Helm Chart and example updates

Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I1b1ab2fbf11d12d1c784fa74d504e1b7d8da29cd

diff --git a/central-controller/src/scc/pkg/manager/overlay_objectmanager.go b/central-controller/src/scc/pkg/manager/overlay_objectmanager.go
index 41b1073..e259025 100644 (file)
--- a/central-controller/src/scc/pkg/manager/overlay_objectmanager.go
+++ b/central-controller/src/scc/pkg/manager/overlay_objectmanager.go
@@ -633,7 +633,7 @@ func (c *OverlayObjectManager) DeleteConnection(m map[string]string, conn module
 }
 
 func (c *OverlayObjectManager) DeleteConnections(m map[string]string, m1 module.ControllerObject) error {
-       //Get all connections related to the ControllerObject and do deletion^M
+       //Get all connections related to the ControllerObject and do deletion
        conn_manager := GetConnectionManager()
        overlay_name := m[OverlayResource]
        conns, err := conn_manager.GetObjects(overlay_name, module.CreateEndName(m1.GetType(), m1.GetMetadata().Name))

diff --git a/platform/crd-ctrlr/examples/attach-network-ovn.yaml b/platform/crd-ctrlr/examples/attach-network-ovn.yaml
index f0753d2..ac80c3c 100644 (file)
--- a/platform/crd-ctrlr/examples/attach-network-ovn.yaml
+++ b/platform/crd-ctrlr/examples/attach-network-ovn.yaml
@@ -1,10 +1,10 @@
-# SPDX-License-Identifier: Apache-2.0 
+# SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2021 Intel Corporation
 ---
 apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
 metadata:
-  name: ovn-networkobj
+  name: ovn4nfv-k8s-plugin
 spec:
   config: '{
      "cniVersion": "0.3.1",

diff --git a/platform/crd-ctrlr/examples/cnf-deployment.yaml b/platform/crd-ctrlr/examples/cnf-deployment.yaml
index 8b72fb5..6d4d0dd 100644 (file)
--- a/platform/crd-ctrlr/examples/cnf-deployment.yaml
+++ b/platform/crd-ctrlr/examples/cnf-deployment.yaml
@@ -1,5 +1,16 @@
-# SPDX-License-Identifier: Apache-2.0 
+# SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2021 Intel Corporation
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sdewan-safe-pass
+  namespace: default
+type: Opaque
+stringData:
+  password: root1
+...
+
 ---
 apiVersion: v1
 data:
@@ -7,12 +18,18 @@ data:
     #!/bin/bash
     # Always exit on errors.
     set -ex
+    sysctl -w net.ipv4.ip_forward=1
     echo "" > /etc/config/network
     cat > /etc/config/mwan3 <<EOF
     config globals 'globals'
         option mmx_mask '0x3F00'
         option local_source 'lan'
     EOF
+
+    providerip=$(echo 10.10.70.0/24 | cut -d/ -f1)
+    sep="."
+    suf="0"
+
     eval "networks=$(grep nfn-network /tmp/podinfo/annotations | awk  -F '=' '{print $2}')"
     for net in $(echo -e $networks | jq -c ".interface[]")
     do
@@ -26,23 +43,21 @@ data:
         option proto 'static'
         option ipaddr '$ipaddr'
         option netmask '$netmask'
-    EOF
-      cat >> /etc/config/mwan3 <<EOF
-    config interface '$vif'
-            option enabled '1'
-            option family 'ipv4'
-            option reliability '2'
-            option count '1'
-            option timeout '2'
-            option failure_latency '1000'
-            option recovery_latency '500'
-            option failure_loss '20'
-            option recovery_loss '5'
-            option interval '5'
-            option down '3'
-            option up '8'
     EOF
     done
+
+    if [ -f "/tmp/sdewan/account/password" ]; then
+        echo "Changing password ..."
+        pass=$(cat /tmp/sdewan/account/password)
+        echo root:$pass | chpasswd -m
+    fi
+
+    if [ -d "/tmp/sdewan/serving-certs/" ]; then
+        echo "Configuration certificates ..."
+        cp /tmp/sdewan/serving-certs/tls.crt /etc/uhttpd.crt
+        cp /tmp/sdewan/serving-certs/tls.key /etc/uhttpd.key
+    fi
+
     /sbin/procd &
     /sbin/ubusd &
     iptables -t nat -L
@@ -56,12 +71,23 @@ data:
     /etc/init.d/dropbear start
     /etc/init.d/mwan3 restart
     /etc/init.d/firewall restart
+    defaultip=$(grep "\podIP\b" /tmp/podinfo/annotations | cut -d/ -f2 | cut -d'"' -f2)
+    for net in $(echo -e $networks | jq -c ".interface[]")
+    do
+        interface=$(echo $net | jq -r .interface)
+        ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}')
+        echo $ipaddr | ( IFS="." read -r var1 var2 var3 var4; CIDR="$var1$sep$var2$sep$var3$sep$suf"; \
+            if [ "${CIDR}" = "${providerip}" ] ; then iptables -t nat -A POSTROUTING -o $interface -d 10.10.70.0/24 -j SNAT --to-source $ipaddr; fi)
+    done
+    iptables -t nat -I PREROUTING 1 -m tcp -p tcp -d 10.10.70.39 --dport 6443 -j DNAT --to-dest 10.96.0.1:443
+    ip rule add from 10.233.84.0/24 lookup 40
+    ip rule add from $defaultip lookup main
     echo "Entering sleep... (success)"
     # Sleep forever.
     while true; do sleep 100; done
 kind: ConfigMap
 metadata:
-  name: sdewan-sh
+  name: sdewan-safe-sh
   namespace: default
 ...
 
