L
+ sleep 1
+ /etc/init.d/rpcd start
+ /etc/init.d/dnsmasq start
+ /etc/init.d/network start
+ /etc/init.d/odhcpd start
+ /etc/init.d/uhttpd start
+ /etc/init.d/log start
+ /etc/init.d/dropbear start
+ /etc/init.d/mwan3 restart
+ /etc/init.d/firewall restart
+ for net in $(echo -e $networks | jq -c ".interface[]")
+ do
+ interface=$(echo $net | jq -r .interface)
+ ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
+ echo $ipaddr | ( IFS="." read -r var1 var2 var3 var4; CIDR="$var1$sep$var2$sep$var3$sep$suf"; \
+ if [ "${CIDR}" = "${providerip}" ] ; then iptables -t nat -A POSTROUTING -o $interface -d {{ .Values.providerCIDR }} -j SNAT --to-source $ipaddr; fi)
+ done
+
+{{- if .Values.publicIpAddress }}
+ iptables -t nat -I PREROUTING 1 -m tcp -p tcp -d {{ .Values.publicIpAddress }} --dport 6443 -j DNAT --to-dest 10.96.0.1:443
+{{- end }}
+{{- if .Values.defaultCIDR }}
+ ip rule add from {{ .Values.defaultCIDR }} lookup 40
+ ip rule add from $defaultip lookup main
+{{- end }}
+ echo "Entering sleep... (success)"
+ # Sleep forever.
+ while true; do sleep 100; done
+kind: ConfigMap
+metadata:
+ name: sdewan-safe-sh
+ namespace: default
+
--- /dev/null
+#/* Copyright (c) 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Values.metadata.name }}
+ namespace: {{ .Values.metadata.namespace }}
+ labels:
+ sdewanPurpose: {{ .Values.metadata.labels }}
+spec:
+ progressDeadlineSeconds: {{ .Values.spec.progressDeadlineSeconds }}
+ replicas: {{ .Values.spec.replicas }}
+ selector:
+ matchLabels:
+ sdewanPurpose: {{ .Values.metadata.labels }}
+ strategy:
+ rollingUpdate:
+ maxSurge: {{ .Values.strategy.maxSurge }}
+ maxUnavailable: {{ .Values.strategy.maxUnavailable }}
+ type: RollingUpdate
+ template:
+ metadata:
+ annotations:
+ k8s.plugin.opnfv.org/nfn-network: |-
+ { "type": "ovn4nfv", "interface": [
+ {{- range .Values.nfn }} {{- with . }}
+ {
+ "defaultGateway": "{{- .defaultGateway -}}",
+ "interface": "{{- .interface -}}",
+ "ipAddress": "{{- .ipAddress -}}",
+ "name": "{{- .name -}}"
+ } {{- .separate -}}
+ {{- end }} {{- end }}
+ ]}
+ k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn4nfv-k8s-plugin"}]'
+ labels:
+ sdewanPurpose: {{ .Values.metadata.labels }}
+ cnf-account-secret: {{ .Values.metadata.passwdSecret }}
+ cnf-cert-secret: {{ .Values.metadata.cert }}
+ spec:
+ containers:
+ - command:
+ #- sleep
+ #- "3600"
+ - /usr/bin/sudo
+ - /bin/sh
+ - /tmp/sdewan/entrypoint.sh
+ image: {{ .Values.containers.image }}
+ imagePullPolicy: {{ .Values.containers.imagePullPolicy }}
+ name: {{ .Values.containers.name }}
+ readinessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /
+ port: 80
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ successThreshold: 1
+ timeoutSeconds: 1
+ securityContext:
+ privileged: true
+ procMount: Default
+ volumeMounts:
+ - mountPath: /tmp/sdewan
+ name: sdewan-safe-sh
+ readOnly: true
+ - mountPath: /tmp/podinfo
+ name: podinfo
+ readOnly: true
+ - mountPath: /tmp/sdewan/serving-certs
+ name: cert
+ readOnly: true
+ - mountPath: /tmp/sdewan/account
+ name: account
+ readOnly: true
+ nodeSelector:
+ node-role.kubernetes.io/master: "{{ .Values.nodeSelector }}"
+ restartPolicy: {{ .Values.restartPolicy }}
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: sdewan-safe-sh
+ name: sdewan-safe-sh
+ - name: podinfo
+ downwardAPI:
+ items:
+ - path: "annotations"
+ fieldRef:
+ fieldPath: metadata.annotations
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: {{ .Values.metadata.cert }}
+ - name: account
+ secret:
+ defaultMode: 420
+ secretName: {{ .Values.metadata.passwdSecret }}
--- /dev/null
+#/* Copyright (c) 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.metadata.passwdSecret }}
+ namespace: {{ .Values.metadata.namespace }}
+type: Opaque
+stringData:
+ password: {{ .Values.metadata.passwd }}
+
--- /dev/null
+#/* Copyright (c) 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+#
+# Default values for cnf.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+metadata:
+ name: sdewan-safe
+ namespace: default
+ labels: base
+ passwdSecret: sdewan-safe-pass
+ passwd: root1
+ cert: cnf-default-cert
+
+spec:
+ progressDeadlineSeconds: 600
+ replicas: 1
+
+strategy:
+ maxSurge: 25%
+ maxUnavailable: 25%
+
+nfn:
+ - defaultGateway: false
+ interface: net2
+ ipAddress: 10.10.70.39
+ name: pnetwork
+ separate: ","
+ - defaultGateway: false
+ interface: net0
+ ipAddress: 172.16.70.39
+ name: ovn-network
+ separate: ""
+
+containers:
+ image: integratedcloudnative/sdewan-cnf:openwrt1907
+ imagePullPolicy: IfNotPresent
+ name: sdewan
+
+nodeSelector: ""
+
+publicIpAddress: "10.10.70.39"
+defaultCIDR: "10.233.84.0/24"
+providerCIDR: "10.10.70.0/24"
+
+restartPolicy: Always
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+#/*
+# * Copyright (c) 2021 Intel Corporation, Inc