@@ -69,16 +95,16 @@ metadata:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: cnf1
+  name: sdewan-safe
   namespace: default
   labels:
-    sdewanPurpose: cnf1
+    sdewanPurpose: base
 spec:
   progressDeadlineSeconds: 600
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
-      sdewanPurpose: cnf1
+      sdewanPurpose: base
   strategy:
     rollingUpdate:
       maxSurge: 25%
@@ -91,26 +117,31 @@ spec:
           { "type": "ovn4nfv", "interface": [
             {
               "defaultGateway": "false",
-              "interface": "net1",
-              "name": "ovn-net1"
+              "interface": "net2",
+              "ipAddress": "10.10.70.39",
+              "name": "pnetwork"
             },
             {
               "defaultGateway": "false",
-              "interface": "net2",
-              "name": "ovn-net2"
+              "interface": "net0",
+              "ipAddress": "172.16.70.39",
+              "name": "ovn-network"
             }
           ]}
-        k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]'
+        k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn4nfv-k8s-plugin"}]'
       labels:
-        sdewanPurpose: cnf1
+        sdewanPurpose: base
+        cnf-account-secret: sdewan-safe-pass
+        cnf-cert-secret: cnf-default-cert
     spec:
       containers:
       - command:
               #- sleep
               #- "3600"
+        - /usr/bin/sudo
         - /bin/sh
         - /tmp/sdewan/entrypoint.sh
-        image: integratedcloudnative/openwrt:0.3.0
+        image: integratedcloudnative/sdewan-cnf:0.5.2
         imagePullPolicy: IfNotPresent
         name: sdewan
         readinessProbe:
@@ -128,22 +159,36 @@ spec:
           procMount: Default
         volumeMounts:
         - mountPath: /tmp/sdewan
-          name: sdewan-sh
+          name: sdewan-safe-sh
           readOnly: true
         - mountPath: /tmp/podinfo
           name: podinfo
           readOnly: true
+        - mountPath: /tmp/sdewan/serving-certs
+          name: cert
+          readOnly: true
+        - mountPath: /tmp/sdewan/account
+          name: account
+          readOnly: true
       nodeSelector:
         node-role.kubernetes.io/master: ""
       restartPolicy: Always
       volumes:
       - configMap:
           defaultMode: 420
-          name: sdewan-sh
-        name: sdewan-sh
+          name: sdewan-safe-sh
+        name: sdewan-safe-sh
       - name: podinfo
         downwardAPI:
           items:
             - path: "annotations"
               fieldRef:
                 fieldPath: metadata.annotations
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: cnf-default-cert
+      - name: account
+        secret:
+          defaultMode: 420
+          secretName: sdewan-safe-pass