+# *
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# */
+
+apiVersion: v1
+name: controllers
+description: A Helm chart for Kubernetes
+version: 0.1.0
+appVersion: "1.0"
--- /dev/null
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "controllers.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "controllers.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "controllers.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "controllers.labels" -}}
+helm.sh/chart: {{ include "controllers.chart" . }}
+{{ include "controllers.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "controllers.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "controllers.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "controllers.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "controllers.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+ name: sdewan-serving-cert
+ namespace: {{ .Values.namespace }}
+spec:
+ dnsNames:
+ - sdewan-webhook-service.sdewan-system.svc
+ - sdewan-webhook-service.sdewan-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: sdewan-selfsigned-issuer
+ secretName: webhook-server-cert
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: cnfrouterules.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: CNFRouteRule
+ listKind: CNFRouteRuleList
+ plural: cnfrouterules
+ singular: cnfrouterule
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: CNFRouteRule is the Schema for the cnfrouterules API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CNFRouteRuleSpec defines the desired state of CNFRouteRule
+ properties:
+ dst:
+ type: string
+ fwmark:
+ type: string
+ not:
+ type: boolean
+ prio:
+ type: string
+ src:
+ type: string
+ table:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: cnfroutes.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: CNFRoute
+ listKind: CNFRouteList
+ plural: cnfroutes
+ singular: cnfroute
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: CNFRoute is the Schema for the cnfroutes API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CNFRouteSpec defines the desired state of CNFRoute
+ properties:
+ dev:
+ type: string
+ dst:
+ type: string
+ gw:
+ type: string
+ table:
+ enum:
+ - default
+ - cnf
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: cnfservices.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: CNFService
+ listKind: CNFServiceList
+ plural: cnfservices
+ singular: cnfservice
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: CNFService is the Schema for the cnfservices API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CNFServiceSpec defines the desired state of CNFService
+ properties:
+ dport:
+ type: string
+ fullname:
+ type: string
+ port:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: cnfstatuses.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: CNFStatus
+ listKind: CNFStatusList
+ plural: cnfstatuses
+ singular: cnfstatus
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: CNFStatus is the Schema for the cnfstatuses API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CNFStatusSpec defines the desired state of CNFStatus
+ type: object
+ status:
+ description: CNFStatusStatus defines the observed state of CNFStatus
+ properties:
+ appliedGeneration:
+ description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ information:
+ items:
+ description: CNFStatusInformation defines the runtime information of a CNF
+ properties:
+ ip:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ node:
+ type: string
+ purpose:
+ type: string
+ status:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewalldnats.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallDNAT
+ listKind: FirewallDNATList
+ plural: firewalldnats
+ singular: firewalldnat
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallDNAT is the Schema for the firewalldnats API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallDNATSpec defines the desired state of FirewallDNAT
+ properties:
+ dest:
+ type: string
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ family:
+ type: string
+ mark:
+ type: string
+ name:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ proto:
+ type: string
+ src:
+ type: string
+ src_dip:
+ type: string
+ src_dport:
+ type: string
+ src_ip:
+ type: string
+ src_mac:
+ type: string
+ src_port:
+ type: string
+ target:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallforwardings.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallForwarding
+ listKind: FirewallForwardingList
+ plural: firewallforwardings
+ singular: firewallforwarding
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallForwarding is the Schema for the firewallforwardings API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallForwardingSpec defines the desired state of FirewallForwarding