diff --git a/platform/crd-ctrlr/examples/ovn-net1.yaml b/platform/crd-ctrlr/examples/ovn-net1.yaml
index dcfc913..d01e9c0 100644 (file)
--- a/platform/crd-ctrlr/examples/ovn-net1.yaml
+++ b/platform/crd-ctrlr/examples/ovn-net1.yaml
@@ -1,12 +1,12 @@
-# SPDX-License-Identifier: Apache-2.0 
+# SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2021 Intel Corporation
 apiVersion: k8s.plugin.opnfv.org/v1alpha1
 kind: Network
 metadata:
-  name: ovn-net1
+  name: ovn-network
 spec:
   cniType : ovn4nfv
   ipv4Subnets:
-  - subnet: 172.16.44.0/24
+  - subnet: 172.16.70.0/24
     name: subnet1
-    gateway: 172.16.44.1/24
+    gateway: 172.16.70.1/24

diff --git a/platform/crd-ctrlr/examples/ovn-provnet.yaml b/platform/crd-ctrlr/examples/ovn-provnet.yaml
index d9e1f4c..6bb99af 100644 (file)
--- a/platform/crd-ctrlr/examples/ovn-provnet.yaml
+++ b/platform/crd-ctrlr/examples/ovn-provnet.yaml
@@ -1,4 +1,4 @@
-# SPDX-License-Identifier: Apache-2.0 
+# SPDX-License-Identifier: Apache-2.0
 # Copyright (c) 2021 Intel Corporation
 apiVersion: k8s.plugin.opnfv.org/v1alpha1
 kind: ProviderNetwork
@@ -7,10 +7,10 @@ metadata:
 spec:
   cniType: ovn4nfv
   ipv4Subnets:
-  - subnet: 172.16.34.0/24
+  - subnet: 10.10.70.0/24
     name: subnet1
-    gateway: 172.16.34.1/24
-    excludeIps: 172.16.34.2 172.16.34.5..172.16.34.10
+    gateway: 10.10.70.1/24
+    excludeIps: 10.10.70.2 10.10.70.5..10.10.70.10
   providerNetType: VLAN
   vlan:
     vlanId: "100"

diff --git a/platform/deployment/README.md b/platform/deployment/README.md
index 3e2dbe6..69485c5 100644 (file)
--- a/platform/deployment/README.md
+++ b/platform/deployment/README.md
@@ -31,10 +31,10 @@ metadata:
 spec:
   cniType: ovn4nfv
   ipv4Subnets:
-  - subnet: 10.10.20.1/24
+  - subnet: 10.10.70.1/24
     name: subnet
     gateway: 10.10.20.1/24
-    excludeIps: 10.10.20.2..10.10.20.9
+    excludeIps: 10.10.70.2 10.10.60.5..10.10.20.10
   providerNetType: VLAN
   vlan:
     logicalInterfaceName: eno1.100 // Change to your interface name
@@ -51,9 +51,9 @@ spec:
   # Add fields here
   cniType: ovn4nfv
   ipv4Subnets:
-  - subnet: 172.16.30.1/24
+  - subnet: 172.16.70.0/24
     name: subnet1
-    gateway: 172.16.30.1/24
+    gateway: 172.16.70.1/24
 ```
 - Update `helm/sdewan_cnf/values.yaml` to configure the network information
 

diff --git a/platform/deployment/helm/sdewan_cnf/values.yaml b/platform/deployment/helm/sdewan_cnf/values.yaml
index bd48bfc..0c416e9 100644 (file)
--- a/platform/deployment/helm/sdewan_cnf/values.yaml
+++ b/platform/deployment/helm/sdewan_cnf/values.yaml
@@ -46,7 +46,7 @@ nfn:
     separate: ""
 
 containers:
-  image: integratedcloudnative/sdewan-cnf:0.5.0
+  image: integratedcloudnative/sdewan-cnf:0.5.2
   imagePullPolicy: IfNotPresent
   name: sdewan