+ properties:
+ dest:
+ type: string
+ family:
+ type: string
+ name:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ src:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallrules.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallRule
+ listKind: FirewallRuleList
+ plural: firewallrules
+ singular: firewallrule
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallRule is the Schema for the firewallrules API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallRuleSpec defines the desired state of FirewallRule
+ properties:
+ dest:
+ type: string
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ extra:
+ type: string
+ family:
+ type: string
+ icmp_type:
+ items:
+ type: string
+ type: array
+ mark:
+ type: string
+ name:
+ description: Foo is an example field of FirewallRule. Edit FirewallRule_types.go to remove/update
+ type: string
+ proto:
+ type: string
+ set_mark:
+ type: string
+ set_xmark:
+ type: string
+ src:
+ type: string
+ src_ip:
+ type: string
+ src_mac:
+ type: string
+ src_port:
+ type: string
+ target:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallsnats.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallSNAT
+ listKind: FirewallSNATList
+ plural: firewallsnats
+ singular: firewallsnat
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallSNAT is the Schema for the firewallsnats API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallSNATSpec defines the desired state of FirewallSNAT
+ properties:
+ dest:
+ type: string
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ family:
+ type: string
+ mark:
+ type: string
+ name:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ proto:
+ type: string
+ src:
+ type: string
+ src_dip:
+ type: string
+ src_dport:
+ type: string
+ src_ip:
+ type: string
+ src_mac:
+ type: string
+ src_port:
+ type: string
+ target:
+ type: string
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: firewallzones.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: FirewallZone
+ listKind: FirewallZoneList
+ plural: firewallzones
+ singular: firewallzone
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: FirewallZone is the Schema for the firewallzones API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FirewallZoneSpec defines the desired state of FirewallZone
+ properties:
+ etra_dest:
+ type: string
+ extra_src:
+ type: string
+ family:
+ type: string
+ forward:
+ type: string
+ input:
+ type: string
+ masq:
+ type: string
+ masq_allow_invalid:
+ type: string
+ masq_dest:
+ items:
+ type: string
+ type: array
+ masq_src:
+ items:
+ type: string
+ type: array
+ mtu_fix:
+ type: string
+ name:
+ description: Foo is an example field of FirewallZone. Edit FirewallZone_types.go to remove/update
+ type: string
+ network:
+ items:
+ type: string
+ type: array
+ output:
+ type: string
+ subnet:
+ items:
+ type: string
+ type: array
+ required:
+ - network
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: ipsechosts.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: IpsecHost
+ listKind: IpsecHostList
+ plural: ipsechosts
+ singular: ipsechost
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: IpsecHost is the Schema for the ipsechosts API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ authentication_method:
+ type: string
+ connections:
+ items:
+ properties:
+ conn_type:
+ type: string
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ if_id:
+ type: string
+ local_firewall:
+ type: string
+ local_sourceip:
+ type: string
+ local_updown:
+ type: string
+ mark:
+ type: string
+ mode:
+ type: string
+ name:
+ type: string
+ remote_firewall:
+ type: string
+ remote_sourceip:
+ type: string
+ remote_subnet:
+ type: string
+ remote_updown:
+ type: string
+ required:
+ - conn_type
+ - mode
+ - name
+ type: object
+ type: array
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ force_crypto_proposal:
+ type: string
+ local_identifier:
+ type: string
+ local_private_cert:
+ type: string
+ local_public_cert:
+ type: string
+ name:
+ type: string
+ pre_shared_key:
+ type: string
+ remote:
+ type: string
+ remote_identifier:
+ type: string
+ shared_ca:
+ type: string
+ type:
+ type: string
+ required:
+ - authentication_method
+ - connections
+ - crypto_proposal
+ - remote
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: ipsecproposals.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: IpsecProposal
+ listKind: IpsecProposalList
+ plural: ipsecproposals
+ singular: ipsecproposal
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: IpsecProposal is the Schema for the ipsecproposals API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IpsecProposalSpec defines the desired state of IpsecProposal
+ properties:
+ dh_group:
+ type: string
+ encryption_algorithm:
+ type: string
+ hash_algorithm:
+ type: string
+ name:
+ type: string
+ required:
+ - dh_group
+ - encryption_algorithm
+ - hash_algorithm
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: ipsecsites.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: IpsecSite
+ listKind: IpsecSiteList
+ plural: ipsecsites
+ singular: ipsecsite
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: IpsecSite is the Schema for the ipsecsites API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IpsecSiteSpec defines the desired state of IpsecSite
+ properties:
+ authentication_method:
+ type: string
+ connections:
+ items:
+ properties:
+ conn_type:
+ type: string
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ if_id:
+ type: string
+ local_firewall:
+ type: string
+ local_subnet:
+ type: string
+ local_updown:
+ type: string
+ mark:
+ type: string
+ mode:
+ type: string
+ name:
+ type: string
+ remote_firewall:
+ type: string
+ remote_sourceip:
+ type: string
+ remote_subnet:
+ type: string
+ remote_updown:
+ type: string
+ required:
+ - conn_type
+ - local_subnet
+ - mode
+ - name
+ type: object
+ type: array
+ crypto_proposal:
+ items:
+ type: string
+ type: array
+ force_crypto_proposal:
+ type: string
+ local_identifier:
+ type: string
+ local_private_cert:
+ type: string
+ local_public_cert:
+ type: string
+ name:
+ type: string
+ pre_shared_key:
+ type: string
+ remote:
+ type: string
+ remote_identifier:
+ type: string
+ shared_ca:
+ type: string
+ type:
+ type: string
+ required:
+ - authentication_method
+ - connections
+ - crypto_proposal
+ - remote
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: mwan3policies.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: Mwan3Policy
+ listKind: Mwan3PolicyList
+ plural: mwan3policies
+ singular: mwan3policy
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Mwan3Policy is the Schema for the mwan3policies API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ members:
+ items:
+ description: Mwan3PolicySpec defines the desired state of Mwan3Policy
+ properties:
+ metric:
+ type: integer
+ network:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ weight:
+ type: integer
+ required:
+ - metric
+ - network
+ - weight
+ type: object
+ type: array
+ required:
+ - members
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: mwan3rules.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: Mwan3Rule
+ listKind: Mwan3RuleList
+ plural: mwan3rules
+ singular: mwan3rule
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: Mwan3Rule is the Schema for the mwan3rules API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ dest_ip:
+ type: string
+ dest_port:
+ type: string
+ family:
+ type: string
+ policy:
+ type: string
+ proto:
+ type: string
+ src_ip:
+ type: string
+ src_port:
+ type: string
+ sticky:
+ type: string
+ timeout:
+ type: string
+ required:
+ - dest_ip
+ - dest_port
+ - family
+ - policy
+ - proto
+ - src_ip
+ - src_port
+ - sticky
+ - timeout
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: sdewanapplications.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: SdewanApplication
+ listKind: SdewanApplicationList
+ plural: sdewanapplications
+ singular: sdewanapplication
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: SdewanApplication is the Schema for the sdewanapplications API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SdewanApplicationSpec defines the desired state of SdewanApplication
+ properties:
+ appNamespace:
+ type: string
+ podSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: {{ .Values.spec.label }}
+ name: {{ .Values.spec.name }}
+ namespace: {{ .Values.namespace }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: {{ .Values.spec.label }}
+ template:
+ metadata:
+ labels:
+ control-plane: {{ .Values.spec.label }}
+ spec:
+ containers:
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ image: {{ .Values.spec.proxy.image }}
+ name: {{ .Values.spec.proxy.name }}
+ ports:
+ - containerPort: 8443
+ name: https
+ - args:
+ - --metrics-addr=127.0.0.1:8080
+ - --enable-leader-election
+ command:
+ - /manager
+ image: {{ .Values.spec.sdewan.image }}
+ name: {{ .Values.spec.sdewan.name }}
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 100m
+ memory: 60Mi
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ nodeSelector:
+ node-role.kubernetes.io/master: ""
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+ name: sdewan-selfsigned-issuer
+ namespace: {{ .Values.namespace }}
+spec:
+ selfSigned: {}
+
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: sdewan-leader-election-role
+ namespace: {{ .Values.namespace }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ annotations:
+ sdewan-bucket-type-permission: '{ "*": ["*"]}'
+ name: sdewan-manager-role
+rules:
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfrouterules
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfrouterules/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfroutes
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfroutes/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfservices
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfservices/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfstatuses
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfstatuses/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewalldnats
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewalldnats/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallforwardings
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallforwardings/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallrules
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallrules/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallsnats
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallsnats/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallzones
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - firewallzones/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsechosts
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsechosts/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecproposals
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecproposals/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecsites
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - ipsecsites/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3policies
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3policies/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3rules
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - mwan3rules/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - sdewanapplications
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - sdewanapplications/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ - clusterroles
+ - rolebindings
+ - roles
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: sdewan-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: sdewan-leader-election-rolebinding
+ namespace: {{ .Values.namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: sdewan-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: sdewan-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: sdewan-manager-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: sdewan-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: sdewan-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Values.namespace }}
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ control-plane: {{ .Values.spec.label }}
+ name: sdewan-controller-manager-metrics-service
+ namespace: {{ .Values.namespace }}
+spec:
+ ports:
+ - name: https
+ port: 8443
+ targetPort: https
+ selector:
+ control-plane: {{ .Values.spec.label }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: sdewan-webhook-service
+ namespace: {{ .Values.namespace }}
+spec:
+ ports:
+ - port: 443
+ targetPort: 9443
+ selector:
+ control-plane: {{ .Values.spec.label }}
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: sdewan-system/sdewan-serving-cert
+ name: sdewan-validating-webhook-configuration
+webhooks:
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: sdewan-webhook-service
+ namespace: {{ .Values.namespace }}
+ path: /validate-sdewan-bucket-permission
+ failurePolicy: Fail
+ name: validate-sdewan-bucket.akraino.org
+ rules:
+ - apiGroups:
+ - batch.sdewan.akraino.org
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - mwan3policies
+ - mwan3rules
+ - firewallzones
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewalldnats
+ - cnfservices
+ - cnfstatuses
+ - sdewanapplication
+ - ipsecproposals
+ - ipsechosts
+ - ipsecsites
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: sdewan-webhook-service
+ namespace: {{ .Values.namespace }}
+ path: /validate-label
+ failurePolicy: Fail
+ name: validate-label.akraino.org
+ rules:
+ - apiGroups:
+ - apps
+ - batch.sdewan.akraino.org
+ apiVersions:
+ - v1
+ - v1alpha1
+ operations:
+ - UPDATE
+ resources:
+ - deployments
+ - mwan3policies
+ - mwan3rules
+ - firewallzones
+ - firewallforwardings
+ - firewallrules
+ - firewallsnats
+ - firewalldnats
+ - cnfservice
+ - cnfstatuses
+ - sdewanapplication
+ - ipsecproposals
+ - ipsechosts
+ - ipsecsites
--- /dev/null
+# Default values for controllers.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+namespace: "sdewan-system"
+
+spec:
+ name: "sdewan-controller-manager"
+ label: "controller-manager"
+ replicas: 1
+ proxy:
+ image: "gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1"
+ name: "kube-rbac-proxy"
+ sdewan:
+ image: "integratedcloudnative/sdewan-controller:latest"
+ name: "manager"
+
+
+
Code Review / icn / sdwan.git / commitdiff